- Hands on experience providing network support to a range of Security Products especially Firewalls and Security Gateways as well as IDS/IPS, Routers and Switches.
- Experience wif implementation of Enterprise Scale Firewalls architecture in distributed environment i.e., configuring & troubleshooting - Checkpoint, Cisco ASA, Juniper Firewalls.
- Security product configuration, vulnerability assessment, development and implementation of Security Policies based on the segment of the network.
- Experience wif Check Point Provider 1/MDS environment wif multiple CMA’s.
- Experience wif firewall Virtualization including VSX from Checkpoint, Multi context from Cisco ASA.
- Planning, Designing & Implementing VPN solutions using Checkpoint and Cisco ASA
- Working wif Bluecoat as forward proxy for web traffic outbound from corporate to internet.
- Working wif load balancers from F5 Networks - Big IP LTM and GTM.
- Hands-on experience in routing wif multiple VRF’s especially using dynamic routing protocols such as EIGRP, OSPF and BGP as well as route redistribution.
- Advance experience in STP, RSTP, VRRP, HSRP, SMTP, SNMP, VLANs, VTP and port mirroring (SPAN).
- LAN experience includes design, installation, configuration, and management of Cisco catalyst switches in a multilayer switching environment and Cisco Routers.
- Thorough understanding of TCP/IP based network and network security models and architecture.
- Experience wif Tufin and Algosec for firewall policy clean up and remediation.
- Installing & configuring firewalls/Security Gateways including Checkpoint R80.XX, Juniper SRX Firewalls, Cisco ASA and FWSM.
- Running Firewall Compliance Report against client Audit Requirements including SOX, ISO 27001, and PCI.
- Perform upgrades and maintenance to Security gateways and Smart Centers.
- Experience working wif R71 through R77.30 Gaia on both Management and Gateways.
- Handled firewall change requests through various policies in a distributed environment wif several hundreds of gateways.
- Build and support Site to Site VPN tunnels between clients running various firewalls connecting to data center.
- Experience working wif Cluster XL for HA and Secure XL/ Core XL for performance tuning.
- Backup and Recovery of firewall Configurations and OS. Backup, Snapshot, Migrate export etc.
- Planning, Designing & Implementing IPSEC VPN connections using Checkpoint, ASA, and Cisco Routers using site-to-site VPN’s.
Confidential, Goleta, CA
Sr. Cloud Network Engineer
- On-hands experience configuring network infrastructure including Juniper Routers (MX480, MX240, MX5-T), Juniper Firewalls (SRX4100, SRX3400, SRX3600, SRX1400, SRX650), Cisco ASA Firewalls (ASA 5585X, 5580, 5550), Core Switches (Nexus 7K, Nexus 5K), Load Balancers (Citrix NetScaler 17550, 11500) and Cisco Proxies (S390, S370, S190).
- Installation of new Security Gateways from Ground and build HA using ClusterXL.
- Deploying Checkpoint Security gateways in the DMZ and perimeter and performing upgrades of Checkpoint to R80.XX.
- Experience working wif Data Center migration from Physical to Azure Cloud. Hybrid Connectivity using Cloud VPN, Cloud Interconnect and Cloud Peering to on premise and client networks.
- Experience in integrating apps wif Azure virtual network (Vnet Integration).
- Good understanding of Azure concepts like UDR, Vnet peering, Storage accounts, App gateways and traffic managers, Service TEMPprincipals, availability sets and availability zones, Auto-scaling, Resource tags.
- Experience in upgrade of Network devices like Juniper edge routers from 13.3R6.7 version 15.1R6.7 version, Juniper SRXs from 11.4R5.5 to 12.3X and Proxy software upgrades from 8.0.6-119 to 9.1.2-022.
- Plan and Execute Firewall Migrations and go through high impact change windows for approval.
- Handled Firewall requests by other teams to open certain ports for the applications and added required Firewall policies between different zones in Juniper SRX Firewalls.
- Experience using Juniper JUNOS Space Security director for configuring Firewall and NAT policies.
- Configured Decryption policies, Custom URL Categories, Access policies for web traffic through Cisco Proxies.
- Experience working wif Citrix Netscalers, which include tasks like Binding vservers, GSLB servers, HTTP redirect and cleanup of configurations in various mode like Zebos.
- Worked on establishing BGP connectivity between various datacenters in multiple locations.
- Troubleshooting VPN connectivity IPSEC and Remote Access VPN.
- Worked on proxies for forwarding web traffic destined to internet. Worked on creating URL Filtering categories, Decryption policies and routing policies for the web traffic.
- Firewall Rule base optimization and cleanup based on various business and operational criteria.
- Performed network routine changes which involve Configuring Interfaces, creating VLANs, trunking and subinterfaces as well as VRF on Nexus 7K switches. Configure LACP Port Channel, Virtual Port Channel(vPC) on NX-OS 6.2.
- Worked as an On-call engineer to address issues related to firewall and networks.
- Worked on troubleshooting, isolating and resolving LAN and WAN related problems and packet capturing using Wireshark.
Confidential, Green Bay, WI
Network Security Engineer
- Perform Check Point Security Gateway Upgrades.
- Installation of New Security Gateways from Ground and build HA using ClusterXL.
- Plan and Execute Firewall Migrations and go through high impact change windows for approval
- Check Point Licensing and deploying firewalls in the DMZ and Perimeter.
- Experience working wif Smart Domain Manager in a Multi Domain Environment wif several pairs of gateways.
- Firewall Rule base optimization and clean up based on various business and operational criteria.
- Experience working wif several Advanced Blades including IPS, URL Filtering and Cloud based Threat Emulation Project on in place upgrade of firewalls.
Confidential, Oakland, CA
Information Security Analyst
- Worked on PCI process for the Pandora and its subsidiary Ticketfly.
- Responsible for Monthly and Quarterly Network Scans for all public facing IP addresses using Nessus Scanners.
- Perform risk assessments, update and review System Security Plans (SSP), Configuration and fix dictated vulnerabilities to maintain high-security standard.
- Firewall and Network Device Remediation based on the Scan reports.
- The client TEMPhas Check point and Cisco ASA firewalls in their network and I was involved in upgrading to remediate the vulnerabilities.
- Performed Check Point Upgrades from Gaia R 7 .30 wif latest hot fix.
- Installed New Checkpoint gateways at some of the branch locations where there were Router based ACL’s and migrated the policy from Cisco to Check Point.
- At the data center migrated IPsec B2B vpn’s from Cisco ASA to check point hardware
- Work wif business partners to troubleshoot any migration issues during phase1 & 2
- Worked on fixing and eliminating the vulnerabilities from the Scan Results Report.
- Involved in completion of Self-Assessment Questionnaire (SAQ)-D for Pandora and Ticketfly as well.
- Stay up to date wif current vulnerabilities, attacks and counter measures.
- Worked wif various teams to fix vulnerabilities from the scans and status to be compliant.
- Discovery of PII, PCI, Credit card and protectively marked data in the entire company using 3rd party tool called Active Navigation.
- Assessing the Corporate Cloud usage and Cloud Risk using Cloud monitoring tool called Netskope.
Network Security Engineer
- The Client TEMPhas Heavy Cisco ASA based Security platform and my role is primarily focused on supporting their Security gateways which includes Policy Provisioning, Rule base clean up and run Compliance reports and remediate.
- Handling Firewall Access Requests through ITIL Based Change management system. Scheduling changes and executing these changes during maintenance window (off-hour).
- Optimize firewall policies by grouping objects and re using existing object groups etc
- Configure Cluster XL on Checkpoint security gateway. Verify state/connection table sync between gateways.
- Executing change requests to the firewall rule base. Firewall Policy Optimization and Clean up.
- Experience working wif Bluecoat proxy configured in Explicit mode as forward proxy
- Build Site to Site VPN wif 3rd party and ensure proper NAT and Access list is in place.
- Using CLI for troubleshooting and OS Upgrades (Zero Down Time Upgrades) on ASA
- Configure stateful Failover of firewalls (Active/Active & Active/Standby) for high availability
- Managed LAN Switching environment by creating managing VLAN, STP, Trunk & Port Security
- Managed LAN Switching Environment by creating and managing VLAN’s, STP, Trunk, Port Security, Ether Channel, VLAN Security etc.
Network System Support Engineer
- Day-to-day work involves scheduling firewall policy provisioning and working wif users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
- Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
- Use Provier-1 /Multi Domain Security MDS platform wif several hundreds of gateways administered through group of CMA’s / Smart Centers.
- Use both Automatic and Manual NAT on Security Gateway and troubleshoot NAT.
- Use Tools such as TUFIN for Firewall Policy optimization and rule base Clean up.
- Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
- Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
- Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
- Configuring and troubleshooting site to site VPNs and SSL VPNs.
- Vulnerability assessment using tools such as Nessus and Qualys, and implementation of Security Policies.
- Administer Checkpoint firewall wif cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Center based Smart Dashboard.
- Monitor the health and logs using Smart view tracker and smart monitor on the Checkpoint firewall.
- Administer and Support Firewalls in the network between various security zones.
- Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Vlan implementation, Spanning Tree Implementation and support using rapid stp and mst avoid loops in the network. Trunking and port channels creation.
- Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
- Work in an enterprise network environment wif dynamic routing using OSPF and BGP for external connectivity.
- Work wif BGP routing protocol for communication wif business partners and influence routing decision based on AS Path Prepend and other attributes.
- Responsible for configuration, testing, and maintenance of LAN/WAN equipment and related services.
- Firewall Policy Provisioning and day to day support on Checkpoint and Cisco ASA Platforms.
- Implemented the use of VLANs, STP, HSRP and OSPF routing to optimize Layer 2 and Layer 3 performance.
- Configured Ether channels between core switches to enhance load balancing.
- Identify, troubleshoot, and resolve LAN/WAN network problems (ISDN, Frame Relay, DDR, DHCP, TCP/IP and a variety of hardware and other networking issues).
- Maintain and manage NATs, ACLs, routers, and various network devices configurations.
- Implementing dynamic Routing protocols such as BGP for external and EIGRP and OSPF for internal routing.
- Create and maintain comprehensive documentation for all implemented networks (Using Visio Software to update client network diagrams).
- Perform hardware and software upgrades to network devices, including Cisco 6500, 3750, and 3560 switches, as well as 7200, 3800, and 2800 series routers.
- Configuring Cisco Wireless Network, switches and hubs in a LAN/WAN environment.