SUMMARY:

• Over 8 years of professional experience in Network and security engineering with performing Network analysis, design and Implementation with a focus on security optimization and support of large Networks.
• Substantial knowledge in Cisco Routing, Switching and Security with Cisco hardware/software experience.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Experience in Supporting and troubleshooting Checkpoint (R77 Gaia, R75, R70, R65, Provider - 1, SPLAT, Smart Center Server, and Crossbeams) Juniper (SRX, JUNOS, ScreenOS, Netscreen SSG, NSM and Space) and Cisco firewall (ASA 5505, 5545, 5585 and ASDM) technologies.
• Extensive experience on PaloAlto firewalls like PA-500, PA-3k, Pa-5k, PA-7k series firewalls and manage them via Panorama.
• Having good experience on Tufin, Firemon and Algosec for firewall optimization purpose.
• Responsible for Check Point, Cisco ASA, Juniper and Palo Alto firewall administration across global networks.
• Used FireEye tool to run against application servers to generate reports about vulnerabilities for that server.
• Worked on the migrations from Cisco PIX to Cisco ASA firewalls, Juniper SSG to Juniper SRX firewalls.
• Configure and Monitor Cisco Sourcefire network IPS for alerts.
• Developing and presenting professional status reports on applications, compliance status and remediation plans for firewalls.
• Comprehensive expertise in the implementation of optimization, analysis, troubleshooting and documentation of LAN/WAN networking systems.
• Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
• Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps and route manipulation using Offset-list.
• Created virtual machines on VMware ESXi to host linux servers.
• Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
• Hands on experience in configuring and supporting a site-to-site and remote access Cisco IPsec, VPN client in addition to providing TACACS+, VPN solutions using ASA/PIX firewalls and RADIUS services.
• Knowledge of PCI and NIST standards, reviewed procedures and implemented them across the organization according to audit requirements.
• Experience with different Network Management Tools like Wireshark, SevOne, Statseeker.
• Knowledge of PostgreSQL databases and operations to read and update database tables.
• Experience working with Linux based operating systems and CLI utilities like tcpdump and creating/modifying scripts using VI editor.

PROFESSIONAL EXPERIENCE:

Confidential, Minneapolis MN

Sr Network Security Engineer

Key Responsibilities:

• Configuring networks to ensure their smooth and reliable operation for fulfilling business objectives and processes.
• Implementation of firewall polices and troubleshooting issues on the Checkpoint R77.30 Gaia, Checkpoint Provider-1, PA-5k series, Panorama, Cisco 5585 and 5545 firewalls.
• Administration of multi-vendor firewalls across the enterprise that consists of checkpoint, PaloAlto and Cisco ASA firewalls.
• Troubleshooting all the network related issues and app related issues by doing extensive research and packet capture techniques.
• Configuring, administering and troubleshooting cisco ASA 550 series firewalls that includes 5505, 5545 and 5585 firewalls.
• Configuring, administering and troubleshooting of PaloAlto PA 5000 series firewalls and panorama M100 management server.
• Implementation of user-ID on PaloAlto firewalls by integrating with Microsoft active directory.
• Have extensive experience on firewall rule remediation using Tufin Secure Track.
• Configuring and maintaining checkpoint security appliances 12k and implementation of security rules and NAT rules.
• Involved in a team responsible for implementation of firewall rules, troubleshooting connectivity issues and resolving incidents for over 200 firewalls.
• Built process remediate legacy firewall rules to fade-out eventually.
• Worked on remediation of highly permissive and critical rules that are risky.
• Extensively worked on Tufin securetrack to add/import more than 2000 network devices for monitoring.
• Worked on automating the firewall request process using Tufin SecureChange.
• Developed Unified security policy in Tufin securetrack to evaluate risks in the network and to enforce the security policy on new firewall rules.
• Gathered requirements and worked with Tufin professional services for integration of SecureChange with ServiceNow.
• Configure workflows in SecureChange and to automate firewall request process.

Confidential, Minneapolis, MN

Sr Network Security Engineer

Key Responsibilities:

• Configuring and Implementing Security rules as per the business needs in Checkpoint R77 Gaia, Paloalto and Cisco ASA firewalls.
• Having extensive experience on checkpoint firewalls in configuring rule base, managing global policy.
• Performed troubleshooting using Checkpoint SmartView Tracker, packet capture techniques like TCPDUMP, FW Monitor and Zdebug drop commands from CLI.
• Performed code upgrade on the checkpoint firewalls and worked with Checkpoint TAC team for hardware and software related issues.
• Audit the firewall rule base for shadowed, risky and permissive rules and remediate the findings.
• Install and configure Tufin orchestration suite and manage the Tufin tool.
• Deployed Tufin in a distributed architecture with central server and remote collectors.
• Working on firewall optimization tool Tufin to generate different reports for rules usage, object usage to find out what rules need to be modified.
• Work with business to get the scope and add the firewalls to SecureTrack to manage them.
• Management of PaloAlto firewalls from panorama as global administrator for devices located at various sites.
• Configuration of pre-rules and post-rules on panorama as per business requirement for global rules.
• Advanced management of firewalls from panorama using device groups and templates.
• Configuration and Administration of Palo Alto PA-5020 and PA-5050 Firewalls.
• Configured and implemented various features of PaloAlto including User Identification, Server Profiles, Security profiles, Custom URL category, custom reports.
• Worked on and upgraded PAN OS on firewalls from 6.0 to 7.0.6, 7.0.9, 7.0.12 and 7.1.10.
• Consolidated rules on Cisco ASA firewalls using securetrack APG.
• Solving Problems on a case-by-case basis with deep understanding of networking/firewall concepts particularly in Paloalto firewalls and Cisco ASA firewalls.
• Reviewing and resolving incoming firewall changes request and troubleshooting queues.
• Configuring networks to ensure their smooth and reliable operation for fulfilling business objectives and processes.
• Performing extensive research work on firewall rule base and log reports for every firewall that needs to be audited.
• Configured and generated PCI compliance reports on Tufin and worked towards remediating the failures.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Palo Alto design and installation which includes Application and URL filtering and Threat Prevention.
• Managed cisco IDS and IPS modules with Firepower Management Center.
• Maintain the security standards across the security devices as per the security policies.
• Perform daily operational tasks on PaloAlto firewalls requested by other teams and business users.
• Working with the IT Service Management tool ServiceNow for change, incident and problem management.
• Providing Daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.

Confidential, Austin - TX

Sr Network Security Engineer

Key Responsibilities:

• Provide 24*7 supports for day to day global operational activities including Change Implementation, Handling Work order access Request, High Priority incident handling/troubleshooting for Security Devices (Firewalls, Proxies, IPS, SSL, VPN Devices etc.)
• Worked with the different models Cisco ASA, checkpoint and Juniper ScreenOS and JunOS firewall devices on a daily basis
• Configuring Juniper Net screen and SRX Firewall Policies between secure zones using command line (CLI) and NSM (Network Security Manager)
• Troubleshooting firewall issues and Performing packet captures on SRX firewalls using trace options and using Snoop in netscreen firewall
• Configure and Monitor the alerts in symantec Web application firewalls and inform SOC to mitigate the issues.
• Experience in configuration of Juniper security appliances SRX 220, SRX 240, SRX 550, NS 50, SSG 550M, SSG 520M.
• Worked with Cisco and Juniper TAC to troubleshoot and resolve network and equipment failures
• Configure, administer and document firewall infrastructure, working with Cisco ASA 5540, 5585, Check Point R77 Gaia, R75, VSX, Provider- 1 and SPLAT.
• Prepare, review and configure firewall rule scripts for complex firewall requests and implement them.
• Responsible for PIX 6.x/7.x/8.x, ASA 7.x/8.x Firewall and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Working knowledge of OSPF, BGP and EIGRP routing protocols, NAT’ing, NAC product sub-netting, also including DNS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols
• Upgraded the data center network environment with Cisco ASA 5520.
• Configured ACL’s on Cisco Switches as well as configured routers as terminal servers.
• Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment
• Performed IP address planning, designing, installation, configuration, testing, maintenance, and troubleshooting in complete LAN, WAN development.
• Deployment and MaintenanceLAN/WAN elements and monitoring performance of LAN/WAN.
• Strong hands on experience on PIX Firewalls, ASA (5540/5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS)
• Responsible for investigating Data Loss Prevention using Symantec DLP
• Monitoring alerts in Symantec Antivirus and work with SOC team in mitigating it.
• Configured of ACL’s in Cisco 5520 ASA firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT
• Responsible for Data Center Migrations and its operations.
• Experience working in an Agile Scrum environment and with HPSM Change Control System.

Confidential, Windsor, CT

Network Security Engineer

Key Responsibilities:

• Experience with Firewall Administration, Rule Analysis and Rule Modification using Checkpoint R71, Juniper SRX, SSG and Cisco ASA firewalls.
• Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 on a daily basis, using NSM as well as CLI when needed.
• Installed and configured Palo alto Pa-2000 series box and troubleshoot for network issues.
• Worked on the migration of Juniper SSG to SRX series firewalls.
• Implemented firewall rules as per the user requirements in the SRX and SSG firewalls via CLI and NSM.
• Configuring and troubleshooting routing issues in Juniper M and MX series Routers.
• Configuring and troubleshooting any L2 level issues, VLAN and port issues in Juniper Switches
• Troubleshoot traffic passing managed firewalls via logs and TCPDUMP, fw monitor packet captures
• Created standard access lists to allow SNMP, NTP and logging servers.
• Negotiate VPN tunnels using IPsec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
• Configuring IPSEC VPN on SRX series firewalls
• Troubleshoot traffic passing managed firewalls via Splunk.
• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Analyzing the traffic which was captured using trace options, snoop, tcp dump, fw monitor and Wireshark.
• Provide best practice security consulting for multiple compliance initiatives, with a focus on highly resilient solutions. Creating technical implementation plans, project plans, and worked closely with internal and external customers to supply solutions that fulfill their needs.
• Regularly performed firewall audits around Checkpoint Firewall-1 solutions for customers.
• Designing and Implementing firewall rules and modifying existing rules in Palo Alto.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Responsible for Checkpoint and Cisco ASA firewall administration across global networks.
• Used Bluecoat Proxy SG for URL and content filtering purpose.
• Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems.
• Co-ordinated with the Data Network and Security team and came up with possible solutions.
• Work on Physical site Inventory verification, gather information of various Cisco Network devices and Security Devices to develop Run book and Spec Book.
• Provided proactive threat defense with ASA that stops attacks before they spread through the network.
• Configuration and troubleshooting of Cisco catalyst 6509, 7613 with supervisor cards.
• Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices using IKE pre-shared keys, 3DES and MD5
• Experience with implementing and maintaining network monitoring systems (Cisco works and HP Open view) and experience with developing complex network design documentation and presentations using VISIO
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM

Confidential

Network Support Engineer

Responsibilities:

• Experience in Cisco 7200, 7600 routers, Cisco 2800 3700 series switches: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, RIP, IGRP RIPv2, EIGRP, Static and default route.
• Configured the Cisco router as IP Firewall and for NATing.
• Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.
• Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Configuring routers and send it to Technical Consultants for new site activations and gives online support at the time of activation.
• Installed and configured PIX 520, 525, 535 series firewalls, configured standard and extended access-lists and policy- based filters
• Work with Help Desk for circuit troubleshooting to give Support to the Tech persons at the site.
• Responsible for implementing QoS prioritizing voice traffic over a data.
• Implemented SNMP on Cisco routes to allow for network management.
• Troubleshoot TCP/IP problems, troubleshoot connectivity issues.

Confidential

Network Engineer

Responsibilities:

• Performed IOS upgrades on Catalyst 1900, 2900, 3500 series switches and 2500, 2600, 3600 series routers.
• Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
• Implemented and configured routing protocols like EIGRP, OSPF and BGP.
• Connected switches using trunk links and Ether Channel
• Used Network Monitoring tool to manage, monitor and troubleshoot the network.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Implemented redundant Load balancing technique with Internet applications for switches and routers.
• Support Network Technicians as they require training & support for problem resolution including performing diagnostics, & configuring network devices