SUMMARY

• Network Engineer with around 7+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, PIX Firewall (506, 515, 525, 535), ASA (5505/5510), Load Balancers using Cisco ACE, F5 LTM/GTM, Security Device Manager (SDM), Cisco Works, HP Open View, Solar Winds, Sniffer, Palo Alto Networks Firewall models (PA - 2k, PA-3K and PA-5K).
• Implementation of SSG Series, Netscreen Series ISG 1000, SRX Series.
• Worked on Cisco PIX 535, 520, 515, ASA -5500 and 5505. Expert Level Knowledge about TCP/IP and OSI models.
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
• 4+ years of experience in Install and configure Bluecoat Proxy in the network for web traffic management and policy configuration.
• Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols.
• Design and Implementation hands on of Cisco ASA 555X, FTD, Palo Alto, Checkpoint and Fortinet firewalls.
• Implementation, working analysis, troubleshooting and documentation of LAN, WAN& WLAN architecture with excellent work experience on IP series.
• Provide hands on management of Data Center services, including rack and cable management Experienced in the evaluation, testing, configuration and implementation of Palo Alto firewall security solutions across enterprise networks. Experience also includes working with other vendor firewalls like Cisco's ASA Firewall, Checkpoint Firewall and the Fortinet Firewall
• Working knowledge with Load Balancers F5 LTM like 3900, 6900 for various application.
• In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay. Monitored Network Activity using Cisco Prime 2.2, Splunk, Ops Manager, IPAM, Wire Shark, TufinSecure Track, ePo, HIPS.
• Having knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Hands on Experience in Bluecoat -Proxy set up, troubleshooting production issues and analysis.
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS, switching (VLANS, VTP Domains, STP and trucking).
• Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
• Installed and configured Network Automation System (NA) to validated compliance checks on Cisco routers, switches. Worked on configuring the Nexus 5K Aggregation Switch and Nexus 2K Fabric Extenders.
• Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches.
• Substantial knowledge, including the configuration, of Spanning Tree Protocol (STP), Per VLAN Spanning Tree (PVST), Rapid STP (RSTP) and Rapid per VLAN Spanning Tree (PVST+), TCP and UDP protocols, Next generation data center oriented technologies such as virtual port channels (VPC), Fabric path, Fiber channel over Ethernet (FcoE), virtual switches, network virtualization.
• Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800).
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls.
• Design and configure various Azure Networking resources like Azure Virtual Network(VNET), Load Balancer, DDoS protection, BGP routes, DNS settings, Transit Routing, NSG and User Defined Routes

TECHNICAL SKILLS

• Cisco Platforms: Nexus 9k,7K,5K,2K & 1K, Cisco routers (7600, 7200, 3900,3600, 2800,2600,2500,1800 series & Cisco Catalyst switches (6500,4900,3750,3850, 3500, 4500,2900 series) ASR1001,2900,3900,7200,7600 & ASR9000 series
• Juniper Platforms: MX, EX series Routers and Switches
• LAN Technologies: SMTP, VLAN, Inter - VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
• WAN Technologies: MPLS, VPLS, Frame Relay, PPP, HDLC, (E1/T1/E3T3), DS3, OC192
• Network Security: Cisco ASA, Juniper SRX.
• OS products/Services: DNS, DHCP, Windows (2000/2003/2008, XP), UNIX, LINUX
• Routing: RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
• Gateway Load Balancing: HSRP, VRRP, GLBP
• Various Features / Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP.
• Network Management Tools: Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view
• Load Balancers: F5 Networks (Big-IP) LTM 6400
• Security Protocols: IKE, IPsec, SSL-VPN
• Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, and GLBP. TACACS+, Radius, AAA, IPv4 and IPv6.
• Operating Systems: Windows (98, ME, 2000, XP, Server 2003/2008, Vista, 7, 10), Linux.
• AAA Architecture: TACACS+, RADIUS, Cisco ACS.
• Firewall & Security: Checkpoint (NGX R65, R77-80), Cisco ASA, Palo Alto, ASA 5505 Firewall, Juniper Net Screen firewall
• Languages: Perl, C, C++, SQL, HTML/DHTML, Python scripting

PROFESSIONAL EXPERIENCE

Confidential, Miami, FL

Network Security Engineer

Responsibilities:

• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Configured Easy VPN server and SSL VPN to facilitate various employees’ access internal servers and resources with access restrictions
• Experience with Software defined networking, such as Cisco Viptela and/or Cisco ACI
• Configured VLAN’s, Private VLAN’s.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Dealt with implementation of Cisco ASA 5585 devices and Juniper SRX 550 devices to apply security policies on it.
• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
• Experience working with Nexus 9k, 7K, 5K and 2K. Replaced the Legacy 3750 stack wise with Juniper EX 4200 switches in the LAN Environment.
• Manage various Security platforms; Juniper, Cisco ASA, Next-Gen, Checkpoint, Microsoft Azure, AWS Cloud and Fortinet Firewalls.
• Perform troubleshooting of Tanium infrastructure issues and perform fix actions.
• Performed migrations from Checkpoint firewall to Palo Alto using the PAN Migration Tool.
• Manage project task to migrate from Cisco ASA firewalls to Check Point firewalls
• Managed Configuration, Logging and Reporting of Palo Alto firewall through the Panorama
• Worked with various vendor VPN devices like Cisco ASA, Palo Alto Firewalls, SonicWALL Devices, Sophos firewalls for enterprise customers to migrate their network from On-premise to Azure Cloud Integrating and troubleshooting Cisco ASA with VPN. Configuring and Incorporating Identity Services Engine (ISE) with WSA and FTD
• Configuring and troubleshoot rule bases, VPN, user access, failover, integration with SIEM of Checkpoint and Cisco FTD.
• Experience SD-WAN and overlay technologies, ie Cisco/Viptela.
• Work closely with customers and end-users on improving Tanium operational status
• Responsible for implementation, of Checkpoint, Cisco FTD, Symantec Proxy, Radware WAF
• Hands on experience with Cisco switches (6500, 3750, etc) and Cisco routers (7200, 2900, 2800, etc.).Fortinet firewalls (30D - 300E), SD- WAN technology (VeloCloud), 4G hardware.

Environment : Nexus switches 2k, 5k and 7k, Cisco Catalyst switches 3850, 2960x, 9500; Checkpoint, Cisco ISE.

Confidential

Sr. Network Security Engineer

Responsibilities:

• Design, deployment and maintenance of security/network devices and datacentres of enterprise.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Worked with multiple providers for primary and secondary circuits for redundancy with building to building VPN's and cloud VPN's. Also, built out the Azure vMX100 connection for direct access to our Azure cloud-based servers.
• Cisco Viptela SD-WAN, Cisco Wi-Fi, Meraki Wi-Fi, Cisco core routing and switching, WAN (MPLS/BGP)/LAN routing and switching
• Experience in troubleshooting and deploying applications to azure
• Successfully installed Palo Alto PA-5000, PA-3000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls and also configured and maintained IPSEC and SSL VPN's on Palo Alto firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1.
• Built and support VRRP/Cluster based HA of Checkpoint firewalls.
• Configured Palo Alto firewall with business required rules and policies. Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce Fortinet and Palo Alto Firewall policy lookup.
• Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from central location.
• Worked with Palo Alto firewalls using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Managed two Datacenter moves to Azure and TierPoint to include planning and configurations.
• Working on Router 12k, 5k, 2500, 3640, 3825, 3700, switches such as Cisco 3750, 3560 4500 & 6500, Nexus 7018, 5596, 2232, 2248 and Firewalls like ASA 5510.
• Getting involved in TCP/IP networks planning, Implementation and Management with subnets.
• Experience with designing, implementing and troubleshooting Cisco routers and switches using different routing protocols like OSPF, EIGRP, BGP, ISIS and MPLS L3 VPN, VRF
• Working on QoS features to provide proper priority and queuing based on type of the traffic destined from site to the core.

Environment: Cisco routers 7200; Cisco Catalyst switches 6500, 4500, 2950; Cisco PIX Firewalls 535, 525 Routing Protocols OSPF, BGP; STP, VTP, VLAN; VPN, MPLS, HSRP, GLBP, Big-IP F5 Load Balancer, Cisco Works; MS Visio, Checkpoint, Cisco ASA and Palo Alto firewalls, Juniper SRX, Blue Coat Proxy, Infoblox, Solar winds, Cisco ACI, VMWare NSX.

Confidential, Boston, MA

Network Engineer

Responsibilities:

• Security infrastructure engineering experience as well as a Microsoft Windows, UNIX, Palo Alto firewalls, Bluecoat Proxies, Intrusion Prevention devices, and wireless switch security management.
• Administering and evaluating firewall access control requests to ensure that these requests are compliant with client's security standards and policies.
• Configuration and support of Palo Alto firewalls.
• Successfully installed Palo Alto PA-3060 firewall then configured and troubleshot using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from central location.
• Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
• Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
• Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
• Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.
• Gained experience on working with migration to Check Point and Palo Alto next generation firewalls.
• Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.
• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration.
• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access).
• Maintained and updated Active Directory for authentication purposes.
• Configured laptops for testing; Dell switches and Cisco Nexsus.
• Manage Cisco and Dell Switches, and Firewall
• Configured 3560, 3750, Dell N1524 and N1548 switches to Fairway Mortgage standards.
• Configured 3750 and Dell switches in stack configuration for the larger branches.
• Ability to perform configurations and backup on the following products following (Cisco Routers and Switches, Dell Switches, HP Switches, ZyXel Switches)
• Configuration and troubleshooting F5 LTM, GTM series like 6600, 6800 for different applications and monitoring the availability.
• Deployment of data center LAN using Nexus 7k, 5k, 2k switches.
• I was involved in migration projects, which involves replacing legacy devices to new Nexus devices and introduced VPCs in the new architecture.
• Worked on Nexus platform 7k series, 5K series (5548, 5020 and 5010), 2248 and successfully implemented VSS on the Cisco catalyst switches.
• Used FireEye to detect attacks through common attack vectors such as emails and webs.
• Configuring OSPF as IGP in the network and eBGP between Service Providers and Internal Edge Routers.
• Upgrading IOS, troubleshooting network outages.
• Install Wireless Access Points (WAPS) in new and existing commercial sites.
• Experience in Wireless LAN (IEEE 802.11) and deployment of light weight access point.
• Experience with wireless 802.11a/b/g/n/ac experience for increased wireless LAN speeds (WLAN), improved reliability and network performance.
• Experience on cisco wireless management systems which includes cisco 8540 Wireless controller, cisco 5520 Wireless LAN controller, and virtual wireless controllers.

Environment: Palo Alto PA-3060 & 5050 Firewalls, Bluecoat Proxies, Panorama, F5 LTM, GTM 6600, 6800, Nexus (2K, 5K, 7K and 9K), Splunk, Cisco ISE, Websense, Solar Winds NPM, Service Now.