PROFESSIONAL SUMMARY:

• IT professional with around 8+ Years of extensive hands on experience in Networking Security and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices
• Working experience on Palo Alto and Checkpoint Next Generation firewall
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next - Generation Firewalls R65, R70 & GAIA R77.30, NetScreen Firewall, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA
• Worked on different firewall & security appliance such as, Checkpoint 4400,4600,4800, 21700,Palo-Alto 200,500,3020,3060, 5020,5060, Panorama M-100, Cisco ASA 5505, 5510,5512-X, 5500-X Firepower Service,5585-X, Cisco WSA S370, S680, Cisco SourceFire, FireEye, Radware DefensePro IPS, Radware Appwall (WAF)
• Experience on working with different migrations environment such as, Staging, Sandbox, Development, Production(Go live)
• Managing and implementing remote firewall for State agencies using NSM, SPACE, Smart Dashboard and CSM.
• Experience in Network Intrusion Detection System, Checkpoint firewalls and appliances, Vulnerability Assessment Software, and Computer Misuse detection systems.
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS module, security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols
• Maintaining Corporate Firewalls by analysis of firewall logs and implementation of security firewall policies for the migration of Datacenter
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Knowledge of Intrusion Detection and Prevention System, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers, Cyber Security, Amazon Web Service (AWS), and Bluecoat URL filtering & Packet Shaper systems.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Proficient with Cisco routing and switching products, UNIX, Linux such as Kali, shell scripting and routing protocols.
• Configuration and implementation of Cisco Firewall PIX/ASA
• Experience on PCI and ISO compliant security implementations on the firewalls and perimeter devices
• Configuration, implementation and maintenance of Cisco Catalyst Switches 3850, 3750-X and 2960X and working on VRF
• Advance Knowledge in Penetration testing tools such as Metasploit, Nessus, Qualys, Nmap, Zenmap, AppScan, SQL Map, Burp Suite, IBM Appscan
• Configured Check Point clusters with Nokia box and crossbeam.
• Checkpoint - R75/R70/R65 with product like Nokia IP 390, 560, 690, 1280, 2450, 61000 etc.; in Provider-1 environment
• Configured Cisco Routers and switches and dealt with the remote issues
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2003/2008/2012, TCP/IP, Active Directory, FTP,SNMP,SMTP,DNS,HTTP,HTTPS,DHCP, TFTP, LDAP, Linux OS under various LAN and WAN environments
• Experience in working with Nexus 7K, 5K and 2K series.
• In-depth knowledge of deploying and troubleshooting Cisco IOS LAN, WAN, QoS, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP & VTP
• Knowledge in Documenting and preparing the Process related Operational Manuals and worked on office 365
• Ensuring network availability, vendor management, fault management
• Strong ecommerce, general management, negotiation, inter-personal, communication and team building skills.

TECHNICAL SKILLS

Firewall: Checkpoint R65/R70/R75/R77.30 GAIA/Firewall-1, Palo Alto, Cisco ASA, FortiGate, Panorama, Wildfire, Radware WAF

Protocols: NAT, VTP, VLAN, TCP/IP, UDP, EIGRP, OSPF, RIP

Nexus: Nexus 7000/5000 /2148

ANSF5: BIG-IP LTM 6900/6400, APM

Switches: Cisco Catalyst VSS 1440 / 6807 / 4900 / 3850 / 3750-X / 2960X

Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Operating Systems: Linux, Windows XP/7/8, Windows Server 2003/2008/2012

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

PROFESSIONAL EXPERIENCE

Confidential, Plano, TX

Network Security Administrator

Responsibilities:

• Designs, tests and deploys IT security systems, solutions and ecommerce environment.
• Working on Service Now ticket management tool by providing support service to client by implementing and working on change request, Incident request and troubleshooting.
• Configuration of checkpoint firewall mainly VSX according to client topology and checkpoints features such as Application & URL filtering, IPS, Identity Awareness, IPS, DLP, VPN.
• Configuration of Palo Alto Next-Generation Firewall mainly VSYS according to client topology and working on Content-ID, User-ID, App-IP
• Experience on working on Cisco IPsec VPN, SSL VPN and netting
• Firewall technologies including general configuration, optimization, security policy, rules creation and modification of Check Point Next-Generation Firewalls GAIA R77.10, R77.20 & R77.30
• Experience on working with Juniper SRX & checkpoint next-generation firewall on various modules such as SMART View Tracker, SMART View Monitor, SMART Update, SMART Log, SMART Event.
• Experience in Qualys policy compliance in detecting internal and external threats and vulnerability
• Worked on Checkpoint Next-Generation Firewall DLP blade environment
• Experience in working with designing, installing and troubleshooting of Palo Alto firewalls
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN
• Create policies, alerts and configure using SIEM tools (Splunk, SolarWinds, HP ArcSight, Log Rhythm)
• Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
• Experience in Configuration, Management, Deployment, Optimization and Troubleshooting Checkpoint VSX
• Performed upgradation of checkpoint firewall from old platforms to new platforms R77.10 to R77.30
• Installed and managed network intrusion detection system (NIDS)
• Performed upgradation of Palo Alto firewall from old platforms to new platforms 6.1.5 to 6.1.10
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Worked on network packet analyzer tools such as, Wireshark, Microsoft Network Monitor, Snort, Tcpdump
• Experience with working on Palo Alto centralized management GUI PANORAMA
• Migration from Cisco to Palo Alto firewall & Cisco to Checkpoint firewall
• Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN
• Experience in working with Cisco 5500-X Firepower and Cisco SourceFire IPS & FireEye
• Experience on working with migration with both Checkpoint and Palo Alto Next-Generation
• Firewall as well as virtualization of firewall, both VSX and VSYS
• Worked on security tools and software’s like Cisco WSA, Qualys, Splunk, Symantec Endpoint Protection, Bit9, HP Network Node Management
• Upgrading Radware Appwall WAF (Web application firewall) and fixing hot fixes and patches.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto
• Worked on Bit9 Endpoint protection whitelisting tool for the security of Endpoint servers and implement daily report
• Creating security policies in CISCO NIDS to avoid and detect network intrusions.
• Experience on working in datacenter and on different devices console
• Maintain a thorough understanding of the basics behind the Internet and its workings (DNS, Security, IP Routing, HTTP, VPN)
• Configured Site to Site IPsec VPN tunnels and Split tunnel to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Routing and Switch protocols: BGP,OSFP, VLAN,VTP, STP, RIP, RSTP
• Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Represent the changes at the weekly change review and application migration meetings.

Confidential, Stamford, CT

Network Security Engineer

Responsibilities:

• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Smart Domain Manager (SDM) command line & GUI.
• Supports the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
• Experience with working on wireless site survey using Air-Magnet
• Upgrading checkpoint Web application firewall and fixing hot fixes and patches.
• Working on Cisco SourceFire and FireEye
• Installation of checkpoint Next-Generation firewall GAIA R76/77.30 in Open Server, UTM
• Configuration of checkpoint firewall mainly IPS (Intrusion Prevention System) module according to client topology and checkpoint MDS.
• Experience on Endpoint security SME with McAfee Endpoint
• Experience on working with Juniper SRX firewall
• Experience with working on Enterprise Desktop Administrator on Windows 7
• Worked on Imperva Secure Sphere Web application firewall
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance
• Monitoring the network to avoid intrusions and apply mitigation techniques using NIDS.
• Worked on Checkpoint Next-Generation Firewall URL Filtering, DLP, IPS blade environment
• Experience with working on Imperva web application firewall for granular correlation policies reduce false positives and Dynamic application profiling
• Working on implementation and configurations of wireless points and wireless process
• Cisco routing and switching technologies and devices LAN / WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, Cisco IOS administration
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
• Experience on working with the TRAPS which is the Advanced Endpoint protection and Palo Alto Migration tool 3.0
• Experience in working with Cisco ASA 5500-X Firepower Service
• Experience in working with Nexus 7010, 5020, 2148 devices.
• Worked on RSA authentication manager and Cisco NSA (Network Admission control) to authenticate users and devices to the network
• Experience in working with designing, installing and troubleshooting of Palo Alto firewalls
• Advance Knowledge on Lancope Stealth watch system for monitoring, analyzing and responding In-depth network activities
• Worked on Windows Management Interface (WMI)
• Experience with working on Amazon Web Service (AWS) environment for cloud computing
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Configuration and troubleshooting of Next-Generation Firewalls ASA 5520, ASA 5510, Nokia Check Point VPN­1 NGX R55/R65/R70
• Advance knowledge on design, implementation and maintenance of QoS for LAN and WAN networks
• Performed upgradation from old platforms to new platforms R65 to R77.30
• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Checkpoint firewall MDS.
• Worked on Migrating from ASA 5540 to ASA 5585
• Experience with working on Microsoft Active Directory
• Experience with Using GTM, APM & LTM F5 component to provide 24“7 access to applications
• Worked on PCI-DSS of DELL secure works and also on ISO 27001 compliance
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN
• Worked on implementation strategies for the expansion of the MPLS VPN networks
• Worked on Intrusion prevention system (IPS) SME with McAfee IPS
• Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
• Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature
• Advance knowledge in working with Cisco Firepower service with Next-Generation 5500-X firewall and Cisco SourceFire & FireEye
• Worked on Kali Linux and automated security tool such as Client Fortify, IBM Asppscan
• Experience with Cisco ASA firewall Cisco security Manager (CSM) and migration from Cisco to Palo Alto
• Experience with network based F5 Load balancers with software module ASM, APM & AFM
• Experience in working with Cisco Nexus 2148 Fabric Extender and Nexus 5000series to provide a flexible Access Solution for a datacenter access architecture
• Worked on network packet analyzer tools such as, Wireshark, Microsoft Network Monitor, Snort
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Configure Cisco switch ME 3800X and 3600X
• Knowledge on enterprise security standard such as OWASP
• Configuration of DNS, RADIUS and KERBEROS
• Experience in handling Infoblox tool for DHCP and DNS
• Worked on McAfee ESM (Enterprise Security Manager) & IPS appliance which handled both SIEM/Correlation and Log Management.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto
• Maintained and Configured Checkpoint VSX with firewall virtualization and checkpoint clusters
• Configuring rules and Maintaining Palo Alto Firewalls with IPS module & Analysis of firewall logs
• Advanced knowledge of Windows 7, Windows 10 and Office 365
• Worked on automating process for migration of security policy using Palo Alto Migration tool 3.0 and Symantec Endpoint Protection
• Experience on Cyber Security & Penetration Testing tools such as, Metasploit, SQL Map, Appscan, Burp Suite, Nmap, Nessus Vulnerability Scanner and familiar with shell scripting
• Worked on SIEM tools such as Splunk, SolarWinds, Log Rhythm, HP ArcSight
• Experience with Qualys Guard Vulnerability Management
• Experience in handling and installing FortiGate next generation firewall and FortiWeb Web Application firewall 400C, 1000D, 3000E
• Strong Knowledge on DNS Administration using BT Diamond and Aruba wireless LAN
• Worked on bluecoat proxy to optimize WAN Performance by analyze and scan malwares to protect the infrastructure and URL filtering
• Advance knowledge on Network segmentation and checkpoint Next-generation firewall GAIA R77.30 host migration as well as the QoS of the LAN network
• Worked on configuration of Cisco Catalyst Switch 3850
• Worked on bluecoat proxy to provide both client and server with web service encryption and decryption and digital signature authentication.
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.

Confidential, Roseville, MN

Network Security Consultant

Responsibilities:

• Planning and designing of corporate Firewalls architecture by implementing it in distributed environment.
• Maintaining Corporate Firewalls & Analysis of firewall logs
• Experience with working on some ecommerce technologies
• Experience on Check Point Next-Generation Firewalls R65, R70, R75.
• Worked on Juniper SRX & NSM central management software
• Worked on Checkpoint Next-Generation Firewall DLP blade environment
• Worked on Imperva web application security for Logging, Monitoring, Data leak prevention, network and platform security.
• Configuring Juniper SRX & NetScreen Firewall Policies between secure zones using NSM (Network Security Manager)
• Worked on SIEM tools such as Splunk, SolarWinds, HP ArcSight
• PCI and ISO compliant security implementations on the firewalls and perimeter devices
• Migration from Cisco to Palo Alto firewall
• Upgradation of Checkpoint MDS to support mobile access blade on Checkpoint Web application firewall
• Experience on McAfee Endpoint security & IPS
• Strong Knowledge under enterprise security standards such as SANS and web application security using Burp Suite
• Advance knowledge in working with Cisco Firepower service with Next-Generation 5500-X firewall and Cisco SourceFire & FireEye
• Advance knowledge of Amazon Web Services (AWS) with broad IT infrastructure services, Deep visibility into compliance and governance and Hybrid Cloud capabilities
• Strong knowledge under Imperva web application firewall for monitoring for In-depth analysis of attacks and SIEM tools such as Splunk, HP ArcSight for analysis and log monitoring
• Verifying & configuring the rule-sets on firewalls. (Firewall Change Request processing).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters
• Bluecoat proxy server’s setup, configuration, upgrade and Troubleshooting with optimization of WAN Application, SSL traffic, Web traffic, URL filtering & Content filtering.
• Experience with LTM & GTM F5 component to provide high availability with providing services across data centers.
• Experience using Nessus & Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking.
• Managing and implementation of remote firewalls for State agencies using NSM, SPACE, CSM and Smart Dashboard
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Build IT security infrastructure including Checkpoint, Juniper and Palo Alto firewalls
• Designed and configured the commands for QoS and Access Lists for Nexus 5K and 2K.
• Worked on configuration and maintenance of Cisco Catalyst Switch 3850, 3750-X, 2960X
• Migration with both Checkpoint and Cisco ASA VPN experience
• Experience with Juniper environment including SRX/Junos Space.
• Worked on vulnerability scanning tool such as Nessus and Qualys Guard
• Worked on McAfee Network Security Platform where incident response were managed using SIEM
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management (SDM)
• Worked on Cyber Security & penetration tool such as Armitage, Nmap, AppScan, SQL Map
• Worked on Panorama which is the centralized management system of Palo Alto firewall
• Performed other related duties as assigned or requested in compliance with ISO 27001 and 9000 (International Standards Organization).
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system & maintaining checkpoint clusters
• Administer, Maintain, and deploy Juniper IPS & VPN systems
• Configuring VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches
• Experience with System Center Endpoint Protection 2012 and Websense Triton Administration
• Managed network security processes using ASA firewalls and worked on Cisco Scan Safe (CWS)
• Experience in Installation and Configuration of FortiGate 5000, 3000, 900 series firewalls
• Experience with APM, LTM & GTM F5 component to provide high availability with providing services across data centers
• Configuring and troubleshooting Access-lists, Service Policies, and NAT rules, Network Object Groups, Service Object Groups on ASA 5585 and 5505 Firewalls.
• Having experience in Bluecoat proxy server’s firmware upgrade, URL filtering and content filtering
• Strong knowledge regards to design, plan and optimize the quality of service (QoS) related to the traffic prioritization and inception to delivery
• Worked on Cyber Security & penetration testing tool such as Ettercap, Nmap
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Managing and implementation of remote firewalls for State agencies using NSM, SPACE, CSM and Smart Dashboard
• Experience with working on maintaining, installing and handling policies on Palo Alto Firewall PA-200

Confidential

Network and Security Engineer

Responsibilities:

• Migration of RIP V2 to OSPF, BGP routing protocols.
• Configured EIGRP for Lab Environment.
• Cisco routing and switching technologies and devices LAN/ WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, IOS administration
• Advance Knowledge in Cyber Security and Ethical hacking
• Implemented ISL and 802.1Q for communicating through VTP.
• Configure Cisco routers 1900 and switches 2960.
• Experience with Cisco IOS and NS-OS.
• Configuring Port Mirroring, VLAN,SMTP, STP, RSTP, SNMP, and Routing Policies on switches
• Working with Client teams to find out requirements for their Network Requirements.
• Installed and Configured DNS server and Checkpoint Firewall with IPS feature in Internet Edge.
• Designing solutions for frozen requirements using Cisco Routers and Switches.
• Deploying the network infrastructure to meet the requirements
• Proficient in VPN technology and TCP/IP protocols
• Dynamic routing protocol configuration (RIP, RIP V2).
• Troubleshooting network problems and working knowledge of HTTP, SNMP, HTTPS, SMTP, DNS, DHCP, etc.
• Knowledge in Dynamic routing protocols
• Implementation & trouble shooting of complex WAN, LAN, VLANS, private VLANS, high availability solutions like HSRP, VRRP, GLBP, ether channels, site- to- site VPN, access control lists, NAT, PAT, routing solutions etc.
• Maintaining all the network devices routers, firewall, switches
• Incorporated VLANS to segment traffic on managed switches.
• Installing service pack upgrades.
• Use of TCP Dump to troubleshoot access issues.
• Configuring VRRP, Static route, BGP, Routing policies, ACL
• Implemented Secure Remote VPN for high speed remote access.
• Managed network connectivity and network SSL Security, between Head offices and Branch office
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco IOS, Router, switches) coordinating with the system/Network administrator during any major changes and implementation