SUMMARY

• Network Security Engineer with Over 7+ years of Experience.
• Implementation, Configuration and support of Checkpoint (NGX R65, R70 and R71) Juniper (Netscreen, SSG and SRX3600, SA6500) and Cisco based Firewalls (PIX, ASA5585X, 5525X, 5540, PIX 535, 3000 Series).
• Implemented and Configured Palo AltoNetworks Firewall models (PA - 2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Configuration, installation and troubleshooting of JuniperSRX 3600/650s and SSG-550Ms.
• Experience with Bluecoat Proxy and VPN Technologies including B2B and Remote.
• Experience in IP Routing and troubleshooting with RIP, BGP, OSPF, EIGRP and MPLS.
• Experience on F5 load balancer Networks Big IP LTM, GTM.
• Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances.
• Experience in Network Security like creating Access Lists (ACL), NAT.
• IDS and IPS event management using CSM including signature updates for SSM Modules, IDSM.
• Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
• Involved in Data center migration including subnet migration, VPNs migration, network and security device configurations.
• Strong at Command line troubleshooting of Security Appliances.
• Experience in backing up the configuration files using a TFTP server.
• Experience with handling DNS and DHCP servers.
• Experience with secure file transfer server applications.
• Experience with JunOS 9.x, 10.x.
• Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.
• Implementing Microsoft windows infrastructure components such as Active directory, Domain Controller, and DHCP.
• Experience in virtualization technology Infrastructure using VMware 5.x.
• Expertise in configuration/administration of Cisco Nexus 5K/7K series.
• Configuring and managing Blue Coat Proxy Servers.
• Assist in the development and delivery of automation, monitoring and event correlation.
• Black listing and White listing of web URL on Blue Coat Proxy Servers.
• 24 x 7 on call support.

TECHNICAL SKILLS

Hardware: Checkpoint NGX R65, R70 and R71 PowerEdge2950 on Nokia Hardware using IPSO 1220 and SPLAT as well as IP Appliances IP 690, IP 695, IP 697 Juniper Netscreen 6500, 6000, 4500 SSL SA VPN, Netscreen ISG 1000, Netscreen 5400. Juniper SSG Firewalls, Juniper SRX 3600, Juniper SA 6500, Palo Alto PA-3060/2050 Cisco ASA Firewalls including ASA 5585, 5550, 5540 and Cisco Core, distribution and access layer network devices including 7200, 3800, 3600, 2800, series routers, Cisco Catalyst switches including 6513, 6509, 4948, 3750G, 3560G, 3548, 2960G. Tuffin Secure Track for Policy Optimization.

Network Topologies: TCP/IP and OSI Communication Layer, DS3, MPLS, Frame Relay, ATM, LAN and WAN routing protocols, including RIP, EIGRP, OSPF, BGP network service protocols and standards Active Directory LDAP, Radius, Tacacs, DNS, DHCP, NTP, SNMP etc. as well as network redundancy protocols including VRRP, HSRP (Hot Standby Routing Protocol)

Operating System: Checkpoint R65, R70, R71, R75. Juniper Screen OS 6.X, NSM 2007, 2010,2011,2012 CentOS, JunOS 11+VS, ASA 7.X, 8.X, Nokia Voyager IPSO 4.x, 6.x, CSM 4.X, ASDMMS Windows 7, Vista, XP, Server 2000, 2003, 2008 Mac OS-X, Linux-Red Hat.

Security Topologies: Configure and support secured Firewalls for corporate network at layer 2 (transparent mode) layer 3 (Routed mode), using various platform specific hardening procedures e.g.: DMZ configurations, Access lists, Application inspection, NAT, reverse path verification etc. Cisco IDS (Intrusion detection system) and IPS alert management, Vulnerability Scan using Nessus, Bluecoat proxy server, building secure IPSec Remote/Site to Site VPN connections using strong encryption.

Methodologies: Sequential, Waterfall, RUP, Agile (XP, Scrum)

Network Tools: Wireshark, Ethereal, CiscoWorks, Netflow Analyzer, Ettercap, NetScout

Additional Skills: Using Packet Tracing and Packet captures on firewalls. Troubleshooting of Point-to-Point WAN Circuits, Frame Relay, ATM, and MPLS. VLAN configurations, 802.1q trunking, and spanning tree, VTP, IP Subnetting, NAT, IPSec based VPN, IPSec VPN Tunnels, VOIP, DNS, DHCP, ADS, Exchange 2000, IIS, SNMP V2, load balancing and high availability. Packet level troubleshooting using sniffer tools like Ethereal, Packet capture tools using ASA Firewall CLI, ASDM and CSM etc.

PROFESSIONAL EXPERIENCE

Network Security Engineer

Confidential, River Wood, IL

Responsibilities:

• Data center migration including Subnet migration, VPNs migration, Network and Security device configurations.
• Migration activities involving old infrastructure to be revamped with new infrastructure having minimum effect to the production.
• Management and administration of Juniper SRX/SSG and ASA 5585/5550 Firewalls at various zones including DMZ, Extranet (Various Business Partners) and internal.
• Successfully installed Palo Alto PA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall.
• Configuration and Administration of Palo Alto PA-3060/2050 Firewall.
• Palo Alto design and installation, which includes Application and URL filtering Threat Prevention and Data Filtering.
• Hands on experience in configuration of Cisco ASA 5000 series firewalls and experience with checkpoints and FortiGate.
• Installing Jun OS upgrade package on SRX devices and also upgrading the SRX cluster with minimal downtown.
• Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static and Hide NAT's.
• Configuration and administration of F5 LTM load balancer.
• Deploying Cisco ASA and Bluecoat ProxySG (Web SecurityAppliance) S170 for URL Filtering Policies.
• Experience with creating firewalls policies and rules as requested and analysis of traffic flow.
• Juniper Firewall Policy management using NSM and Screen OS as well as SRX using command line.
• Isolating security for various customers by creating VRF’s.
• Perform Advanced NAT Operation including Static NAT, Identity NAT; Policy based NAT etc. for third party connections.
• Implemented configuration back-ups using winscp, cyberfusion to automate the back-up systems with the help of public and private keys.
• Network based IDS/IPS event management and Signature Updates and making sure the false positives are filtered and investigate the critical alerts based on Source, Destination and Service.
• Installation, configuration and upgrade of Juniper SRX firewalls for third party connectivity.
• Decommissioning of firewall and implementing it on another firewall vendor.
• Build Site to Site IPsec based VPN Tunnels between various client and business partner sites and Clustering.
• Design and Implement New Firewalls in the network as per client requirements. Perform Firewall upgrades and support.
• Experience in configuration of Bluecoat Proxy servers, authentication solutions, IDS/IPS servers.
• Firewall policy cleanup using firemon and Optimize firewall rule base and database. Reorder rules for optimal firewall performance.
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
• Configure Syslog server in the network for capturing the log from firewalls.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco PIX and ASA Firewalls.
• Training Service desk on Firewall request process and also Technical training to new employees.

Network Security Firewall Engineer

Confidential, Kansas City, MO

Responsibilities:

• Day-to-day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Configure and administer Cisco ASA Firewalls (5585, 5550, 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience on ASA firewall upgrades to 9.x.
• Configured Panorama web-based management for multiple firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Use Tools such as SKYBOX for Firewall Policy optimization and rule base Clean up.
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• FWSM configurations in single/multiple context with routed and transparent modes.
• Support Data Center Migration Project involving physical re-locations.
• 24 x7 on call support.

Network Security Administrator

Confidential, NJ

Responsibilities:

• Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• I worked on Check Point Security Gateways and Cisco ASA Firewall.
• Firewall Clustering and High Availability Services using Cluster XL on Check Point.
• Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
• Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
• Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
• Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
• Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
• Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
• Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
• Upgrade of Cisco ASA Firewall in Active/Standby mode with no down time.
• Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fortigate High Availability using Fortigate Clustering Protocol (FGCP).
• Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
• LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
• Documentation and Project Management along with drawing network diagrams using MSVISIO.

Network Engineer

Confidential

Responsibilities:

• Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
• VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
• Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
• Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
• Administer and support Cisco based Routing and switching environment.
• Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
• Deployed a Syslog server to allow proactive network monitoring.
• Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

Network Engineer

Confidential

Responsibilities:

• Primarily responsible for incident and problem management.
• Part of Network Operation Center NOC offshore support team from India supporting HP Data Center 24x7. L2 support for Cisco PIX and ASA Firewalls
• Schedule changes and work through maintenance requests over weekends.
• Perform daily maintenance, troubleshooting, configuration, and installation of all network components.
• Configuration of CISCO Routers (3600, 4000 Series) and 3550, 4500 series switches.
• Creating groups, users and policies in Active Directory.
• Troubleshoot and support Cisco Core, Distribution and Access layer routers and switches
• Built IPSec based Site-to-Site VPN tunnels between various client locations.
• Point-to-Point, Frame Relay, T3, ATM, WAN troubleshooting.
• Debugging abilities at L1, L2, L3, and L4 protocols in an Internet-centric environment. Troubleshooting Active Directory, DNS, and DHCP related issues.