SUMMARY

• IT professional wif around 8 Years of extensive hands on experience in Networking Security and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls
• Skilled & technically proficient wif multiple firewall solutions, network security, and information security practices
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next - Generation Firewalls R65, R70 & GAIA R77.30, Juniper SRX. Net Screen SSG Firewall, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA/PIX.
• Worked on Checkpoint products like Nokia IP 390, 560, 690, 1280, 2450, 61000 etc.; Gaia, Checkpoint VPN-1/ Firewall-1, Standalone & Distributed setup, Security management, Log server, Secure platform (SPLAT), License management. Provider-1 and VSX gateways wif cluster and Virtual firewalls models Smart-1, Power-1 environment.
• Managing and implementing remote firewall for different clients using NSM, SPACE, SmartDashboard and CSM.
• Advanced noledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS module, security risk analysis, attack mitigation & penetration tests
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Maintaining Corporate Firewalls by analysis of firewall logs and implementation of security firewall policies for the migration of Datacenter
• Experience wif convert Checkpoint VPN rules over to the Cisco ASA solution. Migration wif both Checkpoint and Cisco ASA VPN experience.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt wif router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Knowledge of Intrusion Detection and Prevention System, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Worked on Juniper Netscreen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200, SRX 550, SRX 1400 and SRX 3600 models.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1, VSX, Palo Alto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers, Cyber Security, Amazon Web Service (AWS), and Bluecoat URL filtering & Packet Shaper systems.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Configuration and implementation of Cisco Firewall PIX/ASA along wif migration from PIX to ASA firewalls.
• Experience on PCI, SOX, ITIL and ISO compliant security implementations on the firewalls and perimeter devices
• Configuration, implementation and maintenance of Cisco Catalyst Switches 3850, 3750-X and 2960X and working on VRF
• Advance Knowledge in Penetration testing tools such as Metasploit, Nessus, Qualys, Nmap, Zenmap, AppScan, SQL Map, Burp Suite, IBM Appscan
• Configured Check Point clusters wif Nokia box and crossbeam.
• Good noledge and experience in Installation, Configuration and Administration of Windows Servers … TCP/IP, Active Directory, FTP,SNMP,SMTP,DNS,HTTP,HTTPS,DHCP, TFTP, LDAP, Linux OS under various LAN and WAN environments
• Experience in working wif Nexus 7K, 5K and 2K series.
• In-depth noledge of deploying and troubleshooting Cisco IOS LAN, WAN, QoS, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP & VTP

PROFESSIONAL EXPERIENCE

Confidential, Norristown, PA

Sr. Network Security Engineer

Responsibilities:

• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server running on SPLAT
• Configuring, Administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
• Experienced on working wif cisco switches 3850, CISCO 6880, Nexus 9k, 4500 access switches for deploying as well as configuring it, and installation of malware detection Fire Eye.
• Installing the latest IOS images to the catalyst switches 3850/6880 and nexus 9k.
• Experienced on working wif the vlan design and implementation and spanning tree implementation using PVST and R-PVST. Worked on layer 2/layer 3 access layered switches. Worked on cisco MPLS on layer 2 and layer 3 VPN
• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN
• Managed, operated and analyzed results from cisco Sourcefire IDS/IPS.
• Experience on working wif migration wif both checkpoint and Palo alto next generation firewall as well as virtualization of both VSX and VSYS.
• Work on the Tufin (secure track module) firewall optimization tool to generate usage reports and clean up the policies based up on usage reports.
• Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70, R75 and R77 Gaia software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
• Configured Cisco ASA and Checkpoint firewall layers to secure the infrastructure for the Data Center.
• Migrated firewalls from ASA to Checkpoint.
• Drafted, installed, and provisioned ASA and Checkpoint firewall rules and policies.
• Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst 6500/RV320/2960/catalyst 3550/3850, Nexus 7k and 5k, and ASA 5540
• Involved in Data Center migrations. Handled proper management, maintenance, configuration, and altered management of firewall structure.
• Implemented Checkpoint firewall rules according to business requirements and verifications.
• Change and Incident Management using HP Service Manager. Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
• Configuration and support of legacy Juniper Netscreen firewalls and Palo Alto firewalls.
• Palo Alto design and installation for Application and URL filtering
• Configured and troubleshot Palo Alto firewall using CLI.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smart view monitor etc.
• Implementation of Checkpoint VSX, including virtual systems, routers and switches.
• Configure and troubleshoot Remote access and site to site-in Checkpoint & ASA firewalls
• Hands on experience and good working noledge wif Checkpoint Firewall policy provisioning
• Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration
• Cisco ISE 1.3 Deployment and Profiling Policies
• Blue Coat Web Proxies - ProxySG URL and Content filtering.
• Experienced wif tools like Qualys Network forensics technologies
• Successfully installed Palo Alto PA 3060 firewalls to protects Data Center
• Exposure to wild fire feature of Palo Alto
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst 6500/RV320/2960/catalyst, 6880/ /12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Provide best practice security consulting for multiple compliance initiatives, wif a focus on highly resilient solutions. Creating technical implementation plans and project plans

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960, 6500 switches and Cisco 3640/12000/7200/ 3845/3600/2800 routers, Cisco Nexus 7K/5K, Cisco ASA 500, Juniper J series, M 320 and MX960, Checkpoint, Palo alto, Juniper SRX/SSG, windows server 2003/2008: F5 BIGIP LTM,RIP,OSPF,BGP,EIGRP,LAN,WAN,VPN,HSRP, HPSM

Confidential, Durham, NC

Network Security Engineer

Responsibilities:

• Responsible for installation, troubleshooting of firewalls (Cisco / Checkpoint /Juniper firewalls) and related software, and LAN/WAN protocols.
• Worked on Checkpoint Versions R75, R70 implementing new and additional rules on the existing firewalls for a server refresh project.
• Upgrade of Checkpoint firewalls and management servers to latest versions.
• Established IPsec VPN tunnels between branch offices and headquarter using Cisco ASA Firewall.
• Maintained, upgraded, configured, and installed Cisco ASA 5510, 5520, & 5505 Firewalls from the CLI and ASDM.
• Experience wif convert Checkpoint VPN rules over to the Cisco ASA solution.
• Working on JunOS, Screen OS firewalls, Juniper netscreen ISG1000, SRX 550, NSM, Palo Alto Networks, Infoblox Grid Manager.
• Configured and troubleshooted issues in Juniper firewall using CLI and NSM.
• Worked on Firemon firewall optimization tool.
• Planned, installed, monitored and was the single point of contact for all intrusion detection for client systems. Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1 / VPN-1 / Secure VPN / Secure IDS)
• Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for ASA firewalls, Checkpoint Clustering and load balancing features.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Implemented and troubleshooting the Virtual firewalls (Contexts) solutions in ASA.
• Planning, designing and implementing a secure ODC Network setup for upcoming projects.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Isolated complex network problems and initiated solutions for corrective action for multi-vendor LAN/WAN communication platforms.
• Technologies supported include dial up connections, ISDN, frame relay, T1/E1, ATM, MPLS, HSRP, NAT, Quality of Service, Voice over IP, WLAN, Redistribution
• Implemented Fast Ether Channels between switches to increase backbone bandwidth.
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing wif snooping & IP source guard.
• Commissioning and decommissioning, configuring, URL and Web filtering, SSL Certificates, monitoring, SNMP traps, logging, blocking on Palo Alto devices, migrating from one network to other.
• Support end to end Security devices checkpoint & Cisco PIX/ASA.
• Experience wif convert Checkpoint VPN rules over to the Cisco ASA solution. Migration wif Cisco ASA VPN experience.
• Installation and management of overall administration of LAN, WAN, systems involving design of network layouts, configuration and maintenance, Commissioning Routers & Switches, firewalls, IPS and ensuring maximum uptime during site deployment to VoIP.
• Working on Configuring Management Interface IP, Creating Trust Zones, DMZ‘s, ACL, SSL on Juniper Netscreen ISG100.
• Configured FWSM on cisco 7600 router to reduce costs and operational complexity while enabling organization to manage multiple firewalls from the same management platform.
• Configured ASA 5520/5500to ensures high-end security on the network wif ACLs and Firewall.
• Experience wif Firewall Administration, Rule Analysis and Rule Modification on cisco ASA 5540, 5585.
• Responsible for Cisco ASA firewall administration across our networks.
• Implementation and configuration of F5 Big-IP LTM-6400 load balancers
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
• Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel wif LACP and PAGP along wif troubleshooting of inter-VLAN routing.
• GRE tunneling & Site-to Site VPN configuration between other two sites in USA.

Environment: Cisco 7200, 7204, and 7206 Routers, Switches: Cisco Distribution layer switches such as 4510, 4948, 4507, 7k, 5k and 2k series. Firewalls 5GT, 208, EIGRP, RIP, OSPF, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Windows Server, Windows NT, Remedy

Confidential

Network Engineer-2

Responsibilities:

• Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers.
• Configured Site to Site IPsec VPN tunnels to peer wif different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches.
• Configuring access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• WAN Infrastructure running OSPF & BGP as core routing protocol.
• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers. Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
• Experience in installing and configuring Checkpoint NGX R60.
• WAN Infrastructure running OSPF & BGP as core routing protocol.
• Responsible for Configuring SITE TO SITE VPN on VPN Concentrators series between Head office and Branch office
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel wif Cisco VPN hardware & software client and PIX firewall
• Configured Firewall logging, DMZs& related security policies& monitoring
• Worked on Cisco Layer 2 switches (spanning tree, VLAN).
• Hands on experience working wif security issue like applying ACL's, configuring NAT and VPN

Environment: Cisco 7200, 7204, and 7206 Routers, Switches: Cisco Distribution layer switches such as 4510, 4948, 4507, 7k, 5k and 2k series. Cisco PIX Firewalls, EIGRP, RIP, OSPF, CISCO ASA, DHCP, DNS, SAN, Spanning tree, Checkpoint, Infoblox, VPN.