SUMMARY

• Almost with 9 years of experience as Network Security Engineer in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Strong hands on experience on Confidential Catalyst (3550, 3750, 6500) series switches, Confidential (2500, 2600, 2800, 3600, 3800, 7200) series Routers, ASA Firewall, Load Balancers using F5 LTM/GTM, Confidential ASDM, Confidential Works, HP Open View, Tufin, Firemon, Algosec, Wire Shark, Solar Winds, Sniffer, CheckPoint, Palo Alto Networks Firewall models.
• Extensively worked with Configuration of Network and Security devices such as Confidential routers and switches ( Confidential 7600/3500/Nexus 7K/5K), Firewall (Checkpoint 4000, 5000 with R80.10 and Confidential FWSM), Load Balancers and DNS and IP Manager (Infoblox).
• Experience in layer - 3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K and 2K series.
• Have In-depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIP, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Supported the migration for the global border network of AWS infrastructure: created and troubleshoot automated CR procedure and execute CM for devices between AZs which is connected via BGP/OSPF/MPLS.
• Network connectivity design for AWS and Azure connectivity with best security practice including micro- segmentation, transport encryption and complete Account/VPC/VNET/AZ/Subnet design using AWS Transit Gateway & Transit Hub.
• Ability to work under minimal supervision, adheres to deadlines, and motivated to excel. Strong Knowledge of office365 and Office Tools such as Confidential Word, PowerPoint, Excel and Visio.
• Experience with Bluecoat URL filtering with whitelisting, blacklisting URL’s and content filtering.
• Experience with Zscaler Cloud based web security to manage the corporate web traffic.
• Implemented and managed Zscaler to Web security where allow the access to User based web policy’s.
• Experience in risk analysis, security policy, rules creation and modification of Check Point Firewall VPN-1 FW-1 NGX R65, R70 & R75, R77.30, R80.10 and Provider-1/MDM/MDS.
• Involved in the integration of F5 Big-IP load balancers with CheckPoint firewalls for firewall load balancing and was responsible was troubleshooting and maintenance.
• Have very good experience on Confidential ASA 5520, 5540, 5550 and Confidential ASA 5585 with firepower module.
• Experienced in Migration from Checkpoint and Confidential ASA Firewalls to Palo Alto.
• Involved in configuring Juniper SSG-140, SRX-240, and Confidential ASA 5585.
• Hands on experience with imperva securesphere web applications.
• Daily technical hands-on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with the customer in a service/support environment.
• Experience in configuring all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Worked on configuration of Palo Alto firewalls including Security policies, Application & URL filtering, Data filtering, Threat prevention and File blocking.
• In-depth knowledge in designing, implementing, configuring with best practices on NexGen IDS/IPS Firewalls such as Palo Alto wildfire, Confidential Firepower (Sourcefire).
• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server.
• Managed the security infrastructure of the service provider which includes Confidential ASA’s, PaloAlto Firewalls, Confidential Firepower.
• Provide support and for Tier-3 firewall architecture, which includes Paloalto 3020. 5060, 7000 Series and Confidential ASA 5585-x, Confidential firepower 9300, VMware NSX.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1 and Confidential ASA.
• Working on network design for new next-generation VPN solution, migration from Checkpoint VPN to Pulse Secure VPN from network prospect.
• Knowledge with Ansible for an infrastructure orchestration and automation, installation of the packages using playbooks.
• In-depth knowledge and practical experience working on ACI infrastructure, which includes implementation and documentation of new ACI Fabrics in multiple data centers.
• Knowledge of IP traffic flow, protocol analysis, capturing and monitoring of live traffic streams ACI Operations support and tasks, ACI change types, deploying Leaf Fabrics, Micro segmentations and Troubleshooting.
• Hands on Experience in configuring F5 objects, components and provisioning various modules like LTM & GTM.
• Have experience in Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS.

PROFESSIONAL EXPERIENCE

Confidential, Boston, MA

Network Security Engineer

Responsibilities:

• Configuring and maintaining juniper SRX (1400, 1500, 3600, 5800) and Paloalto (PA- 200, 500, 850, 3020) firewalls which are in production, non-prod and management.
• Perform configuration changes on Checkpoint R77. R80.10 Gaia and Palo Alto on a large scale environment.
• Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS, IPS, proxy (Bluecoat) and firewalls (CheckPoint, ASA, and Paloalto).
• Converted Checkpoint VPN rules over to the Confidential ASA solution.
• Installing and Configuring Confidential ASA 5585 firewall with firepower module.
• Configuration and Maintenance of ASA 5585 firewalls with firepower, 5540, 5525 Firewalls using Confidential Security Manager (CSM).
• Implement and configure security using Palo Alto PA-5000/3000, Confidential 5580/5540/5520 , Checkpoint firewalls with R75, R77.20, and R80.10.
• Worked on firewall cleanup where the wider rules are monitored in Tufin.
• Collected logs from Tufin and added more granular rules before the wider rules.
• Successfully installed Palo Alto PA-3050, PA-5050 firewalls to secure zones of network.
• Install and maintain Palo Alto firewall configuration to protect cardholder data for payment card industry (PCI).
• Managed and configured all Palo Alto PA 3000 series, PA 5000 series, PA 7000 series firewalls.
• Responsible for deploying Palo Alto firewall in cyrus-one datacenter and Azure Environment.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Disabled/Deleted unused and redundant rules on the firewalls.
• Managing Juniper Firewall (SRX) configuration, VPN configuration, configuring Netting, Routing.
• Strong experience on Tufin which is used to monitor traffic and collect logs.
• Implementing rules on Juniper SRX firewall by raising change in Service now to add/delete/disable rules.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
• Respond to emergency outages, disaster recovery and the corporate firewall.
• Experience on Panorama (M-100) used for managing and collecting logs from firewalls.
• Upgraded PA firewalls from older software version to a newer version.
• Identified and removed security policies that are no longer needed to reduce Juniper SRX policy lookup.
• Backup, Restore and Upgrade of Juniper SRX Firewall appliance.
• Working on JunOS, Screen OS firewalls, Juniper netscreen ISG1000, SRX 550, NSM, Palo Alto Networks, Infoblox Grid Manager.
• Configured ACI integration with VMware and Worked on integrating existing Layer 2 and Layer-3 networks with ACI.
• Created different application policies in the ACI including Tenants, Application Network Profile (ANP), End Point Group (EPG), Contracts, and Filters & implemented with distributed systems architecture and their operating systems in addition to network management systems with troubleshooting proficiency with voice and data infrastructure (e.g., Routers, Switches, and VOIP technologies) and network securities (e.g., Firewall, and IDS).
• Configured ACI Policies, Tenants, Bridge Domain, Private Networks, Contracts and Filters.
• Design dynamic failover connectivity (MPLS/IPSec) to AWS by implementing SD-WAN on Fortinet firewall using BGP to/from multiple data centers.
• Configured and troubleshooted issues in Juniper firewall using CLI and NSM.
• Worked on Service now tickets to add/disable/delete rules.
• Implemented and maintaining the Log Gathering tool using Ansible.
• Good Knowledge on JIRA for planning, tracking and managing my projects.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin.
• Handling and troubleshooting on-call break/fix issues along with other teams.
• Troubleshooting issues related to policy push.

Confidential, Raleigh, NC

Security Engineer

Responsibilities:

• Administration & maintain firewalls like checkpoint (5600, 23500, 12200, 13800 of R77.30 & R80.20), Juniper SRX 650, 1400, 3600, Netscreen SSG, NSM & fortimanger (3700D).
• Experience in using firewall technologies such as rules creation, modification and general configuration on different firewalls like checkpoint (R77.30 & R80.20), juniper SRX, Netscreen SSG, Provider-1, VSX, NSM and Fortimanger.
• Configure Syslog server in the network for capturing log's from firewalls.
• Migration of all the PIX firewalls to ASA firewalls. Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, Imperva and ASA firewall
• Design & Implementation of 60+ Fortinet & Confidential ASAv firewalls in On-Perm & AWS for DMZ and Internal VPC on different account along with AWS- Transit Gateway running over IPSec VPN tunnel to On-Perm & Direct Connects.
• Implementing the rules created, deleted or modified on firewalls checkpoint, juniper and FortiGate.
• Strong experience on Splunk to check if the traffic is hitting the firewall which is useful for troubleshooting the connectivity issues.
• Provided tier 3 support for Checkpoint, juniper and fortimanger Firewalls to support customers, Backup and restore of checkpoint and juniper Firewall policies.
• Identifying the impact of firewalls if the change is implemented and taking necessary action before it is implemented.
• Managing the security infrastructure of the service provider which includes Confidential ASA’s, PaloAlto Firewalls, Confidential Firepower, pulse Secure VPN, Zscaler Cloud based web security, Blue Coat.
• Troubleshooting issues on ASA firepower related URL filtering, and IPS.
• Manage and administer Confidential Firepower 9300 with SM-44’s running in ASA mode and Legacy ASA 5k Firewalls
• Managing global policies on firewalls and assigning them to all the policies.
• Creating the change document with all the pre-implementation, implementation, post-implementation, back out and post-back out steps that need to be done for a change.
• Configuring static routes on checkpoint, juniper and fortimanger firewalls.
• Monitoring Traffic and troubleshooting Connections in Checkpoint and juniper Firewall.
• Experience in using Smart Update, User Identity Management and Authentication in Checkpoint Firewall.
• Implementing the changes during the change window time and resolving the connectivity issues.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Configured ACI integration with VMware and Worked on integrating existing Layer 2 and Layer-3 networks with ACI.
• Working with Wire Shark to monitor the network traffic.
• Configured ACI Policies, Tenants, Bridge Domain, Private Networks, Contracts and Filters.
• Identify and remove security policies that are not no longer needed to increase security and performance on Checkpoint Firewall.
• Handling and troubleshooting on-call break/fix issues along with other teams.
• Troubleshooting issues related to policy push.
• Work on tickets in remedy and prepare the firewall change request which is used for knowing the change.

Confidential, Lakeland, FL

Network Security Engineer

Responsibilities:

• Perform configuration changes on Checkpoint R77 Gaia and Palo Alto on a large scale environment.
• Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS, IPS, proxy (Bluecoat) and firewalls (CheckPoint, ASA, and Paloalto).
• Converted Checkpoint VPN rules over to the Confidential ASA solution.
• Implement and configure security using Palo Alto PA-5000/3000, Confidential 5580/5540/5520 , Checkpoint firewalls with R75, R77.20, and R80.10.
• Support Panorama Centralized Management for Palo Alto firewalls to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Juniper, Confidential IDS/IPS and IPSEC/SSL VPN, Load Balancer.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Install and maintain Palo Alto firewall configuration to protect secure data as part of PCI and SOX compliance.
• Perform Checkpoint and ASA firewalls design, integration and implementation of networks.
• Experience in using Smart Update, User Identity Management and Authentication in CheckPoint Firewall.
• Responsible for Checkpoint and Confidential ASA firewall administration across our global networks.
• Configure IP-SEC VPN, and SSL-VPN (Mobile Access) on Check Point Gaia based on user traffics that needs to be encrypted using Checkpoint.
• Worked in a large enterprise level data center supporting more than 1500+ network devices.
• Identified and fixed security and network loop holes in datacenter environment
• Design, Build and Implement various solutions on F5 Load balancers and F5 Global Traffic Managers (GTM), Check Point Firewalls, Blue Coat Proxies.
• Managing static, dynamic and hide NAT rules and address pools for IP filter on Smart Dash board (R77.xx & R80.10.
• Working on Traffic Migration from Confidential ASA firewalls to Juniper SRX and Fortigate.
• Configured ACLs to allow only authorized users to access service.
• Upgrading code on Palo Alto firewalls PA5050/3020 to meet company security policy
• Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080.
• Utilized application groups, SSL decryption, IPS, antivirus, anti-spyware, URL filtering, NAT, Confidential VPN, and the Reporting features.
• Working on setup Confidential ASA 5555-X firewall on IPsec VPN, Palo Alto IPsec VPN and Global Protect VPN, and AWS VPN solution.
• Configure all Palo Alto Networks Firewall models and Panorama to manage large scale Firewall deployments
• Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
• Install and upgrade Bluecoat proxy SG (900, 810 and SG9000 series) and Proxy AV (510,810 and 1400series) Performing firewall optimization using Tufin by removing unused rule, duplicate objects, fully shadowed rules, and disabled rules.
• Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments.
• Troubleshooting access control lists, port securities, server vlans, load balancing and Firewall rules. Creating Virtual IPs on F5 BigIP 6800/3400 series appliance for website.
• Installing the F5 TMOS upgrades/downgrades, Hot-fix installations depending on Business need.
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Confidential IDS/IPS, Wire Shark and IPSEC/SSL VPN, F5 Load Balancer.
• Experience with Tufin Secure Track for Usage report analysis.
• Experience of technologies including: Nexus switches (2k, 5k and 7k).
• Manage third party connections using Confidential ASA Firewalls via CSM.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint NGX, VSX, Provider-1/MDM/MDS, Confidential ASA other security products.

Confidential

Network Support Engineer

Responsibilities:

• Level II Network & Security support team on 24x7.
• Configuration and support Confidential based Routers, Switches and firewalls.
• Experience in security consulting, support and/or engineering, security architecture, planning, design and implementation of Confidential security products
• Basic Firewall Access list configurations and support.
• Primarily responsible for proactive, incident and problem management.
• Configuring switch ports for various Vlans in the network.
• Responsible for designing and securing the entire network for the India operations center, including designing of VLAN, inter VLAN routing, firewall with multiple DMZ's on Confidential PIX Firewalls.
• Confidential CSS Load balancing support for various website hosted at the Data center.
• Layer 2 and Layer 3 support using Confidential routers and Switches
• Built IPSec based Site to Site VPN tunnels between various client locations.
• Frame Relay, T1, multilinking T1, Fractional DS3, WAN troubleshooting.
• Debugging abilities at L1, L2, L3, and L4 protocols in an Internet-centric environment. Troubleshooting Active Directory, DNS, and DHCP related issues.
• Assist internal project teams by determining rules that need to be added to the firewalls and identifying the proper routing and addressing for new devices in managed DMZs
• Trouble shooting Network related problems
• Monitor bandwidth utilization, analyze traffic patterns and volume