OBJECTIVE:

An experienced professional having around 8 + yrs. of professional industry experience as a Firewall/Network Engineer and Seeking for excellent job opportunity to enhance my skills in the field of Network Security. My Area of expertise include Network security and Networking.

SUMMARY:

• Understanding of TCP/IP and OSI Model. Understanding of Router, Switches, inter - networking and intra-networking configuration plus routing protocols like RIP, OSPF, EIGRP, and BGP. Knowledge of NAT/PAT, DNS, PPP, DHCP, WAN, LAN, TCP/IP, OSI Model, STP, Subnetting, MPLS, Telnet & SSH
• Working Knowledge of Active Directory, Windows Server 2016, MS Outlook, MS Office
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether Channel, STP, RSTP and MST, Implementation of HSRP, VRRP for Default Gateway Redundancy
• Responsible for network: routers, switches, WAN and LAN; public DNS and PKI.
• Assist with technical design of security architecture / management of compliance issues for managing, coordinating and monitoring the information collection activities
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP etc
• Headed 24x7 support operation for all internet/intranet/extranet connectivity linking 50+ clients. / led major platform migrations, iOS upgrades and firewall updates/changes
• Administration of Palo Alto Firewall such as 2k, 3k, 5k, VM series, VM 500, VM 700 and implement security profiles on security policies
• Experience with Zscaler Proxy, VPN Technologies, Cisco ISE, Cyber Security, F5 LTM, Azure, VNets, NSG’s, Azure Load Balancer, Express Route, VNet Peering, Cisco ASA Firewall, Palo Alto Firewall
• Managed and contributed to the design, implementation and administration of multiple corporate networks, overseeing all related project execution, capacity planning and system configuration functions
• Deliver niche technology projects such as DLP and forensics to catch and prevent fraud, manage overall operational aspect of DLP.
• Working Knowledge of Firewall interfaces, Zones, Vlans, IPSec Tunnels, QoS, Global Protect, Site to Site VPN, RADIUS, TACACS+, Syslog, LDAP, High Availability, UserID, AppID and Content ID
• Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements
• Advance Knowledge of Security standards and regulations like ISO, HIPAA, CCPA, GDPR
• Understanding and experience with L2-L7 Protocols
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP etc
• Design, Configuration of Network using GNS3 and Packet tracer
• Analysing and Troubleshooting Network issues using Wire Shark
• Working Experience of Microsoft Word, Excel Spreadsheets and Power Point. Understanding of Computer softwares, operating systems installation, peripheral devices and LAN/WAN connectivity issues, Understanding of installation and trouble shooting of Microsoft operating system Vista, Win 7, Win 8 & Win 10

CAREER HISTORY:

Confidential, Greensboro, NC

Network Security Engineer

Responsibilities:

• implementation and deployment of Palo Alto VM series Firewall VM 500 and VM 700 Series in Azure, FW 5220 and 7K Series (in on-premise), Licensing, Configuration of ports, rules, policies, routes to allow or deny traffic
• Connect the firewalls in Panorama (M-100) and management of all firewalls from Panorama
• Import the local rules from firewall to Panorama
• Trouble shoot out of sync issues in Panorama
• Configured Templates and Device Groups in Panorama
• Configured Pre-Rules Post Rules, Pushing configuration to all Firewalls
• Configured High Availability, Security Profiles and Security Policies
• Configured Tunnels, IPsec Site to Site, Global Protect, SSO, GRE Tunnels, AppId, User ID and Wildfire analysis to prevent Zero-Day Attack
• Configured Security Profile Like Vulnerability, Antivirus, AntiSpyWare, URL Filtering, File Blocking etc
• Configured NAT, SNAT and Destination NAT
• Done upgradation of PAN OS 8.1.5 to 9.0.5
• Configured the Global Protect 5.1.1 for secure connectivity to the inside Network
• Configured Packet Buffer Protection, Login Banner, Secure the Management Access using the cert
• Configure the SSL Forward Proxy Decryption Policy to decrypt and inspect SSL/TLS Traffic
• Packet analysis and troubleshooting network issues, dropped, missed packets, slow connections etc
• Configuration of syslog in Firewall and integrating with SIEM tool like IBM QRadar
• Monitoring the Network Traffic for all kinds of activities like system activities, any threat activities, traffic logs etc
• IPS/IDS: Take appropriate action Like block the source/application/ports or make the rules stricter on a Firewall for any malicious behaviour observed in an Enterprise Network
• Enabled the User id feature for providing more visibility to monitor what user is using what IP/Device and what activities
• Highlighted the Risk in an Enterprise Security and provide the solution to overcome that particular Risk
• Conduct security vulnerability assessments including, but not limited to, vulnerability scanning, compliance auditing, impact analysis, and risk assessments. Tools used are Metasploit, Wireshark, rapid 7. Nessus used for port scanning
• Configure advanced system views and reports within the SIEM to prioritize and monitor security events to analyze and mitigate incidents before they evolve
• Protect End point devices from any Backdoor, Virus, Social Engineering, Trojans using Symantec AV
• Monitoring of In and Out traffic on firewalls, Trouble shooting of missing packets, Connectivity issues, ARP Packets and Application incomplete packets etc
• Tunnelling the internet traffic of end user through Zscaler using GRE Tunnel
• Integrating of Firewalls with Cisco ACI-Fabric in one arm deployment architecture
• Configuring policies, Tunnels, Static routing in the Transit firewall in Azure Network
• Prepared the HLD and LLD from the Network Security Perspective
• Provided the protection from any suspicious activities, malware, spyware, virus, brute force attack, phishing, trojans etc
• Configured the Zone Protection, DoS Protection and Secure the Management Access
• Configured the DNS Sink Hole Policy, Inbound and Outbound Block Malicious IP’s Policies to secure the Enterprise Network from any Malicious activities
• Implement and configured the Firewall in Segmented Azure Cloud Network
• Worked on ZScaler Proxy, AAA, Authentication and Authorization through ISE
• Provided the NAC solutions by integrating devices with active directory and Cisco Identity Service Engine
• SSL/TLS decryption, Vulnerability management, DDoS mitigation, Cyber Security & Risk assessment and active threat monitoring
• Configure RADIUS, for Global Protect Users, TACACS+ for Admin Users and Multifactor Authentication
• Migrated the configuration from Check Point Firewall to Palo Alto Firewall using Expedition Tool
• Monitor the Network from Panorama for all kind of malicious or unwanted activities
• Monitor the Tickets or Emails related to all kind of events and ensure the earliest resolution to minimize the impact if any
• Creation of New Virtual Machines Like VM Series Firewalls plus F5 WAF and LTM
• Configure Multiple Virtual Router in Firewall as per the network architecture and customer requirements
• Segmentation of Network in Azure Cloud, Deploy and configure Firewall in different VNets using Template
• Protect the traffic with in the VNets, between the VNets, Between Azure Cloud and Data Centres or Outbound Traffic
• Used the UDR in Azure Cloud to direct the traffic to go through the Firewall for IDS and IPS

Technical Support Engineer

Confidential

Responsibilities:

• Installation of devices (Routers, Switches, IP phones, OS up gradation)
• Designing, Installation, Monitoring and Troubleshooting of LANs
• Configuration and troubleshooting of VLANs
• Responsible to provide VOIP support and Telepresence video conferencing
• Configuration and troubleshooting of IP phones (Cisco 7970, 9951) series
• Configuration of Routing protocols like RIP, EIGRP, OSPF and BGP
• Configuration and troubleshooting of ACL and Network address translation
• Troubleshooting L2/L3 Switching, VLANs and Trunking
• Manage installations, configuration and administration of Cisco equipment in IT architecture of organization.
• Configuring and troubleshooting of routing protocols such as OSPF and EIGRP for effective communication on Cisco 3900, 3800 series routers.
• Installation of image files on new PC’s/ Laptops using Norton ghost software
• Ensure connectivity to all end users within the organization
• Administer and maintain end user accounts, permission and access rights in Active directory
• Troubleshooting end user equipment’s (PC’s, Printers, Laptops)
• Installation, configuration, software installation and troubleshooting of Windows 10
• Desktop support for users (PCs, Laptops, printers Outlook, Ms office 2010, office 365, Ms Windows 7, Win 8, Win 10 & Internet)

Sr. Network Security Engineer

Confidential

Responsibilities:

• Configure Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Deploying, installing and troubleshooting Palo Alto firewall and Panorama
• Provided network Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) management.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Provides updates and upgrades to the Palo Alto Firewall and Panorama devices
• Monitoring multiple security technologies such as, IDS, IPS, Syslog, Firewall & Proxy
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Configured security profiles such as Antivirus, Anti-Spyware, Vulnerability Protection, Wildfire Analysis, Data Filtering, DoS Protection and File blocking
• Configured routes on Palo alto firewalls 3060, 5060, 7050
• Scan packets for Threats, Vulnerabilities, Viruses, Spyware, Malicious URL’s and exploitation Software
• Worked on security tools and software’s like QRADAR
• NMAP is used for the port scanning to detect any open ports etc
• Configured Nat Polices, Security Policies, Decryption Policy, DOS Protection, Routing, APPid
• Configured Site to Site VPN Global Protect, Satellite VPNs, High Availability and UserID
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Zone based (interzone, intrazone) creation of security policies
• Threat monitoring, Traffic monitoring, Alarms logs and Analyse traffic
• Installation of devices (Routers, Switches, IP phones, OS up gradation)
• Designing, Installation, Monitoring and Troubleshooting of LANs
• Configuration and troubleshooting of VLANs
• Worked on AAA, Device Integration with Cisco ISE for Authentication, Authorization and Accounting
• Responsible to provide VOIP support and Telepresence video conferencing
• Configuration and troubleshooting of IP phones (Cisco 7970, 9951) series
• Configuration of Routing protocols like RIP, EIGRP, OSPF and BGP
• Configuration and troubleshooting of ACL and Network address translation
• Troubleshooting L2/L3 Switching, VLANs and Trunking
• Design and development of wired and wireless LAN for customer
• Configuring and troubleshooting broadband equipment
• Configuration of Cisco routers series 3800, 3900, Cisco catalyst switches 3560, 3550, 2950, 2960. Access points(Cisco Aironet 1200, TpLink, D-link, Netgear),

Network Engineer

Confidential

Responsibilities:

• Configuring and troubleshooting multi-customer ISP network environment.
• Involved in network monitoring, alarm notification and acknowledgement.
• Implementing new/changing existing data networks for various projects as per the requirement.
• Troubleshooting complex networks layer 1, 2(frame relay, ATM, Point to Point, ISDN) to layer 3 (routing with MPLS, BGP, EIGRP, OSPF and RIP protocols) technical issues.
• Providing support to networks containing more than 2000 Cisco devices.
• Performing troubleshooting for IOS related bugs by analysing history and related notes.
• Carrying out documentation for tracking network issue symptoms and large scale technical escalations.
• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
• Commissioning and Decommissioning of the MPLS circuits for various field offices.
• Preparing feasibility report for various upgrades and installations.
• Installation and maintenance of new network connections for the customers.
• Configuring all the required devices and equipment for remote vendors at various sites and plants.
• Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
• Installing and maintaining local as well as network printers.
• Implemented 8x8 VOIP solutions on site and run network diagnostics test and network assessment test.
• Validating existing infrastructure and suggesting new network designs.
• Working on creating new load balancing policies by employing BGP attributes including Local Preference, AS-Path and Community, MED.
• Installing and maintaining Windows NT Workstations and Windows NT Server.
• Providing technical support to LAN & WAN systems.
• Monitoring Memory/CPU on various low-end routers in a network.