SUMMARY

• Over 7+ years of experience in teh design, implementation and support of LAN/WAN networks
• Experience in routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Planning, Designing &implementing various solutions in distributed environment using Checkpoint, Cisco PIX & ASA, and Cisco Routers.
• Working experience of firewalls Cisco PIX and Cisco ASA Appliance.
• Advanced knowledge in design, installation, configuration, maintenance and administration of CheckPoint Firewall R55 up to R77.20 version, VPN.
• Advanced knowledge in Design, Installation and configuration of CheckPoint Provider - 1 Environment.
• Implemented Checkpoint Clusters with Nokia IPSO and GAIA OS using VRRP,CLUSTERXL.
• Experience in Implementing Cisco Secure Access Control Server (ACS 3.0 & 4.0) for TACACS+/ RADIUS
• Experience in implementing and designing new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X
• Experience in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols
• Advanced knowledge in configuration and installation of IOS security features and IPS.
• Experience in configuring and implementing F5 Load balancing, proxy servers and Authorization, Authentication &Accounting (Radius, TACACS+).
• Working experience on upgrading Hotfixes on F5 LTM and GTM boxes from TMOS version 10.x to 11.x
• ConfiguredF5 LTM, GTM series like 6400, 6800, 8800 for teh corporate applications and their availability
• Dealt with creating virtual servers, pools, nodes and applying iRules for teh virtual servers like cookie persistency and redirection of URL and F5 ASM cookies issues and configures ASM policies
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring RIP, OSPF and Static routing on JuniperM and MX series Routers.
• Working knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls.
• Worked on teh JunOS 11.x and 12.x versions.
• Advanced knowledge in design, installation and configuration of Juniper Netscreen Firewall ISG 1000/2000, SSG series and NSM Administration.
• Expert in implementing TCP/IP addressing scheme, LAN/WAN Protocols and IP Services to meet network requirements in Enterprise and Data Center Network.
• Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
• Experience in physical cabling, IP addressing and subnetting with VLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP and Ping Concepts.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, & 2800 and switches 6500, 4500, 3750, 2900 and 3500XL series.
• Expert in Configuring, implementing and troubleshooting teh Routing Protocols OSPF, EIGRP, RIP, BGP and switched L2 networks VLANs, Trunking, VTP, STP, PVST, RSTP, HSRP, VRRP, and Port Security.
• Migrated and implemented new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X
• Experience in deploying and maintain Cisco PIX and ASA firewalls
• Experience with convert Checkpoint VPN rules over to teh Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience
• Excellent experience in Design, Configuration, Troubleshooting and Support of Security environment with VPN, Firewalls, NAT, Proxy, IPSec, DMZ Solution, IPSEC, Public Key Interchange (PKI) & SSL.
• Spanning-Tree Protocol and VTP tuning, design and upgrades for large and small customers.
• Upgrading teh Firewall Versions to teh Latest versions / IOS & applying Hot-fixes.
• Patching teh firewalls to prevent from teh upcoming security threats.
• Good knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender.
• Managing and monitoring Access lists and Monitoring firewall.
• Knowledge of Secure Platform (SPLAT), Raid and SNMP
• Network Monitoring and management tools like Solar winds, Cisco Network Assistant, HP open view and Nagios.
• High level skill on developing IT strategies, policies and procedures consistent as per businesses requirements.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
• Experience in Change Management Process, Communication, Escalations. Working with Problem Management team on trouble tickets escalated from Incident Management.
• Knowledge of design, installation, configuration, maintenance and administration of Palo Alto Networks Firewalls.
• Responsible for setting up teh infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment

TECHNICAL SKILLS

Protocols: RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, 802.11/802.11 e, WEP, POP3 LADP,TNS.

LAN Technologies: Workgroup, Domain, HSRP, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Technologies: Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, SONET, Metro Ethernet.

Network Products: CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Router 3600, 3800, 7200, 12010. CISCO Switches 1900, 2950, 2960. CISCO Campus Switches 3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507.

Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, Fortigate, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, Palo Alto,Juniper,Fortinet, RSA SecureID, SRX,SSG series firewalls.

Authentication: RADIUS, TACACS+, Digital certificates

Monitoring Tools: Wireshark, Nmap, Nessus, OpManager, PRTG Packet Sniffer

Servers: Domain servers, DNS servers, WINS servers, Mail servers, Proxy Servers, Print Servers, Application servers, FTP servers, Avocent Console server.

Operating Systems: Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 server, Windows XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX,junos.

PROFESSIONAL EXPERIENCE

Confidential, NY

Sr. Network Security Engineer

Responsibilities:

• Design and implement campus switch network with Cisco Layer 3 switches (3750, 4500, 6500 & Nexus 7000, 5000, 2000 series) in multi VLANs environment and inter-VLAN routing.
• Design, Build, and Implement various solutions on Check Point Firewalls, Cisco ASA
• Design, Implement & troubleshooting of Juniper switches, routers and Firewalls
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls
• Worked with Checkpoint FW1 NG and Netscreen firewalls.
• Upgrade checkpoint from old platforms to new platforms R62 to R75.45
• Worked on various platforms of Checkpoint, Palo Alto.
• Fully versed in teh syntax of security platforms, and day to day rule verification
• Continuous monitoring of CPU utilization, link utilization, connection table utilization.
• Experience in handling Panoramafirewallmanagement tool to administerPalofirewalls.
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Experience in upgrading teh load balancers from Radware to F5 BigIPv9 load balancer to improved functionality, reliability and scalability in teh system.
• Worked on updating pools, members and nodes using teh GUI interface for teh local traffic managers
• Deployed F5 LTM load balancer and experience in virtual server configuration, high availability, load balancing, irules, iApps, and SSL profiles
• Implementing F5 BIG-IP application delivery controllers for load balancing using virtual servers.
• Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation.
• Technical engineering activities include, but are not limited to, teh design, installation, configuration of various LAN/WAN devices such as routers,ASA firewalls, and security devices.
• Worked on ASA 5500-x platform configuring teh web, ssl, anyconnect VPN’s.
• Configuring failover and working on ssl-vpn when in active/standby failover on ASA.
• Worked on teh Cisco devices 6509, 6513, 7200, 2811, 5500 and worked on all linecards and port configuration for teh VLAN
• Push teh firewall rules on various versions of Nokia boxes and cross beam from Provider -1 NGX CMAs.
• Responsible for managing teh TFTP logs for teh VPN and firewall services and troubleshoot teh VPN tunnel issues like SA, RSA, ISAKMP encryption and cleared/refresh VPN tunnel issues.
• Commissioning & de-commissioning with Cisco 7500, 7200, 6500 with SUP 720 module, 3550, 2950 switches for teh Data Center migration & operations.
• Performed switching technology administration including VLANs, inter-VLAN routing,Trunking, STP, RSTP, port aggregation & link negotiation.
• Configuration of Access List ACL (Std, Ext, Named) to allow users all over teh company to access different applications and blocking others.
• Working on Cisco 6509 and 4507 series switches for LAN requirements that includemanaging VLANs, Port Security and troubleshooting LAN issues.
• Worked on Nexus 7009. Creating Vlans and Vlan Interfaces.
• Created access-lists and access-groups for Vlan Interfaces on nexus 7009.
• Configuration of VPC, VDC, inter-VLAN Routing, AAA Security on Nexus 7000.
• Work on day to day administration tasks and resolve tickets using Service Now
• Good understanding of Designing network diagram solutions for clients using VISIO and PowerPoint.
• Used Cisco-Works for teh tracing of IP address, mac-addresss, ports,servers attached to teh various switches.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Successfully installed Palo Alto PA 3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls

Confidential, CANONSBURG, PA

Network Security Engineer

Responsibilities:

• Worked with Checkpoint FW1 NG, ASA, and Netscreen firewalls.
• Configuration and Installation of Firewall Service Module in 6500 switches.
• Managing and implementation of PORs (port open requests) based on teh requirements of various departments and business lines.
• Work with SDC security team to resolve technical problems.
• Worked on Solsoft Policy Server for shared services to push teh rules.
• Handled deployment and management Checkpoint GAIA, R75, R71, R65 and Cisco ASA 5500 series.
• Designing, installing and configuring Checkpoint firewalls - NGX R65 in active/active mode.
• Installing and configuring TACACS/RADIUS
• Creating IPSEC, GRE tunnels, Frame-relay in Cisco routers.
• Installing & configuring firewalls - Checkpoint NG & NGX, Cisco ASA, Netscreen, ISA, and iptables.
• Rule base verification and migration on Checkpoint firewalls.
• Implement teh firewall rules using Netscreen manager (NSM).
• Worked on ASA routed mode and transparent mode
• Worked on F5 LTM 3600 series and 4200 series as part of migration process.
• Configured and monitored different monitor modules F5 BIG-IP LTM.
• Configured Profiles, Persistence, SSL termination and FTP in F5 BIG-IP LTM.
• Load balancing teh traffic using F5 BIG-IP LTM.
• Worked on Configuration and troubleshooting of VLANs, STP, VTP, UDLD, Trunking, DNS, DHCP,Ether Channels, Access Lists, NAT, PAT, MPLS and static routing.
• Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, iRules, and SNATs on teh F5 Big IPs using teh Web GUI and CLI.
• Configuring and troubleshooting Access-lists, Service Policies, and NAT rules.
• Measure teh application performances across teh MPLS cloud through various routing and switching methods.
• Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
• Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign certificates. Also, renewing certificates to ensure teh security of websites.
• Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
• Engaged in various migration projects like migrating V 10.x load balancers to V 11.x.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree creating Access/distribution and core layer switching architecture.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routersand Support Cisco Nexus (7000, 5000, 2000 series) Switches.
• Commissioning & de-commissioning with Cisco 7500, 7200, 6500switches for teh Data Centre migration & operations.
• Wrote and maintained corporate virus, firewall, and security policies for multi-site company network connected via VPN running Checkpoint firewall 1 NG.
• Creating Network uptime report and sending to teh management as per weekly schedule.

Confidential, NYC, NY

Network Security Engineer

Responsibilities:

• Migrated Firewall infrastructure from Check Point R65 to Netscreen ISG2000.
• Configured Policies In Juniper Netscreen 500/SRX 650 to allow customer traffic
• Configured and implemented MPLS, MP-BGP and Multicasting networks.
• Configured Routing protocols EIGRP, static routes and LAN Protocols VLANs, VTP, STP, VRRP, HSRP.
• Configuring and troubleshooting Juniper Netscreen Firewalls using NSM.
• Lab Implementation of multiple security contexts in ASA firewalls and Checkpoints configures redundancy (Active-Active failover and active-standby failover) among them.
• Configuring IPSEC VPN on SRX series firewalls.Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210.
• Configured STP for switching loop prevention, and VLANs for data and voice along with configuring port security for users connecting to teh switches.
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card(module) for teh Nexus 5000
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place.
• Managed PIX/ASA andFWSM3.X using both Cisco Adaptive Security Device Manager (ASDM), Cisco Security Manager (CSM) and CLI.
• Network Operations and support by providing Tier-2 and Tier-3 support to WAN and LAN related issues including HSRP, VLANs, VTP, STP, RSTP, TRUNKING, SPAN and RSPAN, EIGRP, RIP, OSPF, BGP.
• Configure and support NATs, access-lists, and routing on Cisco routers (1700, 2600, 2800, 7200 series), Cisco Nexus (7000, 5000, 2000 series) Switches, Cisco Catalyst (2960, 3560, 3750 and 6500 series) Switches, Cisco ASA/PIX firewalls.
• Setup, configuration, troubleshooting and testing of IPSEC site-to-site VPNs and SSL VPN on Cisco ASAs, and Checkpoint
• Stacked, configured 2960 series switches and connected with Nexus 7000 series switches creating Vpc, spanning tree, Trunk and redundancy for failover.
• Design, configured and implemented centralized Syslog server on both production and corporate network and enable SNMP traps for monitoring traffic and check teh health of servers and network devices.
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF. Implemented stub/Totally stub areas as per requirements.
• Configured Access lists on teh boundaries of teh network either inbound or outbound and providing network support consisting of VPN and point-to point site.
• Responsible for service request tickets generated by teh helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches, fixes and all around technical support.
• Performed Structured Cabling, Dressing and Labeling.
• Develop, plan and maintain documentation necessary for operation in support of LAN to WAN connectivity.

Confidential, Brooklyn, NY

Network Engineer

Responsibilities:

• Filtration (using distribute list, route map, prefix list, access list).
• Implementation of HSRP, DHCP, DNS, FTP, TFTP, MRTG
• Trouble shooting LAN issues, and performing changes on Switches, Routers and Netscreen firewalls.
• Manage teh Netscreen SSG550 and ISG1000 and 2000 firewalls with teh NSM.
• Design teh firewalls changes using various NAT types in Netscreen firewalls like, MIP, VIP etc.
• Setup teh IPSec VPNs with teh third party clients to allow teh teh access to data feeds in teh network.
• Debug teh IPSec VPN tunnel issues and identify teh potential problem and fix them.
• Configured L3 protocols (IP, BGP, OSPF, EIGRP, IGRP, RIP, ISIS), redistribution, summarization
• Co-Ordinate with teh vendors/carriers for any WAN related issues.
• Monitoring and keeping track of teh Network traffic analysis through teh routers using MRTG.
• Traffic prioritization and shaping done with BGP attributes (Local preference and MED).
• Implemented HSRP between Core switches and backbone router.
• Monitoring and keeping track of teh Network traffic analysis through teh routers using MRTG.
• Maintained good Customer Relation Skills & Troubleshooting skills in a production based environment.
• Involved in group & individual presentations to corporate clients about teh company’s internet based products like leased lines and modular routers.
• Documenting and Log analyzing teh Cisco ASA 5500 series firewall
• Provided testing for network connectivity before and after install/upgrade
• Switching related tasks included implementing VLANS and configuring trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external.
• Understand teh network architecture thoroughly and suggest teh possible design changes in teh network.
• Implement teh critical changes over teh weekend to mitigate teh high risk.
• Participate in teh peer review calls to review teh changes of teh other engineers.
• Worked primarily as a part of teh security team and daily tasks included firewall rule analysis, rule modification and administration.
• Dealt with applying crypto maps and security keys for teh branches, ISAKMP(Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys to branches in internet cloud environment.
• Using CA(Certificate authority server) developed RSA keys for secured communication with encryption algorithm (DES) and authentication method (RSA)
• Configuring F5 load balancers to provide various load balancing solutions for various web and applications and Apps.
• Configuring Netscreen 204 providing additional security to teh inside interface of Cisco ASA for teh Transport database servers.
• Configuring a one-to-one Static NAT for F5 load balancer in ASA.
• Opening specific ports for LDAP and database access.

Confidential

Network Engineer

Responsibilities:

• Installation and configuration of Cisco Routers (7513, 7200, 3600.3400, 2600, 1700, 800).
• Installation and configuration of Cisco Switches (6500, 4500, 3700, 3500, 2900).
• Creating VLANS and Inter-VLAN routing with Multi Layer Switching (MLS).
• Installation and configuration of Pix firewall (515 E, 525 Series).
• Configured of Site-to-Site and Site-to-Remote (Using Cisco routers to Cisco routers, Pix Firewall to Pix Firewall, Cisco router to Pix firewall, Pix firewall to Wild card client and Cisco router to Wild card client.
• Cisco IOS and Cat OS up gradation and backups TFTP and FTP protocols.
• Designed and Implemented Enterprise Networks for various clients.
• Monitoring Network infrastructure using SNMP tool Solar winds.
• Network Packet Analyzer tools using Ethereal.
• Window systems configuration and maintenance.
• Systems protection with Anti-virus software’s and Personal Firewalls (McAfee, Norton, TrendMicro, Sygate, etc.,).
• Preparing teh technical documentation (Equipment Selection, design, configurations and production check-outs) using Microsoft VISIO/Microsoft Office.
• Implementing and change management whenever necessary as per teh company policies.
• Co-coordinating with vendors in ordering new products.
• Leading teh team of 6 tech support engineers on job.

Confidential

Network Associate

Responsibilities:

• Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
• Worked on HSRP for hop redundancy and load balancing.
• Configured teh Cisco router as IP Firewall and for NATing Configured RSTP, MST and used VTP with 802.1q trunk encapsulation.
• Provided port binding, port security and router redundancy through HSRP.
• Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of teh configurations on switches and routers.
• Provided testing for network connectivity before and after install/upgrade
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
• Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external.