SUMMARY

• 5+ years of experience in Implementation and Operations of enterprise data networks as Network Security Engineer.
• Security Engineer with CCNA certified and having experience in the Network, system design and Security Design, Implementation and Support.
• Strong experience in creating firewall policies as per the requirements on Checkpoint, Palo Alto, Cisco ASA and Juniper firewalls
• Worked on Cisco Nexus 9000, 7000, 5000, 2000, Catalyst 4500, 6509, 7613 series switch, 6500, 7200VXR, ASR 1002, 1006 router.
• Designed and implement security strategies with Cisco and Palo Alto firewalls
• Experience in Supporting and troubleshooting Checkpoint (R77 Gaia, R75.40, R70, R65, Provider - 1, MDM/MDS, VSX, SPLAT and IPSO)
• Worked Structured Cabling with tightSecurityimplementation using best of industry standard products me.e. CHECKPOINT, CISCO, SOPHOS &
• Experience with F5 load balancing solution
• Experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Good Experience on Cisco UCS 6200 interconnects Cisco UCS B-series Blades and Cisco UCS 5100 series blade server chassis.
• Expertise in configuring and troubleshooting of Palo Alto, Juniper Netscreen & SRX Firewalls and their implementation.
• Hands on Experience of BGP (EBGP, IBGP) and MPLS (LDP) protocols.
• Experience with VMware infrastructure
• Monitor NetFlow, and QOS for traffic patterns and anomalies to fine tune the network. me troubleshoot complex routing issues and latency problems.
• Support troubleshooting application issues related to network security (SIEM, firewalls, network data collection and storage)
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users
• Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, Fortigate GUI and Shell
• Experienced deeply on Cisco AMP Administration for Malware Protection
• VLAN design and implementation, Spanning Tree protocol (STP) configuration and support using Rapid PVST to avoid loops in the network. 802.1q Trunking and port channel creation
• Responsible for CheckPoint and Cisco firewall administration across global networks
• Managed successful delivery of massivesecurityresponse portfolio including Splunk, Cisco WSA, Cisco IPS, Sourcefire, FirePower andAMP, Cisco ESA, FireEye, Passive DNS collection, DNS-RPZ, Cisco ISE, Landcope StealthWatch, and Mandiant, collecting over 2 billion events per day into 1TB of growing events per day.Implemented F5 LTM / GTM 9.x 10.x changes using TMSH configurations
• Manage Active Directory administrative, configurations and functions
• Manage virtual machines using Vmware Sphere Client and Vmware Horizon View Administrator

TECHNICAL SKILLS:

Routers: 3800, 3600, 2800, 2600, 2500, 1800 series Routers

Switches: Cisco 4500, 3750, 3500, … series switches, Nexus 5010, 5548, 7010

Routing Protocols: MPLS, OSPF, EIGRP, BGP, RIP-2, PBR, IS-IS, Route Filtering, Redistribution

Firewalls: Cisco (ASA, PIX) 5510, Palo Alto, Checkpoint Gaia R70, R71, R75, R77, VSX

Load Balancer: F5 Networks (Big-IP) LTM Module, Cisco ACE 30 load balancer

LAN Ethernet: (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.

Network Management: SNMP, Solar Winds Oraion, SPLUNK, HP NAS and Wire shark

Reports and Network: Diagrams Microsoft (Visio pro.

PROFESSIONAL EXPERIENCE:

Network Security Engineer

Confidential, Washington, DC

Responsibilities:

• Implementing security Solutions using PaloAltoPA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint and Cisco ASA firewalls.
• Build Checkpoint Security Gateway’s from Scratch and set up in High Availability.
• Experience building firewalls, mainframes, and UNIX based platforms at the data center and implementing the initial policies, configuring NAT, Routing etc.
• Responsible to evaluate, test, configure, propose and implement network, firewall and security solution with Palo Alto networks
• Adding Websites to the URL filtering blocklist in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Export Firewall configurations including objects and policies using checkpoint web visualization tool
• Configure and troubleshoot Checkpoint software blades such as Identity Awareness
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs using Panorama
• Develop procedures and sustainability processes for the operations of Cisco AMP and Microsoft EndPoint Security Protection.
• Extensive experience in configuring Layer3 routing and layer2/3 switching of Juniper & Cisco based J2320, MX, EX, 2950, 2960, 3600, 3750, 4500, 6500, 1700, 1800, 2600 and 3700 series routers & Switches.
• Migration from Windows server’s application in to Linux servers.
• Installation and configuration of Cisco ASA Firewalls including 5585 series firewall
• Provided tier 3 support for CheckPoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Create and test Cisco router and switching operations using OSPF routing protocol and MPLS switching for stable VPNs Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Worked in Data center environment with Cisco UCS 6200 interconnects Cisco UCS B-series Blades and Cisco UCS 5100 series blade server chassis and implemented RAC mounted servers
• Configured Cisco 1000v switches for virtual VMware servers in the cisco UCS environment
• Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches and Load Balancer F5 LTM and GTM
• Configured Cisco UCS 6248UP 48-Port Fabric Interconnect.
• Configured and worked on Juniper MX240 and MX40 router, and optimized network for application delivery in virtualized network environment.
• Symantec Endpoint Protection, Sophos,MalwareBytes, FireAMP.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls
• Created and managed use cases, analyze correlated traffic, created and monitor channels, create and send reports, collected detailed evidence to support cases with SIEM HP Arcsight ApplicationWorked with SIEM tools such as IBM QRadar to get real-time analysis of security alerts generated by network hardware and applications
• Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols
• Tier 4 troubleshooting for WAN, LAN, VLAN network issues
• Installation and configuration of Red Hat Enterprises Linux, Ubuntu, Fedora, CentOS etc

Network security consultant

Confidential, Buffalo grove, IL

Responsibilities:

• Firewall Policy provisioning and work with firewall requests submitted by users through change system.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smart view monitor etc. Command line troubleshooting for packet level debug.
• Experience in Panduit, R&M, Belden, Molex, Snieder, Systimax,Amp, Corning,T echlogics, Avaya & Kuwaise.
• Experience in monitoring the availability & performance of Linux Servers through tools like Nagios, iostat, netstat, vmstat and Nmon.
• Worked on Juniper SRX Versions 300, 3400, 3600, 220 implementing new and additional rules on the existing firewalls for a server refresh project.
• Performed Checkpoint Firewall changes using the Smart Dashboard NGX R65, R70 and R75.
• deploying and maintaining Software Defined Networking (SDN) solution.
• Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time
• Analyzing SIP signaling and RTP.
• Implementation, configuration and support of Checkpoint and ASA firewalls for clients at data center.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• F5 Migration - LTM 4.x to 9.x & 3DNS to GTM 9.x
• Deployment of CISCO UCS 5108 Blade servers.
• Defined Security best practices, Security policies and security improvements on DDOSmitigation solution
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Identify/correct Active Directory deficiencies and performance issues
• Management/configuration/repair of Active Directory Security Groups/OU structure/replication
• Microsoft server clustering, managed objects in Active Directory, replication, changes, adds, moves and deletes in Active Directory and Windows group management and set up and modified Windows Group Policies.
• Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat ProxySG and Cisco IronPort.
• Deploying Cisco WSA and Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.
• Powershell scripting and execution for account termination, Distribution List creation, Security Groups
• Support network security through the competent administration of Fortigate firewall including conducting security audits and vulnerability tests

Network Support Engineer

Confidential

Responsibilities:

• Designed and implemented local area and wide area networks including network servers, workstations, hubs, routers, firewalls, VPN concentrators and other peripheral devices.
• Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP) Configured and troubleshoot OSPF and EIGRP.
• Configured Access List (Standard, Extended, and Named) to allow users all over the company to access different applications and blocking others.
• Used Network Monitoring tool to manage, monitor and troubleshoot the network.
• Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server.
• Configuring LTM / GTM version 9.x on F5 Big-IP 6400 FIPS Application Switch & Big-IP 1500
• Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is usedfor local routing only) which involves new wan links..
• Configured and managed Cisco access layer routers and switches.
• Provide hardware and software support, including the installation of new software and updates when required, across all supported sites.
• Served in computer maintenance, performed all types of hardware, software maintenance and engineering in addition to systems selection, backup and technical support.
• Implemented and Maintained Routing Protocols EIGRP and OSPF in the Network.
• Configured and demonstrated switching concepts such as trunking, ether channels, inter VLAN
• Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is usedfor local routing only) which involves new wan links.Configuring of IP Allocation and sub-netting for all applications and servers and other needs throughout company using FLSM, VLSM addressing.
• Troubleshoot the issues related to RIP, OSPF, and EIGRP routing protocols.
• Perform wireless site surveys using industry standard tools such as Air Magnet

Network Engineer

Confidential

Responsibilities:

• Installation and Configuration of networks, router/switches configuration and wireless access point/router with security, TCP/IP, VPN, Content Filtering, Access Control Lists on router/switches, VLANs (port mapping, naming etc.), and routing IP address in both LAN/WAN and wireless networks.
• Troubleshooting connectivity issues on the Checkpoint Firewall using smart view tracker, monitor health of the appliance using smart view monitor.
• Converting CatOS to Cisco IOS Configuration Conversion on distribution layer switches.
• Configured HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst switches.
• Data center migration was involved in Access, Distribution and Core layers.
• Adding and removing checkpoint firewall policies based on the requirements of various project requirements.
• Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
• Provided failover method maintain the disaster recovery firewall environment.
• Configuring NAT for internet access for the LAN. Implementation of name resolution using WINS and DNS for TCP/IP environment.
• Configure Access List ACL (Std, Ext, Named) to allow users all over the company to access different
• applications, Internet and compliance to the security policy and standards.
• Configure included VLANs, VTP, and STP, port-channel, Gateway redundancy using HSRP and enterprise security using Port Security.
• Performed network administration tasks such as creation and management of VLANS, Port security, Trunking, STP, Inter-VLAN routing, and LAN security.
• Installed physical and logical security access controls, IDS and IPS, Active directory to ensure autanticated user's access only as authorized to maintain the integrity, confidentiality, and availability of company's valuable assets.
• Managed network connectivity and network security, between Head offices and Branch office.
• Provided failover method maintain the disaster recovery firewall environment.
• Installed physical and logical security access controls, IDS and IPS, Active directory to ensure autanticated user's access only as authorized to maintain the integrity, confidentiality, and availability of company's valuable assets.
• Evaluate and develop tools for operating system, database management system, and network security testing as well as data analysis, incident tracking, and reporting.
• Working on GRE tunneling, IOS or firewall NAT/PAT, SSL and configuring VLANS/routing with the firewalls as per the design.
• Maintaining firewall administration, network security, intrusion detection, and virus protection.
• Determining security alarms and preventing and controlling network intrusion.
• Identifying and testing vulnerabilities and conducting research in the areas of information system and network security.
• Implementation of ACL, NAT/ PAT, Ether Channel, IPSec and VPNs.