PROFESSIONAL SUMMARY:

• Certified network and network Security Engineer with 6 years of experience in Network and Network Security domain.
• High performing and self - motivated, extensive professional experience in designing, implementing and managing a network, and also in providing network support.
• Cisco Certified Network Engineer with experience of Network engineering, designing, architecting, deploying and troubleshooting Network & Security infrastructure on routers, switches (L2/L3) and firewalls.
• Strong knowledge in configuring and troubleshooting routing protocols like RIP, OSPF, VOIP, IS-IS, SNMP, EIGRP and BGP.
• Installing and Configuring Cisco switches, 2960, 3560, 4500, 6500, 4900, 2900, 3750, Nexus 5000, Nexus 7000.
• Planning, Designing, Implementation of small, medium organizations including LAN, VLAN, WLAN and WAN on wired and wireless networks.
• Working knowledge of Firewall, LDAP, AAA, TACACS/RADIUS, and IPSEC.
• Security policy configuration including NAT, PAT, VPN, SSL-VPN, Route-maps and Access Control Lists.
• Strong practical experience in IP addressing, Sub-netting, VLSM and ARP, proxy ARP, and ping concepts.
• Expertise in troubleshooting and configuring DNS, DHCP, TFTP, TELNET, SSH, FTP and NFS.
• Excellent hands-on experience in designing and implementing IP addressing that includes both IPV4 and IPV6.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Managing our ticketing and monitoring system provided by Solar winds and PRTG.
• Strong fundamental knowledge in implementing Layer-2 level technologies including VLAN's, VTP, STP, RSTP and Trunking.
• Technical support for improvement, up-gradation & expansion of the network architecture.
• Working experience on tools and devices like Source Fire, Fire eye, Aruba, Cisco ASA, Cisco ISE.
• Good understanding and working knowledge of ITIL standards.
• Working Experience on web content filter and gateways like Blue Coat, Websense.
• Comprehensive understanding of OSI Model, TCP/IP protocol suite (IP, ARP, ICMP, TCP, UDP, SNMP, FTP, TFTP)
• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server.
• Experience in Check Point Appliances R65, R70, R75, R77 & Cisco ASA Firewalls.
• Experienced in Migration from Checkpoint and Cisco ASA Firewalls to Palo Alto.
• Have experience in Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS.

TECHNICAL SKILLS:

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series -2k,5k,7k

Firewalls: Palo Alto PA-3050, PA-5050, CISCO ASA 5500, Checkpoint

Routing Protocols: RIP v1&v2, BGP, OSPF, EIGRP, HSRP, VRRP, FTP, SMTP, SNMP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: PPP, MPLS, ATT, 802.11, 802.11ac

VPN Technologies: Remote access and site-to-site IPsec VPN, Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Wire Shark, Solar Winds, Nagios and Fluke Networks, PRTG

Networking: TCP/IP, OSI Model, Socket Programming, LAN/WAN, Switches and Routers, IPV4/IPV6 Addressing & Subnetting, Ethernet, STP, VLAN, Trunking, DNS, DHCP, NAT, ACL, HTTP, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS Web Services (REST & SOAP), Windows Servers 8 & 12

Tools: GNS3, Packet Tracer, Solar Winds, What s Up IP, VMware Workstation, Wireshark, Nagios and Fluke Networks

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

DLP: Websense, Symantec & McAfee

Cloud Environment: Amazon AWS, Azure

PROFESSIONAL EXPERIENCE:

Firewall Engineer

Confidential

Job Responsibilities:

• Designed NSG’s to control inbound and outbound access to network interfaces (NICs), VMs and subnets thereby securely exposing Virtual machines and cloud services in the VNets to the Internet using Azure External Load Balancer.
• Designed User Defined Routes with custom route tables for specific cases to force tunneling to the Internet via On-premise network and control use of virtual appliances in the customer’s Azure environment.
• Configured VPN technologies (Site-to-Site / Point-to-Site / ExpressRoute leased) to establish private connection with customer datacenters and Private link/Private endpoint/Service endpoints to Azure Datacenters.
• Assist with configuration of network infrastructure within Azure including, storage, load balancing, virtual machines, access control lists and various other cloud-based technologies.
• Used trace analysis, source code, and other sophisticated debugging tools like NetMon, Nmap, Iperf, PsTools, Wireshark, WinMTR to analyze problems and develop solutions to meet customer needs.
• Setup metrics, create rules for alerts, assign storage accounts for logging and address issues with performance monitoring services like network watcher and network insights.
• Implementing design and break fix solutions for Azure Active Directory, Virtual Networks, Virtual Machines, Azure Bastion, Web Apps, Storage Accounts and other Azure cloud services. Providing configuration management and automation solutions using Azure PowerShell and Azure CLI.
• Handle Service-Now tickets related to Cisco ASA & Zscaler, & VPN along with the connectivity issues and provide support when any issue is raised.
• Upgraded Zapp Client to latest version Via ZIA Portal
• Providing design solutions to implement software load balancing services like Traffic Manager, Azure CDN (Content delivery Network), Azure front door, Load Balancer, Application Gateways and diagnose configuration and performance related issues.

Senior Network Security Engineer

Confidential,NJ, USA.

Job Responsibilities:

• Used Cisco Security Management tool for Configuring and deploying firewall policies based on requirements of various project on ASA firewalls.
• Replacing Checkpoint VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Implemented Cisco ISE (Standalone, Distributed Setups) for delivering consistent, highly secure access control across wired and wireless multivendor networks and remote VPN connections.
• Upgraded Cisco ISE 2.0 version with ISE 2.2 code.
• Deploying Sophos Cloud and providing endpoint management
• Installed and managed Sophos firewall, VPN connectivity, Web application filtering.
• Sophos Anti-Virus Agent and Safeguard Encryption deployment and administration.
• Configured and Deployed Sophos XG135 Firewall
• Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access thru Zscaler.
• Proficient with network hardware and technologies including routers, switches, firewalls, Ethernet, Fast Ethernet and Gigabit Ethernet
• ServiceNow, Appworx, Continuous Integration, Release Management, Configuration Management, Deployment Automation, ITIL,
• Administering the Cisco ASA firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using CSM Dashboard.
• Configure, maintain and upgrade of data center infrastructure, Nexus 7k, 6k, 5k, 2k, and UCS, employing VDC, VPC, VRF, and fabric-path technologies.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Identify unused rules and scheduled change to mark it for permanent deletion at point of time.
• Cisco ASA Firewall Log review and analysis and troubleshoot connectivity issues.
• Worked on with Cisco Asa 5500-x with firepower services.
• Upgraded the code of Cisco ASA firewall to 9.6(2).
• Firewall and Security: Cisco Meraki,Csm, ASDM,Acs,Vpn,HA,Infoblox,F5 Load Balancer, Blue Coat and Zscaler.
• Manage Sophos Web appliance Model WS1100 for Advanced protection from web malware, URL Filtering, Control rogue users and enforce safe search and reporting
• Successfully created a Sophos 9 UTM server for mapbox environment, configured and monitored it.
• Designed, configure and Manage Cisco and Aruba Wireless Aps, and Wireless Controllers for WLAN.
• Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Actively used smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting, Implementing and configuring Checkpoint VSX for security gateways.
• Hands on Experience in implementing and troubleshooting CISCO firepower 9000 series.
• Implemented Cisco Firepower in the campus network of BU’s to provide the visibility into network attacks and malware, also for Whitelisting and blacklisting of the URL’s, application control and malware protection in the for-Business Unit.
• Support for Zscaler Web Security Service
• Configured IPsec tunnels with Palo Alto to enable secure transport and cloud based/site-site VPN to both Azure and AWS.
• Configure and Manage Firewalls and other Network Security devices using Sophos UTM
• Worked with Cisco, Palo Alto, Juniper, Splunk, Force point, Nessus, Stealth watch, Checkpoint, Zscaler and other vendors to provide a stable, high-speed, secure network
• Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewall.
• Experience with Cisco ASR’s, Catalyst 6500 series switches, 2800 series, and 3800 series. 2900 series and 3900 series routers.
• Done the vulnerability management and policy-compliance tools using SIEM
• Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a spine and leaf architecture.
• Planning, designing and configuration of various Cisco ISE strategies (Standalone, Distributed Setups).
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Configuration of Network and Security devices such as Cisco routers and switches (Cisco7600/3500/Nexus 7K/5K)
• Proficient in tools such as Redhat Linux, MS Office, MS Sharepoint, MS Visio and ServiceNow.
• Experienced in implementing and have knowledge in troubleshooting protocols and technologies in: BGP4, OSPF, IPv4 and Ethernet.
• Intermediate System to Intermediate System (ISIS) routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices.
• Creation of firewall rules on Checkpoint Smart Dashboard and install policies.
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500 from the CLI & ASDM.

Network Engineer/ Palo Alto Engineer

Confidential,NJ, USA.

Job Responsibilities:

• Hands on experience in troubleshooting of routing, switching and firewalls related various issues.
• Responsible for Analysing, migrating and validation of firewall configuration
• Switching tasks include VTP, ISL/ 802.1Q, IPsec and GRE Tunneling, VLAN, Ether Channel, STP RSTP, PVST+,L2TPv3
• Managing all network security devices for client. It includes Firewalls and VPN (Checkpoint and Cisco), Forward Proxies (Bluecoat and Zscaler), Reverse Proxies (NetScaler) and IPS (MacAfee NSM and Cisco).
• Experience in layer-3 Routing and layer-2 Switching. Dealt with Nexus models like 9K, 7K, 5K, 2Kseries, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco Catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Support for Zscaler Web Security Service with multi vrf branches to MPLS and tested branch circuits (T1,DS3) for errors
• Technically supported in configuring, troubleshooting and analysis of customers networks related to Cisco Identity Services Engine (ISE)
• Managed Incidents, workflow, change management, schedules/rollback thru SNAP/ServiceNow.
• Configured datacenter technologies like VPC, VDC on Nexus 7010 Core Switches
• Working on Nationwide Site WAN Transformation from Cisco 2821 Router to Cisco 4321, 4431, 4451 and ASR 1000 routers, including Visio Network Design, NEWO, Configuration changes, Routing Redistribution.
• Participated in support (down to individual tickets assigned to users) for all ISE related applications (Any Connect, AMP) and services.
• Support and troubleshooting during cutover while implementing Cisco firewall configuration from another vendor firewall (like Checkpoint, Juniper, and MacAfee sidewinder).
• Configured 5525-X firewall for the DMZ at the Data Center.
• Responsible for traffic shifting between routers and switches whenever faces the slowness or link down issues on ISP links and at the time of scheduled failover activity.
• Performing Cisco, Fortinet and Checkpoint firewall change requests using jump servers and port forwarding with a 100% success rate.
• Audit and evaluate configuration of security appliances in order to protect business critical asset.
• Analyzed and tested network protocols (Ethernet, TCP/IP) mistreatment Wireshark tool.
• Integrated Checkpoint into client's existing network to provide security for application.
• Responsible for examining and managing the Logs of traffic, threat, Data and URL filtering in Palo Alto firewalls.
• Engineered BLS Checkpoint infrastructure which consists of 500+ firewalls running different flavors of hardware and Checkpoint OS such as (R71, R75, R76 and R77).
• Adding and removing Checkpoint firewall policies based on various project requirements.
• Implemented new device of Cisco and Juniper MX - series as per policy reviewed by network architect.
• Analyzed Network design to determine what were the major problems and improvements needed to be made to the network infrastructure. Configured VPN and IPSEC/GRE tunnel on ASR 1K, ISR 4300 AND ASA 5525X Series router
• Verified and Validated the Firewall policy on Checkpoint R75 clusters for unused rule and helped consolidating rule
• I have knowledge of Cisco Meraki and Pretty much knowledge of Cisco ISE.
• Responsible for Check Point, Palo Alto and Cisco ASA firewall administration across global networks and worked on security routers like Fortinet Routers implementing IDS, IPS.
• Implemented firewall policy change on the Checkpoint clusters.
• Verified and Validated the Firewall policy on Checkpoint R75 clusters for unused rule and helped consolidating rule.
• Proficient in configuration of routing protocols like IGRP, EIGRP, OSPF multiple areas and BGP.
• Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment
• Hands on experience in Installation, Configuration and Administration of HTTP, FTP, DNS, NTP, DHCP servers under various LAN and vrf environments.
• Checkpoint log server upgrade from R7 .40 to take advantage of Smart logs.
• Deploying, installing and troubleshooting Palo Alto firewall and Panorama with integration of Cisco routers, switches, WLAN components.
• Migrations of client firewalls into Palo Alto and post migration support.
• Deployment of Firewall in TAP Mode, finding customer sizing generating SLR and custom Reports.
• Configure the profiles as per the client Requirement on the basis of User-ID, APP-ID and Content-ID.
• Implementing, Managing and Troubleshooting Network Protocols and Services.
• Configure the Decryption policy for Encrypted traffic which is passing through the Firewall to protect client network from malicious attack.
• Performing Client or Clientless AD integration with Palo Alto Firewall for User and Group mapping.
• Configure Captive Portal Profile for Non-Domain Users in the client Network to get access of Internet.
• Coordinating with Palo Alto TAC for escalated issue and performing troubleshooting with TAC Engineers.
• Integration of Panorama with Palo Alto firewall for Centralize management.
• Configure Global Protect VPN, IPsec VPN and Clientless VPN.
• Performing and conducting cyber threat analyses and reports and supporting various and dynamic security analysis
• Creating route-maps and prefix-lists to advertise the routes over the network
• Conducting analyses and developing reports for evidence of network penetrations and data theft using firewalls, active directory, Windows operating systems, intrusion detection/prevention systems, proxy servers, breach indicators, and log aggregation technology

Jr. Network Engineer

Confidential

Job Responsibilities:

• Configured workstations within the network LANs with Cisco 2500, 3800, 2800 Routers by implementing protocols RIPv2, OSPF, EIGRP and Cisco 2960, 3560 Switches.
• Installing, configuring and Windows 2003 servers of DHCP, FTP, WSUS, Web Server and SQL Database Server.
• Implementing IPsec and GRE tunnels in VPN technology.
• Installation of Cisco ASA 5500 series firewalls
• Configuring DMVPN tunnels on routers 2800,4300, 4400 and ASR
• Successfully installed Palo Alto PA 3060 Firewall to protect data center and provides L3 support for routers/switches/firewall.
• Flexible to work on Linux and Window environments and worked on scripts to run patches.
• Responsible for configuring and maintaining communications including Internet connections, VPN, Checkpoint firewalls, point to point connections, and remote access.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
• Responsible for Management and documentation of Checkpoint, Fortinet and Cisco ASA Firewalls.
• Configured the Cisco router as IP Firewall. Maintained redundancy on Cisco 2800, 3600 routers with HSRP.
• Adding and removing firewall policies on Checkpoint based on various change requirements.
• Configuration of ACLs in Cisco firewall for Internet Access requests for servers in LAN and DMZ and for special user requests as authorized by management.
• Designed and configured VLANs for major divisions of the company like the finance department and all others under one VLAN and implemented VTP trunks on switches.
• Configured and maintained the Interfaces, Zones, Virtual routers and IPsec tunnels on Palo Alto Firewalls.
• Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800.
• Configuring Site-Site VPN on Checkpoint Firewall with R77 GAIA.
• Configured Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Implemented Checkpoint Firewall Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
• Configuring and maintaining the Interfaces, Zones, Virtual routers and IPsec tunnels on Palo Alto Firewalls.
• Firewall technologies including general configurations, risk analysis, rules creation and modification.
• Creating and modifying Security and NAT policies.
• Experience with convert Palo Alto VPN rules over to the Cisco ASA solution. Migration with both Palo Alto and Cisco ASA VPN experience and Checkpoint VPN rules over to the Cisco ASA.
• Analyzed packet traffic through a network utilizing Wireshark to help diagnose issues such as application latency, security policies, and routing problems and ensured data protection by utilizing Spectrum Scale.