SUMMARY

• Highly talented and accomplished IT professional with experience in Network and Security Engineering in designing, deploying, migrating and supporting critical redundant network environments.
• Proven ability to manage all phases of installation, configuration, monitoring and administration of Firewalls and F5 BIG - IP LTM & ASM. Strong Knowledge of data encryption practices, concepts and products, content filtering, WAF, compliance-based security solution, Cisco switching and routing; LAN, WAN, VPN and IPS/IDS configuration and troubleshooting.

TECHNICAL SKILLS

Firewall: Cisco ASA, Palo Alto, Checkpoint, Fortinet and F5 BIG-IP, Symantec-Bluecoat Proxy, Firepower, Zscaler

Networking: Wireshark/TCPView Packet Analysis

Operating Systems: Windows, Linux, Unix

Servers: DNS servers, WINS servers, Mail Servers, Proxy Servers, Application servers, FTP Servers

Monitoring Tools: Splunk, Qualys, Solar winds, Nessus, IPS/IDS, Security Onion (Kibana, Bro, Squert)

Programming Languages: Python, R, JavaScript, T-SQL

PROFESSIONAL EXPERIENCE

Confidential

Sr. Security Engineer

Responsibilities:

• Install, configure, deploy, manage and document firewall infrastructures
• Develop App-ID, User-ID and URL filtering Security policies for critical Applications.
• Provision and install firewalls (Palo Alto, Check Point and Cisco ASA) security policies
• Implement and Manage High Availability (Active-Passive) configuration of 100+ Palo Alto Firewalls via Panorama 9.0.3 for security management reliability
• Configure and maintain IPSEC and SSL VPN on Palo Alto and Check Point Firewalls.
• Perform migration of PAN firewalls, firewall HA Clusters to Panorama Management
• Configure rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Install, configure and maintain F5 hardware, software, devices and appliances in support of infrastructure
• Configure Virtual Server and Load balancing methods in F5 LTM
• Manage, troubleshoot F5 LTM & ASM for the Web Applications/ corporate applications, their speed and availability
• Configure and Administer SSL Inspection rules on Zscaler through Policies (Web and Firewall Insights) for external source to critical applications, also SSL-Bypass for a pre-defined Sites.
• Troubleshoot firewall related incident tickets for multiple customers by diagnosing and resolving Tier3 incidence.
• Configure and monitor IDS/IPS Malware signature Alerts on Palo Alto and Checkpoint Firewalls
• Conduct vulnerability and Security Technical Implementation Guide (STIG) compliance scanning and auditing in support of Information Assurance Vulnerability Management (IAVM) using VMS to report compliance .
• Configure, implement, monitor, and support security software/systems that will help ensure compliance with policies and procedures. This includes but is not limited to SIEM, Next Gen Firewall Management, IDS/IPS Management, Forward and Reverse Proxy Management, Web Application Firewall, Two Factor Authentication, IAS, Internal/External Certificate Authority
• Perform Layer 2-7 in-depth packet-level troubleshooting and debugging for root cause analysis (Wireshark, TCP dump and session debugging)
• Monitor security processes and controls to ensure adherence to PCI-DSS laws and regulations in relation to safe-guarding information.
• Install, configure and manage Security Onion components (Snort, Suricata, Bro, OSSEC, Sguil)
• Monitor events and trends stored in Elasticsearch using Kibana

Confidential

Sr. Network Security Engineer

Responsibilities:

• Optimized existing policies to improve security and performance
• Configured firewall features and/or software blades to secure networks
• Migrate from Cisco ASA and Juniper to Palo Alto Firewall using PAN Expedition tool.
• Implemented High Availability (Active-Passive) configuration for security management reliability
• Managed multiple Palo Alto Firewalls in Active-Passive using Panorama 8.0.3
• Investigation and resolution of 3rd line security support incidents.
• Developed and performed mitigation plan and remediation activities based on the findings to resolve network and system vulnerabilities to meet compliance requirements
• Configured and managed Bluecoat ProxySG to changing the External HTTP (transparent) Proxy Service to intercept All IP addresses on Port 80
• Configured SSL rules on ProxySG through Policies also offloading SSL traffic to an SSL Visibility Appliance
• Supported Bluecoat transparent proxy implementation as component of overall secure web gateway Also integrating web gateway configuration into existing multiple DNS tree structures within Enterprise.
• Provided support in Tufin Management to tracks all policy and networking changes across all platforms providing an accurate and up-to-date view of security across the network.
• Cleaned up unused rules using Tufin reports to reduce the Security Risk and review Firewall rule conflicts and misconfigurations as well as redundant rules.

Confidential

Sr. Network Security Engineer

Responsibilities:

• Designed and Implemented Zone-Based Firewalling and security rules on the Palo Alto Firewall
• Configured URL filtering to enable and/or disable user traffic access to unauthorized websites also, configured and managed IPS and QoS.
• Configured and implemented SSL Inbound inspection to critical applications on Palo Alto Firewall
• Implemented and administered Check Point and Juniper firewalls and Intrusion Detection systems, Blue Coat proxy servers with web content filtering.
• Troubleshot Connectivity between devices using NAPALM and Automate network Changes with Python Library code (Paramiko)
• Configured various advanced features (Profiles, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA) on F5 BIG-IP appliances.
• Participated in on-call support in troubleshooting configuration, installation and connectivity issues
• Performed comprehensive packet analysis using tcpdump on Windows servers
• Establish dedicated connectivity to AWS cloud from Enterprise Datacenter using AWS Direct Connect and to multiple VPCs using AWS Direct Connect Gateway .
• Designed and provisioned HA Cluster-XL Checkpoint R80 Gaia for redundancy.
• Implemented network security for remote access. Tasks includes configuring site to site and clients to site VPN tunnels.
• Configured and administered security rules and policies to permit and/or deny user traffics based on company security policy.
• Configured NAT and HIDE such as Dynamic, Static, and Manual NAT policies as required for user traffics accessing internet.
• Conducted security policy/rule review to identify and remove rules that are not needed to reduce checkpoint firewall policy lookup.

Confidential

Sr. Network Security Engineer

Responsibilities:

• Monitored system and network activity for attack and intrusion
• Responded to information security incidents as needed
• Installed, configured and maintained PA 220, PA 500, PA 3020 and PA 5020
• Assisted with the development and enforcement of information security policies and procedures
• Researched and evaluated security controls and provided recommendations to upper management for their approval
• Configured and provided support for Site to Site IPsec tunnels as well as remote users.
• Developed, maintained, and troubleshot various information technologies security elements in a Linux, UNIX, and Windows environment
• Participated in on-call support in troubleshooting configuration and installation issues
• Performed security scans and updates to support Oracle, and MS SQL Server database system
• Support OS to run various software applications.
• Designed AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates.
• Applied F5 Big-IP virtual edition on AWS cloud for application load balancing
• Provisioned EC2 instances and Created S3 buckets and in addition to managing policies for S3 buckets and utilized S3 buckets and Glacier for storage and backup on AWS.
• Conducted security policy/rule review to identify and remove rules that are not needed to reduce Check Point firewall policy lookup