SUMMARY

• Expertise with rich Computer Networking and Security experience. Solid understanding of Designing, Implementation, Administration, Operational and troubleshooting of enterprise data networks.
• Strong understanding and experience of Firewalls on various platforms including Palo Alto, Cisco ASA and Checkpoint.
• CCNA & CCNP Certified Professional with Sound experience in routing, switching, firewall technologies, system design, implementation, troubleshooting of complex network systems, enterprise network security, wireless design, data network design, capacity management and network growth.
• Extensive hands - on experience in Palo Alto, Juniper and Cisco network design, deployment and troubleshooting. Experienced with implementing the firewall rules on Checkpoint
• Dealing with escalating problems, technical documentation and presentation tools. Excellent experience in Network Planning, Implementing, Configuring, Troubleshooting and Testing of networking system.
• Extensive noledge and experience of TCP/IP protocol suit with practical implementation of switching protocols, routing protocols and LAN/WAN services.
• In-depth noledge of configuring and troubleshooting routing protocols namely, RIP, EIGRP, OSPF and BGP on Cisco routers.
• Experience configuring, managing & troubleshooting Palo Alto, Cisco ASA, Cisco FTD, FirePOWER Firewalls and Cisco ISE (2.1, 2.2) (NAC)
• Expertise in migration from legacy firewall to Palo Alto Next Gen Firewall. Successfully completed 9 migrations from Checkpoint, ScreenOS, ASA to Palo Alto firewalls. Also, migrated Sonicwall config to Cisco ASA config. on FTD 2100
• Experience with advanced features of Palo Alto firewall such as Custom App-ID, DNS Sinkhole, User-ID, SSL Decryption, URL Filtering
• Strong understanding of TCP/IP, OSI model, network troubleshooting
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, STP and RSTP.
• Experience in configuring Windows Servers (2008 & 2012) and configuring networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
• Experience in configuring latest VDC and vPC features on Cisco Nexus 7000 NX-OS.
• Installing configuring and troubleshooting Palo Alto Firewalls.
• Expertise in Creating Scripting for Configuration Backup, Report backup, Qradar Device Reports and for Metric Generation.
• Strong noledge under Imperva web application firewall for monitoring for In-depth analysis of attacks and SIEM tools such as Splunk, HP ArcSight for analysis and log monitoring.
• Utilize QualysGuard as primary tool to monitor tickets and vulnerabilities.
• Experience in configuring security policies and next gen features like Application and URL filtering, Threat Prevention, Data Filtering on Palo Alto Firewall.
• Advanced Knowledge in IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in migration from Cisco ASA to Palo Alto using PAN migration tool.
• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX
• Implementing & troubleshooting Cisco series routers, CAT OS series switches and Nexus 2k,5k,7k series switches
• Expert level noledge of Cisco network security (IDS, ASA 5500 Firewall), network redundancy (HSRP, GLBP and VRRP)
• Mentored Palo Alto Professional Services training and Customer Simulation Lab. Received award for successful completion of the batch.
• Strong noledge under Imperva web application firewall for monitoring for In-depth analysis of attacks and SIEM tools such as Splunk, HP ArcSight for analysis and log monitoring.
• Management and administration of Juniper and ASA Firewalls at various zones including DMZ, Extranet (Various Business Partners) and internal.
• Experienced with Proxy and Malware-mitigation (BlueCoat, Radware/ApplXcel/Alteon, FireEye), threat detection and data leakage protection (Network DLP/Vontu/Symantec, BlueCoat Security Analytics.
• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series

Firewalls: Palo AltoPA-3050, PA-5050, Cisco ASA 5500, Checkpoint

Routing Protocols: BGP, OSPF, EIGRP, VRRP, HSRP, GLBP, and RIP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP and VLAN

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS

VPN Technologies: Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, WireShark, Solar Winds, Wat’s Up IP, Nagios and Fluke Networks

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

VA: Qualysguard Vulnerability management

Security Tools: Nessus, OpenVAS, Splunk, NMAP, Kali Linux, Metasploitable2, IBM QRadar, Blue Coat, RSA Archer.

Cyber Security: Ethical Hacking, Vulnerability Management, Security Architecture & Design, Physical and Environmental Security, SIEM, Penetration Testing, IDS/IPS, SANS: 20 Security Controls, NIST Risk Management Framework, FISMA, COSO, SSAE:16, SOC 1/2/3, ISO/IEC 27001, SOX, GLBA, NIST 800:53, FedRAMP, OWASP top 10, HIPAA, PCI/DSS, MS SDL.

PROFESSIONAL EXPERIENCE

Confidential, NJ

Sr. Network Security Engineer

Responsibilities:

• Responsible for implementing firewall technologies including general configuration, optimization, security policy, rules creation and modification of mainly Palo Alto Firewalls.
• Key contributions include installation, configuration and deployment of Palo Alto Firewalls, Cisco ASAs, Cisco FTD and Cisco ISE.
• Researched, designed, and replaced aging Cisco ASA firewallarchitecture utilizing the PAN Migration tool with new next generation Palo Alto devices serving as firewalls and URL and application inspection devices.
• Successfully installed Palo AltoPA-3050, PA-5050 firewalls to secure zones of network.
• Converted Cisco ASAVPN rules over to the Palo Alto solution.
• Backup and restore of Palo Alto and Cisco ASA Firewalls policies.
• Implemented many security policy rules and NAT policy rules on Palo Alto, created Zones, implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN.
• Fortigate firewall design, configuration, and support. Support of SIEM solution monitoring 100 client firewall devices. Developed alerting, logging and reporting to be delivered to clients.
• Responsible for IBM Qradar SIEM monitoring and configuration aligned to internal PCI and SOX controls.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configured next-gen Palo Alto Firewall features viz. Application and URL filtering, Threat Prevention, Data Filtering
• Involved in implementing and troubleshooting complex layer technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Strong Active Directory and Exchange 2010 noledge. Add users to security groups, create new security groups, verify account access, and enable/disable AD accounts, provision new AD accounts. Create mailboxes and distribution lists, troubleshoot email issues.
• Creates and maintains autantication records for all flavors of Unix (Linux, AIX, Solaris) and Windows, as well as for databases using Basic and Cyber-Ark Vault autantication records. Scope includes entire Novartis global data centers and work sites usingQualysGuard. installed and configuredQualysGuardserver appliances (both physical servers and virtual cloud based servers), and ran various ad-hoc/custom/standard reports.
• Integrated Panorama with Palo Alto Firewalls, managing multiple devices simultaneously in datacentre environment.
• VPN User access management on Palo Alto Firewalls. Used LDAP for identifying user groups
• Responsible for configuration and troubleshooting of Site to Site as well as Remote Access VPN on Palo Alto Firewall using PA Global Protect gateway and portal.
• Created security profiles on Palo Alto NGFW for intrusion prevention.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto Firewalls.
• Implemented IPS, DLP and UTM features on the firewall for added security purposes.
• Configured syslog on Palo Alto Firewalls and moved the logs to Splunk and reviewed it.
• Monitor company’s networks for malicious activities and policy violations using the IBM QRadar Security Information & Event Manager (SIEM)
• Designed, Implemented and configured Web autantication, SSL Decryption and URL categorization rules using Blue Coat Proxies and SSLV appliance.
• Configured content Analysis using Bluecoat CAS appliance and Malware analysis using Blue Coat Malware analysis appliance.
• Experience in implementing and configuring F5 Big-IP LTM load balancers.
• Configured HA Active/Standby failover on F5 BIG-IP LTM and configured SSL Decryption and URL blocking on Palo Alto Firewall.

Confidential, San Ramon- CA

Network Security Engineer

Responsibilities:

• Performed System Security checking against emerging OS and subsystem technology automated tools.
• Extensive implementation of dynamic routing and switching protocols on Cisco routers and switches.
• Configured Virtual Device Context (VDC) on Cisco Nexus 7000 series switch to logically segment into 4 different virtual switches for easy administration and management.
• Deployed AWS and Azure public cloud infrastructure.
• Monitored and reported anyvulnerabilitiesto compliance created by a systems failure to manage upkeep of cyber security policies
• Custom APP-ID creation by analysing the traffic on ports and protocols and creating an app-id override rule to bypass limited traffic for threat scanning.
• Designed network architecture using MS Visio based on client requirements and implemented 3ComRouters, Procurve Switches and Checkpoint firewalls
• Participated in designing and Implementation of (LAN) VLANs, VTP, Spanning Tree (STP), Trunking (dot1q and ISL) and Ether channel on CISCO Catalyst Switches 3500, 3650, 3850 6500, 7600.
• UtilizeQualysGuardas primary tool to monitor and report Policy Compliance, based on NIST, ISO2007 and CIS Benchmarks.
• Responsible for configuring, administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
• Configured blocking of IP’s on Checkpoint which are suspicious to network.
• Created multiple policies and pushed them in to Checkpoint Firewall (Gateways) and the Checkpoint Management Server with SPLAT operating system.
• Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Assessing the vulnerabilities proactively, identifying the potential threats, discovering anomalies within data and handling threat management using QualysGuard VM tool
• Configured NAT policies viz. Static NAT, Dynamic NAT and Dynamic PAT in Cisco ASA Firewall.
• Configuration and troubleshooting of Cisco Security Manager (CSM), integrated with ASAdevices.
• Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic with ASA 5500 series Firewalls.
• Designing and implementing DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls.
• Utilized Cisco AAA to setup access control on routers and access servers.
• Configured rules and maintained Palo Alto Firewalls & analyzed of firewall logs using various tools.
• Implemented & administered of Zoning Architecture project (Implementation of various zones like Server, Intra & Internet Zone)
• Actively monitors security event logs and reports on computer viruses and malware using Fire eye
• Coordinated with network operations center for change notifications, alerts & escalation of security incidents.
• Experience in Cisco Routing, Switching and Security with strong Cisco hardware/software.
• Proficient withnetworkhardware and technologies including routers, switches, firewalls, Ethernet, Fast Ethernet, Gigabit Ethernet.
• Configured Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Configured Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches.
• Supervised installation and configuration of Cisco 3550 Layer3 Switch.
• Upgraded IOS on existing Cisco router from 11.x to 12.1.
• Implemented, configured BGP WAN routing, converting local OSPF routes to BGP.
• Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
• Configure Multicasting Protocols like IGMP and CGMP.
• Configured VLANs by segregating different departments in the organization and setup inter-VLAN routing.
• Worked on FTP, HTTP, DNS, servers in window windows server-client environment with resource allocation to desired virtual LANs of network.

Confidential

Network Engineer

Responsibilities:

• Configured user autantication rules/policies to permit or deny user traffics on role-based access.
• Monitored network using network management and support tools like Solar Winds, Netscout, Cisco Works, SNMP Management and Wireshark.
• Monitored bandwidth and network activity by analysing information provided by MRTG to ensure both efficient and TEMPeffective network operation.
• Proficient in Configuring Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q
• Performed advanced troubleshooting using Packet Tracer and TCP dump on firewalls.
• Reviewed firewall rule conflicts, unused rules and misconfigurations and clean up.
• Assisted in firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps.
• Working noledge of leveraging F5 devices for web acceleration and caching,
• Document network problems and changes working in diverse management environments.
• Assisted in setting up of LAN and Wi-Fi Access points around the organization
• Installed Windows Server (2008 & 2012) and configured networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
• Acquired skills to configure maintain and troubleshoot network services.
• Hands-on experience in configuring routing protocols viz. RIP, EIGRP and OSPF on Cisco 2700 series routers.
• Configuration & Management of VLANs, 802.1q trunks, VTP, Security policies on Cisco 3200 series switches.
• Full Command on Cisco IOS Commands and Administration of Cisco IOS 11.x and 12.1 versions
• Designed VLAN's and set up both L2 and L3 logical to have it communicate to the Enterprisenetwork.
• Utilized packet sniffing tools like Wireshark, TCP Dump and Capsa to monitor and troubleshoot access issues.
• Implemented and configured SecuRemote VPN Server for high speed remote access.
• Setting up of company’s broadband services for implementing high speed connectivity.
• Utilized Firewall log from Palo Alto Firewall to manage and troubleshoot network security issues.
• Assisted in upgradation of older 100mbps hubs to HP managed switches in the company
• Daily assessment of and preparation of report based on network functionality and handled issues.
• Encouraged network redundancy for backup of network devices in case of disaster recovery.
• Active participation in handling client issues and maintaining quality of service provided.
• Spearheaded meetings & discussions with team members regardingnetworkoptimization and performance issues.