SUMMARY

• Extensive hands on experience in Network and Security engineering and Network Infrastructure.
• Strong understanding and experience of Firewall on various platforms.
• Configuration, troubleshooting CheckPoint Firewall using R77.
• Hands on experience in Implementation, Troubleshooting &configuring for CheckPoint R77. 40 with GAiA and SPLAT
• Proficient at establishing User Tunnels in Nortel VPN Routers, implementing network security protocols, installing and supporting backup strategies, and planning/executing disaster recovery solutions.
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS, security risk analysis, vulnerability/patching, attack mitigation & penetration tests based on LPT methodology.
• Working knowledge of intrusion detection/protection systems such as Sourcefire, McAfee Fire Eye and tools like tcpdump, Wireshark, nmap.
• Strong experience working on SIEM tools - HP Arcsight products like Arcsight Express, ESM, Logger, Connector, ArcMC (Arcsight Management Center).
• Experienced with Cisco routers and switches, and a good understanding of IP sub netting and routing such RIP, OSPF, BGP, Cisco WLAN Controllers and Cisco Prime.
• Experience with controlling cloud based traffic such as AWS based on application Identity and applying appropriate threat management policies.
• Experience deploying of McAfee DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Organized Security Awareness and Network training for NOC and SOC staffs.
• Experience with Juniper Enterprise Equipment, Juniper Routers, M-Series, MX-Series, and Juniper EX-Series Switch.
• Knowledge of Server Maintenance, including establishing Security Protocols, Configuring Network, and Troubleshooting Problems.
• Advanced knowledge in TCP/IP suite and routing protocols, such as RIP, OSPF, BGP, & EIGRP, IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Good understanding of security infrastructure including Antivirus, Encryption, DLP, SIM, IDS and IPS.
• Experience with installation and configuration of security equipment from multiple vendors (CheckPoint, Palo Alto, Cisco ASA, Juniper).
• Using Smart Update, User Identity Management and Authentication in CheckPoint Firewall.
• Experience with F5 load balancer, administration, management and upgrades to support 24x7operations. Operations.
• Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments
• Experience in Configuring, maintaining and troubleshooting IPS and IPS1 in CheckPoint.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• On daily basis worked with Juniper SRX 650 and Palo Alto 5050 Firewalls
• Using Smart Update, User Management and Authentication in CheckPoint Firewall.
• Configure and troubleshoot Remote access and site to site-in CheckPoint & ASA firewalls.
• Managed, upgraded and maintained operational data flows and ArcSight platforms.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Configuration of Palo Alto Firewall PA-5k and CMS.
• Experience with VM-Series Palo Alto Firewall bundles.
• Experience in User administration, Identity awareness and authorization packages.
• Experience with Handling Security incident response effectively (Service-Now)and correction management and reporting the same with the higher authorities.

TECHNICAL SKILLS

Firewall: CheckPoint GAIA, Palo Alto, CISCO ASA/PIX, Juniper

Monitoring & Management Tools: Wire shark, TCP dump, Fiddler, Microsoft Network Monitor, Solar Winds, Cisco Works, Tuffin SecureTrack, IT360, Splunk.

Protocols & Standards: NAT, VTP, STP, VRRP, Ethernet, Token Ring, VLAN, FDDI, L2/L3/L4/L7 Switching

TCP/IP Protocol: Suite, UDP, SNMP, SEP, NTP, IPv4, IPv6, ARP, WCCP, EIGRP, OSPF, BGP, ISIS, RIP v2, MST, DHCP, RADIUS, TACACS, Active Directory, HSRP, MPLS, VoIP, SSL, VPN, HTTP, HTTPS, FTP, IGMP, POP3, SMTP

Load Balancing Protocols: HSRP, GLBP, VRRP and ArcSight ESM

IP Services Management: NAT, DHCP

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Wifi, FDDI, Token Rings

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 / T3 & SONET

URL Filtration: Websense, Bluecoat, ACL

Microsoft Software: Microsoft Office, Visio.Routers Cisco 2600, 3600, 3800, 7200, 7600, ASR 9001, Juniper SRX series.Switches Cisco 2960, 3750, 4500, and 6500, Nexus 2K/3K/5K/7K series and Juniper EX series

PROFESSIONAL EXPERIENCE

Confidential, California

Security Administrator

Responsibilites:-

• Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
• Successfully installed arc PA-3060 firewalls to protects Data Center
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Conducting security and system analyses to detect vulnerability using the vulnerability scanner (Qualis) and update the security policies as required.
• Assisting in Security Design optimization and assessment.
• Working knowledge of Symantec Endpoint Protection, Upgrading packages, installing policies, cleaning the hosts and updating the ticket.
• Installing, configuring and maintaining McAfee anti virus and DLP.
• Manage Traffic with Backup servers with cloud base services such as Amazon Web Services (AWS).
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention DLP appliance, Entrust IdentityGuard, Symantec Messagelabs and DLP Insight security appliance
• Troubleshooted the dependency errors in the SIEM packages, added the fix and installed them to the appropriate Arcsight Express appliance.
• Monitored Security Management Console for Security Operation Centre (SOC) forensuring confidentiality, Integrity and Availability of Information systems.
• Review the McAfee DLP incidents based on severity of documents.
• Implementation, mounting and Basic configuration of McAfee Network DLP in DC and DRC.
• Provide technical support in the configuration of Cisco and Juniper routers and switches to include: Cisco Enterprise Equipment, Cisco Routers, Cisco Catalyst Switches, Juniper Enterprise Equipment, Juniper Routers, M-Series, MX-Series, and Juniper EX-Series Switches.
• Experience in configuring and Troubleshooting Juniper routers and Switches such as Ex-4200, EX-8200.
• Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS (Intrushield, TippingPoint, etc), IPS (Snort), scanners (Qualis, Nessus), proxy (BlueCoat) and firewalls (CheckPoint, ASA, PIX, and Netscreen).
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to head quarter, remote site offices and VPN client users.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels on cisco routers for third party connectivity.
• Monitor and analyse Potential threats using splunk and make appropriate changes in the security policies.
• Configure and support F5 and A10 load balancers, and plan, implement and maintain enterprise security environments comprising of perimeter security, VPN's, virtualization, authentication controls, and other features
• Providing security to the application servers against threats using the F5 ASM.
• Deployed the Unified CVP solution with F5 BIG-IP load balancer in Standalone and Comprehensive deployment models for HTTP load balancing.

Confidential, California

Network Security Engineer

Responsibilites:-

• Complete renaming of all firewall objects and rules.
• Review and optimize firewall rules using Secure Track Tufin tool and firewall audit reports
• Daily responsibilities included design, implementation, support and administration of multiple security products running CheckPoint Provider-1 and VSX, Source Fire, and ISS Realsecure
• Worked on Symantec Endpoint protection to keep employee workstations secure and updated.
• Review the DLP incidents based on severity of documents.
• Provided Symantec Endpoint Protection, developed bySymantecCorporation, is an antivirus and personal firewall software for centrally managed corporate environments providing security for both servers and workstations. Experienced with Splunk Monitoring and Reporting.
• Provide best practice security consulting for multiple compliance initiatives, with a focus on highly resilient solutions
• Primary responsibility for the Core Security of the Network. Managing the entire Network Security Products deployed in the network such as CheckPoint (GAIA R75.40/77.20), Cisco ASA (5510/5520/5550)
• Creating technical implementation plans, project plans, and worked closely with internal and external customers to supply solutions that fulfill their needs
• Strong knowledge and understanding with IPsec, Remote Access VPN, and SourceFire intrusion prevention systems.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, CheckPoint and Palo Alto Firewalls
• Manage LAN & WAN and BlueCoat proxy servers.

Confidential

Network Support Engineer

Responsibilities:

• Provided technical support on hardware and software related issues to remote production sites.
• Involved in effective communication with vendors, peers and clients in resolution of problems, equipment.
• Provided hardware and software support to corporate users and IT staff
• Performed the tasks of developing and maintaining procedures for backup and recovery, virus scanning and access control (ACL).
• Figure and manage printers, copiers, and other miscellaneous network equipment.
• Provided desktop support including creating images specific to client requirements and deal with issues pertaining to hardware and application.
• Participate in on-call responsibilities in support of a seamless production environment.
• Performed routine network maintenance checks as well as Responsible for gathering and compiling data for special projects as well as prepare weekly status reports.
• Responsibilities included configuration and installation of software and hardware.
• Handled the tasks of documenting network problems and resolutions for future reference.
• Performed the installation, configuration and testing of LAN/WAN devices