PROFESSIONAL SUMMARY:

• Network Engineer with 8 years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Implementation, Configuration and Support of Checkpoint (NGX R65, R70, R71, R75 and R77), Juniper Firewalls (SRX5400, SRX5600and SRX5800), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo Alto Networks Firewall models (PA-2k, PA-3kand PA-5 k).
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
• Worked on F5 LTM/GTM, BIG-IP, load balancing, I Rules and WAN acceleration.
• Deployed Cisco ACI Network for several years in enterprise data centers.
• Collaborated & Managed with various project teams consist of 8 to 22 resources to deliver Panorama program projects and Developed group and individual timelines and assessed/identified potential bottlenecks various work streams in each project/program process.
• Experience in creating User/Group Accounts and attaching policies to User/Group Accounts using AWS IAM service.
• Provide ISE deployment services for migration of users from Cisco NAC to Cisco ISE platform for the following locations.
• Configuration and troubleshooting of CISCO & ARUBA wireless devices
• Experience in Deployed Check Point Provider-1 NGX and configured CMAs
• Worked on Cisco Catalyst Switches 6500/4500/3500 series.
• Experience in Configuring and Troubleshooting BIG-IP F5 Load Balancer LTM.
• Monitor SIEM and IDS/IPS feeds to identify possible enterprise threats. Actively investigate, respond to and remediate security incidents.
• Worked in Routing, Switching, Firewall and Gateway technologies, system design, wireless design, data network design, capacity management and network growth.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel Configuration.
• Experience with Checkpoint VSX, including virtual systems, routers and switches.
• Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
• Experience with management platforms such as Panorama, Juniper NSM and Smart Center.
• Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager (Infoblox)
• Black listing and White listing of web URL on Blue Coat Proxy Servers.
• Experienced with routing protocols (IGRP, EIGRP, OSPF, BGP), switching (VLANS, VTP Domains, STP and trunking),
• Extensive experience in Windows 2008 R2/2008/2003 Wintel Servers at single or multi-domain platforms.
• Wrote Python scripts to parse XML documents and load the data in database.
• IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.
• Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.

TECHNICAL SKILLS:

Networking: OSI, TCP/IP, Cisco IOS, IOS-XR, LAN/WAN interconnection, Frame-Relay, ISDN, OSPF, EIGRP, IS-IS, BGP, MPLS, STP, RSTP, MST, VTP, NAT, ACLs, VPN, IP-Sec

Hardware Routers: Cisco (1800/2600/3600/3800/7200/7600 series), Cisco ASR 9Ks)

Switches: Cisco (2900/3500/3700/5500/6500 Series, Nexus 7k, 9k)

Firewalls: Cisco ASA (5510,5540), Checkpoint R65, R70, R75, R77 Gaia, Juniper SSG, SRX, Palo Alto

Other Tools: Tufin Secure Track, Forescout CounterACT, F5 Big IP (LTM/GTM/ASM), DNS, Bluecoat Proxy, Solar Wind, Wireshark, BMC Remedy, Citrix NetScaler, Cisco Prime, VMware, proxies, firewalls, IDS/IPS, DLP

Network Monitor Tool: Wireshark

Routing Protocols: OSPF, EIGRP, BGP, RIP

Load Balancer: F5 Load Balancer

Operating Systems: Win 95/98, NT, XP, VISTA, LINUX, UNIX

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Sr. Network Security Engineer

Responsibilities:

• Researched, designed and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Executing RADIUS pre-deployment tasks like ISE setup, loading templates into Cisco Prime.
• Contribute to the development and overall strategy of the penetration testing program
• Manage project task to migrate from Cisco ASA firewalls to Palo Alto firewalls.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN
• Configuration and Integration of Cisco Identity Services Engine (ISE)
• Worked on VPN configuration, routing, NAT, access-list, security contexts and failover in ASA firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configured and maintained IPSEC and SSL VPN's on Palo Alto, Cisco ASA Firewalls.
• Configuring, Administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
• Configured IPSec VPN (Site-Site to Remote Access) on Cisco ASA (5200) series firewalls.
• Working with the rule base and its configuration in Cisco ASA, Palo Alto firewalls.
• Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
• Deployment of Cisco ASA firewalls and migration of end of life ASA firewalls to New ASA firewalls
• Cisco Firewalls include ASA 5585x, 5580, 5550 Series Hardware managed through CLI, ASDM as well as CSM.
• Hands-on experience on Tufin Secure Track to reduce risk while increasing compliance and efficiency.
• Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Worked on manual Penetration testing of client systems, web sites and discovered network vulnerabilities.
• Experience in creating multiple policies and pushing them into Checkpoint Firewall (Gateways) and hands-on experience in managing the Checkpoint Management Server and Gaia operating system.
• Experience working with Palo Alto firewalls managed through Panorama management platform.
• Configure High Availability on Palo Alto firewalls.
• Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPsec VPN, SSL VPN.
• Applied security enhancement by implementing s and RSA keys for authentication.
• Installed and administered RSA Secure ID token authentication servers.
• Coordinate and evaluate vendors and associated products/tools in facilitating the Penetration Testing initiatives
• Configured F5 GTM solutions, which includes Wide IP, Pool Load Balancing Methods, probers and monitors.
• Work with the Cisco Meraki Sales team and on strategic sales initiatives like customer outreach and channel to grow business in targeted regions.
• Defined AWS Security Groups which acted as virtual firewalls that controls the incoming traffic and configured the traffic allowing reaching one or more AWS EC2 instances Virtual private cloud (VPC), subnets, Internet Gateways.
• Responsible for resolving customer issues involving Routing & Switching, SD-WAN services, Router configuration, and managing field technician dispatches
• Worked on Cisco Nexus 9000 family of switches whose hardware is based on Cisco ACI
• Physically deployed new Cisco Nexus devices, Catalyst and Nexus replacement blades, Cisco ASAs.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating.
• Use of Web application firewall providing reverse proxy-based protection for applications deployed in physical, virtual / public cloud environments.
• Involved in the deployment and decommission of VLANs on core ASR 9K, Nexus 7K, 5K and its downstream devices.
• Involved in F5 LTM GTM and ASM planning, designing and implementation.
• Actively involved in F5 ASM policy configuration and deployment.
• Troubleshoot and Worked with Security issues related to Cisco ASA firewalls
• Configured EIGRP routing and BGP route maps to allow traffic from subnets out to the core to Datacenter on the ASR 1002 devices.
• Successful Data Center Migration Planning and Successfully developed Python automation scripts to perform Cisco firewall rule assessments.
• Worked and maintained various network, application monitoring tools like Solar Winds, Cisco Prime, ForeScout, Wireshark, and TCP Dump.
• Experience with Monitoring wireless networks and performing site surveys.
• Managed multiple projects resource allocation (in-house, offshore & virtual), leveling & planning for current and future Panorama Program projects using integrated project plans as well as negotiating with multiple teams, resource managers for maximizing resource talents.

Confidential, CT

Sr. Network Security Engineer

Responsibilities:

• Implementing Security Solutions using PaloAltoPA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint firewalls.
• Configured and maintained rule sets in the firewalls and updated them on the daily basis.
• Monitors the network traffic and maintain the records with the help of SPLUNK.
• Experience configuring and troubleshooting layer 3 routing protocols (EIGRP, OSPF, BGP) and High Availability on Cisco devices.
• Designed AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates.
• Configure AWS F5 ASM to protect block chain cloud applications
• Provided engineering support and technical assistance by ensuring the Cisco ISE server is correctly installed and licenses are applied.
• Vulnerability scanning using IBM Endpoint Manager & Nessus
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for state full replication of traffic between active and standby member.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Researched, designed and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Handling Modern related issue like that of RAD & Aruba.
• Configuring rules and maintaining Palo Alto Firewalls& Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone-Based Firewall and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Hands on Experience with Cisco Wireless Controllers 5500's and 2500's and coming to access points, worked on 3700's, 3500's and 1142 access points.
• Configuring and install hardware and software required to conduct network penetration testing.
• Configure Syslog server in the network for capturing and logs from firewalls.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third-party connectivity.
• Served a platform for other services that are required within the data center or cloud environment using Cisco ACI.
• Installed and configured a variety of Cisco devices like Cisco Routers (1841, 1900, 2600, 2800, 3800, ASRs and more), Cisco switches (3560, 3750, 4507 catalysts, 6500 catalyst Switch and more) and Nexus 7000 series, Nexus 5000 series, Nexus 2K Fabric Extenders and F5 appliances.
• Placed in charge of control and maintenance of the SD-WAN laboratory environments, performing version updating before user client official updating.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Configuration and Integration of Cisco Identity Services Engine (ISE).
• Consisted of ISE Deployment, Authentication with Active Directory and Microsoft Authority.
• Rapid firewall security assessments through Python automation
• Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Review daily log data gathered from various resources such as sensors, alert logs, firewall logs, content filtering logs.
• Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.
• Working on day-to-day service tickets to solve troubleshooting issues.
• Experience using Service Now ticketing tool.

Environment:: Cisco ASA 5580/5540/5520, CheckpointR70, R75, R77.20 Gaia, Palo AltoPA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring, Service Now

Confidential, Bellevue, WA

Security Engineer

Responsibilities:

• Implementing Security Solutions in Juniper SRX and Net Screen SSG firewalls by using NSM.
• Juniper Firewall Policy Management using NSM and Screen OS CLI.
• Provide VOD Method of Procedures documentation to customer for software upgrade downgrade release.
• Maintained the following Cisco platforms 7600, 7500, 7200, 7000, 3560, 2900, 2801, 2000, ASA5500, Catalyst 6500, 4500, 3560 and 2900.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Creating and Provisioning Juniper SRX firewall policies.
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Experience on ASA firewall upgrades to 9.x.
• Worked on Nexus 2k series switches
• Network hands-on installation experience of (Cisco routers, switches, ASA 5505 firewall, VPN)
• Understand the flow of traffic through the Check Point Security Gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Support Data Center Migration Project involving physical re-locations.

Confidential

Network Engineer

Responsibilities:

• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and Port channels creation.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
• Implemented VLANS between different departments and connected them using trunk by keeping one VLAN under server mode and rest falling under client modes.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.
• : Bachelors of Engineering, Electronics and Telecommunication, India
• Open for Relocation