SUMMARY

• 9+ year’s extensive experience in installation, administration and networking in various environments.
• Experience in Checkpoint firewalls, Palo Alto Firewalls, Cisco WSA/CWS, Cisco ASA, SSL VPN, Cisco Nexus, Cisco ACS, IPS, and Microsoft TMG.
• Knowledge and experience of TCP/IP architecture, TCP/IP protocol suites and dynamic routing protocols including RIP, IGRP/EIGRP, OSPF, and BGP (eBGP / iBGP )
• Thorough knowledge of Windows Vista, XP, Windows Server 2003; 2008; Windows NT; TCP/IP.
• Capabilities include an extremely broad knowledge base and familiarity wif teh latest cutting - edge technologies, including firewalls, VPN, IDS, and IPS. In-depth knowledge of TCP/IP, high availability, load balancing, and remote management complements outstanding relationship management, analysis, and problem resolution skills as well as outstanding organizational, multitasking, and team building skills at all levels.
• Knowledge in planning, design, implementing & troubleshooting complex networks & advanced technologies.
• Experienced in handling Level 1, Level 2 and Level 3 Technical Support Calls and conducted RCA.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Palo Alto Firewalls, Checkpoint Firewall R55 up to R77 version, VPN.
• Advanced knowledge in Design, Installation & configuration of Palo Alto & Checkpoint Provider Environment.
• In-depth knowledge and hands-on experience in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX SSL Security.
• Advanced knowledge in Cisco ASA5000 series and PIX installation, configuration and maintenance.
• Advanced knowledge in configuration and installation of IOS security features and IPS.
• Advanced knowledge in security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Advanced knowledge in Cisco Switches .Routers and SolarWinds Configurations.
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, &EIGRP.
• Advanced Knowledge in IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Advanced knowledge in web security devices or proxy - Cisco WSA/CWS and Bluecoat.
• Extensive Knowledge and understanding of globalsecuritypolicies.
• Demonstrate deep expertise in technical andsecurityprocess design.
• Extensive experience in Configuration and deployment of networksecuritydevices, including firewalls, Intrusion, Detection Systems, VPN, Identity Gateways.
• Process elaboration, flowchart and network topology and several documentations.
• Management of network and security environment based in ITIL, COBIT.

TECHNICAL SKILLS

Operating Systems: Windows Vista/XP/7, Linux (Red Hat)

Microsoft Servers: Windows Server 2003; Windows Server 2008

Firewalls: Palo Alto Firewall, Checkpoint, Cisco Firewall Service Module, and Cisco PIX, Cisco ASALoad Balancer F5-Big-Ip, LTM

Platforms: Microsoft Windows XP/2000/NT, Red Hat Linux, Sun Solaris UNIX, & Nokia IPSO

Virtualization: Microsoft Virtual Server 2008 R2, VMware.

PROFESSIONAL EXPERIENCE

NETWORK SECURITY ENGINEER/FIREWALL ENGINEER

Confidential, Omaha, NE

Responsibilities:

• Worked as teh onsite Network Security Resource.
• Assisted wif redesigning of teh network in HQ, establish standardization and set up teh Network Security infrastructure.
• Responsible for cleaning up teh old policy configurations and creating new security policies, URL filtering policies and role based access control for AT&T Network Based Firewall, AT&T Cloud Web Security and Palo Alto Firewalls - PA 3060.
• Configuration and troubleshooting of AT&T Network Based and Palo Alto firewalls.
• Successfully installedPaloAltoPA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
• PaloAltodesign and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
• Configuration, maintenance and troubleshooting of IPSEC tunnels onPaloAlto and AT&T Network Based Firewalls.
• Implemented Zone Based Firewalling and Security Rules on thePaloAltoFirewall.
• Knowledge of PAN-OS 7.0.0 to 8.0.2
• Responsible for network monitoring using SolarWinds.
• Knowledge of Tap mode, VWire mode and L3 mode for Palo Alto firewalls.
• Responsible for installation of new firewall in teh environment wif no or minimum impact to traffic.
• Configuration and troubleshooting of AT&T based VPN.
• Responsible for aligning teh Network Security infrastructure according to teh Network Security Audit Report.
• Defining firewall rule categories and using best practices to make it precise as per teh requirement.
• Understanding of Project deadline, high priority issue and providing support while Go live phase.
• Responsible for creating operational manuals for all teh Network Security related technologies and provide KT sessions to offshore resources on them.
• Responsible for handling Incident/Problem Tickets, Service Requests on BMC Remedy and Change request process.

NETWORK SECURITY ENGINEER/FIREWALL ENGINEER

Confidential, Mechanicsburg, PA

Responsibilities:

• Worked for IT Security Projects Team.
• Responsible for Major and Minor projects, total of 11 projects.
• Understanding of application requirements from Security/Firewall perspective.
• Worked on Cisco ASA firewalls- 5585, 5580, 5540 and Palo Alto Firewalls - PA 500, PA 5050
• Knowledge of ASA software version 8.4 and 8.2
• Knowledge of Cisco ASDM-configuration and troubleshooting.
• Configuration and troubleshooting of Cisco and Palo Alto firewalls.
• PaloAltodesign and installation which includes Application and URL filtering Threat Prevention and Data Filtering.
• Successfully installedPaloAltoPA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
• PaloAltodesign and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
• Configured and maintained IPSEC and SSL VPN's onPaloAltoFirewalls and Checkpoint
• Implemented Zone Based Firewalling and Security Rules on thePaloAltoFirewall
• Worked on Panorama M100.
• Understanding of defining firewall policies and installing them wifout causing any impact.
• Knowledge of PAN-OS 5.0.0 to 6.0.10
• Knowledge of Tap mode, VWire mode and L3 mode for Palo Alto firewalls.
• Experience wif F5 BIG-IP local traffic manager for performing load balancing across servers.
• Experience in installation of new firewalls in new environment wif no or minimum impact to traffic.
• Configuration and troubleshooting of VPN.
• Used SolarWinds for monitoring Network performance.
• Review Firewall rule conflicts and misconfiguration as well as redundant rules usingTufin.
• Review and optimize Firewall rules using Secure TrackTufintool and Firewall audit reports.
• Utilizeskyboxto review all shadowed rules to reduce all ACLs for cleanup.
• Defining firewall rule categories and using best practices to make it precise as per teh requirement.
• Understanding of Project deadline, high priority issue and providing support while Go live phase.
• Knowledge of writing Technical Document.
• Ticket management on BMC Remedy and Change request process.

Network Security Engineer

Confidential, Cincinnati, OH

Responsibilities:

• Responsible for handling security devices deployed globally (NA, APAC, EMEA regions) - Firewalls, VPN, ACS, WSA/CWS, IPS, Application Firewall, ISE, Microsoft TMG.
• 24/7/365 technical support calls- L2 and L3.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
• Exposure to wild fire feature ofPaloAlto.
• Worked extensively on firewalls and VPN gateways Checkpoint, CISCO ASA andPaloAlto.
• Adding security policies and security rules on checkpoint, Palo Alto and ASA firewall.
• Implemented Positive Enforcement Model wif teh help ofPaloAltoNetworks.
• Knowledge of PAN-OS 5.0 to 6.0
• Configuration, Troubleshooting and Maintenance of Checkpoint Firewalls (20 firewalls) - IP395 and IP560.
• Knowledge on Checkpoint- management and logging server R75, R77 Gaia OS.
• Experience on Checkpoint firewalls wif R65, R70, R75, and R76 version IPSO 6.2 OS.
• Hands-on experience on Cisco ASA Firewalls - ASA 5550.
• Troubleshooting teh VPN tunnels by analyzing teh debug logs and syslogs.
• Serve as lead on configuration and troubleshooting VPN's on all vendor firewall devices.
• Firewall Policy Optimization using third party toolTufin.
• Network change automation workflows usingTufinsoftware.
• Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
• Hands On experience in push Policy from Panorama to Firewall inPaloAlto.
• Configured and maintained IPSEC and SSL VPN's onPaloAltoFirewalls.
• Hands-on experience on Cisco WSA/CWS wif Cloud connector mode -S170, S370 and S670.
• Knowledge of ASYNC-OS 7.5.0 to 8.0.5
• Knowledge of modifying and maintaining teh Proxy Pac file.
• Knowledge of ISE version 1.2.0.
• Maintenance of Cisco ACS server - Autanticating, Authorization and Accounting for several Network Devices in teh environment. Versions 4.2 to 5.2
• Experience in teh design, installation, and configuration of LAN /WAN infrastructure.
• Managed LAN & WAN and Bluecoat proxy servers.
• Black listing and White listing of web URL on Blue Coat Proxy servers.
• Adding Websites to teh URL filtering blocklist in Bluecoat Proxies and upgrading firmware on teh bluecoat proxies.
• Detailed technical understanding, manage and support of multicast, QoS, NAT, routing protocols (EIGRP, OSPF, and BGP) in an enterprise environment.
• Worked of Radware DefenseProIPS devices-inline mode
• Configuring and Troubleshooting of Radware Application Firewall (AppWall).
• Experience on Radware ApSolute Vision management server for IPS devices monitoring, maintenance and troubleshooting purpose.
• Responsible for maintenance and troubleshooting of Microsoft TMG-threat management gateway 2010 for LYNC, OWA and Active-Sync servers.
• Responsible for Security Devices configuration backup and software updates/bug fixes.
• Knowledge of writing System Maintenance and Technical Document (SMTD).
• Ticket management on Service-Now and Change request process.

NETWORK & SECURITY ENGINEER/CONSULTANT

Confidential, TX

Responsibilities:

• Provide 24/7 technical support calls (L1, L2, L3 Support calls) for managed security services, security engineering, infrastructure, management. Manage and monitor client security devices worldwide.
• Knowledge and experience of TCP/IP architecture, TCP/IP protocol suites and dynamic routing protocols including RIP, IGRP/EIGRP, OSPF, and BGP (eBGP / iBGP )
• Hands-on experience onCheckpointFirewall R76 and Cisco ASA 5520 firewalls.
• Responsibility to provide hands on technical support for teh remote user base.
• Switching / Routing Protocols, VLANs, STP, LLDP, TACACS, SNMP, IGMP, DHCP, BGP, OSPF, RIP, PIM, VRRP, and IPv6.
• Responsible for installation, troubleshooting of firewalls (Cisco firewalls, Checkpoint firewalls and Palo Alto Firewalls) and related software, and LAN/WAN protocols.
• Troubleshooting teh VPN tunnels by analyzing teh debug logs and packet captures
• Configuring failover for redundancy purposes for teh security devices. Implemented teh stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
• Planning, designing and implementing a secure ODC Network setup for upcoming projects.
• Knowledge of implementing Bluecoat WebFilter.
• Supported Bluecoat proxies for URL filtering and content filtering.
• Use Tools such asSKYBOXfor Firewall Policy optimization and rule base Clean up.
• Used "Skybox" network assurance and optimization software to find out rule and object usage statistics for each firewall and thereby optimize firewall rules by removing shadowed or redundant rules.
• Experience wif F5 BIG-IP local traffic manager for performing load balancing across servers.
• Provide Tier II Load Balancer expertise on F5 BigIP Local Traffic Managers (LTM).
• Perform firewall migration projects between different technologies.
• Serve as lead on configuration and troubleshooting VPN's on all vendor firewall devices.
• Perform QA testing on new network security technologies and appliances.
• Configured redundant interfaces, dhcp server, dhcp relay, ntp settings, and sub interfaces on firewalls.
• Develop business processes and improvement procedures for teh Managed Device Team.
• Developed a technical training curriculum and serving as teh technical trainer/mentor for new and existing hires.
• Provide advanced training seminars for teh Managed Device team on managed security platforms.

Network Engineer

Confidential

Responsibilities:

• Managed a team of ten security analysts who provide a security event analysis roll, level-one network security engineering support, and a switchboard function for teh SOC
• Managed user accounts, groups, print queues and controlling access rights using Active Directory.
• Responsible for managing Citrix Server 4.0 and configuring Citrix clients.
• Experience wif F5 BIG-IP local traffic manager for performing load balancing across servers.
• Installed, configured, performed troubleshooting and deployed SP1 for Windows 2003 Servers.
• Performed day-to-day administration functions, backup & restoration, file server maintenance.
• Supported all remote offices and home-based users using NetMeeting, VNC and Cisco VPN.
• Implemented a new in-house printing solution dat includes Xerox multi-functional copier, printers, scanners and wide format printer.
• Responsible for management of teh of SolarWinds Orion Suite - Network Performance Monitor, Network Configuration Manager.
• Empowered teh team to be capable in providing level-one support for teh Network Security Engineering team by providing formal hands-on training and by implementing step-by-step procedures
• Ensured teh team TEMPhas quarterly/annual objectives and goals
• Ensured teh team performs quality analysis of security events via routine audits/coaching
• Provided customers accurate and insightful analysis of security events in a timely manner
• Ensured all team members providing top notch customer service via routine audits/coaching
• Ensured all work wifin team is being recorded in a work order, copiously notated, and ensuring teh requests are addressed in timely fashion.
• Provided technical support for hardware/software configurations and applications.
• Administered and supported local/LAN printers, LAN IDs in Novell.
• Administered/provided troubleshooting for Lotus Notes and MS Outlook.
• Utilized Remedy for call logging.
• Knowledge of ISE version 1.2.0.
• Created and instructed intensive internal technical/procedural training program(s) in place to continue raising teh bar for technical/procedural knowledge wifin teh team
• Ensuring sufficient coverage is in place for all three shifts 24/7.