- Result oriented Network Security Engineer with 9 years extensive hands - on experience in Network and Security products, troubleshooting and customer support with in-depth knowledge of Cloud Networking, Checkpoint, Palo Alto, Cisco ASA, IPS/IDS, Cisco ISE, Blue Coat Proxies, F5 Load Balancers, IPSEC VPN, VMware and AWS.
Networking: TCP/IP, VLAN, VXLAN, VTP, STP, EIGRP, OSPF, BGP, IS-IS, MPLS, NAT, IPsec, DMVPN, DHCP, DNS, RAID, HTTP, Juniper SSG, F-5 Load Balancer Juniper SRX, Checkpoint, Cisco ASA, Palo Alto, Palo-Alto Management-Panorama, Fortinet VPN, UTM, IPS, IDS, RADIUS, Cisco ASA (all models), Palo Alto (All Models), Checkpoint (R80.10, R77.30, SPLAT, GAIA, MDS, VSX, Cluster XL) Cisco 1841,2500, 2800,3845, ASR, Catalyst 1900, 2950, 2960, 3500, 3750G, Nexus 5k, 7k, Routers, Switches, Wireless, Ethernet, Fast Ethernet, Gigabit Ethernet, F5 LTM, GTM, Blue Coat Proxy, Panorama, NSM, CSM.
Virtualization: AWS, Docker, Kubernetes, Google Cloud, VMWare, VirtualBox
Networking Tools: Netact, LSM, BSM, TEMS, XCAL, Wireshark, GNS3, Cacti, Cisco IOS, Secure CRT, Algosec, Tufin, Cisco works, Solar Winds, Splunk, IBM Qradar
Cloud Technologies: Kubernetes, Docker Containers, AWS, Microsoft Azure
Virtualization and Hypervisors: VMware vSphere, MS Hyper-V, KVM
Tools: GNS3, Wireshark, Cisco Packet Tracer, Putty, VMWare Workstation, Oracle VM VirtualBox
Automation: Python, Ansible
Operating System: Linux, Windows
Data presentation and analysis: PowerPoint, Microsoft Excel, MapInfo and Cockpit
Confidential, Memphis, TN
Network Security Engineer
- Perform configuration changes on Checkpoint R77 Gaia, R80.10 and Palo Alto on a large scale environment.
- Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS, IPS, proxy (Bluecoat) and firewalls (CheckPoint, ASA, and Paloalto).
- Converted Checkpoint VPN rules over to the Cisco ASA solution.
- Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA-3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
- Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Juniper, Cisco IDS/IPS and IPSEC/SSL VPN, Load Balancer.
- Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
- Install and maintain Palo Alto firewall configuration to protect secure data as part of PCI and SOX compliance.
- Perform Checkpoint and ASA firewalls design, integration and implementation of networks.
- Experience in using Smart Update, User Identity Management and Authentication in CheckPoint Firewall.
- Responsible for Checkpoint and Cisco ASA firewall administration across our global networks.
- Configure IP-SEC VPN, and SSL-VPN (Mobile Access) on Check Point Gaia based on user traffics that needs to be encrypted using Checkpoint.
- Worked in a large enterprise level data center supporting more than 1500+ network devices.
- Identified and fixed security and network loop holes in datacenter environment
- Design, Build and Implement various solutions on F5 Load balancers and F5 Global Traffic Managers (GTM), Check Point Firewalls, Blue Coat Proxies.
- Upgrading code on Palo Alto firewalls PA5050/3020 to meet company security policy
- Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080.
- Utilized application groups, SSL decryption, IPS, antivirus, anti-spyware, URL filtering, NAT, Microsoft VPN, and the Reporting features.
- Working on setup Cisco ASA 5555-X firewall on IPsec VPN, Palo Alto IPsec VPN and Global Protect VPN, and AWS VPN solution.
- Configure all Palo Alto Networks Firewall models and Panorama to manage large scale Firewall deployments
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
- Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
- Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
- Install and upgrade Bluecoat proxy SG (900, 810 and SG9000 series) and Proxy AV (510,810 and 1400series) Performing firewall optimization using Tufin by removing unused rule, duplicate objects, fully shadowed rules, and disabled rules.
- Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments.
- Troubleshooting access control lists, port securities, server vlans, load balancing and Firewall rules. Creating Virtual IPs on F5 BigIP 6800/3400 series appliance for website.
- Installing the F5 TMOS upgrades/downgrades, Hot-fix installations depending on Business need.
- Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN, F5 Load Balancer.
- Experience with Tufin Secure Track for Usage report analysis.
- Experience of technologies including: Nexus switches (2k, 5k and 7k).
- Manage third party connections using Cisco ASA Firewalls via CSM.
- Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint NGX, VSX, Provider-1/MDM/MDS, Cisco ASA other security products.
Confidential, Phoenix, AZ
Sr Network Security Engineer
- Implementing security Solutions using Palo Alto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
- Worked on Juniper SRX Versions 300, 3400, 3600, 220 implementing new and additional rules on the existing firewalls for a server refresh project.
- Responsible for all Juniper SRX firewalls consisting of SRX 3560, 1400, 550. Using CLI and/or Junos Space Security Director for management. Install, upgrade, troubleshoot, design, etc
- Responsible for Check Point to Palo Alto Migration and Palo Alto, ASA and Checkpoint firewalls configuration and administration across global networks.
- Implemented Check Point to Palo Alto Migration by using Expedition tool
- Implementing security Solutions using Palo Alto Pa-5000/3000.
- Experience in designing and assisting in deploying enterprise wide network security and high availability solutions for Palo Alto and ASA
- Plan and designing of corporate Firewalls architecture by implementing it in distributed Planning environment.
- Provide support for 2Tier and 3Tier firewall architecture, which includes various Checkpoint R80 Gaia, Cisco ASA firewalls and Palo Alto firewalls.
- Configuration of Palo Alto Next-Generation Firewall mainly VSYS per client topology and working on User-ID, App-ID.
- Research, recommend and leverage new features supported by Palo Alto networks, including User-ID, Autofocus and Global protect.
- Analyze and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV) and other security threat data sources.
- Expertise in VPN configuration, routing, NAT, access-list, Security contexts, and failover in ASA firewalls.
- Actively responsible for upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Implemented Site-to-Site VPNs between ASA Firewall and Router
- Established IPSec VPN tunnels between branch offices and headquarter using Palo Alto Firewall
- Maintaining Corporate Firewalls & Analysis of firewall logs.
- Used security groups, network ACL's, internet gateways and route tables to ensure a secure zone for organization in AWS public cloud.
- Used IAM for creating roles, users, groups and also implemented MFA to provide additional security to AWS account and its resources.
- Performed Troubleshooting and monitored routing protocols such OSPF, EIGRP & BGP.
- Configured ACL & NAT through CLI.
- Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 and Cisco 3550/4500/6500 switches in multi VLAN environment.
- Maintenance of the whole network and troubleshooting the network issues for efficient performance.
- SPLUNK SIEM tool: Using SIEM / Syslog (SPLUNK) for troubleshooting purpose including rule tracing, port or protocols analysis and troubleshooting. Creating own dashboard to monitor / generate reports using SPLUNK. Real time troubleshooting using SIEM logs.
- Installed high availability Big IP F5 LTM, GTM and ASM Load balancers to provide uninterrupted service to customers.
- Hands on knowledge/experience on F5 Load balancers, its methods, Implementation and troubleshooting on LTMs and GTMs.
- Used Fire Eye to scan the servers for any vulnerabilities and work with server team to mitigate them.
- Creating Virtual Servers, Nodes, Pools and I Rules on BIG-IP F5 in LTM module.
- Supported Infoblox appliances grid environment for DNS, DHCP and IP Address Management tools (IPv4).
- Managing AD, DHCP, DNS and Print Services for end client for different projects
- Set up Internet, implementing Networking products like Servers, Proxy servers, Switches, Firewalls, Routers.
- Analyze IP data using industry standard tools i.e. Wireshark, SolarWinds.
- Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems
- Created Documentation by using word Excel, PowerPoint and Visio
- Planning, Designing & Implementing VPN connections using site-to-site VPN’s.
- Maintaining and providing Level 2 and Level 3 technical supports for all network related issues and providing the requirements of the customer by interacting with the customer on daily basis via email and phone.
- Responsible for managing and configuring Layer 2 and layer 3 devices for customer’s network.
- Configuring and troubleshooting QOS, Vlan, Spanning Tree, VTP, HSRP and Trunking.
- Making configuration change recommendation for routers, switches and firewalls.
- Managing and working with VPNs within the organization and to third-party entities.
- Performing an analysis of source host and destination path by tracing it through the network router and switches as well as the firewalls it passes.
- Attending the managerial and Technical meetings to discuss the current progress of the project.