- Over 7+ years of experience in Network Security Products and Firewalls (Checkpoint, Palo Alto, ASA), routing, switching, systems design, and administration and troubleshooting.
- Experience in Supporting and troubleshooting Checkpoint (R77 Gaia, R75, R70, R65, Provider - 1, SPLAT, IPSO, Smart Center Server and VSX), Palo Alto (PA-5000 series and below, Panorama) and Cisco firewall (ASA 5540, 5520,5505,5510, PIX 535, CSM and ASDM) technologies.
- Experience in networking and cyber-security design, system analysis, implementation and maintenance in accordance with current strategies of technology standards and best security practices to mitigate underlying risks and vulnerabilities.
- Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4, MPLS/ IPSEC/SSl/VPN
- Professional experience with Symantec, BlueCoat, Cisco ASA, ArcSight, QRadar, Qualys, Splunk, Tufin, UNIX Admin, and other leading security industry tools.
- Experience with McAfee AntiVirus (AV), McAFee Intrusion Detection Systems (IDS), Palo Alto & Cisco Firewalls, Active Directory, Blue Coat Web Proxies, Vulnerability Assessment tools, as well as other common enterprise security tools
- Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
- Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
- Demonstrable knowledge on installation and maintenance of Bluecoat Proxy Servers.
- Strong hands on experience in installing, configuring and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
- Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches.
- Experience in configuring Client-to-Site VPN using IPSEC VPN on Checkpoint firewalls.
- In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM, Summarization and ARP, reverse & proxy ARP and Ping Concepts.
- Strong work experience with the following technologies MPLS, QoS, L2VPN, Multicast, and IPv6.
- Experience in implementation, support and trouble shooting of VLAN's including operational knowledge of spanning tree protocol (STP), VLAN Trunking, inter VLAN routing and ISL/802.1q.
- Highly enthusiastic, creative team player with good interpersonal and communication skills.
Operating Systems: Windows (XP- 8.1), Windows Server (2008, 2012), Linux/Unix familiarity (CLI skills)Firewalls: Palo Alto PA-200, PA-5000, 3000, 2000, Check Point NGX R65, R75.20, R75.45 (Gaia), R76, R77, Cisco PIX 515E,Cisco PIX 535 Firewall, Cisco ASA, Cisco FWSM, Nokia IP690, Nokia IP530, Checkpoint provider 1, Checkpoint Firewall 1, SPLAT
Routers/Switches: Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches, Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, Nexus 2k, 3k, 5k and 7k.
Protocols: OSI,TCP/IP,DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, L2F, L2TP, PPP, Frame Relay, ATM, Fast/Gig Ethernet, HSRP, ISDN, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL), VRRP, HSRP, DNS, SNMP,IOS
Network Security Analyst
Confidential, Moorestown, NJ
- Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
- Supporting and troubleshooting Checkpoint (R77 Gaia, R75, R70, R65).
- Adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
- Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
- Replaced aging Checkpoint firewall architecture with next generation Palo Alto appliances serving as firewalls and URL and application inspection.
- Monitor and review requests for change to assure they do not introduce any security and/or compliance risks to the enterprise and meet security requirements, guidelines and compliance requirements.
- Support the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
- Security monitoring process with the help of Log management tools (i.e. Splunk) and Security Information Event Management (SIEM) tools.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Part of Tier-1 team, work on network Security Incidents.
- Troubleshoot the issues on Arc Sight. Ex Malware cases, false positive cases for Confidential .
- Provide Tier-1 incident response analysis and support.
- Significant experience using correlation tools for authentication such as ArcSight or Splunk.
- Provide SSL VPN connections for the user’s phone and tablet for offsite work.
- Experience with incidents and threat detections for phones and create a tickets for the same issues.
- Escalate issues to Tier-2 (SOC - Security Operation Center team) and follow up as required.
- Used McAfee software for protecting data, database security, emails and web security, End Point protection, network security, and also security management and event management (SIEM).
- Identify and document the integration requirements for the QRadar SEIM solution with various security products.
- Implement customized configurations and rules in QRadar environment.
- Maintain network availability and enhances DMZ networking environments by administering F5 and Cisco based security architectures, and application-based security load balancing technologies.
- Identify and remediate any threats and/or vulnerabilities on the VPN system.
- Document incident results and report details through ticketing system.
- Assist with the review of Arc Sight events to determine any true intrusions.
- Experience in RSA SecurID.
- Experience in troubleshooting Juniper SSl VPN and hands on experience with Juniper SRX Routers
Confidential, San Antonio, TX
- Part of IT Security Operations Team, responsible for Deployment, Administration, Monitoring, Management, Maintenance and Support of various Network Security Solutions such as Firewalls, VPNs and Proxy, RSA Envision on day-to-day basis.
- Extensive experience on the configuration and management of Checkpoint Firewall, VPN, Websense Proxy and RSA Envision.
- Performed support operations on day-to-day basis Monitoring and Management of Network Security infrastructure (Firewalls, VPNs and Proxy)
- Managed LAN & WAN and Bluecoat proxy servers.
- Created Firewall Rules/ Policy Configuration, Creation of DMZs, Creation of Site-to-Site VPN Tunnels, RSA
- Involved in Troubleshooting network security related incidents, problems, recommended remediation actions, and performing root cause analysis.
- Provide L1 and L2 and L3 support on network services: LAN, WAN, Wireless, IPSEC, Firewalls, DMZ, DNS, DHCP, NTP, Routing, IPv4 and IPv6
- Experienced in modifying firewall rule sets, studying network traffic flows to reverse-engineer the required firewall rules to lock down an application, and troubleshooting firewall problems under short time constraints involving complex network application flows between multiple hosts spanning multiple firewalls and different geographic locations.
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
- Configured Policies on Juniper Netscreen and SRX firewalls and Palo Alto as well.
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience
- Migrations included and not limited to Cisco to Cisco and Cisco to Checkpoint and Checkpoint to Checkpoint
- Designed and implemented various Routing protocols such as OSPF, EIGRP, RIP, BGP across networks in multiple locations
- Tracking the receipt, implementation, and compliance of information assurance vulnerability assessment and documenting information assurance initiatives ensure that systems, networks, and data adhere to security policies and procedures. Risk Management, Vulnerability Management, Intrusion Prevention, Incident Response with Arcsight and Spulnk.
- Experience with threat remediation and malware issues fix on phones and tablet.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
- Hands on experience and good working knowledge with Checkpoint Firewall policy provisioning.
- Worked on S2S VPNs Implementations; Providing support for Checkpoint R77 .40 with GAiA and SPLAT
- Configured Routing protocols such as RIP, OSPF, EIGRP, static routing and policy based routing.
- Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
- Configuration and troubleshooting link state protocols like OSPF in single area and multiple areas.
- Involved in the troubleshooting aspects of complex network infrastructure using the routing protocols like EIGRP, OSPF & BGP.
Network Security Engineer
Confidential, Wayne, PA
- Installation Configuration and Troubleshooting of Cisco ASA and Checkpoint Firewalls in the network.
- Day to Day work involves implementation of firewalls for new clients as well as managing and administering Cisco ASA and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners and 3rd party) and ASZ supporting different clients' environments.
- Creating VLANs and managing Spanning tree for the network and inter VLAN routing. Used Dynamic Routing Protocols including OSPF, EIGRP and BGP.
- Using BGP in the 3rd party and Internet with various attributes with good understanding of BGP configurations on the provider edge routers
- Configure and support FWSM Firewall Blade modules on Cisco 6509 Switches .
- Configure Palo Alto Firewall models as well as a CMS (Panorama) to manage large scale firewall deployments.
- Configured and maintained URL filtering on Palo Alto Firewalls.
- Administer Checkpoint firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Center based Smart Dashboard.
- Monitor the health and logs using Smart view tracker and smart monitor on the Checkpoint firewall.
- Troubleshoot firewall logs from Smart view tracker as well as Command Line of Security Gateway.
- Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT.
- Configuring different kinds of NAT on ASA Firewall including Identity, Static, and Policy.
- ASA Firewall OS Upgrades. Configuring Active Standby fail-over (state full).
- Checkpoint Firewall upgrades from R65 to R71.
- Configuring Juniper Netscreen Firewall Policies between secure zones using NSM (Network Security Manager)
- Working experience with Web Application Firewall (WAF) rules.
- Supported Bluecoat proxies for URL filtering and content filtering.
- Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT as well as Policy and Global Nat on ASA Firewalls. Maintaining High Availability of Firewalls using VRRP, Active/Passive configurations.
- Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers
- Manage and support IDS/IPS including AIP SSM Modules on Cisco ASA Firewalls, IDSM Modules on 6500 Switch, IDS 4200 Series. Firewall OS upgrades as well as Signature updates and event management.
- Identify Firewall Ports required for application using CSM as well as CLI logging feature as well as use Packet Tracer to verity Access Policy, NAT and Routing.
- Follow change management process using HP Service Manager to schedule changes.
- Firewall Policy Optimization and access list management
- Push the policies on Checkpoint using Smart Dashboard and work with users to verify connectivity and troubleshoot Firewall related issues using smart view tracker as well as CLI command line.
- Review Firewall rule conflicts and misconfiguration as well as redundant rules using Tufin.
- Create firewall audit reports and compliance metrics.
- Responsible for the designing/configuring and managing enterprise/global network infrastructure for LAN/WAN and data center environments, devices included: Cisco Nexus 5k/2k routers, Cisco ASA firewalls, Cisco Catalyst 6500, 4500 switches/routers.
- Documentation and draw network diagrams using MS Visio and use Share Point portal as site repository.
Technical Support Specialist (Networks)
- Assisted in migrating existing server and network infrastructure from HQ to a data center for optimal functionality and management.
- Designed network connectivity and network security, between various offices and data center. Installed and configured routers including 1800, 2600 along with Cisco switches including 3750 and 6500.
- Migrated to R70.1 in various Checkpoint IP series appliances from R65, R62, R60, etc., and building the new Smart Center server.
- Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement.
- Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows 2000 Server, also configured a FTP server; Installed configured & maintained MS Exchange Server.
- Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
- Designed and implemented an IP addressing scheme with subnets for different departments.
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
- Providing daily network support for national wide area network consisting of MPLS, VPN and point-to point site.
- Negotiate VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
- Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
- Regular basis Implementing Network Changes on Schedule time within Window.
- Participation in various conference call, meeting related to Project work, interaction with clients for resolving issues or for their old or new concerns.