SUMMARY

• Experienced Network Security professional with 7+ years of experience in leading and delivering information technology (IT) service and consulting company.
• Extensive experience in designing, implementation, exceptional troubleshooting, support large scale enterprise data centers and remote sites.
• Aligning security architecture, plans, controls, processes, policies and procedures with security standards and operational goals.
• Accountable for installing, implementing and administrating network security, building client relations, business proposals, and engagement delivery.
• Enhanced process compliance postures through operational improvement.
• In depth knowledge of Multi - vendor platforms such as Cisco, Checkpoint, Fortinet, Juniper, Palo Alto Netscreen, Bluecoat (Web/Socks proxy).
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
• Experience in AWS and Azure Direct Connect with high capacity connections between existing IT infrastructure and the AWS cloud, enabling seamless integration and inter-operation of the two infrastructures.
• Deployed firewall rule automation tools such as Tufin and Firemon
• Proficient on the architecture, design and deployment of these Symantec BlueCoat Product solutions- Advance Secure Gateway (ASG/SG) Proxies,Management Center, Reporter and Web Security Services.
• Has mastered Pulse Secure (Juniper) SSL VPN deployment with strong knowledge in at least three major technology areas (networking, authentication, and troubleshooting.
• Experience in deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.

TECHNICAL SKILLS:

Cisco Routers: Cisco L2 & L3 Switches

(1700, 1800, 2500, 2600, 3600, 3800, 7200 and 7600), (2900, 3560, 3750, 4500, 4900, 6500,6800), Nexus: LAN Technologies

Ethernet, Fast Ethernet, and Gigabit Ethernet, SMTP, FTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP: WAN Technologies

MPLS, Frame Relay, PPP: Firewalls

Checkpoint R80.30, R77.30, Juniper Netscreen, Cisco ASA, Pix, Juniper,Fortinet, Palo Alto: OS products/Services

DNS, DHCP, Windows (2000/2003, XP), UNIX, LINUX,: Cloud Networking

AWS (Direct Connect, VPC connectivity), Rackspace (Private Cloud): Protocols/Services

Gateway Load Balancing: Routing Protocols (RIP v1 & v2, OSPF, EIGRP, BGP), HSRP, VRRP.

Network Management Tools: SolarWinds, VPM, Sourcefire, Wireshark, Netflow Analyzer, Cisco Works, Ethereal Web Proxy/ Socks Proxy: Bluecoat, infoblox, F5, Tufin, Kerberos, UTM

Security Server Protocols: TACACS+, RADIUS, DLP, IPS

PROFESSIONAL EXPERIENCE

Confidential

Senior Network Security Engineer

Responsibilities:

• Operate within a global network-security support and engineering team which is responsible for design, installation, support, and upgrading of IT security devices for Axa connections to the internet, third parties, joint ventures acquisition using checkpoint Firewall.
• Understand business requirements, study existing application landscape, design documents such as HLD/LLD of the solutions, and identify redundant systems, conceptualize technical solutions to complex problems and maximize benefits of IT systems investments.
• Participate in third party acquisition considering email, webservices and other key application migration, recommend network design enhancement to improve system availability, performance.
• Maintaining more than 800 checkpoint firewall R77 and R80 including provider-1 and MDS, MLM, Pulse secure gateway, Tufin, monitoring tool, SIEM logs, Proxy, IDS, IPS.
• Experienced on remote access VPN solutions utilizing Pulse secure VPN, Active Directory, Secure ID.
• Managing external domain registration for Axa which includes domain purchase, acquisition, snap order, masking, renewal and maintaining extra sense domain secrecy.
• Deployed separate Pulse Secure Remote Access infrastructure.
• Performed BCP testing for remote locations and data centers device/application.
• Vulnerability assessment report and ensured remediation of the identified issues, patch management, OS upgradation.
• Responsible for the planning, design, implementation, organization and operation of Palo Alto Firewalls based perimeter security network and network security devices including but not limited to 7000, 5000 and 3000 series FW’s. This also involves simultaneously working on the successful engineering, testing and deployment of multiple projects.
• Perform Content Development to properly identify data feeding SIEM’s and correlation of events
• Ownership of the log & data mining service based on the Splunk product including.
• Provide support for DMZ’s creating and developing DMZ designs IDS signatures to meet new and emerging technologies threats.
• Translate connectivity requests/RFC’s in to security policies for internet, DMZ and internal firewalls
• Support the DLP Team with various tasks that are part of establishing a DLP Program and remediation of existing audit issue.
• Support remediation of DLP process and technology gaps identified from various sources as part of the DLP Program establishment effort.
• Experience on Meraki MX firewall used for guest wireless solutions. (Traffic shaping, threat protection, content filtering, splash page)
• SME for Provider-1 and Check Point Installations and upgrades.
• Defined Unified Security policies, updating topologies with the generic devices and zones in tufin.
• Deployed Checkpoint Maestro Hyperscale Orchestrator, defined security groups, aligned firewalls and polices.
• Helped build a new East Coast Disaster Recovery Data Center, including the roll out of a new server platform and a remote management model.
• Participate in Major Incident while join forces with different stakeholders, application team, network, server team other subject matter expert to work together during troubleshooting session to provide resolution around incident.
• Created standard operating procedure (SOP)document and Knowledge base article for known issue.
• Coached, mentored security analyst across multiple level.
• Experience in IT Service Management ITIL process (Incident, Problem, Change and Release management).
• Leads assessment, design and technical implementation activities related to the Bluecoat product platforms.
• Responsible for troubleshooting network issues including boundary protection devices and Bluecoat Proxy Servers
• Working as Cloud Administrator on Confidential Azure, involved in configuring virtual machines, storage accounts, Confidential .
• Managing day to day activity of the cloud environment, supporting development teams with their requirements.

Confidential

Network Security Engineer

Responsibilities:

• Administering IT Network-Security solutions and engaged in managing and providing solutions for data centers services, network security, and infrastructure design services.
• Worked with functional and admin teams to deliver automated workflow solutions in ServiceNow and tufin
• Configured the Cisco ASA firewall in failover mode, troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA
• Implementing and configuring different firewall access rules, routes, NAT, taking firewall configuration backup and maintaining security policies.
• Managing day to day activity of the cloud environment, supporting development teams with their requirements.
• Participated as Team member for migrating Confidential on Amazon Web Confidential (AWS).
• Check Bug/EOL/EOS aspects related with existing IOS and accordingly planned IOS/device upgrade.
• Experience on Cisco Access Control Server (ACS), authentication, authorization and accounting to centrally manage access to network resources.
• Responsible for managing the VPN connectivity for client machines on a Juniper SSL VPN SA 6500
• Working on different client requirements and providing/implementing solutions for remote access using the Juniper SSL VPN integrated with Active Directory and RSA Secure ID Tokens with two-factor authentication.
• Work as an architect to deploy and manage store security solutions - Aruba ClearPass infrastructure, Cisco / PAN VPN, RSA Two Factor Authentication.
• Direct and detailed experience in configuring, implementing, managing, and monitoring Palo Alto Virtual System (Vsys) firewalls using Panorama
• Manage multiple client Confidential office network, (Data, Wireless, and Internet.)
• Configuration and management of CE Routers, LAN switches and access point.
• Configuration of Cisco ACE Load balancer (New creation/addition/deletion of server farm), Cisco Router, switches, Wireless, DMPVN setup.
• Setup scripting of various aspects of Tufin management.
• Worked on Tufin - SecureTrack to optimize firewalls for better performance.
• Creating and Implementing Change Requests following the Change Management process and CAB.
• Configuring security appliances/firewalls to best practice security standards and leverage available security services on UTM devices. Including GeoIP Blocking, IDS/IPS, Content Filtering, etc.

Confidential

Network Security Engineer

Responsibilities:

• Worked as Engineer at Bajaj Allianz client and Data Center Engineer at NCL, Pune.
• Managed Data center and Network devices like Router, Switches, ASA Firewall, WAP, ACS.
• Analyze high profile network attacks/threats.
• Analyze botnets and monitor their activities.
• Discover new zero-day exploits/vulnerabilities.
• Develop protection against network attacks/threats.