SUMMARY

• 7+ years of experience in Network and Security engineering and Network Infrastructure, routing, switching, firewall technologies, system design, implementation, troubleshooting of complex network systems, enterprise network security, wireless design, and data network design, capacity management and network growth.
• In - depth Cisco technology experience/knowledge in design, implementation, administration and support.
• Strong hands on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches.
• Experience with Cisco Prime, Cisco ACS and ISE.
• Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience
• Strong experience in Network security using Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN.
• Manage, operate, and analyze data from corporate security systems including Sourcefire IDS
• Experience on Endpoint security SME with McAfee Endpoint, IPS and Anti-virus.
• Expertise in network protocols, Firewalls and Communication Network design.
• Migrated and implemented new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X.
• Configuring Site-Site VPN on Checkpoint as well Cisco ASA Firewall.
• Managed multiple security devices in order to protect the Enterprise’s network - Vulnerability Scanners, Malware Detection, Intrusion Detection; Host based Firewalls, SIEM, Web Application Firewall, Anti-virus,
• Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
• Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
• Experienced in handling Panorama firewall management tool to administer Palo firewalls.
• Configure, Migration and implementation of all Checkpoint Firewall models (4000, 12000, 21000, 41000 and 61000 series appliance) as well as management server to manage large scale firewall deployments.
• Checkpoint VPN-1/ Firewall-1, 3D Analysis, GAiA, Standalone & Distributed setup, Security management, Log server, Secure platform (SPLAT), License management.
• Experience in deploying Check Point Provider-1 NGX.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Juniper SRX Firewall, Juniper EX and Juniper MX devices.
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA(TACACS+ & RADIUS)
• Hands on experience with packet sniffer, TCP DUMP and Wireshark for packet monitoring.
• Configuring & Managing LAN, WAN, VPN and Firewall of Juniper MX Routers for End Users
• Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
• Worked on Qualys for vulnerability management and Tripwire for real time threat detection.
• Experienced in Deploying Wireless Network Infrastructure and Wireless Survey Best Practices
• Experience with Load Balancers for administrating and monitoring global & local traffic using Cisco CSM, ACE Module, and F5 BIG IP LTM & GSS
• Advanced knowledge in Cisco Switches and Routers Configurations.
• Designing, Implementing and Troubleshooting Cisco Routers (2800,2900,3900,3800,7600) using Static, RIP, IGRP, OSPF, EIGRP & experience with Checkpoint, Cisco PIX & ASA devices.
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF and EIGRP.
• Knowledge of Python and Linux shell scripting language.
• Knowledge in Documenting and preparing the Process related Operational Manuals.
• Finely tuned analytical/critical thinking and debugging skills with excellent verbal and written communication skills.
• Highly enthusiastic, creative team player, project implementation, analytical, interpersonal and communication skills

TECHNICAL SKILLS

Firewalls: Checkpoint, Cisco ASA, Palo Alto, Juniper

Cisco Routers: 2800, 3600, 4400, 7200

Cisco Switches: 2900, 3500, 3700, 5000, 6500

Nexus Switches: 7000, 5500, 5000, 2000

Other Hardware: F5 BIG-IP LTM Load Balancer, 7960 IP Phone

Networking: TCP/IP, UDP, ICMP, LAN, WAN, DHCP, DNS, FTP, TFTP, SNMP, ARP

Other Protocols: HSRP, GLBP, VRRP, QoS/CoS, VoIP, IPv4, IPv6, IP SLA

Security: ACL, NAT/PAT, ASA (5505, 5510) FirewallLoad Balancer F5 Networks (Big-IP) LTM 6400, 1600

Routing: EIGRP, OSPF, RIP, BGP, MPLS, PPP

Switching: VLAN, VTP, STP/RSTP, Ether-Channel (PAgP, LACP), CEF

Operating Systems: Win XP, Win 7, Win 8, Win Server 2003, working knowledge of Mac OS X and Linux

Applications: Wire shark, PRTG, VMware, MS Visio, MS Office, Adobe Photoshop and Illustrator

PROFESSIONAL EXPERIENCE

Confidential, Jersey City, NJ

Firewall Specialist

Responsibilities:

• Manages, maintains and support Checkpoint, Palo Alto Firewalls, IPS, IDS, and Endpoint servers, PKI and network security Infrastructure.
• Designed and implemented an enterprise wide Intrusion Detection system on McAfee.
• Experience with network based F5 Load balancers with software module ASM, APM & AFM.
• Engineer and Support the agencies security infrastructure consisting of Firewalls, IDS, Proxies, Endpoint Security products and PKI.
• Strong experience in checkpoint firewall and migration from Palo Alto, Juniper and Cisco to checkpoint.
• Ability to configure and monitor security tools such as security information and event management (SIEM) QRadar.
• Extract the logs, Perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
• Engineered BLS Checkpoint infrastructure which consists of 500+ firewalls running different flavors of hardware such as (4000, 12000, 21000, 41000 and 61000 series appliance) and Checkpoint OS such as (R71, R75, R76 and R77).
• Configured, installed and maintained Juniper firewall.
• Worked on McAfee ESM (Enterprise Security Manager) & IPS appliance which handled both SIEM/Correlation and Log Management.
• Managing and implementation of remote firewalls for State agencies using SPACE and SamrtDashboard.
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Provide initial fault isolation, proactive maintenance and monitoring of Company’s Network Equipment. Perform monitoring and support of internal network security.
• Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring and providing management support for Palo Alto using Panorama (M100, M500)
• Successfully installed Palo Alto to protects Data Center
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Experience on working with the TRAPS which is the Advanced Endpoint protection and Palo Alto Migration tool 3.0.
• Configuration and providing management support for Cisco ASA and Juniper SRX firewall.
• Checkpoint log server upgrade from R7 .40 to take advantage of Smart logs.
• Firewall management server redesign and consolidation to one management server environment.
• Worked extensively on Juniper JUNOS and ScreenOS, Juniper SRX firewalls environment.
• Worked on Sourcefire for virus detection and source vulnerability detection.
• Experience on McAfee Endpoint security, IPS and Anti-virus.
• Bluecoat Administration - Blocking/Unblocking URL's.
• Worked on automating process for migration of security policy using Palo Alto Migration tool 3.0 from multiple platform and Symantec Endpoint Protection.
• Review Firewall release for any possible non-compliance or vulnerability.
• Worked on Sourcefire for application control, malware detection and URL filtering.
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer.
• Worked on Checkpoint clustering of firewall and load sharing on firewall.
• Experience with checkpoint VSX-1 appliance for virtualized security gateway and SMART -1 security management for policy, log and event management.
• Worked on Qualys with web application firewall and vulnerability management.
• Experience with Using GTM, APM & LTM F5 component to provide 24“7 access to applications.
• Design and implement secure access to network resources for both wired and wireless clients utilizing Cisco Identity Services Engine (ISE).
• Configuring and providing management support for Palo Alto using Panorama (M100, M500)
• Experience with working on Microsoft Active Directory.
• Configuring and providing management support for Palo Alto using Panorama (M100, M500)
• Configuring prime network to communicate with external LDAP server.
• Importing users from LDAP server to prime network.
• Creating device scope in prime network.
• Real-time detection of threats, anomalies and deep visibility with enterprise Tripwire.
• Third Party VPN migration from old data center to new data center.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.

Confidential, Newark NJ

Network Security Administrator

Responsibilities:

• Provides day to day support for firewall engineering and operations tasks and level 1 & 2 on-call technical support for the Firewall Engineering and Operations team; including assisting peers with issues and escalation.
• Handled Incident tickets related to the issues in the Firewall along with the connectivity issues.
• Experience on Cyber Security & Penetration Testing tools such as, Metasploit, SQL Map, Appscan, Burp Suite, Nmap, Nessus Vulnerability Scanner and familiar with shell scripting.
• Experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
• Operate and analyze results from enterprise detection systems such as Cisco Sourcefire and Tripwire.
• Network documentation was done with MS Access, Visio, and Power Point. Microsoft Project was used to ensure that all project timelines were adhered too.
• Integrated Juniper firewall into client’s existing network to provide security for applications
• Complex troubleshooting to include network protocol and log analysis, raw data captures, and the correlation of disparate events spanning multiple devices and platforms.
• Experience in Migration with Juniper, Checkpoint and Palo Alto firewall.
• Experience with LTM & GTM F5 component to provide high availability with providing services across data centers.
• SIEM tuning and log analysis of alerts.
• Worked on McAfee Endpoint Security & McAfee SME.
• Configuration of checkpoint firewall according to client topology.
• Configuring Virtual Chassis for Juniper JUNOS switches EX-4200, Firewalls SRX-210.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Installing, Configuring, Troubleshooting Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200 series.
• Expertise in installing, configuring and troubleshooting Juniper Routers ( E,J,M and T-series)
• Juniper JUNOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, BGP v4, MPLS, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Experience on designing and troubleshooting of complex BGP and OSPF routing problems.
• Configure and maintain Virtual Private Network (VPN), Network Admission Control (NAC), Cisco Identity Service Engine (ISE), Cisco NEXUS, Cisco ASR.
• Configuring VLANs, VTP, Spanning tree, Ether Channel, Inter VLAN Routing and port security.
• Installing and configuring Cisco Routers 800, 1800, 1900, 2600, 2800, 3600, 3800, 3900 series.
• Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Configuration and troubleshooting of Firewalls ASA 5520, ASA 5510, Nokia Check Point VPN­1 NGX R55/R65/R70
• Performed upgradation from old platforms to new platforms R65 to R75.45
• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls.
• Worked on Migrating from ASA 5540 to ASA 5585.
• Configuring failover and working on ssl-vpn when in active/standby failover on checkpoint firewall.
• Negotiated VPN tunnels using IPSEC encryption standards and also configured and implemented site-to-site VPN, Remote VPN in network using checkpoint firewall.
• Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs
• Push the firewall rules on various versions of Nokia boxes and cross beam from Provider -1 NGX CMAs.
• Configuration of IPSEC L2L and SSL VPN connectivity for the projects.
• Managing of CISCO ASA 5550 Firewall in Active/stand-by mode.
• Worked on configuration of DNS using BIND & McAfee IPS.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), sniffers and malware analysis tools.
• Manages all components of the Cisco wireless network, to include access points, controllers, and management systems.
• Configures and manages mobility services, such as Cisco Prime and Cisco Identity Services Engine (ISE).
• Experience using Nessus & Qualys Tool for networking discovery and mapping, vulnerability assessment and tracking and malware infection.
• Understanding of JUNOS platform and worked with IOS upgrade of Juniper devices.
• Worked on vulnerability scanning tool such as Nessus and Qualys Guard.
• Experience with APM, LTM & GTM F5 component to provide high availability with providing services across data centers.
• Designed and deployed Sourcefire Network intrusion devices in multiple datacenters
• Designed and deployed multi-sensor Sourcefire Intrusion Prevention System covering public shared web hosting.
• Working and commenting on global firewall polices

Confidential 

Network Support Engineer

Responsibilities:

• Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
• Performance monitoring of various applications and web servers to maintain quality of service and network stability.
• Maintained core switches, creating VLAN's and configuring VTP.
• Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPsec and SSL encryption.
• Troubleshoot and resolved LAN & WAN network environment.
• Manage service providers/vendors relationships from a project and technology perspective.
• Worked with the basic communication protocols like TCP/IP
• Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment
• Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in core network.
• Install Packet Shaper as QOS system to monitor and manage network traffic
• Provide initial fault isolation, proactive maintenance and monitoring of Company’s Network Equipment. Perform monitoring and support of internal network security.
• Worked with business partners to establish and maintain 70+ VPN connections, primarily Cisco and Checkpoint
• Planned, tested and evaluated various equipment's, systems, IOSs and procedures for use within the Network / security infrastructure.
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Troubleshoot traffic passing managed firewalls via logs and packet captures
• Configured Terminal Services for Remote Administration.
• Implementing, configuring, and troubleshooting various routing protocols like RIP, EIGRP, OSPF, and BGP.
• Implementation of Wireless access points to newly opened branches and existing branches.
• Maintained a RIP, Static and OSPF infrastructure
• Support customer with the configuration and maintenance of ASA firewall systems
• Supported Data Center migration and consolidation project. Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Cisco ASA, NOKIA Firewalls, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
• Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
• Maintaining & Troubleshooting L2 LAN switches
• Enhanced level of experience with RIP, EIGRP, OSPF, BGP
• Troubleshoot connectivity issues involving VLAN's, OSPF, QoS etc.
• Support, monitor and manage the IP network.
• Configuring RIP, EIGRP protocols and IP sub netting
• Implementation & trouble shooting of complex WAN, LAN, VLANS, private VLANS, high availability solutions like HSRP, VRRP, GLBP, ether channels, site- to- site VPN, access control lists, NAT, PAT, routing solutions etc.
• Installing, Configuring, Administering and supporting the Windows 2003 Server, Windows 2003 Server, Windows 2000 Server, Windows 2000 Advanced Server, IDS server, SQL Server and Active Directory
• Managing Cisco Layer 2, Layer 3 switches & Routers on the network.
• Resolving routing and switching related real time performance issues.
• Able to write Windows/Unix/Python script to automate administration.
• Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices.
• Implementation of Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s routers to new sites.
• Propose network redesign based on client hardware guidelines, network policies and individual site's unique characteristics.
• Configuration & Management of VLANs, 802.1q trunks, VTP, Security policies.
• Cisco switches - 2900x, 3500x, 4500x, 6500x for user connectivity with redundant connectivity with Core Switches.
• VLAN, STP, Ether Channel, port activation/de-activation, port security, Inter VLAN routing Switches.
• Installing and configuring Cisco Routers 800, 1800, 1900, 2600, 2800, 3600, 3800, 3900 series.
• Designed and deployed networks using dynamic routing protocol (EIGRP, OSPF and BGP-4, RIP)
• Responsible for virus detection and spy ware removal
• Conducted and implement Network and software installations and upgrades.
• Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, sub-netting, also including DNS, WINS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols