- Certified Network Security Professional having experience with planning, designing and implementation of Network and Security Products Especially Firewalls, IDS/IPS, Load balancer, Web proxy, Cisco Routing and Switching.
- Design and implementation experience in building Checkpoint Security Gateways, Palo Alto Firewalls, and Fortinet Firewalls and FWSM Blade modules on Cisco Switches.
- Strong knowledge in network security systems administration and firewall administration.
- Skilled in Checkpoint Palo Alto and Fortinet firewall network environment.
- Expertise in Enterprise scale LAN/WAN design and configuration & implementation with Checkpoint, Fortinet, Palo Alto Firewalls.
- Experience includes building New Gateways from Ground as well as Migrations and Upgrades.
- Experience with Palo Alto Advanced Threat Management using threat prevention features and Advanced Troubleshooting.
- Design and implementation of Active/Standby Failover and Checkpoint Cluster XL and VSX.
- Build and troubleshoot site - to-site VPN Tunnels with Business Partners using Checkpoint gateways and Global Protect in Palo Alto Firewalls.
- Advanced command line troubleshooting on Checkpoint, Fortinet Firewalls, Palo Alto NGFW.
- Experience working in Amazon Web services (AWS) Cloud platform.
- Experience with Tufin for firewall policy clean up and remediation.
- Experience working with Cisco Nexus Platform including 5K, 7K and 9K Switches as well as Cisco Meraki MS250, MS350 Series Switches.
- Strong hands on experience in configuring CISCO based routing e.g. EIGRP, OSPF and BGP., HSRP, VRRP, route redistribution etc., VRF in routers and switching, VLAN implementation, STP, VTP, Access lists, L3 Switching etc.
- Quick learner with ability to grasp new technologies, both software and hardware. Have ability to work under pressure and team environment.
Checkpoint: Checkpoint 21000, 13500, 12400, 4800 Series appliances.
Palo Alto: PA-7050, PA-5060, PA-5020, PA-3000 and PA-500.
Fortinet: FortiGate 3600C, 2000E, 1500D, 1000C NGFW appliances.
Routers: (Nexus 7k, 5k, 7600, 7200, 3800, 2800)
Switches: Cisco L2 & L3 (6500, 4500, 3560, 2900), WAAS, ASA
Meraki: MS250, MS350 Series
Syslog Servers/ Monitoring: Log-logic, QRadar SIEM, HP Arcsight Logger
Amazon Web Services (AWS): Amazon S3,Amazon glacier, EBS, EC2, IAM, VPC, Amazon Cloudwatch
Tools: MS Visio 2013, MS Office 07/10, Adobe Photoshop 7, VMWARE
Sr. Network Security Engineer
- Firewall policy provisioning on Checkpoint, Fortinet and Palo Alto NGFW and application connectivity troubleshooting through CLI/WebUI
- Designing, configuring and installing Checkpoint security gateways from ground including HA.
- Day to Day operational support for user requests being submitted through HP’S ticketing system HPSM
- Configuration and support of Checkpoint on the new 21000, 13500, 12000 series running GAIA R77.30. Fortinet on the FortiGate 6500F, 3600C, 2000E, 1500D running Forti-OS 5.2,5.4 and Palo Alto NGFW PA-7000, PA-5000, PA-3000 series running PAN 0S-7.x, 8.x.
- Firewall Policy provisioning on PAN devices using Web UI as well as PANORAMA MGMT platform.
- Implement, administer and support of checkpoint security gateways in a Provider-1 environment with multiple CMA’s
- Working on Checkpoint Security Gateways running Gaia Operating system R77.x, R76
- Regular use of Smart-view-tracker, and Checkpoint CLI (to security gateways) for troubleshooting the connectivity issues
- Built and support VRRP / Cluster based HA of Checkpoint firewalls.
- Firewall Policy Optimization for rules, network and service objects and rule base clean up.
- Performing advanced troubleshooting using TCP dump and FW monitor to verify the flow of the traffic in the firewall.
- Experience on configuring PAN HA and Global Protect in Palo Alto Networks
- Performing administrative tasks with Palo Alto Networks (Panorama) including Security, NAT policy definitions, application filtering, URL filtering, file blocking
- Configuring HA on PAN devices for Network Redundancy.
- Experience working with signature-based (IPS/Command and Control/Antivirus), Wildfire, and Layer 7 protocol analysis-based (App-ID) on Palo Alto Pan OS 7.x,8.x devices
- Configuring Content ID module for customizing threat signatures, Data Filtering, DOS protection and App-ID for application visibility and URL Filtering on PA Firewalls.
- Experience working with Forti-Manager for Policy provisioning on multiple firewalls using shared objects and policies.
- Experience working with VDOM and ADOM based on zones on Fortinet environment.
- Experience Working with Forti-Analyzer to securely aggregate log data from Fortinet security appliances to analyze and report for any network threats, inefficiencies and usage
- Configuring and troubleshooting of FortiGate VPN tunnels (SSL and IPsec) with required IP routing.
- Launching EC2 instances, configuring ELB’s and Route 53 to route traffic between different regions on AWS cloud platform.
Sr. Security Engineer
- Firewall Policy provisioning on PAN devices using Web UI, Panorama mgmt platform and Smart Dashboard on Checkpoint security gateways.
- Performing Upgrade on PAN OS on Palo Alto firewalls from 6.x to 7.x
- Upgrading Checkpoint devices from R65 to R71 and to R75 and then from R75 to R75.40 and R76 and then to R77 and R77.30 following the upgrade path recommended by the Checkpoint.
- Implementation and support of Checkpoint blades such as Identity Management IDM, URL Filtering and Threat Emulation.
- Managing state synchronization for High Availability and for Load Sharing in Cluster deployments of Checkpoint Firewalls using VSX gateways
- Converting Checkpoint Security Gateways to VSX Gateways, creating Virtual Gateways and Virtual Systems such as Virtual Routers and Switches.
- Experience in Virtual System Load Sharing (VSLS), resource allocation and management in Checkpoint VSX.
- Day to day work involves reviewing of firewall change requests and allowing the services in the firewall as per the request.
- Configuring ACL access list, NAT and routing on the Checkpoint, Palo Alto firewalls.
- Working with users to identify firewall ports required and provision them the request as per the client's organizational standard through the change management system.
- Troubleshooting the issues with connectivity within the DMZ server zones of the Data center (between application servers, database and web servers).
- Work with PAN Firewalls High Availability in active/passive mode with Configuration/session synchronization.
- Firewall Policy provisioning on PAN devices using Web UI as well as PANORAMA MGMT platform.
- Understanding of Management plane and Data Plane on PAN NG Firewalls
- IPsec VPN Implementation and troubleshooting between various business partners and remote locations. These tunnels were built on Palo Alto Firewalls.
- Building site to site IPSEC VPN tunnels and troubleshooting the VPN tunnel phase by phase using Checkpoint and Fortinet firewalls.
- Experience working with Remote access VPN solutions using Checkpoint, Fortinet and Palo Alto.
- Administering and supporting Bluecoat Proxy devices using the Bluecoat Director.
- Designing and implementing VLAN's and Trunks in Switches, Spanning Tree Implementation and support using PVST, R-PVST.
- Performing daily maintenance, troubleshooting, configuration and installation of network components and participating in weekly meetings
Network Security Engineer
- Install, configure and troubleshoot Checkpoint, Palo Alto and Fortinet Firewalls.
- Firewall policy provisioning and working with users to identify firewall ports while working with business partners to update the B2B VPN encryption domain for any changes to the application access
- ITIL based Change management and ticketing system for all incidents, changes and problem tickets
- Configure Check Point high availability using ClusterXL with active/standby mode of deployment.
- Work in a Multi Domain Security environments with multiple domains.
- Integrate the URL filtering on Checkpoint using Active Directory based group policy assignments.
- Administering policies for both HTTP and HTTPS traffic. URL categorizing and administration of user access based on Active Directory groups.
- Experience working with Global policies and global objects on the MDS environment and manage several hundreds of gateways including DMZ, extranet and perimeter.
- Configuring and troubleshooting FortiGate UTM features like Web-Filtering, Application Control, IPS, Anti-virus and custom IPS signatures.
- Managing policies on Palo Alto firewalls through Panorama Management platform.
- NAT allowing the traffic between various zones of the firewall.
- Converting Security Gateways to VSX Gateways, creating Gateways and Virtual Systems
- Configure Checkpoint ClusterXL on VSX, Virtual System distribution across Cluster
- Resource management and allocation on Checkpoint VSX
- Virtual System Load Sharing (VSLS) on Checkpoint VSX Configuring and tuning IPS blade on Checkpoint firewall.
- Firewall policy optimization and rule base clean up using Tufin Secure Track
- Experience in building and supporting both the Single and Multiple Context Mode Firewalls on Cisco ASA Platform.
- Bluecoat Proxy implementation experience in the complex network environment.
- Experience in implementing the tool to enable the HTTPS web traffic enforcement.
- Troubleshooting Layer 2 and Layer 3 issues in the network connecting to the firewalls.
- Troubleshooting application layer issues such as HTTP / HTTPS / SFTP / SMTP / DNS etc.
- Directly interacting with customers on high visibility and complex technical issues to meet and support the organizational requirements.