SUMMARY

• Around 6+ years of professional experience in Monitoring, Engineering, Configuring large enterprise Networks.
• Strong hands on experience on Palo Alto (3020/5020), Checkpoints (R65/R77), ASA (5500 Series), Juniper (Net Screen 204).
• Implemented Policies on Palo Alto for Security, QOS, Policy Based Forwarding (PBF), Decryption, Application Override, DOS and Zone Protection.
• Experienced in handling centralized management system (Panorama M - 100) for managing Palo Alto firewalls across all global locations.
• Hands on experience in troubleshooting traffic by analyzing logs and packet captures on Palo Alto Firewall.
• Expert in Monitoring Checkpoint Firewall traffic through Smart Dashboard and smart view Tracker Applications.
• Expert in Migrating Cisco firewalls ( ) to Palo Alto firewalls platforms PA 5050.
• Configured Active/passive High Availability for Pair of Palo Alto Firewall (PA5050).
• Hands on experience with SIEM tools (QRADAR, Splunk and Solar Winds), Intrusion Detection and Prevention Systems (IDS/IPS) and log management.
• Exposure to Wild fire feature of Palo Alto and initiated Malware Threat Assessment project utilizing Fire eye EX and NX.
• Performing security troubleshooting in terms of checking ACLs and ACEs and traffic flow analysis using packet capture features.
• Managed, deployed a VMWare ESXi Server as a test bed for validating security before implementation on the network.
• Implemented and maintained Security Policies on Firewall by Using Audit tool like TUFIN.
• Hands on experience on TUFIN SECURE TRACK to review any changes in Firewall Polices.
• Strong knowledge on TACACS+, RADIUS and their integration with firewalls.
• Knowledge on various cyber-attacks like Zero Day, DOS and DDOS.
• Experience in Configuring VPN Encrypted Tunnels like IPSEC tunnels, MPLSVPN, DMVPN.
• Proficient Knowledge on F5 Web Accelerator Module and Application Security Module (ASM) technology.
• Experience with F5 load balancers (6400, 6800, and 8800) and Cisco load balancers (CSM, ACE and GSS), also migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
• Proficiently implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps.
• Worked extensively on Blue coat Proxy SG 600, 900 appliances for content filtering.
• Adding Websites to the URL filtering block list in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
• Datacenter Interconnect ASA firewalls’ builds, and management with Cisco Security Manager (CSM) to implement GE standard Security policies.
• Worked in Data center environment with Cisco UCS 6200 interconnects Cisco UCS B-series Blades.
• Expertise in configuration and troubleshooting of Routing protocols like OSPF, EIGRP, BGP and policy based Routing (PBR) in Cisco 7600, 7200, 3800, 3600, juniper M320, T640, SRX series Routers.
• Monitoring of Meraki routers by checking internet traffic, connectivity, resolving MAC CLONING/MAC FILTERING, Blue Coat security issues.
• Configured OSPF redistribution along with authentication for type 3 LSA filtering to prevent LSA flooding.
• Implemented OSPF configuration for stub areas and various features like route-summarization and SPF throttling.
• Implementing 3750 Stackable switches using Cisco Stack Wise technology.
• Implementation of HSRP and VRRP for Redundancy over Network devices.
• Proficiency in the Configuration of Inter VLAN routing, Multi-Layer Switches, Ether Channels and Port Channel.
• Hands-on Experience with Cisco Nexus 7K, 5K platforms and implemented VSS along with VDC and VPC.
• Knowledge of implementing and troubleshooting complex Layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
• Extensive knowledge on TCP/IP, IPV4, UDP, Ethernet, Voice and Data Integration techniques.
• In-depth knowledge and experience in WAN technologies like MPLS.
• Well Experienced in configuring protocols ICMP, IGMP, PPP, PAP, and SNMP.
• Extensive Knowledge and Experience in working with Network monitoring tools like Wire Shark, Solar Winds, SNMP, NetXMS, Pandora FMS.
• Experience in Active Directory, FTP, Terminal Server, NAT, and Exchange Mail Server.
• Managed inventory of all network hardware and Monitoring by use of SSH, Syslog, SNMP, NTP, TFTP and FTP.
• Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
• Understanding and Working with upgrades of JUNOS and Cisco IOS platform devices
• Expertise in documenting network designs using Microsoft Visio.

TECHNICAL SKILLS

Firewalls: Palo Alto Networks 3000/5000 series, Cisco ASA 5500/X series firewalls, Checkpoint (R65, R77.20), Panorama Palo Alto Networks firewall management, Juniper Networks.

Network Security: ACL’s MPF, IPSEC, VPN, Port Security, AAA and IDS/IPS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Routers: Cisco 76XX,72XX series, juniper M320,T640,SRX series

Load Balancer: Cisco ACE4710, F5 Networks (Big-IP) & Brocade Load Balancers.

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast Operations, Layer 3 Switches, Ether channels, Transparent Bridging

Switches: Cisco 65XX,Nexus 6k, 5K and 2K series and Juniper EX

Cisco ACS server: RADIUS, TACACS+, and Digital Signatures.

LAN: Fast Ethernet, Gigabit Ethernet.

IP Telephony: VOIP, T1/T3, ISDN, PRI, Unified Call Manager

WAN: Frame Relay, AVPN, MPLS, SSL

Features & Services: IOS JUNOS, NX-OS, HSRP, GLBP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, SYSLOG

Network Monitor Tool: Wire Shark & NMAP

Reports: Microsoft Visio

Operating System: DOS, Windows (95, 98, NT/2000, XP, Vista/7/8/10), Cisco IOS, Pan-OS,JUN-OS

PROFESSIONAL EXPERIENCE

Confidential, California

Sr. Network Security Engineer

Responsibilities:

• Creating firewall implementation plans, firewall rules, firewall code upgrades, migrations, and deployment of new firewall builds for Check Point (R65/R77.20), Palo Alto (3000/5000) and CISCO ASA (5500/X).
• Proficient experience in troubleshooting MDS (Multi Domain Server) & DMS (Domain Management Server) for managing large enterprise networks using Checkpoint firewalls includes VSX & clustering.
• Hands on Experience in deploying Palo Alto Networks Firewall models (3000/5000) using a centralized management system (Panorama M-100).
• Expert in configuring the rules and monitoring the traffic on Checkpoint Firewall through Smart Dashboard and Smart View Tracker applications.
• Exposure to Wild fire feature of Palo Alto and initiated Malware Threat Assessment project utilizing Fire eye EX and NX.
• Hands on with Migrations from Cisco ASA ( ) firewalls to Palo Alto firewalls (PA5050) platforms and captured traffic via logs and Packet capture.
• Configured Active/passive High Availability for Pair of Palo Alto Firewall (PA5050).
• Hands on experience with SIEM tools like (QRADAR, Splunk and Solar Winds), Intrusion Detection and Prevention Systems (IDS/IPS) and log management.
• Configured various advanced features like iRules, SSL Offloading, Persistence, SNATs, and Digital Certificates on F5 BIG-IP LTM/GTM.
• Experience with F5 load balancers (6400, 6800, and 8800) and Cisco load balancers (CSM, ACE and GSS), also migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.
• Hands on experience on NGFW Firewall management and UTM solutions (DLP, Content Filtering, and Application Control).
• Hands on experience on wide range of security technologies including General web filtering technologies, Palo alto URL filtering.
• Configured and Maintained Site to Site VPN tunnels by using IPSEC Encryption Standards.
• Knowledge on various cyber-attacks like Zero Day, DOS and DDOS.
• Configured and maintained rules on Palo Alto Firewalls and analyzed Traffic by using Firewall logs and Packet Capture.
• Proficient experience in implementing authentication using AAA, TACACS+ & RADIUS.
• Experienced with network monitoring tools like SOLARWINDS and Splunk.
• Using advanced troubleshooting features such as TCPDUMP, Wire Shark, and Packet Capture sniffing for debugging an appliances for Network connectivity issues.
• Deploying Web Security Appliance like Cisco WSA S170 and Bluecoat Proxy SG S200/400 for web Filtering Policies.
• Hands on experience with Wireless Intrusion Prevention Systems and technologies (i.e. Casper/JSS, Cisco Meraki).
• Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, I Rules, and SNATs on the F5 Big IPs using GUI and CLI.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, BGP on Cisco 76XX, 72XX and Juniper M320 routers.
• Experience with manipulating various BGP attributes such as Local Preference, MED, Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Detailed knowledge of critical routing and switching features such as QOS, FTP, NAT/PAT, and NTP.
• In-depth knowledge on IP Addressing, Sub netting, VLAN, STP (Spanning tree protocol), & Switch Trunk VLSM and ARP, reverse & proxy ARP, DNS & DHCP, Ping and Trace route concepts.

Confidential, Bridgewater, NJ

Sr. Network Security Analyst

Responsibilities:

• Administration & management of Juniper SSG-550M Firewall for internet and VPN connectivity. Implementation of NSRP on two Juniper Firewall for redundancy.
• Configuring Juniper Net Screen Firewall Policies between secure zones using Network Security Manager (NSM).
• Administering multiple Firewall of Juniper/Net Screen, in a managed distributed environment. Fulfilling routine change requests of Net Screen Firewall.
• Responsible for reviewing and creating the firewall rules and monitoring the logs as per the Security standards in Palo Alto Firewalls.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Experiences of configuring Global Protect services on Palo Alto firewall.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configuring TACACS+ and RADIUS for Cisco ASA and Palo Alto firewalls.
• Successfully migration of Juniper Firewall to Palo Alto Firewall between Head Office and sub Office.
• Proven hands-on experience with firewalls and a comprehensive knowledge of IP networking and network security including Intrusion Detection, DMZ, IPsec, PKI, VPNs, MPLS/VPN, Site to Site VPN tunnels, SSL/VPN, proxy services, and DNS.
• Configured AFM (Advanced Firewall Manager) a licensed module for the BIGIP appliance that provides firewalling along with reporting and DOS protection.
• Worked on F5 LTM/GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experienced working with design and deployment of MPLS Layer 3 VPN cloud, involving VRF, Route Distinguisher (RD), Route Target (RT), Label Distribution Protocol.
• Extract the logs, Perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
• Developed high-availability solutions through vendor interoperability of Juniper, Cisco and Palo Alto Networks platforms, including utilization of Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Internet Protocol Security (IPsec), Multiprotocol Label Switching (MPLS), and Quality of Service (QOS).
• Maintained redundancy on Cisco 2600, 2800 and 3600 Router with HSRP.
• Packet capturing, troubleshooting on network problems with Wire shark, Solar winds.
• Worked vastly with IP multicast services like PIM, IGMP, MSDP protocols.
• Exposure to wild fire feature of Palo Alto.

Confidential, St. Louis, MO

Sr. Network Engineer

Responsibilities:

• Responsible for implementing, supporting, and maintaining 24x7 network services.
• Configure all Palo Alto Networks Firewalls (PA-2k, PA-3k.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Maintained Palo Alto Network Firewall administration such as security NAT, Threat prevention, URL filtering, security rules, zone based integration and analyzing syslog.
• Implemented failover (Active-standby and Active-Active) on Palo Alto Firewall.
• Configured IPsec tunnels by using Palo Alto to enable secure transport and cloud based/site-site VPN to AWS.
• Security infrastructure engineering experience as well as a Juniper firewalls, Bluecoat Proxies, Juniper Intrusion Prevention devices, and wireless switch security management.
• Managed VPN, IP Sec, Endpoint-Security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, and DLP using Checkpoint Firewalls.
• Good Hands on SDM / Smart Dashboard / Smart view Tracker tools to work with Check Point Firewalls for GAIA, SPLAT, and IP series appliances, IPSEC VPN Tunnels and can build/deploy security appliances with Check Point R77.
• Configured various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, and Digital Certificates) on F5 BIGIP LTM/GTM.
• Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTM and Configured HA on F5 BIGIP.
• Implemented traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Open Shortest Path First (OSPF).
• Involved in designing and implementing the services for the enterprise class data center networks with leading technologies such as virtual port channel (VPC), virtual extensible LANs.
• Installed 3502 Wireless Access Points WAPs at various locations in the company.
• Configured HSRP and VLAN trunking 802.1Q, VLAN routing on catalyst 6500 switches.
• Study single point failures & design WAN structure in such a way that there are no failures in network in case of any device or link failure
• Worked on arista 7010-T and switches.
• Monitor the RSSI of the Aruba/cisco Access points and manage the Wireless control system.

Confidential, Chicago IL

jr. Network Engineer

Responsibilities:

• Regular upgrade and maintenance of Infrastructure, Installing, configuring of Cisco Switches (3500, 7600, 6500 series) Cisco Routers (4800, 3800, ), Juniper Routers and Firewalls, Nexus 7k,5k f5 BIG IP, Checkpoint Firewall, Juniper, Cisco firewall Bluecoat Proxy appliances.
• Experience in migrating Cisco ASA to Checkpoint Firewall.
• Manage complex MPLS migration involving data and VoIP services in multiple locations.
• Worked extensively in Configuring, Monitoring and Troubleshooting routing/NAT with the firewalls as per the design.
• Involved in Configuration of Access lists (ACL) on Juniper and Cisco firewall for the proper network routing for the B2Bnetwork connectivity.
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance.
• Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection and Application Security Module (ASM) technology.
• Configuring various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Handle customer escalations related to Internet connectivity issues, VPN issues (OSPF sync issues).
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
• Actively involved in Switching technology Administration includingcreating and managingVLANS, Port security- 802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches.
• Testedvariousnetworks, whichworks on the protocols like of TCP/IP (IP, TCP, SNMP, DNS, DHCP, FTP, HTTP, HTTPS, ICMP, SMTP, ARP, IPSEC,and NAT).
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000.
• Implementing QOS on PE and CE and upgrading bandwidth as per client requirement.

Confidential

Network Engineer

Responsibilities:

• Involved in the configuration & troubleshooting of routing protocols: BGP, OSPF, and EIGRP. Configured IP access filter policies and Network Analysis Tools.
• Configuring and implementing F5 BIG-IP,LTM/GTM load balancers to maintain global and local traffic
• Responsible for Configuring SITE TO SITE VPN on Cisco Routers between Head Quarters and Branch locations
• Configured and troubleshoot Juniper Ex 4500 and series switches and Juniper ACX series routers.
• Configuring/Troubleshoot issues with the following types of routers Cisco (1700, 2600 and 3500 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /WAN.
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, INTER-VLAN routing, LAN security.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation
• Daily responsibilities included monitoring remote site using network management tools, assisted in design guidance for infrastructure upgrade & help LAN administrator with backbone connection and connectivity issues
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
• Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast
• Worked with Aruba Access point as a Public Wi-Fi and successfully implemented Wireless Access Point (WAP).