SUMMARY

• Cisco and Palo Alto Certified with 8+ years of experience as a Network Administrator/ Security specializing in Cisco devices, Network security, Firewalls and VPNs, Cisco Routers, LAN/WAN connectivity & TCP/IP.
• Checkpoint firewall implementation and configuration including R80, R77 and previous version of checkpoint firewall OS.
• Hands - on configuration and operational experience working on Juniper Net Screen (ISG), SRX, Checkpoint Firewalls (Nat policies, VPN Configurations, policies) in both standalone and HA mode.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience in working with Cisco 5500-X Firepower and Cisco Sourcefire IPS & FireEye.
• Experienced on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200.
• Expertise in Design, Installation & configuration of Palo Alto & Checkpoint Provider Environment.
• Experience with Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Proficiency in installing and configuring Nexus 2248, 5000 and 7000 series switches.
• Experience in the setup of HSRP, Access-Lists, and RIP, EIGRP, and tunnel installations.
• Proficient in setting up IT infrastructure including wide area networks (WAN) / local area networks (LAN), security management systems & networking devices administration.
• Proficient in configuration of routing protocols like RIP, IGRP, EIGRP, OSPF multiple areas and BGP.
• Particular strengths include team spirit, the ability to learn new concepts and quest for knowledge, excellent communication and interpersonal skills.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols on Palo Alto firewall as well as cisco ASA and checkpoint.
• Worked on migration from legacy PIX to new Cisco ASA appliances, ASA to Paloalto firewalls.
• Experience with Blue Coat URL filtering with whitelisting and blacklisting URL, creating rules for content filtering.
• Proficiency in the following: Cisco Routers 3800, 7200, 7600 series / Catalyst Switches 2950, 3550, 3560, 3750, 5500, and 6500 Series running Cisco CatOS or Cisco IOS, Nexus 2K, 3K, 5K, 7K running NX-OS.
• Configuring and implementing Routed and routing protocols including: TCP/IP, RIP, OSPF, EIGRP, BGP, VRRP and HSRP.
• Experience on Network tools like Solarwinds Orion, SPLUNK, IBM Qradar, SIEM, Netscout, HPSM, Remedy, Service Now, Tufin, Algosec, Firemon, Easy-IP, Cyber Ark, HPNAS, Meraki Wireless, Wireshark, Packet Tracer, Tacacs+, Radius, ISE, NAC, ACS, and ITIL process.
• Ensure Firewall Policy compliance for standards including PCI, SOX auditing and rule base remediation.

PROFESSIONAL EXPERIENCE

Confidential, Richardson, TX

Firewall Engineer

Responsibilities:

• Expertise with Design, Engineer, Deployment and administration of Firewalls, Security devices
• Deployment of Palo Alto 5060’s, 3020, and Panorama to administration
• Administration of Palo Alto Firewall and Panorama firewall management tool to administer Palo Alto 5050, & 5250 device groups.
• Deployment of Palo Alto Firewall VM’S in on Servers Deployment of Palo Alto Firewall’s on AWS cloud.
• Configure and troubleshoot IPSEC VPN form Site to Site with Cisco, Palo Alto, and Checkpoint Devices as peer. Configuring and troubleshoot Global protect SSL VPN for Work from Home Users on Palo Alto
• Configuring Security Policies, NAT polices for Access control, inter zone connectivity, External Access on Palo Alto Firewall. Experience with Palo Alto Global protect VPN and cloud service
• Deployment and administration of Fortinet Firewalls
• Administration with Of Fortigate Firewalls with tools such as Forti Analyzer, Forti Manager
• Experience with Automation. Automation of large number network appliance of tasks for Multiple Vendors using Ansible
• Experience with Deployment of Firewalls on AWS
• Experience with AWS, VPC, NAT’s, networking on Cloud, Troubleshoot issues leveraging VPC flow logs and researched Security incidents, alerts based on QRadar Network Flow and Log Activity.
• Analyze and review data from SIEM - Qradar for suspicious activity and trigger alerts to the concerned teams and applying rules and Building Blocks to SIEM
• Dedicated security monitoring and analysis of cyber security events (Triage) of tracking phishing URLs, and emails and deep dug investigations.
• Investigating logs and payloads for server crashes/core dumps, DDoS attacks, SQL/XSS, SPAM, etc.
• Administered Cylance Antivirus and Cylance Endpoint Protection across the entire network to include removal of viruses, update of definitions, pushing upgrades, managing accounts and configuring policy settings.
• Experience with Bluecoat (Proxy/Reverse Proxy), Zscaler,
• Experience with Zscaler for Url Filtering. Connected to Hotspot with Zscalar Cloud
• Configure Zscalar Security Policies to protect user and company devices based on security Policies
• This includes developing customized signatures, enterprise content filtering, or firewall ACL change recommendations.
• Administered Malware Bytes across the entire network to include removal of viruses, update of definitions, pushing upgrades, managing accounts and configuring policy settings
• Monitor and analyze data feeds of events and logs from firewalls, routers, and other network devices or host systems for security violations and identify vulnerabilities.
• Responsible for performing periodic Vulnerability assessment (VA) as per the security policy and standards.
• Actively used NMAP for port scanning and made sure only appropriate ports are in use.
• Actively researched on any security gaps that are beyond the ability of detection by any security scanner.

Confidential, Irving,TX

Network Security Engineer

Responsibilities:

• Managing Firewall products - Checkpoint Appliance 2200, 12k and 15k Gateways, Provider-1 and VSX environment. (R77.30) and ASA environments.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Responsible for troubleshooting network, VPN and firewall problems, specifically Palo Alto and perform other duties as assigned.
• Assisted with PaloAlto NG Firewall implementation and switch from Checkpoint Firewall.
• Conducting vulnerability assessments with Nexpose, Nessus, IBM App Scan, IBM Qradar.
• Successfully upgraded R77.20 to R77.30 in production environment.
• Working on day to day firewall management activities like looking into troubleshooting tickets and firewall rule change requests.
• Escalated issues and results to senior team members for review and further escalation to Vulnerabilities,
• Design and implement two -form factor VPN authentication using RSA security and Citrix Netscaler Gateways.
• Cisco ACS server for authentication, authorization, and accounting on network devices.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS),
• Monitor network performance of Citrix Web Application Firewalls, Tipping Point IDS/IPS, Bluecoat Web Proxies and F5 Load balancers with bank security tower.
• Worked on Tufin secure track to clean up the unused policies.
• Use Sourcefire Next Generation Intrusion Prevention System (IPS/IDS), FireEye and Q1 Radar (SIEM) to monitor for suspicious network traffic.
• Directs audits of the Amazon Web Services (AWS) Cloud infrastructure to maintain, Configuration compliance between disjointed regions.
• Firewall as well as virtualization of firewall, both VSX and VSYS.
• Management of the Security Operations Center, Including strategic and tactical direction as well as support f the entire MSS portfolio including: IDS/IPS, Proxy, Firewall, DNS, FireEye, Qualys, SIEM, DNS, Network
• Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• PANDB migration and code upgrades for Palo Alto Firewall.
• Worked on Source fire for application control, malware detection and URL filtering.
• Configured and managed policies on Palo Alto firewalls using Panorama GUI.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions

Confidential, Memphis, TN

Network Support Engineer

Responsibilities:

• Supporting and troubleshooting Checkpoint (R77.10 Gaia, R77, R76, Provider-1, MDM/MDS, VSX, SPLAT and IPSO) and Cisco firewall (ASA 5550, 5540, 5520, PIX 525, 535, CSM and ASDM) technologies.
• Migration and implementation; new solutions with Palo Alto Next-Generation Firewall series PA-500, PA-3060 and PA-5060.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Configured Juniper SRX and SSG firewalls using NSM and via CLI.
• Adding zone based rules in Juniper SRX and SSG NetScreen firewalls as per client requirements.
• Experience on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
• Extracted the logs, Perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
• Performing packet captures using TCPDUMP, fw monitor, Snoop, wireshark and other network monitoring tools.
• Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker)
• Prepared engineering documents and network diagrams in Microsoft Visio.
• Troubleshoot and hands on experience on security related issues on Checkpoint R75, Cisco ASA and Juniper Net screen firewalls.
• Involved in large firewall configuration, deployments, and implantation rollouts for several company's security needs including SSL VPN tunnels.
• Administering multiple Firewall of Juniper SRX and SSG Netscreen in a managed distributed environment. Fulfilling routine change requests of Screen OS Firewall and resolving trouble tickets, maintain and monitoring firewalls.
• Worked on the conversion of Juniper SSG to SRX firewalls.
• Creating MOPs (Method of Procedure) and Provided On-call support to Clean-up the changes in configuration on migrated Cisco routers.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers
• Experience with Firewall Administration, Rule Analysis and Rule Modification on cisco ASA 5540, 5585.
• Responsible for Cisco ASA firewall administration across our networks.
• Co-ordinate with the Data Network and Security team and come up with possible solutions.
• Provide solutions to Tier 1/2 escalated issues and tickets.
• Implementation and configuration of F5 Big-IP LTM-6400 load balancers
• Configuring and resolving various OSPF issues in an OSPF multi area environment,
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
• GRE tunneling & Site-to Site VPN configuration between other two sites in USA.

Confidential, Houston, TX

Network Engineer

Responsibilities:

• Configuration of Cisco routers 3700 series, 3800 series, 7200 series, 7600 series and Cisco Catalyst series switches 2960, 3750, 3560, 6500 at central and remote locations.
• Worked with cross-functional teams from requirements gathering to deployment. Identified technical requirements and developed work-flow charts and diagrams.
• Configured, tested, troubleshoot and maintained network connectivity in a LAN/WAN environment and IT services running routing protocols on Cisco devices.
• Managed and configured DHCP, DNS, Antivirus, and backups, Provided escalated IT support, hardware troubleshooting, backup and recovery, email communication and application support.
• Configure and support of standard routing protocols also implemented ACLs and NAT on Cisco core switches.
• Implement, configure and troubleshoot VPN's and Secure Remote related issues.
• Implementation, support and trouble-shooting of VLANs including operational knowledge of Spanning Tree Protocol (STP), VLAN trucking, inter-VLAN routing and 802.1Q.
• Deploying and decommissioning Cisco switches and their respective software upgrades.
• Implementing & managing Symantec Data Loss Prevention, also responsible for data loss incident investigation and remediation.
• Finding out the false positive offenses, modifying the rules to ignore the legitimate traffic and reducing the offence count