SUMMARY:

• I have worked in network field for over eight - years and have done multiple network engineer role as well as security projects, some of which included:
• IPSEC-VPN configuration for data encryption.
• Firewall security policy implementation and monitoring.
• Checkpoint Management server HA for fail-over for network management reliability.
• Checkpoint cluster implementation and configuration including R77 Cluster XL and previous version of checkpoint firewall OS.
• Hands-on experience on migrating from Fortinet, Checkpoint into Palo Alto.
• Ability to work in a provider-1(SMS Virtualization) environment, understanding of MSD operation, MDS HA, CMA HA and MLM/CLM configuration.
• Firewall traffic track using CLI TCP dump and FW monitor for packet capture and packet analysis with tools like Wireshark.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Implemented a test lab which comprises other vendor firewall/security appliances such as Palo-Alto, CheckPoint and Fortinet for data security.

TECHNICAL SKILLS:

Check Point Provider - 1, Check Point NGX R65, R75.20(SPLAT), R76-R80(Gaia), Palo Alto Firewall, Fortinet, Static & Dynamic IP Addressing, NAT/PAT. Networking/Protocols: TCP/IP Protocol Suite; VLAN, VLSM, VTP, VPN, SSL VPN, CISCO ACL, RIP, EIGRP, OSPF, DHCP, OSI, Cisco Routers; Cisco Switches, F5, Tufin, Traceroute Tool, Splunk, Solar wind, Proof Point, Qualys, Tripwire, Arc Sight, NetScaler.

PROFESSIONAL EXPERIENCE:

Confidential

Senior Network Security Engineer

Responsibilities:

• Implementation and administration of Check Point and Palo Alto Firewalls & network Management.
• Configure NAT and PAT such as Dynamic, Static, and Manual NAT policies as required for user traffics going out to the internet.
• Identify and remove security policies that are not needed to reduce checkpoint firewall policy lookup.
• Implement and troubleshoot firewall rules in Palo Alto firewalls using Panorama.
• Configured and troubleshoot remote access and site to site VPN using Palo Alto and Check Point firewalls.
• Monitor all users/Firewall traffics using smart view-tracker, TCP Dump and smart view-monitor smart consoles.
• Implementation of Application Identity and control using Palo Alto/Check Point firewalls.
• Deploy Check Point/Palo Alto URL filtering configuration .
• Migration and implementation of Palo Alto Next-Generation Firewall seriesPA-500, PA-3060, PA-5060, PA-7050, PA-7080.
• Migrating checkpoint firewall, Cisco ASA FW to Palo Alto Firewall using Migration tools 3.0
• I have built Panorama M-500 and M-600 from scratch and migrated multiple HA pairs Palo Alto firewalls to Panorama
• Monitor checkpoint VPN tunnel activities with smart view monitor and troubleshoot VPN issues with CLI.
• Perform regular updates, HFAs and patches for firewall when needed for maximum performance.
• Configure IP-SEC VPN, and SSL-VPN (Mobile Access) based for user traffics that needs to be encrypted using Checkpoint.
• Configure URL filtering to enable and/or disable user traffic access to web-sites.
• Configure IPS to prevent malicious traffics using software blades
• Experience with wire data analytics solutions (Splunk, Traceroute tool).
• Encryption detection experience with tools such as Symantec.
• Configure Cortex XDR to completely remove blind spots by incorporating cloud data, endpoint and network to accurately detect attacks and simplify investigations.
• Configured Panorama to forward logs to syslog server, analyse logs through Splunk, configure email alert and Solarwinds for monitoring.
• Strong knowledge on leveraging advanced firewalls features like APP-ID, User-ID, Global Protect, Wild Fire, NAT policies and Security Profiles.
• Strong knowledge working with Endpoint Security solutions such as Symantec Endpoint Protection, AV, DLP, EDR

Confidential

IT Security/Firewall Engineer

Responsibilities:

• Monitor all users/Firewall traffics using smart view-tracker, and smart view-monitor smart consoles.
• Integrates Confidential active directory (LDAP) into checkpoint for identity awareness and user authentication.
• Perform regular updates, HFAs and patches for firewall when needed for maximum performance
• Support Checkpoint migration to new platform for all Business and Data centers in environment.
• Involved in designing and deploying a multitude applications utilizing the AWS stack (Including EC2, Route53, S3, RDS, SNS, SQS, VPC, IAM) focusing on high-availability, fault tolerance, and auto-scaling.
• Monitor all users/Firewall traffics using smart view-tracker, and smart view-monitor smart consoles.
• Implement high-availability configuration for security management server for fail-over.
• Implement and configure clustering system for checkpoint security gateways/Firewalls for fail-over both in load sharing mode and fail-over.
• Configuring rules and maintaining Palo Alto firewalls & analysis or firewalls logs. configured Panorama to manage more than 3000 Palo Alto firewalls using Device group and Template and centralize policy push.
• Regularly gather and document user traffic log information files for information purpose.
• Monitor firewall work-load using smart view-monitor to enhance checkpoint firewall performance.
• Troubleshoot firewall issues through command-line using CLI commands and GUI interface using smart console.
• Configured Global Protect gateway to provide VPN connections for Global Protect agents.
• Regularly perform network assessment to view firewall work-load effect on the network.
• Implement identity awareness using checkpoint software blade to track user activity as company policy demands.
• Periodic policy review to ensure security polices achieves purpose.
• Remotely troubleshoot firewall issues using secure end-end connectivity to prevent network security loops.
• Troubleshoot, Monitor and configure checkpoint firewall issues and other smart console applications using CLI.
• Configure IP-SEC VPN, and SSL-VPN (Mobile Access) based for user traffics that needs to be encrypted using Checkpoint.
• Migrating the policy from Cisco ASA firewall into Palo Alto.
• Perform regular snapshot and revert/backup and restore/upgrade export/ upgrade import services to backup and restore all configuration in-case of disaster recovery.
• Implement DMZ network for inside and outside user access to dedicated DMZ servers for e-mail and other services.
• Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.

Confidential, Alpharetta, GA

Network Security/Firewall Administrator

Responsibilities:

• Install, configure and maintain Check Point R75-R80 Gaia /SPLAT.
• Supported and managed Palo Alto Firewalls PA-7050, PA-5000 on Panorama platform.
• Configure and implementation of zones, interfaces and virtual routers including rules/changes on Palo Alto firewalls.
• Migration of multiple SMC customers to MDS for Check Point (Provider 1).
• Manually migrate all Check Point data configuration to Palo Alto and vice versa.
• Implement and configured firewall rules in Checkpoint Gaia R77.20, R75, R70, VSX and Palo Alto Pa-500, Pa- 3000,5000 series, panorama.
• Configured and troubleshoot issues with VLAN, Inter-VLAN routing, NAT/PAT, Access-List, and IOS Firewall.
• Focusing on high-availability, fault tolerance, and auto-scaling.
• Configure Palo Alto Panorama Console to maintain and control all Infrastructure firewall templates
• Encouraged implementation of physical security to the access of network and security devices.
• Configured network devices to Identify network security loops and implemented ways to mitigate them using STP protocol
• Worked on the migration of Checkpoint to Palo Alto firewalls in one of the environment.
• Configuring, Administering and troubleshooting the Checkpoint Firewalls R61, R65 and R70.
• Encouraged network redundancy for backup of network devices in case of disaster recovery.
• Managed network evaluation, and troubleshoot various network problems.
• Maintained leverage of Routers data processing, Switches bandwidth control through Vlan configuration and routed network with the use of routing protocols.
• Installing & configuring firewalls like Checkpoint NG & NGX R65 and Cisco ASA5520.
• Replaced multiple Cisco clustered PIX firewalls with checkpoint cluster and deployed High Availability for security management server.
• Configured firewall products to suit client's need in addition to already installed other vendor’s security appliance.
• Implement and configured firewall rules Palo Alto Pa-500, Pa- 7000 series, panorama.
• Configured user authentication rules/policies to permit or deny user traffics on role-based access.
• Managed and set up VLANs and deploy new VMware environment.
• Handled the tasks of configuration and deployed wireless solutions.
• Monitored, troubleshoot, configured, and deployed LAN/WAN solution .

Confidential, Atlanta, GA

Network Administrator

Responsibilities:

• Ability to install, manage and troubleshoot wireless network infrastructures, Standalone devices, Virtual Controllers, Campus development, Indoors and Outdoors APs and Cradle points.
• Install, configure and maintain Check Point SPLAT.
• Implemented and troubleshoot firewall rules in Palo Alto firewalls and Check point firewalls.
• Knowledge of wireless Network protocols (802.11a/b/g/n/ac).
• Hands on working knowledge of Cisco and Aruba Access points.
• Working knowledge of setting up and configuration of secured client SSID and Public SSID.
• Ability to configure and push out firmware configuration updates for APs, monitor the process and address mismatch
• Demonstrates technical knowledge of device connectivity issues and replicate poor wireless network problems, VPN set up and reset
• Working knowledge of Airwave Management tools and AMP servers for remote management and troubleshooting client’s wireless networks.
• Delivers a range of technical support services to field engineers for wireless Access point deployments, setups and replacements.
• LAN / WAN Network Configuration, Diagnosis and Troubleshooting.
• Troubleshoot network interface device and hardware devices using appropriate tools

Confidential, Houston, TX

IT Field Engineer

Responsibilities:

• Resolved security issues with Ceridian HR/Accounting system and migrated legacy data to Confidential Excel for auditing.
• Coordinated with telecom providers regarding migration of digital circuits with SWIFT secure monetary transaction service.
• Setup undocumented Digi voice recording system for monitoring and logging of all telephone conversations between customers and bank representatives.
• Modified custom MS Access based Visual Basic application with enhanced functionality to allow the automatic translation of numbers to words and to limit the maximum amount of money a check can be printed with.