SUMMARY

• Expert Level Experience in Cisco ASA, Fortinet, PaloAlto, Vmware NSX, Check Point and Juniper SRX/Netscreen Firewalls.
• Experience in other security tools like pulse Secure VPN, Zscaler Cloud based web security, Bluecoat, Cisco ISE, ForeScout NAC, FireMon, Microsoft EOP, Proofpoint Email Protection, Symantec VIP Two factor authentication and Skyhigh CASB.
• Configure all Fortinet Networks Firewall models (100E, 200E, 600D, 900D, 1500D, 3980E, 5001E etc.) as well as a FortiManager to manage large scale firewall deployments and FortiAnalyzer to collect logs from all FortiGate firewalls.
• Configure all Palo Alto Networks Firewall models (PA - 500, PA-2000, PA-3000, PA-5000, NSX, PA-1000V etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in Configuring, and managing the Cisco Cisco Firepower 4120, 9300 Series.
• Worked on Juniper devices MX-480, SRX-240, SRX-650, SRX-1500, SRX-5400, SSG-550 and EX-4300.
• Expert Level Experience in Configuring, Deploying and managing Pulse Secure Mag devices 2600, 4610, 6610 PSA 7000C, License Server.
• Configuring and Implementing Security rules as per the business needs in Palo Alto Firewalls, Fortigate Firewall, Cisco ASA Firewall and Juniper SRX.
• Advanced Knowledge in Building IPSEC Site-to-site & Client VPN’s in Cisco ASA, Checkpoint and Paloalto firewalls.
• Knowledge of Server Maintenance, including establishing Security Protocols, Configuring Network, and Troubleshooting Problems.
• Knowledge of DNS, Active Directory and Certificate Services (PKI).
• Knowledge of Intrusion Detection, DMZ, encryption, proxy services, SSL VPN, Port-security and policy-based routing.
• Experience in configuring and troubleshooting of VLANS, VTP, STP, MST, Ether-channel, HSRP, VRRP, BGP, OSPF and EIGRP.
• Experience in Security Incident Management, Incident Response, Firewall technologies, IPS/IDS, LAN/WAN Cisco routers and switches, Understanding of PCI DSS Compliance requirements.
• Designed, installed, configured and managed complex LAN, MAN and WAN networks.
• Worked on different firewall optimization tools like Tufin, Firemon and Algosec.
• Experience in Network administration &worked on TCP/IP, EIGRP, HDLC, PPP, & ISDN, ACL’s.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router Configurations of Nexus 2k,5k and 7k series, Cisco Router 7200, 3800, 2800 and switches 6500, 4500, 3700,3900, 2900 switch series.
• Experience in Configuring, Deploying and managing the Cisco ISE, ForeScout NAC.
• Experience in Configuring and managing Email Protection using Microsoft EOP and Proofpoint.
• Experience in VM Ware NSX firewall creating Security tags, Groups, and Policy’s.
• Knowledge on VM Ware EXS 3.0 & 4.0 Servers installed on Dell Blades and ESX Boxes.
• Experience with Zscaler Cloud based web security to manage the corporate web traffic.
• Security Devices: Bluecoat Proxy SG & Bluecoat Proxy AV, McAfee Email & Web.
• Maintained and improved existing Internet/Intranet applications
• Configured Active/standby firewalls using Cluster XL, VRRP and NSRP on various firewall platforms.
• Strong written and verbal communication skills, self-motivated, self-managed, result oriented, practical, always looking to learn and contribute.

PROFESSIONAL EXPERIENCE

Confidential, New Jersy, NJ

Sr. Network Security Engineer

Responsibilities:

• Palo Alto design and installation (Application and URL filtering, SSL decryption, SSL Forward Proxy). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls. Successfully installed PA-5000 series firewalls in Data Center as perimeter Firewalls.
• Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all IPSEC tunnels, ACL’s, NAT rules and policies.
• Knowledge of Cisco Meraki Cloud managed Switches (MS250, MS350, MS410) and SD-WAN (MX 65, MX100, MX400).
• Upgrade firewalls in accordance with change management & Document changes to firewalls.
• Worked on issues with IPS/IDS servers, Zscaler and bluecoat proxies.
• Worked on Juniper M, MX, T routers on MPLS VPNs, TE and other advanced service provider technologies.
• Troubleshooting of Linux & Unix application delivery servers. Install Dockers, Cisco and HP servers.
• Maintained shell scripts for RedHat Linux servers and performed patch upgrades for RedHat Linux servers.
• Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several BGP attributes like MED, AS-PATH, Local Preference for route optimization. Worked on Route-Reflector, Route-Redistribution among routing protocols.
• Worked on Zscaler Cloud proxies, Implementation of Policies, PZen Configuration, GRE tunnels to Cloud, PAC file configuration, DLP policies.
• Worked on Internet Web Security Proxies which includes Cisco Iron Ports, Bluecoat Proxies, Zscaler Cloud Proxies.
• Maintained the reports and relative dashboard implementations using fortigate and the fortigate manager.
• Installed and configured firepower management center with in new core network.
• Installed and configured firepower IDS/IPS and came up with the baseline configuration for organization.
• Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication for Wireless and Wired users, 802.1X, EAP, PEAP etc.
• Maintained network documentation on Visio.
• Configured and implemented cisco firepower service with ASA 5500 X advance security defence.
• Implemented Citrix Access Gateway & Advance Access Control, web interface into Msft Share point portal.
• Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using Solarwinds IPAM and Infoblox DNS and DHCP servers. Experience with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNS Sec etc.
• Provides expert level security & networking knowledge in the planning, researching, designing, and testing of new technologies for perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS, DMZ, and Internet Security in support of established Info Security program initiatives for the next 3 years.
• Configured, troubleshoot, and upgraded Checkpoint Firewalls for Manage clients, which included network and/or resource access, software, or hardware problems.
• Used App-Volumes Application to provide efficient solutions for Horizon, Citrix- XenApp and Xen-Desktop, and RDSH virtual environment.
• Opened, resolved, or updated Tier II Support tickets for Manage Firewall clients.
• Provided Manage Firewall Clients' with regular status reports of their trouble tickets.
• Experience with working on Amazon Web Service (AWS) environment for cloud computing
• Analyze and provide courses of action on current as well as emerging security threats like ransomware attacks by research and recommendation of other security solutions to help mitigate network security threats while preventing their outbreak across the network.
• Worked on network design improvements using BGP, EIGRP, OSPF, IP metric tweaking and load balancing.
• Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure, QoS, NAT, PAT, and multicast.
• Implemented Firewall rules and Nat rules by generating precise methods of procedure (MOPs). Responsible for packet capture analysis, syslog and firewall log analysis.
• High-level network troubleshooting and diagnostic experience using Packet capture tools like Wireshark.
• Configured network using RIP, EIGRP, BGP and OSPF protocols and troubleshooting L2/L3 issues.
• Regular upgrade & maintenance of Infrastructure, Installing, configuring Cisco Switches (2960, 3500, 7600, 3750, 3850 series, 6500 series) Cisco Routers (4800, ASR 9K, 800), Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, Bluecoat Proxy and Riverbed Steelhead appliances.
• Assist in creating network design standards for hardware and software. Developing and maintain Network Documentation (Visio diagrams, Excel spreadsheets, Word documents, etc.) Configure and troubleshoot network elements in a test/dev environment.
• Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.
• Assisted in IT security audits for clients/customers. Configured and supported Cisco 7500 and 4500 routers.
• Experience with configuration of Cisco call manager, Installing and worked on ICM management

Confidential

Sr. Network Security Engineer

Responsibilities:

• Managed the security infrastructure of the service provider which includes Fortinet Firewalls, Cisco ASA’s, Juniper SRX, and PaloAlto.
• Provide support and for Tier-3 firewall architecture, which includes Fortigate, Juniper, Cisco ASA and Palo-Alto firewalls.
• PaloAlto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Performed code upgrades to the Palo Alto Firewall from Panorama.
• Configuration and upgrading the IOS in the FortiGate firewalls, PaloAlto, Cisco ASA, Juniper SRX and Pulse Mag Devices.
• Configuring and deploying the Fortigate firewall. And managed by Forti Manager, Deployed Forti authenticator and Analyzer.
• Configured and deployed the NGFW Firewall Features in Fortinet, like App control, Web Filter, FSSO, Proxy, and DNS, IPS/IDS.
• Implemented IPSEC Site-to-Site in Fortigate Firewall, Cisco ASA.
• Configured & maintain SSL VPN in Fortigate and Juniper Pulse secure MAG’s.
• Configuration of ACL’s, Implemented Static NAT and PAT for internet users to allow users all over the company to access different applications and also for the internet access.
• Designed, Implemented, Managed the SCDSS child Support Project, in this Project We Build Site to Site VPN’s To Data center for accessing the infrastructure Servers.
• Responsible for all Juniper SRX firewalls consisting of SRX 3560, 1400, 650, 240. Using CLI and/or Junos Space Security Director for management. Install, upgrade, troubleshoot, design, etc.
• Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) and GTM’s formanaging the traffic and tuning the load on the network servers.
• Configuration, Troubleshooting and Maintenance of Fortigate, Cisco ASA, Juniper SRX, Pulse MAG.
• Maintained and supported Solarwinds Orion Network Performance Monitor, IBM Qradar SIEM, Tufin and LoginME.

Confidential, Columbia, SC

Sr. Network Security Engineer

Responsibilities:

• Managed the security infrastructure of the service provider which includes Cisco ASA’s, Juniper SRX, and PaloAlto.
• Configuration and upgrading the IOS in the ASA and Pulse Secure Mag Devices.
• Troubleshooting the Pulse Secure Mag devices. Implementing SSL VPN on the mag devices.
• Implemented Static NAT and PAT for internet users.
• Configured & maintained IPSEC Site-to-Site VPN using Cisco ASA, PaloAlto, Juniper SRX.
• Created dynamic access policies on the ASAs for the offshore vendors to be able to VPN in and access the resources they needed for their testing purposes.
• Configuration of Access List ACL to allow users all over the company to access different applications and blocking others.
• Configure all Palo Alto Networks Firewall models 7000, 5000, 3000, 2000, 500 series as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Configured and implemented various features of PaloAlto including app-id, User-Id, Security profiles and Custom URL categories.
• Provides updates and upgrades to the Palo Alto Firewall and Panorama devices.
• Implemented firewall rules in Palo Alto firewalls using Panorama for one of the environments.
• Monitoring and troubleshooting traffic on Palo Alto firewall.
• Creating and managing admin users and troubleshooting the issues by using juniper SRX.
• Firewall filtering and NAT, Adding and modifying the policies in juniper SRX.
• Maintained and supported Solarwinds Orion Network Performance Monitor.
• Designing, configuring and troubleshooting ASA failover for the customer network.
• Provided support for troubleshooting and resolving Customer and user reported issues.
• Analyze data to provide solutions to complex problems and assist in resolving issues. When a network problem is reported, uses the tools available such as Cisco & Real-Time Log Viewer and Enterasys; TALON SIEM to determine the issue. Then communicates his findings to the others involved and corrects the issue when possible.
• Administering Bluecoat integrated with Cisco for secured proxy solution.
• Deployment of Bluecoat as proxy and firewall solution to provide secure and optimum access of web service.
• Creates and maintains network documentation, design drawings, security diagrams, procedures and policies using Microsoft Word, Excel and Visio.

Confidential, Foster City, CA

Network Security Engineer

Responsibilities:

• Implementing security Solutions using PaloAlto Pa-5000, Cisco ASA, Checkpoint firewalls R75,R77.20 Gaia and Provider-1/MDM.
• Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) and GTM’s for managing the traffic and tuning the load on the network servers.
• Firewall rule base review and fine-tuning recommendation.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Experience working on Network support, implementation related internal projects for establishing connectivity in various field offices and Datacenters.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Boundary protection: Lead Bluecoat proxy engineer. Managed network security via combination of ACLs, Sidewinder firewalls and Bluecoat web-proxy.
• Maintenance and system upgrades including service packs, patches, hotfixes and security configurations.
• Documentation involved preparing Method of Procedures (MOPs) and Work Orders. Also creating and submitting Remedy tickets for user auditing.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Co-ordinated and Upgraded F5 LTM’s and Cisco ASA’s IOS images during window time.
• Running vulnerability scan reports using Nessus tool.
• Working on Service now tickets to solve troubleshooting issues.