Network Security Engineer Resume

SUMMARY

Accomplished Network Security Engineer with a rapidly increasing range of industry experience in Checkpoint, PaloAlto and Fortigate NGFW looking to bringing strong instincts and a proven record of procedural compliance, process management and strong operational skills to a rapidly growing company.

TECHNICAL SKILLS

Checkpoint NGX R75.20, R76 and R77.30
PAN - OS 6.0,7.0 and 8.0
Fortigate 300D and 500D
PROTOCOLS: TCP/IP, UDP, LAN/WAN, DHCP, DNS, FTP, SMTP
IPSEC (S2S) VPN AND SSL (C2S) VPN (GLOBA LPROTECT).
PANORAMA AND MDS(PROVIDER-1) CONFIGURATION
CONFIGURE THREAT PREVENTION PROFILES E.G ANTI-VIRUS, ANTI-SPYWARE, VULNERABILITY PROTECTION AND WILDFIRE
STATIC AND DYNAMIC ROUTING (RIPV2 AND OSPF)
CHECKPOINT PROPRIETARY TECHNOLOGIES (COREXL, SECUREXL AND CLUSTERXL)
AAA SERVERS (LDAP, TACAS AND RADIUS)
SWITCHING: VLANS, VTP, STP, RSTP,802.1Q
LAN/WAN TECHNOLOGY: ETHERNET,VPN,P2P, DSL, MPLS, NAT/PAT
TOOLS: WIRESHARK, PACKET TRACER, SECURE CRT, PUTTY, MS VISIO AND SERVICE NOW.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential

Responsibilities:

Participated in AIR4 MFA Phase/CyberArk PAM implementation. This project is to configure CheckPoint Firewalls for ping MFA authentication and limit privilege access accounts on port 22 and 3389 to go through CyberArk PAM solution for CDE environments.
Worked on App-ID Firewall Rule Migration. This project involves migrating common services as DNS, RDP from static firewall rules to APP-ID rules. App-ID supports a comprehensive set of applications to enable enterprises enforce Layer 7 Application Default Security Policy.
Engaged as a team member to convert 80 Checkpoint Firewalls to Palo Alto using Expedition3.

Network Security Engineer

Confidential

Responsibilities:

Experience supporting 24x7x365 High Availability solutions in large complex Data Center environments that use CheckPoint VSX and Provider-1, PaloAlto, XML Gateways and BigIP F-5 Load Balancers.
Proficient knowledge of SIEM tools like Kibana, Infoblox, Tufin Secure Change/Track, ArcSight, Tripwire and Splunk for real time device monitoring, mitigate risks, store and monitor logs across all devices.
Use of ForcePoint, Encrypted Disk and Symantec EPO as a means of DLP Threat Coverage in a Financial Environment,
Support Incident Management Processes using Service Now.
Implemented Zone Based Security Policy and Profiles on Palo Alto NGFWs.
Maintain High Availability in PAN-OS and Cluster in Checkpoint for redundancy.
Supplied data on irresolvable Palo Alto issues to the vendor TAC towards full resolution and process documentations.
Configuring, Administering and Troubleshoot Checkpoint CP3200 CP 2200 and CP1400 and Palo Alto PA 500, PA3020, and PA 5020 using CLI and GUI.
Coordinated and configured IPSEC Site to Site vpn connections for emergency Partner meetings and client engagements.
Prepare and document Standard Operating Procedures and Protocols.
Use CheckPoint Smart Console tools such as Smart View Tracker, Smart View Monitor and Smart Log to trouble shoot network activities and write reports about the health state of the network.

Confidential

Network Security Engineer

Responsibilities:

Migrate Fortigate 40D to Palo Alto 4200 appliance.
Configure Static and Dynamic routes on Management and data route tables.
Create Security Policy and Profiles based on zones and Interfaces they reside on PAN-OS.
Configure Static NAT, Dynamic NAT, Dynamic IP and Port (DIPP) to enable inside users to access internet.
Implement IPS and IDS on PAN-OS.
Configure HA in PAN-OS to provide redundancy, fault tolerance and transparency in event of failover.
Experience with configuring, deploying and supporting Enterprise CheckPoint Firewall, Bluecoat Proxy Servers and Cisco Switches.
Configure LDAP integration with PAN-OS using Microsoft Active Directory to create rules and policies based on User-ID.
Backup and restore PAN-OS configuration in event of hardware failure.
Successfully upgrade PAN-OS version 6.10 to 7.01 using centralized management system called PANORAMA.
Implement SSL decryption on PAN-OS by creating internal certificates and setting up decryption policy.