SUMMARY

• Network Security Professional with experience in researching, implementing and administering network security solutions. Skilled in supporting and troubleshooting operational issues related to network security Infrastructure.
• Designing, Implementation and Operations of enterprise data networks as Network Security Administrator.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud - based) process that does not impact stream processing.
• Experience in installing, configuring and troubleshooting of Checkpoint, Palo Alto and Fortigate firewalls.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Collaborated Palo Alto Application with the Splunk for advanced security reporting and analysis.
• Experience in site to site VPN configurations using Cisco ASA 5500 series firewalls
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
• Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
• Worked on network topological and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, and Switches.
• Experience in site to site VPN configurations using Cisco ASA 5500 series firewalls
• Fortinet Firewall administration configuration of FortiGate 3000 series as per network diagram
• Analyzing of the rule traffic and usage reports using Fort Analyzer, configuring the Site to Site VPN for the remote Fortinet firewalls.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
• Experience with Bluecoat Proxy servers, LAN & WAN management.
• Excellent working knowledge of TCP/IP protocol suite and OSI layers.
• Performing network monitoring, analysis using various tools like Wireshark, & Solarwinds, Dynatrace, Extrahop tool helped for tracking root cause problems.
• Collect and analyze test device logs using Wireshark, logcat, and tcpdump for setup and test Pass/Fail verification
• Used Wireshark to troubleshoot servers that were impacted due to vulnerability data to block the proper ports during vulnerability scan to minimize impact such as air flight delays & Tested for the encryption.
• Worked with the Audit team by using AlgoSec tool to analyze firewall and automating the auditing and analysis of firewalls, routers, VPNs and other security devices.
• Part for Risk Management Team for reviewing the Technical documentationits procedures and Standards.
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.

PROFESSIONAL EXPERIENCE

Routers 1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200.: Cisco Switches: 2900, 3500, 4000, 4500, 5000, 5800, 6500, Nexus 2k, 3k, 5kand 7k, MSFC, MSFC2.

Routing Protocol ( BGP, OSPF, EIGRP, IGRP, IGMP, RIP), Routed Protocol TCP/IP, Multicasting (PIM).: WAN Technology: Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3,MPLS

Operating systems Linux, UNIX, DOS, Windows XP/2007/8, Windows 2003 server and Windows 2008 server: Firewalls: Check Point R65/R70/R75/R77.20, ISA 2004/2006, Palo Alto, Fortigate.

SIEM TOOL Splunk (Configured with Palo Alto APP).: Performance Tool: Nagios XI (Using NSClient++ or NCPA Agent).

PROFESSIONAL EXPERIENCE

Confidential, Houston, TX

Network Security / Firewall Engineer

Responsibilities:

• Managed Firewalls with FortiGate, Checkpoint and Palo Alto reviewed information security requirements assessed security risks, and defined security requirements.
• Working on FortiManager management tool to manage all FortiGate firewalls and network from central location. Adding and removing FortiGate firewall policies based on the requirements.
• Install, upgrade and configure Next-Gen Palo Alto Firewall series PA 200,800,2k/3k/5k,M-500,M-600, VM series
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Implemented many number of security policy rules and NAT policy rules on Palo Alto, created Zones
• Implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN.
• Firewall policy provisioning on Fortinet, FortiGate appliances using FortiManager.
• Adding resource records in domains covering A records, CNAMES, and alias of DNS names and URLs.
• Followed HPSM and ServiceNow based Service Delivery and management processes
• Troubleshoot complex connectivity and performance issues and provide root cause analysis (RCA) and remediation.
• Creating the RFC for the requests and implementing them once approved by the change approval board.
• Implemented Palo Alto Network firewalls using URL-filtering, antivirus, anti-spyware, fire-blocking and all other security profile features
• Fortigate /Palo Alto Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Implemented category-based web filtering to block blacklisted URLs.
• Create necessary configurations to match the exact data flows that were present prior to the migration.
• Follow-up approved processes for any production changes.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
• Join troubleshooting calls to provide visibility to the traffic or data flow.
• Hands on experience in configuring and supporting site-to-site and remote access server, IPSec, VPN solutions using VPN client.
• Used SIEM tools to troubleshoot, monitor traffic and provide support to SOC
• Troubleshooting of protocol based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow.
• Optimizing Firewall Policy, grouping objects, verify NAT and clean-up of unused firewallrules.
• Worked on, groups, and updating access-lists and responsible on Checkpoint Firewall, apply static, hide NAT using smart dashboard

Confidential

Network Security / Firewall Engineer.

Responsibilities:

• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and Application inspection.
• Configuration, deployment and Administration of Checkpoint, Palo Alto Firewalls to manage large scale firewall deployments.
• Configuring rules and maintaining Checkpoint, Palo Alto & Analysis of firewall logs using various tools.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Adding and removing checkpoint firewall policies based on the requirements.
• Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
• Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor). Analyze Logs and make necessary network reports using Smart Reporter console application.
• Using Algosec for the audit of the rules on the firewall and Enhance existing change management system with intelligent network and security automation.
• DNS net names and IP management using Men and Mice.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
• Join troubleshooting calls to provide visibility to the traffic or data flow.
• Worked with the DCM security team to review list of IP addresses in-scope for particular migration and record findings
• Create necessary configurations to match the exact data flows that was present prior to the migration
• Follow-up approved processes for any production changes.
• Attend project meetings to understand work that needs to completed for a given week or sprint.
• Backup Restore and Upgrade of Checkpoint Firewall appliance. Monitored Checkpoint VPN tunnel activities with Smart View Monitor and troubleshoot VPN issues with CLI. Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce Checkpoint Firewall policy lookup.

Confidential, NJ

Network Security / Firewall Engineer.

Responsibilities:

• Experience in Designing, configuring and troubleshooting, security policies, Modular Policy Framework, Routing instances, Zone Based firewalls and implementing different failover mechanisms on Palo Alto & Checkpoint R77 firewalls.
• Expertise configuring and monitoring Checkpoint firewalls through Smart Dashboard and Smart View Tracker Applications.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Palo Alto firewall troubleshooting and configuring policy based on change request, allowing/denying communication between different segments of the network based on requested ports.
• Algosec: Log collection, Firewall online/ offline Audits; determining risky rules and implement to mitigate/ minimize the risk; Firewall rule search for the refreshing servers using AlgoSec firewall analyzing tool.
• Navigated through Algosec and Palo Alto, Checkpoint to find risky ports and unused firewall rules to help with firewall audit.
• Implemented and maintained AlgoSec Firewall Management. Worked on Algosec for firewall rule analysis and firewall rules cleanup.
• Giving Connection ID for the rules on the Palo Alto and Checkpoint based on the policy and Third party that belongs to.
• Generating the FireFlow tickets for the rules for which Connection ID already provided and RISK Rating the rules.
• Assisting with investigative discovery of firewall rules of 500 connectors and documentation of connectors and incorporating them into a larger framework for future automation
• Maintaining Users and Groups as well as Creation of new Users and Policies. Deployed and manage security controls such as DLP, IPS/HIPS, web content filtering.
• Analyzed the flow of packets for LAN and Wi-Fi interface on the computer using Wireshark. Analyzed DHCP, DNS, and ICMPv6 and TCP protocol packets.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Hands on experience in creating the policies (vulnerability, anti-virus, wildfire etc)
• Troubleshooting of protocol based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow.
• Implemented zone based firewalling and security rules on the Palo Alto Firewall.

Confidential

Network & Firewall Administrator

Responsibilities:

• Working with engineering team to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Experience with Firewall Administration, Rule Analysis, Rule Modification.
• Implementing and troubleshooting Firewall rules in Palo Alto Pa-5000 series using Panorama, Checkpoint VSX, R75.40, R76 and R77.20 as per Business Requirements.
• Configuration of firewall (Palo Alto) access policies, security policies, Global protect VPN, Application & URL filtering, Data filtering and file blocking.
• Remediation for Palo Alto devices on Rule and URL Filtering.
• Conducted scheduled reviews regularly in the organization (Firewall-rule sets, VPN).
• Upgrading the PAN-OS to fix the bugs and any other monitoring issues.
• Done documentation for Rule Justification for Palo Alto Firewall.
• Installed and categorized URL filtering categories according to the environment requirements.
• Installed and configured Nagios XI performance tool in the servers for getting live performance of the servers (like CPU, Memory and Disk Usages).
• Collaborated Palo Alto App with Splunk for advanced security and analysis.
• Updating the daily URL Filtering reports for analysis from Splunk Palo Alto APP.
• Implementing and troubleshooting firewall rules in Checkpoint R75.40and R77 Gaia as per the business requirements.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• Reviewing & creating the FW rules and monitoring the logs as per the security standards in Checkpoint Firewalls.
• Execute the Incident Management process tasks in adherence with global and local requirements
• Configuring and troubleshooting Palo Alto and Checkpoint Firewalls.
• Assist with various duties that will arise including: implementation, configuration, management.

Confidential

Network Security Engineer

Responsibilities:

• Maintaining Checkpoint security policies including NAT, VPN and Secure Remote access, Configuring IPSEC VPN (Site-Site to Remote Access).
• Maintained Corporate Firewalls & Analysis of firewall logs using various tools.
• Implementation and troubleshooting of ASA firewall
• Adding security policies and security rules on checkpoint and ASA firewall.
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs using various tools.
• Taking backup of checkpoint configuration, security policies, logs with policy package management, database revision controls, upgrade export and import, snapshot procedure on regular basis.
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Centre and provided L3 support for routers/switches/firewalls
• Responsible for designing and implementation of customer’s network and Security infrastructure.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Black listing and White listing of web URL on Bluecoat Proxy servers.
• Configuring routers, switches, WLC, Access Points, Bluecoat Proxy Server, Cisco ASAs, etc.
• Configured Routing protocols such as RIP, OSPF, EIGRP, MPLS static routing and policy base routing.
• Log analysis using Checkpoint Smart view tracker and SPLUNK.
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs
• Involved in Troubleshooting of DHCP and other IP conflict problems.
• Performed Switching Technology Administration including VLANs, inter-VLAN Routing, Trunking, STP, RSTP and Port Aggregation & Link Negotiation.

Confidential

Network Engineer

Responsibilities:

• Worked on network-based IT systems such as racking, stacking, and cabling.
• IOS upgrading of 1900, 2900, 3500 series Cisco Catalyst switches and 2500, 2600, 3600 series Cisco routers using TFTP.
• Served as a main escalation point of contact for level I team.
• Coordinated with higher-level support and external vendors for resolution.
• Maintained all servers & network equipment with current stable firmware, IOS images & access control lists.
• Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF,BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy.
• Monitoring customer network (Internet, VoIP, L2vpn, L3vpn, IBGP and EBGP).
• Giving support and configuring Cisco Routers such as 800, 2801, 2850, 2950
• Maintained and configured all Extended Access Lists securing VLAN 802.1q trunks to W2003/8 servers, STP, OSPF, Port-Channels, Classes, Group, Objects, Load-Balancing, ACS, Wireless setup for corporate office and stores.
• Implemented strategies for operating systems, virus protection, mail systems and Internet services.
• Performed scheduled Virus Checks & Updates on all Servers & Desktops.