SUMMARY

• Cisco Certified 8+ years of experience as a Network/Systems Administrator specializing in Cisco devices, Network security, Firewalls and VPNs, Cisco Routers, LAN/WAN connectivity, TCP/IP Windows XP, Windows Vista, NT/ System administration, communications.
• Enterprise experience and knowledge on latest products of CheckPoint, Cisco ASA, Palo Alto and Juniper SRX/SSG firewall's.
• Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls
• Experience with network security design implementation Assessment, evaluation, design, and implementation of solutions related to following security areas: Large corporate firewall extranets, mail, Internet, internal enclave, PCI, SOX, HIPPA and Industrial control systems.
• Experience with F5 LTM/GTM load balancer, administration, management and upgrades to support 24x7 operations
• Proficient in setting up IT infrastructure including wide area networks (WAN) / local area networks (LAN), security management systems & networking devices administration.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Experience in routing and switching technologies, system design, implementation and troubleshooting of complex network systems 2600, 2800, 3600, 7200 Series Routers, and Catalyst 4500, 6500, and 7600 switches.
• Implementation of IPSEC & SSL tunnels in VPN using Cisco IOS and checkpoint firewall VPN.
• Hands on experience using diagnosis tools like TCPDUMP, Wireshark for analyzing the real time statistics during the packet flow.
• Performing firewall rule audit using different firewall optimization tools like Tufin, Firemon and Algosec.
• Experienced in testing Cisco routers and switches in laboratory scenarios and deploy on site in production.
• Proficient in configuration of routing protocols like RIP, IGRP, EIGRP, OSPF and BGP.
• Involved in designing L2VPN services and encryption system and other VPN with IPSEC based services.
• Extensive experience taking copy of Cisco IOS on TFTP server and loading it back on routers.
• Hands on experience in NAT configurations and it’s analysis on troubleshooting issues related access lists (ACL).
• Involved in monitoring network traffic and its diagnosis using performance tools like Snort, Snortsnarf, ping tools, and packet player.
• Security Health Check & Gap Analysis for Network Devices.
• Excellent communication and interpersonal skills, interfaces effectively with upper management, subordinates, vendors, co - workers & peers.

TECHNICAL SKILLS

PROTOCOLS: OSI,TCP/IP,DHCP, UDP, RIP v1, RIP v2, IGRP, EIGRP, TACACS+, RADIUS, OSPF, BGP, SSH, TFTP, FTP, SMTP, NTP, LDAP, Active Directory, Kerberos, L2F, L2TP, PPP, HSRP, AAA, DES, 3DES, AES, and MD5, VPN (IPsec and SSL),VRRP, HSRP, DNS (BIND, DJBDNS, Infoblox), SNMP.

NETWORK MONITORING TOOLS: HP openview, Cisco Works, Netscout, Ethereal, tcpdump, netcat, Sniffer, Snort, TippingPoint IDS/IPS, Source Fire IPS, Firemon, Tufin, Algosec, Cyber Ark, HPSM, HP NAS, Cacti

OPerating Systems: Windows NT/200/2003, UNIX, SPLAT (Secure Platform), IPSO, Gaia, Linux, RedHat,Cisco IOS, JunOS, Screen OS, Pan os

FIREWALLS: Checkpoint NGX (R65-R77 Gaia), Cisco PIX 515E,Cisco PIX 535 Firewall, Cisco ASA 5510,Cisco ASA 5520, Cisco ASA 5540,Cisco ASA 5550, Cisco FWSM, Check Point NGX R52, R54, R61, R62, R65, R75, Nokia IP690, Nokia IP530, Checkpoint provider-1, Checkpoint Firewall-1, SPLAT, VSX, Cluster XL.

ROUTERS: Cisco 2811, Cisco 6509-E (Multi-layer Switch), Cisco7200, Cisco3800, Cisco 3640, and Cisco 3745.

SWITCHES: Cisco Multi-layer Switch 6500, Catalyst 4500, Catalyst3750, Catalyst2900 and Catalyst 3500XL.

NETWORK EQUIPMENT: Cisco 2950,3500,4500,6500 series Switches, Cisco 800, 1600, 2500, 2600,3700,3800,7200 series Routers, Nexus 3k, 5k series, Cisco wireless access points, F5 LTM load balancer, Cisco ISE

PROFESSIONAL EXPERIENCE

Confidential, Plano, TX

Network Security Engineer

Responsibilities:

• Building, configuring, maintaining, troubleshooting the firewalls. Develop and implement the company’s security policies, and rules implementation.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Gaia R77 Gaia, R75, VSX, Palo Alto and Cisco ASA
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocol
• Installation and administration of Cisco ASA 5500 series firewalls, and Checkpoint R77.10 Gaia Firewalls.
• Installing and Configuring Palo Alto Pa-500 series firewalls using Panorama.
• Implementing and troubleshooting firewall rules using Checkpoint Provider-1, smart dashboard, ASDM, Smart view tracker
• Monitor and administer Tipping point IPS/IDS and alert SOC team accordingly.
• Coordinated with network operations center (NOC) for change notifications, alerts and escalation of security incidents.
• Configuring and troubleshooting firewall security policies in Juniper SRX via CLI and NSM.
• Working on Juniper Routers like, M320 and MX80, MX960, MX480 -configure OSPF and route policies
• Providing support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel.
• Working on the firewall rule optimization tool called Tufin to generate reports for usage reports.
• Worked in rule audits to mitigate risks by finding out unused firewall rules using Tufin Optimization tool.
• Performing daily network operations, on-call, and other duties and tasks as required.
• Monitor the ticket queue in the HPSM for incoming tickets, update tickets in accordance to Service Level Agreement (SLAs) requirements and, escalate based on severity levels.
• Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Implementing enterprise wide network infrastructure and ecommerce support solutions including, network intrusion detection, encryption and monitoring.
• Performing business migration planning including location change, platform introduction and integration.
• Worked on creating network documentation using Microsoft Visio.

Confidential, Tulsa, Oklahoma

Network Security Engineer

Responsibilities:

• Implementing security policies as per business requirement in Checkpoint R75, ASA, Juniper SRX and SSG firewalls.
• Managing Checkpoint management server for a complex Provider-1 Firewall environment.
• Involved in Configure, Troubleshoot and Maintenance of Juniper SSG and SRX Firewalls.
• Extensive Juniper Networks experience in Junos, ScreenOS, IVE (Pulse), NSM, and Junos Space.
• Created security policy according to user requirement in cisco ASA 5580, Juniper-SRX&SSG firewall using CLI & GUI.
• Deploy and maintain Juniper SRX 240 and SRX 3600 firewall for security and Internet accessibility
• Perform firewall rule audits using Firemon optimization tool.
• Used Firemon to run usage reports to disable unused rules and policy analysis before adding any new rule to the policies to make sure new rule is not covered by permissive rules.
• Audit Security rules on various firewalls from Network Perspective and provide recommendations for more stringent approach.
• Assisted in the development of network and security communication standards and configuration management.
• Troubleshooting failover issues on Cisco ASA/Checkpoint/ SRX firewalls
• Good experience in creating ACL and NAT/PAT in the Firewalls.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint firewalls from R55 up to R77
• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server running on Secure Platform and IPSO.
• Configuring and troubleshooting Remote access (anyconnect) and site to site tunnel VPN on Cisco ASA Firewall
• Perform load balancing with advance policies for various applications using Citrix Netscaler.
• Migrating and converting security policies from Screen OS to Juniper SRX Junos.
• Configure and Monitor the alerts in Semantic Antivirus, Imperva Web application firewalls and IBM Qradar SIEM.

Confidential, Durham, NC

Network Security Engineer

Responsibilities:

• Installing & configuring firewalls - Juniper Netscreen, SRX, Netscreen SSG Checkpoint R70 and R75.
• Managing different firewalls and their security policies using Juniper NSM and Checkpoint Provider-1.
• Worked on Check Point VSX cluster and installed policies on the multiple context environment.
• Migrated legacy Cisco PIX firewalls to new Cisco ASA firewalls also upgraded IOS images on ASA firewalls.
• Troubleshooting all the network related issues with third parties and end users until final solution.
• Configuring Firewall switch module (FWSM) on Cisco 6506 distribution layer switches.
• Securing Networks with Private VLANs and VLAN Access Control Lists on catalyst 3560 switch.
• Configuring VTPs, trunking, inter-vlan routing, port fast, uplink fast, and backbone fast on access layer switches.
• Implemented Site to Site connections for third party connectivity using Cisco ASA firewalls.
• Configuring Cisco ACS 4.0 along with TACACS+ server authentication.
• Configured F5 LTM’s for VIP’s, virtual servers as per application requirements.
• Installing Network applications such as FTP, Web server, DHCP, DNS, TFTP and SMTP.
• Ticket generation and change management using remedy software.
• Performed network monitoring/diagnostics using Cisco LMS.
• Preparing technical presentations with MS-Visio including Network Diagrams.
• Participated in discussion on selection of technologies and services for network propagation.

Confidential

Network Engineer

Responsibilities:

• Studied and analyzed client requirement to provide solutions for network design, configuration, administration and security.
• Testing and troubleshooting of layer1 circuit and layer 2 devices and WAN connections establishment and protocol debugging.
• Migration from Frame-Relay/ATM network to MPLS-based VPN for customer WAN infrastructure.
• Troubleshooting latency and throughput issues on MPLS and dedicated internet access circuits.
• Configured Cisco 7204 routers which were also connected to Cisco PIX 535 security appliances providing perimeter based firewall security.
• Administered and setup Cisco PIX firewalls Confidential multiple sites.
• Implemented Site-to-Site VPNs over the Internet utilizing 3DES, AES/AES-256 with PIX firewalls.
• Configured Client VPN technologies including Cisco VPN client using IPsec.
• Configured Cisco VPN 3060 concentrator enabling approximately 500 users.
• Monitor the ticket queue for incoming tickets, Update tickets in accordance to Service Level Agreement requirements and, escalate based on severity levels using Remedy.
• Configuration and change management of PE routers.
• Interacting with client and assisting the customer in CE configuration.