SUMMARY

• Network Security Engineer wif 5 years of experience wif capability of planning, designing, implementation and troubleshooting wif deep understanding of routing, switching and firewall technologies in complex network systems.
• As a passionate individual in innovative and challenging environment has an ability to learn and grow at professional level theirby directing my future endeavors.
• Expertise in Configuring and Troubleshooting Palo Alto (PA - 3060/5060), Cisco ASA (5500 series) and Checkpoint (R77.30 and R77.10), Firewalls and Implementing policy change requests for new IP segments on the network.
• Profound noledge in implementing application-based policies, URL filtering, Threat prevention, and Data filtering.
• Strong noledge of Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), FireEye Inspection, DDoS attacks and Kill Chain mitigation techniques.
• Expertise in performing migration from Cisco ASA and checkpoint to Palo Alto Firewalls.
• Strong noledge in configuring and troubleshooting IPsec-VPN and SSL-VPN tunnels for the site to site connectivity.
• Hands on experience on centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in configuring and managing AAA architecture including RADIUS and TACACS+ servers through Active Directory.
• Experience deploying F5 BIG-IP LTM-6400 Load Balancers to increase capacity (concurrent users) and reliability of applications using LTM, GTM.
• Strong experience in implementation of Virtual Servers, nodes, pools and iRules on F5 Load Balancers (BIG-IP) in LTM module.
• Worked wif SIEM tools such as IBM QRadar to get real-time analysis of security alerts generated by network hardware and applications.
• Using Ansible as an automation tool for creating subnets, security groups, route tables and ACL's for VPC creation.
• Worked on configuring WILDFIRE forward settings on Palo Alto firewall to prevent Zero-Day and Malware attacks.
• Strong noledge on conducting Vulnerability Assessments using Qualys and Nessus and monitored remediation of documented vulnerabilities.
• Short and Long-term security event trend analysis performed on a regular basis using Splunk and FireEye.
• Experienced wif working on network monitoring tools such as SOLARWINDS, Splunk and Sniffing tools like Wireshark and TCP dump.
• Detailed understanding of data network concepts and operational functionality of OSI Model and TCP/IP networking.
• Strong working noledge in configuring and troubleshooting various routers and switches.
• Worked on configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP and Static on Cisco (7200, 3800), Juniper (MX10, MX40, and MX80) series routers.
• Configured and Implemented Router redundancy protocols likeHSRP, VRRP and GLBP.
• Proficiency in configuration of Layer2 and Layer3 Virtual Local Area Networks using Cisco multi-layer Switches supporting STP, RSTP, PVST, MVST along wif inter VLAN routing and VLAN Trunking 802.1q.
• Experienced in DNS, DHCP, SMTP, FTP, HTTPS, and web securityarchitecture.
• Excellent client/customer management, problem-solving and troubleshooting skills wif good communication skills.

TECHNICAL SKILLS

Firewall: Check Point (R77.30 and R77.10), Palo Alto (PA-3060/ 5060), Cisco ASA (5500 series) and Juniper (SRX550/ SRX650).

Network Security: ACL’s, MPF, IPSEC VPN, Port Security, AAA and IDS/IPS.

Protocols: EIGRP, OSPF, BGP, VPC, VTP, STP, RSTP, MST, PVST, IPV4, HSRP, DHCP, TCP/IP, UDP, 802.1q, Inter VLAN routing; Multi-Layer Switch, ICMP&ARP Ethernet Topologies.

Load Balancers: A10 Networks (AX2500), Cisco CSM & ACE 4710, F5 Networks (Big-IP), Brocade Load Balancers.

Virtual private networks: IPSec, SSL, GRE and DMVPN

Languages: Unix, Turbo C/C++, basics in Perl and shell scripting.

Router platforms: Cisco 2900, 3600, 3700, 3800, 7200, 7600 series, Juniper MX104, MX240, MX480, M320, T640, SRX series.

Switch platforms: Cisco 3500, 4500, 6500 Catalyst series, Nexus 7000, 5000, 2000 series and Juniper EX2200, EX2300, EX3300, EX3400, EX4200 series.

Programming Languages: Advance Python, JavaScript, Unix, Turbo C/C++, basics in Perl and shell scripting.

Operating Systems: Windows, Linux, Mac OS, UNIX, Cisco IOS, JUNOS, PANOS and NX-OS.

Tools: Wireshark, Simulink, GNS3, Cisco Packet tracer, Cisco Security Manager (CSM), Solar Winds, Riverbed, VMware, Boson Netsim, tcpDump, Checkpoint Smartview, WatsUp Glod, ngrep.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential | Akron, Ohio

Responsibilities:

• Configured and managed Palo Alto (PA-3060/5060) and Cisco ASA(5500 series) firewalls.
• Configured templates, device groups and created policies using APP-id, user-id on Panorama and pushed them into Palo Alto firewalls.
• Deploy, configure, and implement QRadar expansion to include: QRadar Vulnerability Manager, Incident Forensics, PCAP, Event Processor, and Flow appliances.
• Implemented Zone-Based Policies and autantication profiles on the Palo Alto Network Firewalls.
• Integrated the firewall wif active directory for user-identification and installed the user-id agent on the active directory server.
• Enforced security policies to safely enable user-id wifin trusted zones and prevent user-id traffic from egressing the network.
• Responsible for implementing the Palo Alto to mitigate DOS, DDOS, attacks using Dos Protection, Threat Prevention and Data Filtering.
• Enabled evasion signatures to detect crafted HTTP or TLS requests and alert the instance when a client connects to a domain other than domain specified in DNS query.
• Implemented Global Protect wif single and multiple gateway solutions for clientless VPN.
• Configured SSL VPNs on Palo Alto firewalls for secure site-to-site VPN connectivity.
• Deployed Active/Passive modes of High Availability (HA) wif Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode.
• Managed Palo Alto firewalls utilizing panorama and constantly ensured software upgrades and content updates are up to date on the devices.
• Performed legacy Migration from Cisco ASA 5500 to PA-5260 using PAN migration tool.
• Configuring, Monitoring and Troubleshooting Cisco ASA 5500 security appliance for IPsec VPN (Site-to-Site Tunnels), Failover DMZ zoning and configuring VLANs / routing / NATing wif the firewalls as per the design.
• Performed security policy analysis and rule modifications on Cisco ASA firewalls.
• Configured and deployed F5 Big-IP LTM for distributing inbound traffic to the servers.
• Implemented SSL termination on LTM and renewed SSL certificates and customized me rule for cookies persistency.
• Configuring App-ID and User-ID on firewalls to determine the application signatures along wif Wildfire cloud-based threat analysis for Zero-Day attacks.
• Configured AAA Server (RADIUS) for autantication and authorization of all remote VPN users.
• Perform firewall rule audit and optimization using AlgoSec.
• Configured and implemented Enhanced VPC, OTV, and Fabric path between Nexus 7k and 5k series switches for the datacentre operations.
• Experienced in configuring the Nexus2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus5000.
• Configured Authorization rules in Cisco ISE forwirelessby enforcing 802.1x Autantication to allow user access to proper Data.
• Hands-on experience wif Aruba Clear pass in providing network access security and NAC, based on user roles and device types (BYOD).
• Provided security to the wireless network infrastructure from unauthorized access and threats by implementing security features like SSID, WPA, and WPA2/802.11i.
• In-depth noledge on BGP peering and BGP attributes like AS-PATH, LOCAL PREFERENCE.
• Strong hands-on experience on sniffing tools like Wireshark, TCPDUMP and network monitoring tool SOLAR WINDS.
• Monitored and analyzed the log entries using SPLUNK to identify malicious activities on the network.
• Documented the network infrastructure using Visio diagrams and word document for peer training and review.

Environment: Cisco switches 4800, 6500 Catalyst series, Nexus 7000 series; Cisco routers 3700, 3800, 7200, 7600 series Cisco ASR 9000 Series Aggregation Services Routers and Cisco ASA 5500, Palo Alto (PA-3060/5060), F5 BIGIP LTM, Panorama M’100.

Sr. Network Engineer

Confidential | Bloomington, Minnesota

Responsibilities:

• Configured and managed Check Point firewalls versions R77.30 and R77.10.
• Configured Check Point security gateways from scratch and setup in high availability.
• Enforced application, service-based policies and cleaned up unused policies.
• Managed and monitored Check Point firewall configurations through Smart Dashboard and Smart View Tracker.
• Implemented anti-bot, anti-spam, and sand box blades to prevent malicious threats and data breach.
• Configured Active-Passive High Availability for state full failover and Zero down time maintenance on Checkpoint firewalls.
• Implemented site-to-site VPN tunnels using IPsec encryption standards on Checkpoint firewalls.
• Migrated existing IPSec VPN tunnels from Pre-Shared key to Certificate Authority (PKI).
• Assisted in configuring Security profiles such as Threat prevention, Anti-Virus, Anti-Spyware, File Blocking, etc.
• Implemented AAA Architecture and 802.1x Wireless User Autantication using Active Directory Server wif Kerberos.
• Deployed F5 Big-IP LTMs and implemented weighted round robin policy to balance the load.
• Configured & troubleshoot Virtual Servers, me Nodes, Pools, and customized me Rules on BIG-IP F5 LTM Load balancers for traffic management.
• Performed cleanup of fully shadowed, expired and unused security rules and objects using tufin secure track
• Responsible for WAF operation implementation as well as any required troubleshooting and root-cause.
• Configured VPC, VDC and ISSU Software upgrades on Cisco Nexus switch implementing Fabric Path to avoid blocking ports.
• Configured HSRP between VLANs, Configuring Ether-Channels, and Port Channel on 6500 catalyst switches.
• Implemented BGP to optimize WAN routing on core and edge routers.
• Conducted mutual redistribution of OSPF and BGP routes using route maps.
• Involved in the removal ofEIGRPfrom all devices and making OSPF the primary routing protocol.
• Addressed issues related to OSPF, EIGRP, HSRP and GLBP fail-overs, Optimized routing using route maps, route redistribution.
• Implementing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Experience in working wif ARISTA switches for cloud computing, data center networks.
• Configured multiple domain name services (DNS), email services (Exchange Server), web, and file transfer protocol services (FTP) for various platforms including line leasing through DHCP servers.
• Used Network monitoring tool SolarWinds NPM to ensure connectivity and Protocol analysis tool (Wireshark and TCP dump) to inspect the packet for networking issues.

Environment: Arista switches 7308R, 7328X, Cisco 3550/4500/6500 switches, Juniper Routers MX 240, 480, M320, F5 Big-IP LTM-6400 load balancer, Checkpoint R77.

Network Engineer

Confidential | Minneapolis, Minnesota

Responsibilities:

• Configure & troubleshoot routing protocols EIGRP, OSPF on Cisco ISR 3800, 2900.
• Redistributing from EIGRP to OSPF and vice versa. Implement a hub and spoke topology wif a Frame Relay Switch.
• Configured and resolved complex OSPF issues in a multi-area network.
• Involved in troubleshooting of DNS, DHCP, and other IP conflict problems.
• Implemented VTP and Trunking protocols (802.1q and ISL) on 3560, 3750 and 4500series Cisco Catalyst switches.
• Provided on-call support for installation and troubleshooting of the Networking L2/L3 issues.
• Implemented & operated L3 switching and related functionality. This includes the use of VLANs, STP, VTP and their functions as they relate to networking.
• Worked on Security issues, VPN, IPSec, NAT, Standard & Extended Access Control Lists (ACLs).
• Manage Cisco Routers and troubleshoot layer1, layer2 and layer3 technologies for customer escalations.
• Installation, Configuration and troubleshooting Cisco switches & Routers.
• Enabled STP, RPVST+, BPDU Guard, Root Guard, disabling all unused ports and putting them in unused VLAN.
• Implemented WAN network technologies like MPLS and Frame Relay.
• Coordinated installations and followed up wif project managers and end users to ensure acceptable system/network performance once changes were completed.
• Created documentation and network diagrams of the network infrastructure using MS VISIO.
• Worked on service request tickets generated by the halpdesk such as troubleshooting, maintenance, upgrades, patches and solutions wif all-around technical support.

Environment: Cisco 2800/2900/3900/4000 Series ISR's, Cisco Catalyst switches 3560, 3750 and 4500series and Cisco 3640/3845/3600/2800 routers, cisco WAP 3700, Windows Server 2003/2008.

Jr Network engineer

Confidential

Responsibilities:

• Configured and troubleshoot EIGRP routing protocol on Cisco routers.
• Implemented and upgraded Cisco switches and routers.
• Configuring Vlan's, VTP's, enabling trunks wif 802.1q tagging between switches in the access layer.
• Enabled STP Enhancements to speed up the network convergence dat includes Port-fast, Uplink-fast.
• Involved in the upgrading of legacy Cat 4500X-32 switches to 4500X-40 series switches.
• Involved in troubleshooting of DNS, DHCP, and other IP conflict problems and applied QoS for the bandwidth delay.
• Involved in implementation and configuration of HSRP for load balancing on L3 switches.
• Performed IOS upgrades on various catalyst series switches and maintained latest IOS versions according to company's policy.
• Configured Access List (Standard, Extended and Named) to allow users all over the company to access different applications and blocking others.
• Installed and maintained windows XP, 2007 and vista on client’s operating systems, hardware/software upgrades and network administration.
• Responsible for cabling and labeling and Racking & Stacking of various network equipment and ensured their are no connectivity issues using ping and tracert.
• Troubleshooted the layer 1 and layer 2 ticketing issues.
• Knowledge of HSRP, GLBP, ICMP, PPP, SNMP, VLSM, ARP and Autantication Protocols (PAP and CHAP).
• Good noledge of routing protocols like OSPF, is-is, and threats to OSI.

Environment: Cisco routers 2900, 3800, 3900, cisco switches 3500, 4500, Nexus 2000 series, windows XP, 2007 and vista.