SUMMARY

• Cisco certified network Professional (CCNP) 7+ Years of experience in IT industry with managing, Migration, Installation, Administration, Planning, Implementation and Designing of various Network Infrastructure, remote support requirements and IT security.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall. NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, UTM.
• 3D Analysis, GAiA, Checkpoint VPN - 1/ Firewall-1, Standalone & Distributed setup, Security management, Log server, secure plat from (SPLAT), License management. Provider-1 and VSX gateways with cluster and Virtual firewalls models Smart-1, Power-1.
• Worked on IPSO 2.0, IPSO 4.0, IPSO 5.0
• Deployed Check Point Provider-1 NGX and configured CMAs.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Migrated and implemented new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X. performed security operations on ASA firewalls and experience with Cisco PIX & ASA devices.
• Worked on Juniper Netscreen Firewalls like NS50,SSG 550M, SSG520M, ISG 1000, ISG 200.
• Extensive working experience of VLANs, Spanning Tree Protocol, Ether Channels, HSRP and VRRP. Hands on experience in installing and configuring DNS and DHCP server.
• Working experience on network topologies and configurations of TCP/IP, UDP, Frame Relay, Token Ring, ATM, bridges, routers, hubs and switches.
• Extensive working experience of designing, Implementing and Troubleshooting Cisco Routers (800, 2800, 2600, 3800, 7600) using routing protocols like RIP, OSPF, IGRP, EIGRP and BGP.
• Designing, Implementing and Troubleshooting Cisco 3850, 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches.
• Designed and deployed highly available LAN/WAN infrastructure.
• Experience building network infrastructure for Data Centers.
• Performed deep packet analysis to troubleshoot application issues using tools like Wire-shark.
• Security experience in deploying VPN Solutions like IP Sec (site-site and client-site) & SSL VPN implemented across multiple vendors.
• Experience in implementing and troubleshooting layer 2 technologies such as VLAN Trunks, VTP, and Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy.
• Extensive working experience of VLANs, Ether Channels and Spanning tree Protocol, HSRP and VRRP.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating, autantication controls (Radius, TACAACS+).
• Worked on F5 Local Traffic managers (LTM), Global traffic manager (GTM) of series 8900, 6400, 6800, 3400, 5100, 3600 and 3DNS migration to GTM.
• Expertise in IP subnetting and worked on various designing and allocation various classes of IP address to the domain.
• Hands on experience on NAT (Network address translation) configurations and it’s analysis on troubleshooting issues related access lists (ACL).
• Good knowledge about spoofing attacks and mitigating them using DHCP snooping, IP source guard.
• Excellent problem solving, troubleshooting skills, TEMPeffective analyzing skills, capable of quick learning and delivering solutions as an individual and also as a part of team.
• Self- motivated, TEMPeffective inter-personal skills, adaptive to any environment, ca handle multiple demands and competing periods.

TECHNICAL SKILLS

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600

Routing: OSPF, EIGRP, BGP, RIP v1/v2, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960

Switching: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ethernet channels, Transparent Bridging.

Network Security: Cisco ASA 5540,Palo Alto, Checkpoint Running R77.10/R77.20, Juniper SRX, Net screen

Load Balancer: F5 Networks (Big-IP) LTM 8900 and 6400, Citrix Net scalar

LAN Technologies: HSRP, VLAN, STP, VTP, Ether Channel, Trunks, Fast Ethernet, Gigabit Ethernet

WAN Technologies: Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, Metro Ethernet.

Gateway Redundancy: HSRP and GLBP

Various Features & Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP, FTP.

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Programming Languages: Pearl, HTML

Technologies: Windows Server, Linux, Ubuntu, Virtualization, VMware, Nessus, Nexpose / Metasploit/Qualys, Mobile Applications, Web Applications, OWASP Enterprise Security API, HP Fortify, IBM AppScan

Network Management: Wireshark, SNMP, Solarwinds, HP OpenView.

Firewalls: Check Point Nokia Firewalls IP350, IP550 & IP750, Juniper Netscreen, Firewalls ISG 1000/2000, Cisco PIX 505/515E/525 & ASA 5500 Series, Checkpoint Firewall NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, UTM.

PROFESSIONAL EXPERIENCE

Confidential, Trevose, PA

Sr. Network Security Engineer

Responsibilities:

• Design, Build, and Implement various solutions on Check Point Firewalls, Blue Coat Proxies, F5 Load balancers and F5 Global Traffic Managers.
• To ensure that the day-to-day Security Operations runs smooth. Change management and 3rd level Incident management being the primary responsibility, participate directly as well as take escalations from the team members as and when required.
• Worked on various platforms of Checkpoint like - Nokia, Checkpoint (SPLAT).
• Worked on Nokia IP 260, 295, 390, 56x, 69x, 128x, 245x flash & disk based appliances.
• Fully versed in the syntax of security platforms, and day to day rule verification
• Continuous monitoring of CPU utilization, link utilization, connection table utilization.
• Experience in different VPN platforms, IPsec, SSL & Web VPN. Mobile VPNs solutions from Cisco and Checkpoint.
• Change Management: Need to make sure that all the change designs and Implementations are completed and tested as per the schedule required by the customers.
• Migrated to R70.1 in various Checkpoint IP series appliances from R65, R62, R60 and building the new Smart Center server.
• Rule base verification and migration.
• Configuring the gateways in a HA cluster and clusterXL using a single virtual IP address.
• Monitoring the HA state constantly using the smart dashboard and cphaprob state command.
• Worked on checkpoint UTM1, VPN1 and activating blade licenses to be used as Intrusion prevention and antivirus appliance.
• Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement.
• Implementation and configuration of ASA 5520 in failover with site site-to-site VPN and RA VPN; IPS.
• Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Net screen devices for easier management and common configurations.
• Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series.
• Configuring & managing around 500+ Network & Security Devices that includes Juniper (Net Screen) Firewalls, F5 BigIP Load balancers and 3DNS, Blue Coat Proxies and Plug Proxies.
• Clean up all legacy devices and insure all systems in the environment has been cleaned up.
• Measure the application performances across the MPLS cloud through various routing and switching methods.
• Implementation of HSRP, DHCP, DNS, FTP, TFTP, MRTG.
• Designed, developed, maintained and supported wired and wireless networks.
• Configured L3 protocols (IP, BGP, OSPF, EIGRP, IGRP, RIP, ISIS), redistribution, summarization, Filtration (using distribute list, route map, prefix list, access list).
• Training the new team members with product technologies and Infrastructure setups. Also to make them aware of all the processes that needs to be followed while doing the technical work.
• Periodically or as and when required, revisit the process and improve it, covering any existing gaps and making it more robust as well as practical.

Confidential, Mount laurel, NJ

Sr. Network Security Engineer

Responsibilities:

• Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment.
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place.
• Configuring & managing around 500+ Network & Security Devices that includes Juniper (NetScreen) Firewalls, F5 BigIP Load balancers and 3DNS, Blue Coat Proxies and Plug Proxies.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.
• Involved in the troubleshooting aspects of complex network infrastructure using the routing protocols like RIP, EIGRP, OSPF and BGP.
• Configured and deploying Cisco catalyst 6506, 4948E, 4510 switches and Cisco 3660, 3845, and 7609 series Routers.
• Configured and managed VLANs, 802.1Q Trunk, RPVST+, Inter-VLAN routing, HSRP and LAN security for Layer-2 and Layer-3 switching domains as per the organization's requirement plan.
• Applied ACLs for Internet access to the servers using Cisco 5520 ASA firewall, performed NAT.
• To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.
• Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q,VPC.
• Worked with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL.
• Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900.
• Involved in the configuration and maintenance of IPsec Site-Site VPN.
• Implementation of Palo Alto firewalls ( URL Filtering, IPS, DPI, VPN)
• Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting tools Orion and Algosec.
• Worked on checkpoint UTM1, VPN1 and activating blade licenses to be used as appliance.
• Implemented the numerous firewalls rules on the Checkpoint with both Hide Nat and Static NAT.
• Migrated the Cisco ASA firewalls from version 8.2 to 8.6.
• Configured, monitored and troubleshoot Cisco's ASA 5500/PIX 515 security appliances, failover DMZ Zoning.
• Analyzing situations assess risk and determine appropriate actions necessary to complete requests or support the infrastructure.
• Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management, and reporting tools Orion and Algosec.
• Performed PCI/SOX audits on firewall rule bases with compliance team.
• Experienced with open source network attack tools, network probe and mapping tools, network protocols, automated vulnerability scanners, and network traffic routing.
• Provide 24/7 support and documenting network Security designs and Microsoft Visio diagrams.

Confidential, Washington DC

Network Engineer

Responsibilities:

• Involved in the design and implementation along with assisting in the overall design and performance of network models which include OSPF route engineering to ensure network stability.
• Configuration and Administration of Cisco and Juniper Routers and Switches.
• Configuring RIP, OSPF, EIGRP BGP, MPLS, QOS, ATM and Frame Relay.
• Administration and diagnostics of LAN and WAN with in-depth knowledge of TCP/IP, NAT, PPP, ISDN and associates network protocols and services.
• Configuring VLANs and implementing inter VLAN routing.
• Upgrading and troubleshooting Cisco IOS to the Cisco Switches and routers.
• Configure and troubleshoot Juniper EX series switches and routers.
• Configuring Site to Site VPN connectivity.
• Configuring and troubleshooting Dell, HP, servers in Data Center.
• Implementation of HSRP, IPSec, Static Route, IPSEC over GRE, Dynamic routing, DHCP,DNS,FTP.TFTP,RAS
• Involved in configuring Cisco Net flow for network performance and monitoring.
• Involved in configuration of Cisco 6500 switches.
• Configuring IPSLA monitor to track the different IP route when disaster occurs.
• Involved in Implementing, planning and preparing disaster recovery.
• Involved in configuring Juniper SSG-140, Cisco pix firewall, checkpoint firewall.
• Involved smart view tracker to check the firewall traffic Troubleshooting hardware and network related problems.
• Configuration and Installation of Cisco firewalls Pix and ASA (PIX 510, 515E, 525 and ASA 5520, 5540).
• Configuration and Installation of Firewall Service Module in 6500 switches.
• Implement firewall policy changes after the appropriate review and approval process TEMPhas been completed.
• Create end-user VPN account with appropriate access after appropriate approval TEMPhas been issued.
• Monitor traffic and access logs in order to troubleshoot network access issues.
• Upgrade firewalls in accordance with change management procedures.
• Gather information for specific technologies as to function and deployment configurations.
• Write technical documents describing implemented technologies and architecture.
• Create suggested solutions for technical problems or Make all changes in accordance with change management procedures.
• Experience with Solsoft Policy Server for shared services.
• Customer call log update through Remedy Software.
• VPN Configuration between Site-to-Site and Site-to-Remote.
• Experience with BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS).

Confidential, Columbus, OH

Network Operations Engineer

Responsibilities:

• Maintaining mission-critical networks and ensuring the IT operations of the customers to be uninterrupted.
• Responsible for day to day Operation management of Cisco Devices, traffic management and monitoring.
• Helpdesk Management with the halp of call management system, to ensure the support being provided by the support engineers meets the end-user needs.
• Interaction with vendors and service providers ensuring that hardware or software problems were deal with efficiently and TEMPeffectively, with a minimal downtime.
• Monitoring, testing and verifying for any backdoors or loopholes in the running mission.
• Migrated Firewall infrastructure from Check Point R65 to Netscreen ISG2000.
• Implement the firewall rules using Netscreen manager (NSM).
• Manage the Netscreen SSG550 and ISG1000 and 2000 firewalls with the NSM.
• Design the firewalls changes using various NAT types in Netscreen firewalls like, MIP, VIP.
• Setup the IPsec VPNs with the third party clients to allow the access to data feeds in the corporate network.
• MPLS Circuits implementation between the different sites.
• Implemented VLAN’s with Spanning tree and HSRP for redundant paths.
• Installed and configured Cisco ASA firewalls.
• Planned and implemented various security projects including (Intrusion Detection Systems deployment, network monitoring, and network architecture).
• Implement Cisco Secure Access Control Server (ACS) for TACACS+.
• Implementation of F5 Load balancers.
• Configured IPsec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800 Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations.
• Deploying VPNs (hands-on) to provide remote users with network access connect geographically separated branches into a unified network & enable the remote use of applications that rely on internal servers.
• Worked on Checkpoint Firewall policy provisioning.
• Involved in Firewall Administration, Rule Analysis, and Rule Modification.
• Troubleshoot traffic passing managed firewalls via logs and packet captures.
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Layer 2 switching technology architecture, implementation and operations including L2 and L3 switching and related functionality. This includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.
• Worked with Checkpoint FW1 NG, PIX, and Netscreen firewalls.
• Reproduced customer problems in the lab, “Root Cause” analysis of problems & verification of the solutions in that lab Performed packet level analysis tools to quickly solve and correct network problems.
• Monitoring Network infrastructure using SNMP tools like HP OpenView. Network Packet Analyzer tools using Etheiral Air magnet for wireless network.

Confidential

Network Security

Responsibilities:

• Checkpoint Firewall configuration and Maintenance Support of state network firewalls and end-user Virtual Private Network (VPN).
• Evaluate Agency requests for changes to firewall policy to determine technical feasibility and to determine where to deploy the policies in the state's firewall infrastructure.
• Configuration and Installation of Cisco firewalls PIX 501 and ASA 5520.
• Configuration and Installation of Cisco Routers 3845.
• Configuration and Installation of Cisco Switches 3560G and 2960G.
• VLANS, STP configuration in Cisco 2960G.
• HSRP Configuration implemented in Cisco 3560G.
• MPLS configuration in Cisco 3845 for L3 Circuits.
• Creating end-user VPN account with appropriate access after appropriate approval TEMPhas been issued.
• Monitor traffic and access logs in order to troubleshoot network access issues.
• Cisco IOS Architecture for Cisco 3845 router, Cisco 3560 and ASA 5520.
• Gather information for specific technologies as to function and deployment configurations.
• Write technical documents describing implemented technologies and architecture.
• Provides consultation to business area management and staff at the highest technical level for all aspects of LAN/WAN design and configuration in multi-server environment.
• Experienced in DLP system which is designed to detect potential data breach and prevent them by monitoring, detecting and blocking sensitive data while in endpoints, data storage.
• VPN Configuration between Site-to-Site and Site-to-Remote.
• Implemented firewall policy changes after the appropriate review and approval process TEMPhas been completed.
• Monitoring Network infrastructure using Cisco Network Assistant.

Confidential

Network Technician

Responsibilities:

• Included configuration and installation of software and hardware.
• Involved in troubleshooting software, hardware and network problems.
• Responsible for performing administration on BGP & OSPF routing protocols.
• Configured route redistribution between EIGRP and OSPF.
• Involved in Network Designing, Routing, DNS, IP Sub netting, and TCP/IP protocol.
• Performed Route Filtering and Route Manipulation by applying distribute-lists, route-maps and offset lists.
• Provided Layer-3 redundancy by implementing HSRP in the network.
• Hands-on experience in implementation and troubleshooting of RIP, OSPF, IPV4 and Ethernet Protocols.
• Managed various VLANs, IP addressing for various subnets, VLAN Trunking between various ASW.
• Worked on security issues, VPN, IPsec.
• Configured Standard and Extended Access Control Lists (ACLs) and Firewalls.
• Configured site to site and remote user access VPN Connections.
• Configured IPsec VPN tunneling for client machines to access organization’s network.
• Pro-active Monitoring and Alerting of client’s network for any alarms.
• Testing and validating new solutions in lab before deploying them to customers.
• Design and Implement LAN setup (Layer 2/Layer3).
• Configuring and Troubleshooting RIP, EIGRP.
• Redistributing from OSPF to RIP and vice versa by implementing hub and spoke topology with a Frame Relay Switch in between.
• Troubleshoot TCP/IP problems; troubleshoot connectivity issues in multi protocol Ethernet, Environment.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution.
• Overlapping Address Translation.
• Physical cabling, IP addressing, Wide Area Network (WAN) configurations (Frame-relay).