Senior Network Security Engineer Resume
SUMMARY:
- I have worked in network field for over eight - years and have done multiple network engineer role as well as security projects, some of which included:
- IPSEC-VPN configuration for data encryption.
- Firewall security policy implementation and monitoring.
- Checkpoint Management server HA for fail-over for network management reliability.
- Checkpoint cluster implementation and configuration including R77 Cluster XL and previous version of checkpoint firewall OS.
- Hands-on experience on migrating from Fortinet, Checkpoint into Palo Alto.
- Ability to work in a provider-1(SMS Virtualization) environment, understanding of MSD operation, MDS HA, CMA HA and MLM/CLM configuration.
- Firewall traffic track using CLI TCP dump and FW monitor for packet capture and packet analysis with tools like Wireshark.
- Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
- Implemented a test lab which comprises other vendor firewall/security appliances such as Palo-Alto, CheckPoint and Fortinet for data security.
TECHNICAL SKILLS:
Check Point Provider - 1, Check Point NGX R65, R75.20(SPLAT), R76-R80(Gaia), Palo Alto Firewall, Fortinet, Static & Dynamic IP Addressing, NAT/PAT. Networking/Protocols: TCP/IP Protocol Suite; VLAN, VLSM, VTP, VPN, SSL VPN, CISCO ACL, RIP, EIGRP, OSPF, DHCP, OSI, Cisco Routers; Cisco Switches, F5, Tufin, Traceroute Tool, Splunk, Solar wind, Proof Point, Qualys, Tripwire, Arc Sight, NetScaler.
PROFESSIONAL EXPERIENCE:
Confidential
Senior Network Security Engineer
Responsibilities:
- Implementation and administration of Check Point and Palo Alto Firewalls & network Management.
- Configure NAT and PAT such as Dynamic, Static, and Manual NAT policies as required for user traffics going out to the internet.
- Identify and remove security policies that are not needed to reduce checkpoint firewall policy lookup.
- Implement and troubleshoot firewall rules in Palo Alto firewalls using Panorama.
- Configured and troubleshoot remote access and site to site VPN using Palo Alto and Check Point firewalls.
- Monitor all users/Firewall traffics using smart view-tracker, TCP Dump and smart view-monitor smart consoles.
- Implementation of Application Identity and control using Palo Alto/Check Point firewalls.
- Deploy Check Point/Palo Alto URL filtering configuration .
- Migration and implementation of Palo Alto Next-Generation Firewall seriesPA-500, PA-3060, PA-5060, PA-7050, PA-7080.
- Migrating checkpoint firewall, Cisco ASA FW to Palo Alto Firewall using Migration tools 3.0
- I have built Panorama M-500 and M-600 from scratch and migrated multiple HA pairs Palo Alto firewalls to Panorama
- Monitor checkpoint VPN tunnel activities with smart view monitor and troubleshoot VPN issues with CLI.
- Perform regular updates, HFAs and patches for firewall when needed for maximum performance.
- Configure IP-SEC VPN, and SSL-VPN (Mobile Access) based for user traffics that needs to be encrypted using Checkpoint.
- Configure URL filtering to enable and/or disable user traffic access to web-sites.
- Configure IPS to prevent malicious traffics using software blades
- Experience with wire data analytics solutions (Splunk, Traceroute tool).
- Encryption detection experience with tools such as Symantec.
- Configure Cortex XDR to completely remove blind spots by incorporating cloud data, endpoint and network to accurately detect attacks and simplify investigations.
- Configured Panorama to forward logs to syslog server, analyse logs through Splunk, configure email alert and Solarwinds for monitoring.
- Strong knowledge on leveraging advanced firewalls features like APP-ID, User-ID, Global Protect, Wild Fire, NAT policies and Security Profiles.
- Strong knowledge working with Endpoint Security solutions such as Symantec Endpoint Protection, AV, DLP, EDR
Confidential
IT Security/Firewall Engineer
Responsibilities:
- Monitor all users/Firewall traffics using smart view-tracker, and smart view-monitor smart consoles.
- Integrates Confidential active directory (LDAP) into checkpoint for identity awareness and user authentication.
- Perform regular updates, HFAs and patches for firewall when needed for maximum performance
- Support Checkpoint migration to new platform for all Business and Data centers in environment.
- Involved in designing and deploying a multitude applications utilizing the AWS stack (Including EC2, Route53, S3, RDS, SNS, SQS, VPC, IAM) focusing on high-availability, fault tolerance, and auto-scaling.
- Monitor all users/Firewall traffics using smart view-tracker, and smart view-monitor smart consoles.
- Implement high-availability configuration for security management server for fail-over.
- Implement and configure clustering system for checkpoint security gateways/Firewalls for fail-over both in load sharing mode and fail-over.
- Configuring rules and maintaining Palo Alto firewalls & analysis or firewalls logs. configured Panorama to manage more than 3000 Palo Alto firewalls using Device group and Template and centralize policy push.
- Regularly gather and document user traffic log information files for information purpose.
- Monitor firewall work-load using smart view-monitor to enhance checkpoint firewall performance.
- Troubleshoot firewall issues through command-line using CLI commands and GUI interface using smart console.
- Configured Global Protect gateway to provide VPN connections for Global Protect agents.
- Regularly perform network assessment to view firewall work-load effect on the network.
- Implement identity awareness using checkpoint software blade to track user activity as company policy demands.
- Periodic policy review to ensure security polices achieves purpose.
- Remotely troubleshoot firewall issues using secure end-end connectivity to prevent network security loops.
- Troubleshoot, Monitor and configure checkpoint firewall issues and other smart console applications using CLI.
- Configure IP-SEC VPN, and SSL-VPN (Mobile Access) based for user traffics that needs to be encrypted using Checkpoint.
- Migrating the policy from Cisco ASA firewall into Palo Alto.
- Perform regular snapshot and revert/backup and restore/upgrade export/ upgrade import services to backup and restore all configuration in-case of disaster recovery.
- Implement DMZ network for inside and outside user access to dedicated DMZ servers for e-mail and other services.
- Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.
Confidential, Alpharetta, GA
Network Security/Firewall Administrator
Responsibilities:
- Install, configure and maintain Check Point R75-R80 Gaia /SPLAT.
- Supported and managed Palo Alto Firewalls PA-7050, PA-5000 on Panorama platform.
- Configure and implementation of zones, interfaces and virtual routers including rules/changes on Palo Alto firewalls.
- Migration of multiple SMC customers to MDS for Check Point (Provider 1).
- Manually migrate all Check Point data configuration to Palo Alto and vice versa.
- Implement and configured firewall rules in Checkpoint Gaia R77.20, R75, R70, VSX and Palo Alto Pa-500, Pa- 3000,5000 series, panorama.
- Configured and troubleshoot issues with VLAN, Inter-VLAN routing, NAT/PAT, Access-List, and IOS Firewall.
- Focusing on high-availability, fault tolerance, and auto-scaling.
- Configure Palo Alto Panorama Console to maintain and control all Infrastructure firewall templates
- Encouraged implementation of physical security to the access of network and security devices.
- Configured network devices to Identify network security loops and implemented ways to mitigate them using STP protocol
- Worked on the migration of Checkpoint to Palo Alto firewalls in one of the environment.
- Configuring, Administering and troubleshooting the Checkpoint Firewalls R61, R65 and R70.
- Encouraged network redundancy for backup of network devices in case of disaster recovery.
- Managed network evaluation, and troubleshoot various network problems.
- Maintained leverage of Routers data processing, Switches bandwidth control through Vlan configuration and routed network with the use of routing protocols.
- Installing & configuring firewalls like Checkpoint NG & NGX R65 and Cisco ASA5520.
- Replaced multiple Cisco clustered PIX firewalls with checkpoint cluster and deployed High Availability for security management server.
- Configured firewall products to suit client's need in addition to already installed other vendor’s security appliance.
- Implement and configured firewall rules Palo Alto Pa-500, Pa- 7000 series, panorama.
- Configured user authentication rules/policies to permit or deny user traffics on role-based access.
- Managed and set up VLANs and deploy new VMware environment.
- Handled the tasks of configuration and deployed wireless solutions.
- Monitored, troubleshoot, configured, and deployed LAN/WAN solution .
Confidential, Atlanta, GA
Network Administrator
Responsibilities:
- Ability to install, manage and troubleshoot wireless network infrastructures, Standalone devices, Virtual Controllers, Campus development, Indoors and Outdoors APs and Cradle points.
- Install, configure and maintain Check Point SPLAT.
- Implemented and troubleshoot firewall rules in Palo Alto firewalls and Check point firewalls.
- Knowledge of wireless Network protocols (802.11a/b/g/n/ac).
- Hands on working knowledge of Cisco and Aruba Access points.
- Working knowledge of setting up and configuration of secured client SSID and Public SSID.
- Ability to configure and push out firmware configuration updates for APs, monitor the process and address mismatch
- Demonstrates technical knowledge of device connectivity issues and replicate poor wireless network problems, VPN set up and reset
- Working knowledge of Airwave Management tools and AMP servers for remote management and troubleshooting client’s wireless networks.
- Delivers a range of technical support services to field engineers for wireless Access point deployments, setups and replacements.
- LAN / WAN Network Configuration, Diagnosis and Troubleshooting.
- Troubleshoot network interface device and hardware devices using appropriate tools
Confidential, Houston, TX
IT Field Engineer
Responsibilities:
- Resolved security issues with Ceridian HR/Accounting system and migrated legacy data to Confidential Excel for auditing.
- Coordinated with telecom providers regarding migration of digital circuits with SWIFT secure monetary transaction service.
- Setup undocumented Digi voice recording system for monitoring and logging of all telephone conversations between customers and bank representatives.
- Modified custom MS Access based Visual Basic application with enhanced functionality to allow the automatic translation of numbers to words and to limit the maximum amount of money a check can be printed with.