SUMMARY

• Senior Security Engineer with CCNA certified and experience in the Network, system design and Security Design, Implementation and Support.
• Responsible for Cisco ASA firewall administration across global networks
• Strong experience in creating firewall policies as per the requirements on Palo Alto (PA - 5020/PA-3020), Cisco ASA (5540/5580)
• Experience in Supporting and troubleshooting (R77 Gaia, R75.40, R70, R65, Provider-1, MDM/MDS, VSX, SPLAT and IPSO)
• Configured Firewall and updated rules on Palo Alto (PA-5020/PA-3020), Cisco ASA (5540/5580)
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto (PA-5020/PA-3020) Firewall.
• Provided support for 2Tier and 3Tier firewall architecture, which includes various Check Point, Cisco ASA firewalls (5540/5580) and Palo-Alto firewalls (PA-5020/PA-3020).
• Strong production experience in managing F5 BIG-IP APM, ASM, AFM and LTM.
• Configure and Managing all wireless equipment (CiscoAccess Point, Motorola Controller)
• Advanced knowledge of OSI model, TCP/IP, Internet technologies, systemsecurity,firewall infrastructure, network architecture andCisconetworkrouting/switching(Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience
• Managing NetworkRoutingandSwitching, configuring, and troubleshooting VLAN, STP, VTP, HSRP, VRRP.
• Expert working knowledge including the ability to setup, configure, upgrade, manage, and troubleshoot switches; enterprise VPN solutions; Juniper SRX firewalls (5400, 550, 5600)
• Managing and administering Juniper SRX Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Responsible for Check Point, Cisco ASA (5540/5580) and Palo Alto firewalls (PA-5020/PA-3020) configuration and administration across global networks.
• Worked in Data center environment with Cisco UCS 6200 interconnects Cisco UCS B-series Blades and Cisco UCS 5100 series blade server chassis and implemented RAC mounted servers
• Experience engineering projects including PCN and SCADA
• Implementing and maintainnig Network Management tools(OPAS,Solar Winds,Cisco Works)
• Configured Cisco 1000v switches for virtual VMware servers in the Cisco UCS environment
• Troubleshooting and Configuration of Cisco ASA 5580, 5540, FWSM, firewalls for all the agencies connecting to City net.
• Managed all network and devices including Cisco routers, switches, VPNs, SSL, Check Point, Cisco PIX, Cisco ASA, Cisco FWSM as well as content delivery networks (F5 BigIP LTM and GTM 1600 and 3400 load balancers) enterprise environment.
• SIEM tuning and log analysis of alerts
• Installed and configured an ArcSight ESM SIEM tool from scratch & observed device Integration of multiple Log sources with the ArcSight Connector appliance
• Analyze, troubleshoot, and remediate issues with the SIEM, frequently working with the support teams
• Established VMware EXSI servers in support of multiple VMs, which enabled the company to immolate and testDLPinstalls on various platforms
• Extensive experience in Windows and Active Directory Administration
• Black listing and White listing of web URL on Blue Coat Proxy servers and web security gateway
• Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
• Experience in installation, configuration, backup, disaster recovery, maintenance, and support of Several Unix/Linux Servers
• Powershell scripting and execution for account termination, Distribution List creation, Security Groups
• Familiarity with Websense, nCircle, Imperva, DAM, SourceFire and WAF devices and services
• Cisco ASA and FWSM, F5 AFM, A10 WAF,FTD,IDS/IPS systems, and general knowledge of security features and protocols

TECHNICAL SKILLS

Operating Systems: Win XP, Win 7, Win 8, Win Server 2003, working knowledge of Mac OS X and Linux

Routing: Cisco, OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing.

Switching: Cisco, VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN Routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN Emulation

Security / Firewalls: NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, IDS/IPS, URL Filtering, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS), Cisco ASA Firewalls 20, IPSEC & SSL VPNs, IPS/IDS

Load Balancers: F5 LTM/GTM, F5 BIG IP, F5 BIG-IP LTM, F5 BIG-IP GTM, F5-ASM, APM, AFM.

IP SERVICES: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

AAA Architecture: TACACS+, RADIUS, Cisco ACS

PROFESSIONAL EXPERIENCE

Confidential, Richmond, Virginia

Network Security Engineer

Responsibilities:

• Implementing security Solutions using Palo Alto (PA-5020/PA-3020), Cisco 5580/5540.
• Provided support for 2Tier and 3Tier firewall architecture, which includes various Check Point, Cisco ASA firewalls (5540/5580) and Palo-Alto firewalls (PA-5020/PA-3020).
• Responsible for Check Point, Palo Alto (PA-5020/PA-3020) and Cisco (5580/5540) firewall configuration and administration across global networks.
• Troubleshooting and Configuration of Cisco ASA 5580, 5540, FWSM, firewalls for all the agencies connecting to City net.
• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls
• Managing cabled LAN and wireless access, withswitchingtechnologies and wireless technologies
• Knowledge of Process Control Systems/SCADA
• Worked on RSA authentication manager and Cisco NSA (Network Admission control) to authenticate users and devices to the network
• Configured F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experience in Cisco CSM and FMS.
• Performing troubleshooting for IOS related bugs by analysing past history and related notes
• Configured F5 GTM Wide IP, Pool Load Balancing Methods, probers and monitors recreating Http and https
• Expert Level Cisco ASA, Palo Alto, Check Point and Juniper SRX Firewalls Administrator
• Experience for creating scheduled and ad-hoc reporting with SEIM tools.
• In-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environments Packet capture and log collection with trace and test on voice call issue
• Monitoring network (data & voice) devices, WAN/OC/Telco links, warning/alarms and raising pro-active tickets and moving it to resolution.
• Troubleshooting and monitoredroutingprotocols such RIP,FTD,OSPF, EIGRP & BGP.
• Configuring RIP, OSPF and Staticroutingon Juniper M and MX series Routers.
• Managing and administering Juniper SRX at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Configured and maintained 26 NOS network security team devices including IDS,PaloAltofirewalls, Bluecoat web proxies, and load-balancers.
• Websense, nCircle, Imperva, DAM, NTP,SourceFire and WAF devices and services
• Implemented various EX, SRX & J seriesJuniperdevices,Configuration 7609, 7606 with OSPF andjuniper(EX, QFX, andQFabric) switches with various VLAN.
• Responsible for the installation and configuration of thePaloAltofirewalls and equipment for the TMC in NYSDOT
• Experience in security for the following platforms: Windows physical and virtual desktops and laptops, UNIX / Linux Servers, Windows servers, Database as well as RSA (EMC), McAfee (Intel), FireEye, FTD, SourceFire, NTP,Symantec endpoint security tools
• Worked with team of 4 engineers to design, implement, manage, and migrate 85+ Cisco ASA to Palo Alto firewalls across the State
• Provides updates and upgrades to thePaloAltofirewalls, FPCs/NTSA Managers and Panorama devices
• Knowledge of Process Control Systems/SCADA, Cisco CSM and FMS.
• Manages firewalls remotely and securely on both UNCLASS and CLASSIFIED systems
• Ability to troubleshoot complex network issues in the LAN/WAN networks and work with multiple application and system teams to identify bottlenecks in connectivity and other configuration issues
• Experience infirewalladministration, network and information security, network administration, and related technical specialtiesof Palo Alto firewalls
• Create incident tickets with thePaloAltoNetworks TAC to troubleshoot and diagnose cases
• Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls by using NSM
• Gathering details from customers and providing best security infrastructure solutions with F5 load balancers, Check Point/Netscreen firewalls and Blue Coat Proxies
• Created various B2B environments using Blue Coat Proxies.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Security audit to customer like vulnerability assessment and Penetration testing.
• F5 Migration - LTM 4.x to 9.x & 3DNS to GTM 9.x
• Utilizing ArcSight Smart Connectors, Logger appliances and HBSS server log analysis to verify proper SIEM security event flow
• Extract the logs, perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request
• Qualified and knowledgeable in the installation and configuration of: VMware ESX/ESXI v3.1 to v6, MS DOS, Windows NT 4.0 to Server 2012, Windows 3.1 to Windows 10
• Working experience with Web Application Firewall (WAF) rules.
• Maintain and upgrade Imperva WAF from version 8.x to 10.x. Maintain and review the events and make necessary changes including setting up new applications
• Experience in security for the following platforms: Windows physical and virtual desktops and laptops, UNIX / Linux Servers, Windows servers, Database as well as RSA (EMC), Rapid 7, SourceFire, McAfee (Intel), FireEye, Symantec endpoint security tools

Environment: PaloAltoPA-5000/3000 and Cisco ASA 5580, 5540, FWSM, Cisco 5580/5540/5520 , Juniper SRX, Cisco CSM and FMS, Windows server, Bluecoat, SIEM, Load Balancer F5 LTM and GTM, WAF,Active Directory

Confidential, Los Angeles

Network Security Engineer

Responsibilities:

• Implementing and troubleshooting firewall rules in Cisco ASA 5520, 5540, 5580 Implementing and troubleshooting firewall rules in Juniper SRX 5400, 550, 5600 as per the business requirements
• Responsible for Check Point, Cisco ASA and Palo-Alto firewalls configuration and administration across global networks for providing IPS/IDS
• Worked on Juniper SRX Versions 300, 3400, 3600, 220 implementing new and additional rules on the existing firewalls for a server refresh project
• Working closely with onsite IT managers and remote engineers utilizing Ekahau Site Survey performed wireless validation surveys of Microsoft offices across the United States and Canada. Configured Aruba access points, troubleshoot connectivity issues with Aruba access points. Prepared wireless survey reports, reports documenting completed projects and AP placement maps
• Worked extensively on Data CenterPaloAltofirewalls and F5 BIG-IP LTM.Configured Site-Site VPN onPaloAltoFirewall on one side and Fortinet on the other side.
• Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Implemented many number of security policy rules and NAT policy rules onPaloAlto, created Zones, ImplementedPaloAltoFirewall interface,PaloAltoIDS and VLAN.Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of thePalo AltoFirewalls placed in the Data Center with MS Visio.
• Experience McAfee (Intel), FireEye, Symantec endpoint security tools
• Extensive implementation of firewall rules on checkpoint R77 GAIA on daily basis using Smart Dashboard.Provided dailyPaloAltofirewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone based integration, and analyzing syslog's, and utilizing wild fire feature in Panorama 7.1.
• Configured VLAN trunking withPaloAltointerfaceMaintained, configured, and installed Cisco routers and switches: 7500/catalyst 6500/RV320/2960/catalyst 3550/12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540
• Configured routes onPaloaltofirewalls 3060, 5060, 7050
• SMEs will collaborate with DS/T/ATA in the development of specialized technical assistance or customized programs.
• PaloAltouser-identification implementation with KIWI servers userPaloAltouser-id agents
• Configuring TACACS, LDAP, FTD, and RADIUS for Cisco ASA andPaloAltofirewalls
• Integrating Panorama withPaloaltofirewalls, managing multiplePaloAltofirewalls using Panorama
• Using the ActiveSync security policies, application-ready security policies to protect servers running onF5 usingF5 ASM for both the HTTP and the HTTPS protocols.
• Designed, programming and support global Avaya VoIP, Avaya ProactiveContactRel 4.0, AvayaVoicePortal Rel 5.0, Cisco ICM call routing, Cisco CSM and FMS, CMS, eCAS, Nice and Verint call recording
• Troubleshooting for Layer 2 LAN technologies including but not limited to Ethernet (Switched, FastE, and GigE), Spanning-Tree, VLANs, VTP, and Trunking (802.1q) and Aruba Wireless platform and Aerohive Wireless AP.
• Project responsibilities included the removal of Cisco wireless APs and the installation of Aruba wireless APs. Site survey, initial walkthrough, pre-configuration and installation of Aruba instant and campus APs, controllers, and documentation - Support of the T.I. wireless network via Airwave.
• Design, Survey, configure and Certify Company's WiFi Architecture.
• Experience in working with wireless site survey tools like Airmangnet and Ekahau.
• Expert level knowledge on configuring Aruba Mobility controller, Airwave, Aruba Clearpass, Cisco Prime Infrastructure, WCS/NCS, ISE & MSE. Worked extensively configuring Security over Wireless and Voice over Wireless.
• Optimize infrastructure and its associated software, including IP- PBXs, call management systems,voicemail, computer telephony integration and interactivevoiceresponse
• A10 Load Balancers expertise on F5 BigIP Local Traffic Managers (LTM). Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 (VIPRION - ASM) BigIP Load Balancers.
• Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 on a daily basis, using SPACE as well as CLI when needed.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Responsible for performing predictive wireless designs/site surveys with AirMagnet Planner (Cisco 3500/3600/3700/ Aruba 105 access points) and conducting physical wireless site surveys with AirMagnet Survey.
• Implemented and maintained network architectures for LAN/WAN, FTD.
• Responsible for maintenance and utilization of VLANs, Solar Winds Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches
• Monitored the Email and Active Directory components and whole systems and proactively fixed potential issues before they actually caused service disruption
• ManagingF5 BigIP Load balancers, Blue Coat Proxies and SourceFire.
• Upgrading Imperva WAF (Web application firewall) and fixing hot fixes and patches

Confidential

Junior Network & Firewall Engineer

Responsibilities:

• Participated in planning, designing, installing and configuring new Firewall policies.
• Created and tested Cisco router and switching operations using OSPF routing protocol, Cisco ASA Firewalls, and MPLS switching for stable VPNs, Solar Winds
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF.
• Worked on network-based IT systems such as racking, stacking, and cabling
• Installation ofPaloAltouser-id agent on Active directory.
• Migrating URL filtering policies from Bluecoat toPaloAlto
• Switches, Nexus Switches,Juniperand Palo Alto Firewalls, A10 Load Balancers,F5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers.
• Managed service providers/vendors relationships from a project and technology perspective.
• Worked with the basic communication protocols like TCP/IP.
• Troubleshoot and solve network systems issues involving Cisco switches, Aruba wireless intrusion detection systems, VSAT
• Wireless rollout: responsible for deploying 1500 Aruba Wireless Access Points to different sites
• Built wireless network using Aruba redundant controllers and ClearPass radius server.
• Worked on Designing, Developing and Deploying Aruba Wireless(Wi-Fi) environment in large scale warehouses which span over 150,000 Sq ft to 500,000 Sq ft to multiple remote sites (10,000 to 20,000 Sqft).
• Deployed Aruba Clearpass policy manger in wired and wireless(WI-FI) infrastructure in office and warehouse environment.
• ACI and Openstack to automatically create and tear downF5 loadbalancersas resources are consumed or no longer needed.
• Using SmartUpdate, user management and authentication in Check Point Firewall.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTM, GTM, APM, ASM, AFM. Worked on software versions including 9.2, 11.4.1, 11.5.3.
• Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency and redirection of URL and F5 ASM cookies issues and configures ASM policies
• Strong production experience in managing F5 BIG-IP APM, ASM, AFM and LTM.
• Used F5 BIG-IP Local Traffic Manager (LTM) and provided a flexible, high-performance application delivery system to increases operational efficiency and ensures peak network performance for critical business applications.
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineers instructions and troubleshooting any related issues
• Provided Load Balancing towards access layer from core layer using F5 Network Load Balancers.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco PIX, NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS, Foundry / F5 Load Balancers, and Blue Coat Packet Shaper systems.
• Proactively monitored including a weekly review of log files, reports, weekly Knowledge Base updates, etc. to determine the health and performance of Secures appliances.
• Worked on Routing and Switching issues including OSPF, RIP, Fortinet, Solar Winds, VLAN's.
• Design and Implementation of VoIP & Data Networks for new buildings, expansions, and remodels at a company platform.
• Responsible for design, Architecture, testing, procurement and implementation of PepsiCo'svoice technology to include: Avaya, Avaya ProactiveContact, AvayaVoicePortal, Genesys, Nortel and MitelPBX,VoiceMailsystems
• Experience creating scheduled and ad-hoc reporting with SEIM tools.
• In-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environments
• Performed IP address planning, designing, installation, configuration, testing, maintenance, and troubleshooting in complete LAN, WAN development.
• Implemented and Maintained Routing Protocols EIGRP and OSPF in the Network.
• Configured and Maintained the Local Network using 2900, 6500 series Switches and 2800 series Routers. Configured and installed the 3600 series Router.
• Implemented strategies for operating systems, virus protection, mail systems and Internet Access services
• Performed scheduled Virus Checks & Updates on all Servers & Desktops. shell scripting and execution for account termination, Distribution List creation, Security Groups
• Resolved all computer related problems, monitored and maintained system functionality and reliability by identifying ways to prevent system failures
• Created and implemented filters on the Routers for security purposes.
• Installed and managed network devices including Hubs and Switches.
• Provide hardware and software support to end users