SUMMARY

• Over 6 Years of experience in working on Firewalls and Network devices.
• Experience with both Implementation and Operational work on Network and Security Platforms.
• Enterprise scale network and security implementation & support experience.
• Experience with Security Gateway from Cisco ASA/Firepower environment with several hundreds of gateways as well as Palo Alto, Check Point in Provider - 1/Multi Domain Security and Fortinet Firewalls.
• Hands-on experience with Cisco ASA firewall administration, Rule Analysis, Rule Modification and implemented different failover mechanisms on ASA firewalls.
• Experience with Check Point IPS Blades, Fire Power SFR Modules, AIP-SSM Modules on ASA.
• Working with Advanced blades of Check Point such as URL/APP Filtering, ANTI-VIRUS, ANTI-BOT, Threat Emulation, Threat Prevention, IDM.
• Using Smart Update, User Management and Authentication in Check Point Firewalls.
• Experience managing Palo Alto firewalls for all Content filtering, APP-ID, URL filtering, IPsec VPN and Global Protect VPN.
• Experience configuring B2B VPN tunnels on various platforms such as Check Point, Cisco ASA and Palo Alto firewalls.
• Implementation, and proficiency in configuring and troubleshooting Fortinet firewalls.
• Firewall rule base Audit and Cleanup using tools such as Tufin.
• Firewall Policy provisioning and work with firewall requests submitted by users through change management system.
• Proven analytical, decision making, and problem- solving abilities.
• Flexible, Capable of quickly learning new technologies and adapting to new environments.
• Check Point security gateways including Appliances such as 21000, 13000 and 12000 series Check Point IP appliances.
• Cisco ASA Firewalls including ASA 5585x, 5555, 5540, 5516x with SFR Modules.
• Palo Alto Firewalls PA 5K and 7K series appliances managed through Panorama.
• Juniper VPN Platform covering SA 6500, Pulse Secure Appliances.
• Check Point IPS, NGTP features IDM, Threat Emulation, Sourcefire,FirePOWER Modules on ASA 5500 Series appliances.
• Cisco Networking Hardware Nexus 7k, 5k Series switches.
• Check PointR80.10, R77.30, R77.20, R77.10 on Check Point Appliances
• Cisco Firewall IOS 9.x, 8.x, 7.x including 8.0, 8.2, 8.4 and 9.0, 9.1 on ASA Platform, 8.6 on ASA 5585x series hardware
• Firepower 6.1.x, 6.2.x, 6.3.x, 6.5.x.
• Palo Alto Networks PAN OS 6.X, 7.X, 8.X
• Juniper OS 11.x, 12.x
• Good Understanding of OSI Layer, TCP/IP, TCP, UDP, Dynamic Routing Protocols EIGRP, OSPF, BGP.
• High Availability configurations including HSRP, VRRP and Spanning Tree Protocols STP, RSTP, MST. Dot1q Trunk.
• Server Technologies like Windows 2003, 2008, Linux and Active Directory/LDAP, DNS, DHCP, DFS.
• Network Management Protocols including SNMP, SYSLOG.
• Wire Shark / Sniffer capture for packet level analysis. (TCPDUMP on security gateways).
• Security Implementations including multiple Zones (DMZ, Third-party, ASZ etc.).
• Two factor authentication using RSA and TACACS.
• Advanced NAT including Identity, Static, Policy static etc.

PROFESSIONAL EXPERIENCE

Confidential

Network security Engineer

Responsibilities:

• Implementation, configuration and support of Check Point firewalls,Palo Alto Firewalls, ASA with SFR modules.
• Installation of SFR Module on Cisco ASA Platform for advanced security services.
• Configuring FirePOWER on Cisco ASA including IPS (NGIPS), Application visibility and Control as well as Advanced malware protection.
• Configure and tweak the URL Filtering on Cisco ASA with FirewPower.
• Configure FirePOWER using cli as well as FireSIGHT Management Center.
• Configure Sourcefire IPS inline mode of deployment.
• Configure and verify the Sourcefire IPS features to identify threats and dynamically block them from entering the network
• Maintain, update and tune IPS signatures as well as update Cloud based Threat detection policies.
• Use Sourcefire defense center for IPS management, deployment, and event correlation.
• Create and test initial IPS configurations for new devices/services.
• Tweaking Events/Alerts and false positives. Optimizing IPS Sensor performance.
• Configuring, monitoring and troubleshooting Anomaly Detection Service on IPS.
• Install, configure and troubleshoot the Cisco based ASA Firewalls in the network.
• Built several pairs of ASA Firewalls from scratch as well as upgrade from ASA X series.
• Understanding the new 8.3 Architecture including NAT operations, IP Address used in the access list.
• Work with different types of NAT including Static, Destination, Source NAT.
• Document all the errors and logs recorded during upgrade process on the staging hardware.
• Configure Active-Active failover in Multiple Context Mode ASA
• Configuring B2B VPN tunnels with Business partners on ASA firewalls.
• Troubleshooting the B2B VPN connectivity issues using Packet tracing to validate if firewall will allow the access, has NAT and routing rule in place.
• Installation, Configuration and troubleshooting of Palo Alto Firewalls PA 5K Series running PAN OS 7.X and 8.X
• Firewall Policy provisioning on PAN devices using PANORAMA management platform.
• Manage Palo Alto Firewalls using Panorama configuring Device Groups and Templates.
• Configuring Palo Alto Firewalls with multiple zones based on traffic segregation requirements.
• Configuring and support different types of NAT on PAN devices. Source/Destination based NAT.
• Work with App-ID for application visibility and URL Filtering on PAN devices.
• Security Policy Provisioning, Managing Security zones and interface configurations on Palo Alto Firewalls.
• Firewall Configuration Import into Panorama as well as configure Multiple VSYS.
• Configured ClusterXL Active/Standby on Check Point 21000, 13500 appliances.
• Configure and support Check Point Smart Center high availability in Active/Standby.
• Packet Capture using tools such as TCPDUMP, FW Monitor to analyze traffic and troubleshooting through command line of Check point firewalls.
• Check Point Virtualization using VSX and configure load sharing VS in VSLS Mode.
• Blue Coat Proxy SG series appliance administration for URL filtering and client policy provisioning.
• Run packet captures and analyze for any VPN issues with Phase 1 and Phase 2 on ASA and exporting it to Wireshark for analysis.
• Evaluate communication security, data vulnerability, and business continuity and compliance risks along with vulnerabilities/weaknesses in systems.
• Managed vulnerabilities with the aid of Nessus vulnerability scanners to detect potential risks on a single or multiple assets across the network.
• Firewall Policy provisioning and work with firewall requests submitted by users through change system using ServiceNow.
• Cleanup and Optimize firewall rule base and database. Reorder rules for optimal firewall performance using Tufin.
• Ensure Firewall Policy compliance as per client required standards.

Confidential

Network Security Engineer

Responsibilities:

• Firewall Policy provisioning on platforms such as Check Point, Cisco ASA firewalls and work with firewall requests submitted by users through Remedy IT Service Management.
• SmartCenter/Smart Dashboard for Check Point, Cisco CSM for provisioning policy and using Shared objects and global objects and policies.
• Build and Upgrade Check Point Security Gateways as well as support upgrades of Check Point Clusters.
• Troubleshoot complex problems, providing root cause analysis and remediation to mitigate future risk with appropriate technical staff to resolve connectivity issues.
• Responsible for Check Point Firewall support and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Troubleshoot IPsec Site to Site VPN connectivity including Phase1 (ISAKMP) & Phase2 (IPSEC).
• Review Firewall rule conflicts and misconfigurations as well as redundant rules.
• Identify unused rules and schedule change to revoke them and mark it for permanent deletion.
• Updating Network Diagrams using MS Visio and Network documentation.
• Build High Availability using ClusterXL on Check Point, Active/Standby HA mode on Cisco ASA.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Debugging abilities at lower levels of OSI layer (Switching, Network and Transport Layer).
• Responsible for Cisco ASA firewall administration across the networks.
• Worked extensively in Configuring, Monitoring and Troubleshooting access-lists, NAT on Cisco ASA 5500 series security appliances.
• Work on B2B VPN Tunnels with business partners and Remote access VPN using Cisco ANYCONNECT on ASA firewalls.
• Installed various branch Cisco devices including switches and routers.
• Performing troubleshooting on slow network connectivity issues, routing issues that involves OSPF, BGP and identifying the root cause of the issues.