OBJECTIVE

• An experienced professional having around 9+ years of professional industry experience as a Firewall/Network Engineer and Seeking for excellent job opportunity to enhance my skills in the field of Network Security with extensive hands on expertise include Network security, system administration, IT Technical support including software and hardware, Networking and LTE.

SUMMARY

• Senior Network Security Engineer having 8 years’ experience in Networking and Security, widely in Network Security Products and Firewalls.
• Having hands on good experience on Checkpoint Firewall along with CISCO ASA and Palo Alto
• Hands on experience for Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Good understanding and experience in migration from CISCO ASA to Next Gen Palo Alto Firewall
• Experience converting Palo Alto VPN rules over to the CISCO ASA solution. Migration with both Checkpoint and CISCO ASA VPN experience.
• Understanding of TCP/IP and OSI Model. Understanding of Router, Switches, inter - networking and intra-networking configuration plus routing protocols like RIP, OSPF, EIGRP, and BGP. Knowledge of NAT/PAT, DNS, PPP, DHCP, WAN, LAN, TCP/IP, OSI Model, STP, Subnetting, MPLS, Telnet & SSH
• Expert knowledge in Threat prevention (Anti - Spyware, Antivirus, Vulnerability protection), Data filtering, URL filtering, Palo Alto's APP-ID to enable application-based traffic inspection.
• Working Knowledge of Active Directory, Windows Server 2016, MS Outlook, MS Office
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether Channel, STP, RSTP and MST, Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Administration of Palo Alto Firewall such as 2k, 3k, 5k and implement security profiles on security policies
• Working Knowledge of Firewall interfaces, Zones, Vlans, IPsec Tunnels, QoS, Global Protect, Site to Site VPN, RADIUS, TACACS+, Syslog, LDAP, High Availability, UserID, AppID and Content ID
• Expertise in writing the playbooks using the YAML scripting which manages the configurations also have experience in setting up master minion architecture in Kubernetes to maintain the containers with the help of using YAML files, also deployed Docker containers through Kubernetes to manage the Microservices using its nodes, ConfigMaps, selector, Services, Pods.
• Security compliance manager with working knowledge of industry regulations such as GDPR, PCI, SOX, and FISMA.
• Knowledge of IMS Protocols SIP, H.323, RTP, PDP, RTCP and VOIP Audio and Video Calls
• Design, Configuration of Network using GNS3 and Packet tracer
• Analysing and Troubleshooting Network issues using Wire Shark
• Statoil Communication Security Team member, providing operation support on Firewalls, Bluecoat Proxy, F5 Load Balancers, Cisco ACS, Algosec, Open gear, RSA & IDS technologies.
• Hands-on experience in design, configuring, supporting and administrating Data Centers, Cisco routers, switches, Nexus switches, Load balancers (F5) and NSX firewalls
• Analyzing and Troubleshooting ForeScout CounterACT using HPS logs and Action logs
• Experience working on Cisco's Adaptive Security Device Manager (ASDM) to manage the CISCO ASA security appliances
• Having good experience on Tufin on for pushing Firewall policies and monitoring the logs.
• Responsible for supporting the Citrix NetScaler F5 platform, configuring, implementing, and troubleshooting Citrix NetScaler VIP configuration with health check, policy configurations Access Gateway, and content switching configuration solutions.
• Implemented Perl Scripting for network Analysis.
• Working Experience of Microsoft Word, Excel Spreadsheets and Power Point. Understanding of Computer software’s, operating systems installation, peripheral devices and LAN/WAN connectivity issues, understanding of installation and troubleshooting of Microsoft operating system Vista, Win 7, Win 8 & Win 10
• Hands on experience and understanding of GSM, UMTS, WCDMA, LTE protocols, call flows, network architecture, Channels & interfaces. Wireless Communication, Microwave communication and Radio Frequencies
• Understanding of LTE Interfaces S1 (User plane & Control plane), S5/S8, S6a, S7, S10, S11, S12 & SGi
• Understanding of LTE User plane and Control plane protocol stack (PHY, MAC, RLC, PDCP, RRC)
• Good knowledge of LTE protocol (L2/L3) and configurations
• Hands on experience configuring and utilizing Global Protect, Panorama & Wildfire with Palo Alto Firewalls.
• Hands on experience in Integrating Vmware NSX Palo Alto Firewalls.
• Experienced Firewall Engineer with a demonstrated history of working in the information technology and services industry. Strong information technology professional skilled in Cisco IOS, Technical Support, Secure Sockets Layer (SSL), SSL Certificates, Checkpoint Firewalls, Cisco ASA Firewalls, Palo Alto Firewalls, Fortinet Firewalls and Tipping Point Firewalls.
• Deliver niche technology projects such as DLP and forensics to catch and prevent fraud, manage overall operational aspect of DLP.
• Good Experience with AWS services like Cloud Formation, Cloud Watch, Code Build, Code Commit, Code Deploy, Code Pipeline, EC2, EC2 Container Service, EBS, Elastic Beanstalk, IAM, Security Groups, Route 53, S3, Cloud Front, SNS, VPCs, Dynamo DB, Lambda.
• Experience with next-generation firewalls like Checkpoint firewalls, Cisco ASA, Fortinet firewalls, Palo Alto Firewalls, Cisco WSA/CWS, VPN, Cisco ACS, Cisco ISE, IPS.
• Good experience with Source code management collaboration tools GIT, SVN, Github, Bit bucket, Gitlab, AWS-Code commit.
• Experience with Checkpoint firewall deployment and operations.
• Experience with Checkpoint VSX, including virtual systems, routers and switches.
• Set up AWS Security Groups which behave as Virtual firewalls controlling the traffic by allowing it to reach one or more AWS EC2 instances.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Experience with Bluecoat Proxy and VPN Technologies including B2B and Remote.
• Experience in configuring protocols like TCP/IP, Routing Protocols (RIP, OSPF, BGP, IGRP and EIGRP), PPP, PPTP and L2TP.
• Extensive experience in layer-3 Routing and layer-2 Switching. Dealt with Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series, Cisco catalyst 6500, 4500, 3750, 3500 and 2900 series switches.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Checkpoint R65, R70 & R77, Palo Alto and Cisco ASA.
• Involved in Configuration of Access lists (ACL) on checkpoint firewalls for the proper network routing in B2B network connectivity.
• Configured Cisco Switches 2900 and firewall (checkpoint) Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Good understanding of information security practices. Adding and removing checkpoint firewall policies based on the requirements.
• Experience in installing and configuring DNS, DHCP server and Windows 8 and Windows 12 servers

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series -2k,5k,7k

Firewalls: Palo Alto PA-3050, PA-5050, CISCO ASA 5500, Checkpoint, Fortinet.

Routing Protocols: RIP v1&v2, BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, FTP, SMTP, SNMP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS.

VPN Technologies: Remote access and site-to-site IPsec VPN, IPv6 transition techniques viz. Manualtunneling, GRE tunnelling, 6to4 tunnelling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, Wire Shark, Solar Winds, What’s Up IP, Nagios and Fluke Networks

Networking: TCP/IP, OSI Model, Socket Programming, LAN/WAN, Switches and Routers, IPV4/IPV6 Addressing & Subnetting, Ethernet, STP, VLAN, Trunking, DNS, DHCP, NAT, ACL, HTTP, ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS Web Services (REST & SOAP), Windows Servers 8 & 12

Tools: GNS3, Packet Tracer, Solar Winds, What’s Up IP, VMware Workstation, Wireshark, Nagios and Fluke Networks

Languages: Python

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux, window 10

DOCSIS: Cisco, RCA, Com21, GI, 3Com, Samsung, and Toshiba

PROFESSIONAL EXPERIENCE

Confidential

Network Security Specialist

Responsibilities:

• implementation and deployment of Palo Alto VM series Firewall VM 500 and VM 700 Series in Azure, FW 5220 and 7K Series (in on-premise), Licensing, Configuration of ports, rules, policies, routes to allow or deny traffic
• Connect the firewalls in Panorama (M-100) and management of all firewalls from Panorama
• Import the local rules from firewall to Panorama
• Trouble shoot out of sync issues in Panorama
• Configured Templates and Device Groups in Panorama
• Point person for the Security Incident Response Team (SIRT) for all security incidents, taking direction from the BISO as needed.
• Performs FISMA-based security risk assessments and application systems including interviews, tests and inspections; produced assessment reports and recommendations. Computer networking and network-based information assurance devices. Confideciality Intergrity and Availability(CIA)
• Implement the Global Protect VPN, IPSec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.
• Deployed forcepoint DLP to secure critical data from exfiltration on corporate network.
• Managing HA clustering hosts 8 cluster group,80 hosts and 1000 VMs in each VC and standard alone hosts in multiple data centers
• Implemented App-ID, URL filtering, threat prevention and wildfire subscription on PAN OS.
• Configured and Managed ForeScout CounterACT to identify devices with IP addresses, including network infrastructure, BYOD systems, non-traditional IoT devices (handhelds, sensors and machines) and rogue endpoints (unauthorized switches, routers and wireless access points)
• Troubleshooting using HPS logs and Action logs on ForeScout CounterACT
• Configured Pre Rules Post Rules, Pushing configuration to all Firewalls
• Configured High Availability, Security Profiles and Security Policies
• Worked on Docker and Ansible in build automation pipeline and Continuous Deployment of code using Jenkins and wrote Playbooks to automate Ansible servers using YAML scripting and Developed an Ansible role for Zabbix -agent which will be integrated into the to the CICD pipeline.
• Perform maintenance upgrades, troubleshooting steps, and documentation on all aspects of the current and future Cisco, Checkpoint, ForeScout and NetOptics based network environments.
• Configured Tunnels, Ipsec Site to Site, Global Protect, SSO, GRE Tunnels, AppId, User ID
• Configured Security Profile Like Vulnerability, Antivirus, AntiSpyWare, URL Filtering, File Blocking etc
• Configured NAT, SNAT and Destination NAT
• Assist and manage security incidences by following the company’s security incidence emergency response chart and assisting the security incidence response team (SIRT) to contain and eradicate various attacks type.
• Done upgradation of PAN OS 8.1.5 to 9.0.5
• Configured, troubleshoot, and documented Sensaphone data center humidity and temperature monitoring.
• Deployed Palo Alto firewalls using VMware NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
• Configured applications that run multi-container Docker applications by utilizing the Docker-Compose tool which uses a file configured in YAML format. Used Kubernetes to manage containerized applications using its nodes, Config-Maps, selector, Services and deployed application containers as Pods.
• Configured the Global Protect 5.1.1 for secure connectivity to the inside Network
• Configured Packet Buffer Protection, Login Banner, Secure the Management Access using the cert
• Packet analysis and troubleshooting network issues, dropped, missed packets, slow connections etc
• Configuration of syslog in Firewall and integrating with QROC
• Assisted in implementing Palo Alto Global Protect VPN replacing their legacy VPN infrastructure.
• Monitoring of In and Out traffic on firewalls, Trouble shooting of missing packets, Connectivity issues, ARP Packets and Application incomplete packets etc
• Worked with the ForeScout team in deploying and installing a NAC device CounterACT to monitor and classify the devices that connected to the network.
• Tunnelling the internet traffic of end user through Zscaler using GRE Tunnel
• Integrating of Firewalls with Cisco ACI-Fabric in one arm deployment architecture
• Configuring policies, Tunnels, Static routing in the Transit firewall in Azure Network

Confidential, walnut Creek, CA

Sr. Network Security Engineer

Responsibilities:

• Developed HLD/LLD/SOP for Network security infrastructure as Technical lead. Products like Cisco, Check point Juniper and Bluecoat Proxy, BIG IP, Palo Alto firewall. Citrix VM ESXi, WAF, MacAfee, DLP antivirus solution etc.
• Experience building Firewalls, mainframes, and UNIX based platforms at the data centre and implementing the initial policies, configuring NAT, Routing etc.
• Configure, upgrade and deploy Cisco, Arista and Juniper devices for all new DCs.
• Create site-to-site VPN tunnels using IPsec security and Cisco ASA 5510/5520/5540 and PIX 515e firewalls.
• Configured Palo Alto Firewall models PA-2k, PA-3k, PA-5k as well as a centralized management system (Panorama) to manage large-scale Firewall deployments
• Designed and deployed Multicast VPN in new datacenters over an MPLS/LDP infrastructure. The datacenters included Nexus 9K's, ASR9K's and ASR1K's.
• Installed and implemented ForeScout Network Access Control (NAC) appliance.
• Configured TACAS Services On Cisco ISE and Aruba Clearpass for device administration
• Configured Aruba Clearpass SSO for admin Access
• Support Cisco ISE and Aruba Clearpass NAC Product.
• Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.
• Developed and implemented test procedures to determine if the networks are configured in accordance with FISMA
• Successfully installed Palo Alto PA 3060 Firewalls to protect Data Centre and provided L3 support for routers/switches/Firewalls.
• Monitoring and troubleshooting Checkpoint, Cisco ASA, Fortinet, Tipping point firewalls.
• Worked with a team in firewall policy management and support on Cisco ASA 5585X, 5540, PIX and Checkpoint Firewalls 12K, 13K
• Review and optimize Firewall rules using Secure Track Tufin tool and Firewall audit reports
• Configuring Tufin secure track and network devices for monitoring network rules.
• Involved in the process of Cisco ASA to Checkpoint Firewall migration.
• Worked with AWS CloudFormation Templates, terraform along with Ansible to render templates and Murano with Orchestration templates in OpenStack Environment, also worked with Ansible YAML Automation scripts to create infrastructure and deploy application code changes autonomously.
• Manage routers and switches in Disney standard, software / hardware refresh upgrade, configuration change on network devices globally ( ASR1k, ASR9k, ISR4k,, CISCO7609, ME-3600X, C6880, C6509-E, Nexus5k, Nexus7k Nexus9K, C4900M, WS-C3850 WS-C3750, C891F)
• Configuring, making policy’s, troubleshoot and upgraded ASA, Palo Alto, NSX FIREWALL and Checkpoint Firewalls for clients.
• Responsible for monitoring and troubleshooting Checkpoint, Cisco ASA, Fortinet, Tipping point firewalls
• Migration from Cisco Firewalls to Palo Alto Firewalls platforms PA 4000 and PA 500 and PA- 200 Firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Worked on ForeScout policies for auto-remediation of non-compliant devices, classification of devices, etc.
• Worked with a team in firewall policy management and support on Cisco ASA 5585X, 5540, PIX and Checkpoint Firewalls 12K, 13K
• Created virtual systems (Firewalls) in the Palo Alto Environment.
• Having good exposure to wild fire feature of Palo Alto.
• Update Policy on the VPM via Bluecoat Director
• Handling Monitoring Alerts related to Bluecoat and troubleshooting accordingly
• Implementing IPv6 addressing scheme for routing protocols, VLan, Subnetting and mostly during up gradation of cisco ISR switches.
• Worked on vulnerabilities, threats, attacks and authentications methods. Installed a Certificate Authority (CA), configured NAT/PAT and windows Firewalls maintain and troubleshooting of Azure Front Door Network on: Nexus 3k, 7K switches & variable range of Cisco router series Arista 76xx series
• Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuration and extension of VLAN from one network segment to their segment between Different vendor switches
• Firewall policy provisioning on Fortinet Fortigate appliances using FortiManager.
• Configured Firewall logging, DMZs and related security policies and monitoring
• Implemented Perl scripts for network monitoring tasks.
• Troubleshot traffic passing managed Firewalls via logs and packet captures
• Worked on different load balancing options & features to include One Connect, Persistence's, SSL offload functions, HTTP profiles
• Developed several Python administrative scripts to automate project deployment process.
• Network problem identification and resolution using Python Scripting.
• Testing cloud level deployments in AWS (Amazon Web Services) for future cloud deployments.
• Configured and managed Nagios for monitoring over existing AWS Cloud platform. Build Nagios monitors for new services being deployed.
• Involved in the process of Cisco ASA to Checkpoint Firewall migration.
• Manage Linux staging and testing environments and automated application packaging and deployments.
• Integrate GIT into Jenkins to automate the code checkout process and trigger builds.
• Worked on Installed, configured and troubleshoot F5 Network Load Balancing BigIP’ s.
• Worked on Bluecoat Proxy SG to blacklist/Whitelist websites, URL filtering and content filtering as per requirement.
• Configured and administered Load balancers F5 Big-IP LTM and GTM Load Balancer. Experience working on F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the required applications
• Configured and secured VPN remote access for redundant users working from home
• Responsible for modem firmware upgrades across the @Home Network to meet DOCSIS Level 2 specifications.
• Cross Tool Chain, Open Embedded, Set-up of Linux Environment on TI-OMAP, panda and beagle boards.
• Set up of the Link Aggregation between the routers and servers. Debugging of flooding in the switches.
• Deployment and bring up of the servers and network switches

Confidential, New York, NY

Network Engineer

Responsibilities:

• Configure Palo Alto Networks Firewall models (PA-2k, P.A-3k, PA-5k) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Deploying, installing and troubleshooting Palo Alto firewall and Panorama
• Provided network Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) management.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Provides updates and upgrades to the Palo Alto Firewall and Panorama devices
• Monitoring multiple security technologies such as, IDS, IPS, Syslog, Firewall & Proxy
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Configured security profiles such as Antivirus, Anti-Spyware, Vulnerability Protection, Wildfire Analysis, Data Filtering, DoS Protection and File blocking
• Worked on configuration of Anti-Virus, Spyware, Wildfire, APP-ID, USER-ID, & Global Protect on Palo-Alto devices. Also enabled Security Policy, URL filtering, Threat Prevention etc.
• Onboarding devices to Aruba ClearPass Policy Manager- TACACS
• Configured routes on Palo alto firewalls 3060, 5060, 7050
• Scan packets for Threats, Vulnerabilities, Viruses, Spyware, Malicious URL’s and exploitation Software
• Worked on security tools and software’s like QRADAR
• Worked closely with Vendors, SOC, SIRT, Network operations, DB, system Engineers and Analyst (on info sec), network and infrastructure security.
• Configured Nat Polices, Security Policies, Decryption Policy, DOS Protection, Routing, AppID
• Configured Site to Site VPN Global Protect, Satellite VPNs, High Availability and UserID
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Zone based (interzone, intrazone) creation of security policies
• WAN router design, configuration with 4300 series routers,2960, ASR1K, ASR9K
• Designed and configured core infrastructure components such as Cisco Catalyst 6500's, ASR1K and ASR9K.
• Threat monitoring, Traffic monitoring, Alarms logs and Analyse traffic
• Installation of devices (Routers, Switches, IP phones, OS up gradation)
• Designing, Installation, Monitoring and Troubleshooting of LANs
• Configuration and troubleshooting of VLANs
• Worked extensively on ClearPass, Aruba wireless AOS, Airwave, networking, 802.1x, ClearPass Deployment & Integration Experience, ClearPass TACACS
• Coordinate with the ESU (enterprise services unit) to expand scope and reach of Forescout
• Enhance the current implementation of Forescout CounterAct
• Integrate Forescout with other enterprise services to include Solarwinds and McAfee EPO
• Serve as enterprise POC for Forescout and Solarwinds within the environment
• Responsible to provide VOIP support and Telepresence video conferencing
• Configuration and troubleshooting of IP phones (Cisco 7970, 9951) series
• Configuration of Routing protocols like RIP, EIGRP, OSPF and BGP
• Configuration and troubleshooting of ACL and Network address translation
• Troubleshooting L2/L3 Switching, VLANs and Trunking
• Tested and Certified Aruba Clearpass Policy Manager 6.6.7 for Bank Infrastructure. Upgraded from 6.6.2 to 6.6.7.
• Configured extension on Clearpass to enable Multi factor authentication. Integrated Safe pass application to clearpass
• Design and development of wired and wireless LAN for customer
• Configuring and troubleshooting broadband equipment
• Configuration of Cisco routers series 3800, 3900, Cisco catalyst switches 3560, 3550, 2950, 2960. Access points (Cisco Aironet 1200, TpLink, D-link, Netgear).