SUMMARY

• Experience on Network Security Profession, implementing and administering network security solutions. Skilled in supporting and troubleshooting operational issues related to network security Infrastructure.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco PIX, Bluecoat Proxy SG, Check Point Provider - 1, VSX, Nokia VPN and F5 Load Balancers.
• Firewall management and troubleshooting on Firewalls (Checkpoint, ASA, PIX, FWSM and Palo Alto).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Experience in migration with both Palo Alto/Checkpoint/Cisco ASA VPN.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewall Smart Domain Manager command line & GUI, Cisco ASA.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R77 version.
• Experience in Checkpoint IP Appliances R65, R70, R75, R77 Gaia & Cisco ASA 5520, 5540 Firewalls.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Configuring and troubleshooting the Site to Site IPsec VPN tunnels using Cisco ASA firewalls and checkpoint.
• Experience with F5 load balancer, administration, management and upgrades to support 24x7 operations.
• Provided Focused Technical support for Advanced Services customers on JuniperNetworks routing products.
• Worked on Juniperdevices like M, MX,T routers on advanced technologies like, MPLS VPNs, TE and other service provider technologies.
• Interacted closely with JUNOS Engineering for any fix on Software/Hardware related problems.
• Profound Knowledge on Switching: VLAN, VTP, STP, Ether Channel, Trunking, HSRP, VRRP, GLBP.
• Experience with IDS/IPS technologies and vulnerability assessments tools & monitoring: Rapid 7, Nessus.
• Experience in implementing NAC for user authentication, computer and network security.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, and Ether-channel.
• Juniper Netscreen Security Manager NSM 2008.x/2007.x Cisco IOS 12.x, ScreenOS 6.x/5/x, Cisco Call Manager 6.x, BigIP 9.x
• Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, Network architecture, and Cisco network routing (Layer 2 and Layer 3) experience, including LAN and WAN.
• Nessus daemon and Nessus vulnerability.
• IBM Qradar SIEM to analyze event data like collecting storing of product architecture.
• SIEM product Integration and Troubleshooting and policy framing
• Proficiency in setting up Cisco (1800/2600/3600/3800/7200/7600 series) routers.
• Proficiency in installing and configuring Multi-layer Switches and Layer 2 switches (2900/3500/3700/5500/6500 Series) running Cisco CatOS or Cisco IOS.
• Experience in Network administration &worked on TCP/IP, EIGRP, HDLC, PPP, & ISDN, ACL’s. Knowledge on BGP & OSPF, EIGRP
• Knowledge on DHCP, DNS, Active Directory, Group Policy objects, Patch management &Anti-Virus Server.
• Hands on experience using diagnosis tools like TCPDUMP, Wireshark for analyzing the real time statistics during the packet flow.
• Juniper Netscreen Security Manager NSM 2008.x/2007.x Cisco IOS 12.x, ScreenOS 6.x/5/x, Cisco Call Manager 6.x, BigIP 9.x
• Excellent communication and interpersonal skills, interfaces effectively with upper management, subordinates, co-workers & peers.
• McAfee web Gateway
• Squid proxy
• Websense Web gateway
• Antivirus Server using Sophos, MacAfee and other Antiviruses.
• Rack Mount Server.
• Disk Management using Raid level 5.
• Time Zone Server.

TECHNICAL SKILLS

Routing Protocol: TCP/IP, Cisco IOS, IOS-XR, LAN/WAN interconnection, VPN, IP-Sec, Frame-Relay, ISDN, RIP, OSPF, EIGRP, IS-IS, BGP, MPLS, STP, RSTP, MST, VTP, NAT, ACLs, Subnetting (classful and classless), Multicasting (PIM)

Hardware Routers: Cisco (1800/2600/3600/3800/7200/7600 series), Cisco ASR 9KsSwitches

Cisco (2900/3500/3700/5500/6500 Series, Nexus 7k)Firewalls: Cisco PIX (515,535), Cisco ASA (5510,5540), Cisco FWSM, Checkpoint Provider-1, SPLAT, VSX, NGX R65, R70, R75, R77 Gaia, Palo Alto PA-200, PA-500, PA3000, PA5000, Cisco VPN 3000 Concentrators, SPLAT, IPS/IDS

WAN Technology: Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3,MPLS

Other Networking Tools: F5 LTM (Big IP), GTM, 3 DNS, Bluecoat Proxy SG, Wireshark, Remedy, Service Now

VP: Cisco IOS Firewall feature set (IOS 12.X)

Operating Systems: Win 95/98, NT, XP, VISTA, WINDOWS7, WINDOWS8, LINUX 5.1, UNIX, Windows 2008 Server, Blade Server, Exchange Server 2010

PROFESSIONAL EXPERIENCE

Confidential

Network Security Engineer

Responsibilities:

• Works with client engineering groups to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information.
• Provide 24*7 supports for day to day global operational activities including Change Implementation, Handling Work order access Request, High Priority incident handling/troubleshooting for Security Devices (Firewalls, Proxies, IPS, SSL, VPN Devices etc.).
• Researched, designed, and replaced aging Cisco ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Vulnerability scanning using IBM Endpoint Manager & Nessus
• Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540 and Palo Alto firewalls for the client environment.
• Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static & Hide NAT's.
• Successfully replaced Checkpoint R65 Provider1 to R77.20 & Migrated more than 500 firewalls from R65 to R77.20 Gaia across the globe it includes Checkpoint Appliance, HP, Dell & Nokia firewalls.
• To address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging,PenetrationTesting, etc
• Configure LAN and SAN switches,CiscoWirelessWLAN and LWAP 1149
• Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Experience with implementing malware protection, policy control, analyzing logs and different reports using Palo Alto PA-5020.
• Palo Alto (PA 5000 series, Panorama)
• Palo Alto design and installation which includes Application and URL filtering Threat Prevention and Data Filtering.
• Maintenance of Cisco ASA 5555X using CLI & ASDM,BIG-IPLocal Traffic Manager (LTM) and MikroTik
• Identify physical ports and port density for lifecycle/tech refresh and transfer CISCO network to aJunosJuniper network
• ManagedCheckpointFirewalls using Multi Smart Domain Manager, Juniper with Network Security Manager, Cisco with Cisco ASDM, Palo Alto with Panorama.
• Adding Rules and MonitoringCheckpointFirewalltraffic through Smart Dashboard and Smart View Tracker applications.
• ImplementedCheckpointFW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
• Defining, tracking and maintaining the standard baselines and configuration sets of security devices and implementing industry best practices with regards to Firewall, IDS/IPS, IPsec VPN, SSL VPN under Cisco ASA
• Configuring and troubleshooting the Site to Site IPsec VPN tunnels using Cisco ASA firewalls and checkpoint.
• Expertise in network protocols,Firewallsand Communication Networkdesign.
• Modified internal infrastructure by adding switches to support data center and added servers to existingDMZenvironments to support new and existing application platforms.
• I managed our Bluecoat Proxy Infrastructure, by configuring rules and layers.
• I was tasked to manage Bluecoat Director and Reporter to monitor appliances and users.
• Nessus daemon and Nessus vulnerability.
• Performed configuration and monitoring of iRules on F5 LTM load balancers.
• Configuring IPSec VPN (Site-Site to Remote Access) on Cisco ASA series firewalls.
• Configuring sonic walls, HP switches
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT and Gaia operating system.
• Established IPSec VPN tunnels between branch offices and headquarter using Cisco ASA Firewall.
• Conducted invasivepenetrationtests on production and test systems on Nordstrom internal and external networks.
• Installed and administered RSA Secure ID token authentication servers.
• IBM Qradar SIEM to analyze event data like collecting storing of product architecture.
• Tested components of theNessusVulnerability Scanner within an Agile SDLC
• SIEM product Integration and Troubleshooting and policy framing
• Involved in Troubleshooting IP Addressing Issues and Updating IOS Images using TFTP.
• Interact with users from a global enterprise client and evaluate access requests.

Confidential, Morristown, NJ

Network and Security Engineer

Responsibilities:

• Working on day to day firewall management activities like looking into troubleshooting tickets and firewall rule change requests.
• Performing live troubleshooting with end user to identify issues related to firewall and provide the required access on receiving business justification for the same.
• Installation Configuration and Troubleshooting of Cisco ASA and Checkpoint Firewalls in the network.
• Assist with enterprise level configuration changes to include deployment of Nessusupgrades and patch management commitments
• Experience with convertCheckpointVPN rules over to the Cisco ASA solution. Migration with bothCheckpointand Palo Alto rules.Manages, maintains and supportCheckpointFirewalls, IPS/IDS, Endpoint Security products, PKI and network security Infrastructure.
• Performed Web Application Security /PenetrationTestingin accordance with OWASP standards using manual techniques and also automated tools
• Creating Policy under Nessus Environment and provide the maintenance and support to the device.
• Upgrade of security gateways from R65 to R70 and R71..
• Checkpoint Security gateway new deployment, upgrade and migration on SPLAT, Nokia (IP appliance) and Checkpoint appliances.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution.
• Migration with both Checkpoint and Cisco ASA VPN experience.
• Adding security policies and security rules on checkpoint, Palo Alto and Cisco ASA firewall.
• Experience indesign, implementation, migration, documentation, and decommissioning of the existing WAN and enterprise network infrastructure
• Taking backup of checkpoint configuration, security policies, logs with policy package management, database revision controls, upgrade export and import, snapshot procedure on regular basis.
• Change management (System Configuration & Rule base, Signature Updating, Fine-tuning) and change request approval for firewall administration.
• Configure CiscoUnified Communications servers and build call flow based on the decisions made in the conversation with the customer.
• Designa secureDMZ/Firewallto permit high-speed web access, VPN/DUN accessProvide remote assistance to field engineers on day of cutover to new phone system.
• Cisco ASA/CheckpointFirewalltroubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Provide remote post-cut support to customer until CDK support is able to take over customer support
• Performing firewall optimization using Firemon by removing unused rule.
• Configure Active-Standby based Failover for Cisco ASA Firewalls. (Stateful failover replication) and LAN based Failover.
• Running the bored for the podcast, Writing and scriptingshows, managing the website and social media pages
• Development of in-house automated test suite (A simulator tool used as execution Broker for feedingFIXMessages)
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Identify, troubleshoot, and resolve LAN/WAN network problems (DNS, DHCP, TCP/IP and a variety of hardware and other networking issues).
• Hands on experience in migrating Business from a physical data center environment toAWS.
• DevOps experience with Puppet, Chef,AWS(OPS Work) and Open Stack.
• Configuration and maintenance of Cisco routers and switches.
• Monitoring the network traffic with the help of IBM QRadar and Cisco IPS event viewer.
• Nessus daemon and Nessus vulnerability.
• Operational support of production security devices including firewalls and VPN appliances.

Confidential

Network Engineer

Responsibilities:

• Provides day to day support for firewall engineering and operations tasks and level 1 & 2 on-call technical support for the Firewall Engineering and Operations team; including assisting peers with issues and escalation
• Installation Configuration and Troubleshooting of Cisco ASA and Checkpoint Firewalls in the network
• Firewall Policy Implementation on Checkpoint R62 and R65 using Provider 1.
• Migrated Nokia IP 300 to Checkpoint NGX R65 SPLAT
• Site to site VPN implementation on Checkpoint Firewall R62 with 3DES encryption over IPsec.
• Installing, Monitoring and Maintaining Local Area Network.
• Implemented Windows NT domain, domain name services E-mail, Web, and FTP services.
• Installed and configured network printer installation (HP) 3500 series.
• Installing and configuring the peripherals, components and drivers.
• Resolving tickets on network and service provisioning.
• Network cabling, dressing, labeling and troubleshooting network drops onsite.
• Working on Network support and implementation related internal projects.
• Provided technical support on hardware and software related issues to remote production sites.
• Configured EIGRP for Lab Environment.
• Created VLAN and Inter-VLAN routing with Multilayer Switching.
• Configuring and troubleshooting desktops, laptops and servers.
• Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists as per Network design and IT Policies.
• Experience with setting up MPLS Layer 3 VPN cloud in data center and also working with BGP WAN towards customer.