SUMMARY

• Around 8+ years of experience in Network and Security Engineering, Routing, Switching, Firewall Technologies, Implementation, Troubleshooting of complex network systems, Enterprise network security, Capacity Management and Network growth.
• Comprehensive understanding and experience of the technologies involved with network security vendor firewall products (Cisco PIX / ASA, Checkpoint, Cisco Sourcefire IDS/IPS, Cisco Firepower, Palo Alto and IPSEC/SSL VPN)
• Experience in Cisco IDS/IPS, Cisco PIX 525,535, ASA 5520, 5540, 5550, 5580 with firepower, Checkpoint R70, R75, R77 Gaia, Provider - 1, SPLAT
• Experience in implementing and troubleshooting of Palo Alto firewall PA 3060, PA 5060, PA 7050 and manage them via Panorama to manage large scale firewall deployments
• Experience in managing and maintain Checkpoint VPN-1 firewall, strong abilities in installation and configuration of Check Point security Gateway, Smart Console and Smart Center server
• Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
• Performed firewall upgrades on different firewall vendors like Cisco, Checkpoint and Palo alto firewalls from legacy environments to latest models of the firewalls.
• Configuring and implementing Routed and Routing protocols including: TCP/IP, RIP, OSPF, EIGRP, BGP and MPLS.
• Network Monitoring using SNMP and other management tools such as SPLUNK, Wireshark, Tufin, Algosec, Solarwinds, Remedy and Service Now.
• Black listing and White listing of web URL on Bluecoat Proxy servers. Experience on Bluecoat ProxySG for URL and content filtering
• Experience in layer-3 Routing and layer-2 Switching. Worked with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
• Advanced knowledge of OSI model, TCP/IP, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation.
• Experience of Check Point Firewalls and configure Security policies including NAT, PAT, Route-maps, Prefix/distribution list, IPSEC, SSL, VPN, AAA (TACACS+ & RADIUS) and Access Control Lists.
• Configuring Site-Site VPN on Checkpoint Firewall with R77 GAIA and Cisco ASA firewalls.
• Knowledge on Vulnerability assessment tools such as Nessus and Qualys.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA firewall experience.
• Worked on different firewall optimization tools like Tufin, Firemon and Algosec.
• Managing firewalls using different firewall management tools like Checkpoint Smart Dashboard, CSM, ASDM and Panorama.
• Working knowledge of BGP, OSPF, MPLS, DNS, LDAP, DHCP, HTTP, HTTPS, TCP/IP, UDP, SNMP, PPTP, VLAN, STP, (Spanning tree Protocol) and RTSP
• Extensively used the packet capture tools like TCPDUMP, Fw monitor, Wireshark and snoop on the devices to identify the potential network issues.
• Troubleshooting routers and switches for network connectivity and performance issues.
• A quick and self-learner with very good communication and interpersonal skills, strong creative, analytical, and problem-solving abilities
• Excellent Team Management Skills and Customer Skills.
• Attention to Detail.

PROFESSIONAL EXPERIENCE

Confidential

Network Security Engineer

Responsibilities:

• Implement and configure firewall rules in Checkpoint Gaia R77.20, R75, Cisco ASA and Palo Alto 3k,5k,7k series, Panorama.
• Configuration of changes on Checkpoint R77 Gaia and Palo Alto on a large-scale environment.
• Responsible for installation, configuration of Checkpoint 12400, 12600, 21400 Appliances.
• Experience in risk analysis, security policy, rules creation and modification of Check Point Firewall Provider-1, R75.40 SPLAT and R77 Gaia.
• Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA-7000(7050, 7060), PA-5000, series (5060/5050/5020 ), PA-4000 (4060/4050/4020 ) and PA-500 and PA-200 firewalls.
• Change and Incident Management using ServiceNow. Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
• Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker)
• Implemented site to site VPNs using Checkpoint firewalls to third party sites.
• Converting Checkpoint VPN rules over to the Cisco ASA solution and migrating with both Checkpoint and Cisco ASA VPN.
• Migration of firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using PAN migration tool
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Executed changes on various Firewalls, proxies and scripts over entire network infrastructure using Service Now ticketing tool.
• Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama. Provides updates and upgrades to the Palo Alto Firewall and Panorama devices.
• Involved in upgrade of Panorama to version 7.1.5.
• Implementing the Access list on day to day basis as per customer's Develop and maintain standard operating procedures, processes and guidelines for firewall operations, support and maintenance.
• Used Tufin firewall optimization tool, Wireshark, TCPDUMP, fw monitor, Splunk to analyze logs and perform root cause analysis of critical issues
• Push firewall rules to live production environments during maintenance windows and open bridge conference call for testers to call in to test and troubleshoot.
• Investigate security incidents and recommend actions needed to resolve vulnerability issues.
• Diagnosing and resolving issues related to LAN networks.
• Working on Firewall Incident tickets and access requests.
• Implementing Bluecoat proxy migration to checkpoint Application & URL filtering solution for monitoring user’s internet activities.
• Blacklist and whitelist websites on the checkpoint & Palo Alto App & URL filtering blade according to the requirements.
• Providing sniffer captures to Application owners for application performance issues.
• Experience of technologies including: Nexus switches (2k, 5k, 7k, 9k)
• Configure Bluecoat proxies using bluecoat director for content and URL filtering.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, BGP and OSPF.
• Convert Checkpoint VPN rules over to the Cisco ASA solution, Migration of Checkpoint to Cisco ASA firewalls.
• Raised RMAs (Return Merchandize Authorization) to replace the problematic Checkpoint and new items were racked and stacked in the data center
• Creating and maintaining Visio network diagrams and supporting documentation.
• Participating and contributing in weekly design review meetings.
• Work effectively in a fast-paced team environment, prioritized multiple tasks with strict adherence to timelines and worked with clients to provide solution to complex problems.

Confidential - Chevy Chase, MD

Firewall Engineer

Responsibilities:

• Supporting and troubleshooting Checkpoint (R77.10 Gaia, R77, R76, Provider-1, SPLAT and IPSO) and Cisco firewall (ASA 5550, 5540, 5520, PIX 525, 535, CSM and ASDM) technologies
• Migration and implementation; new solutions with Palo Alto Next-Generation Firewall series PA-500, PA-3060 and PA-5060
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Experience on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
• Performing packet captures using TCPDUMP, fw monitor, Snoop, Wireshark and other network monitoring tools
• Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker)
• Prepared engineering documents and network diagrams in Microsoft Visio
• Troubleshoot and hands on experience on security related issues on Checkpoint R75 and Cisco ASA
• Involved in large firewall configuration, deployments, and implantation rollouts for several company’s security needs including SSL VPN tunnels
• Creating MOPs (Method of Procedure) and Provided On-call support to Clean-up the changes in configuration on migrated Cisco routers
• Experience with converting Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers
• Configured ASA 5520/5500 to ensures high-end security on the network with ACLs and Firewall.
• Experience with Firewall Administration, Rule Analysis and Rule Modification on Cisco ASA 5540, 5585.
• Responsible for Cisco ASA firewall administration across our networks
• Provide solutions to Tier 1/2 escalated issues and tickets
• Implementation and configuration of F5 Big-IP LTM-6400 load balancers
• Configuring and resolving various OSPF issues in an OSPF multi area environment
• Implemented redundancy for Routers, Switches and Firewalls

Confidential - Louisville, KY

Network Engineer

Responsibilities:

• Installation and Configuration of networks, router/switches configuration with security, TCP/IP, VPN, Content Filtering, Access Control Lists on router/switches, VLANs (port mapping, naming etc.), and routing IP address in both LAN/WAN and wireless networks.
• Configuration and troubleshooting of Cisco ASR9K, GSR, CRS 7200, 7600 routers and Nexus 7k, 5k, 2k Series
• Troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, BGP, OSPF and MPLS
• Implemented Redistribution of Routing protocols, Route-maps (Policy Based Routing) and security policies using ACL, NAT, IPSEC, VPN
• Configuring STP, RSTP, VLAN, Trunking, VTP, L2TP and Port binding
• Configured VLAN’s, Private VLAN’s, VTP, V2TP, dot1.Q trunking on 6500 and 4500 series switches.
• Worked on configuring and implementing MPLS and MPLS VPNs
• Resolved various Router configuration issues to provide redundancy and alternate routing using EBGP attributes like AS-PATH, local Pref.
• Configured Route Policies and Prefix/Access lists on ASR9Ks
• Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login
• Worked on day to day administration tasks and resolve tickets using Remedy
• Identify network problems and resolve in accordance incident and problem management services, policies, procedures and SLRs
• Troubleshooting routers and switches for network connectivity and performance issues.

Confidential

Network Engineer

Responsibilities:

• Install, support and maintain hardware and software infrastructure per industry best practices including routers, switches and firewalls
• Responsible for the configuration, implementation and operation of Cisco 3745 routers, Cisco 6509 and 3560 L2/L3 switches
• Analyzing, troubleshooting and resolve the network problems and anomalies with customer’s Cisco equipment such as system crashes, configurations, unit installations, STP issues, network connectivity issues, topology recommendations with BGP and OSPF etc.
• Work on installing CISCO Nexus 7000, Nexus 5000, and Nexus 2000 Platform with Datacenter Services
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches
• Performed Cisco IOS upgrades on routers.
• Configured the Cisco router as IP Firewall and for NATing.
• Maintain and administer load balancing standards, documentation, processes and procedures.

Confidential

Network Engineer

Responsibilities:

• Designing, Implementing and Troubleshooting of Cisco Routers Series (1800, 2500, 2600, 3200, 3600, 3800, 4500M and 7200) and Cisco Layer2 & Layer3 Switches (3560, 4500 & 6500) Series
• Troubleshooting and diagnosis of network problems using IP tools like Ping, Trace route
• Providing technical assistance to LAN/WAN management and complex customer issues
• Managed the IP address space using subnets and variable length subnet masks (VLSM)
• Use network/application performance management tools to troubleshoot, analyze bandwidth and user traffic issues
• Troubleshooting of complex LAN/WAN infrastructure that includes routing protocols EIGRP, OSPF & BGP
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external customers