SUMMARY

• Result oriented Network Security Engineer with 8+ years extensive hands - on experience inNetwork and Security products, troubleshooting and customer support with in-depth knowledge of Cloud Networking, Checkpoint, Palo Alto, Cisco ASA, IPS/IDS, Cisco ISE, Blue Coat Proxies, F5 Load Balancers, IPSEC VPN, VMware and AWS.

TECHNICAL SKILLS

Networking: TCP/IP, VLAN, VXLAN, VTP, STP, EIGRP, OSPF, BGP, IS-IS, MPLS, NAT, IPsec, DMVPN, DHCP, DNS, RAID, HTTP,Juniper SSG, F-5 Load Balancer Juniper SRX, Checkpoint, Cisco ASA, Palo Alto, Palo-Alto Management-Panorama, Fortinet VPN, UTM, IPS, IDS, RADIUS, Cisco ASA (all models), Palo Alto (All Models),Checkpoint (R80.10, R77.30, SPLAT, GAIA, MDS, VSX, Cluster XL) Cisco 1841,2500, 2800,3845, ASR, Catalyst 1900, 2950, 2960, 3500, 3750G,Nexus 5k, 7k, Routers,Switches, Wireless, Ethernet, Fast Ethernet, Gigabit Ethernet, F5 LTM, GTM, Blue Coat Proxy, Panorama, NSM, CSM.

Virtualization: AWS, Docker, Kubernetes, Google Cloud, VMWare, VirtualBox

Networking Tools: Netact, LSM, BSM, TEMS, XCAL, Wireshark, GNS3, Cacti, Cisco IOS, Secure CRT, Algosec, Tufin, Cisco works, Solar Winds, Splunk, IBM Qradar

Cloud Technologies: Kubernetes, Docker Containers, AWS, Microsoft Azure

Virtualization and Hypervisors: VMware vSphere, MS Hyper-V, KVM

Tools: GNS3, Wireshark, Cisco Packet Tracer, Putty, VMWare Workstation, Oracle VM VirtualBox

Automation: Python, Ansible

Operating System: Linux, Windows

Data presentation and analysis: PowerPoint, Microsoft Excel, MapInfo and Cockpit

PROFESSIONAL EXPERIENCE

Confidential, Memphis, TN

Network Security Engineer

Responsibilities:

• Perform configuration changes on Checkpoint R77 Gaia, R80.10 and Palo Alto on a large scale environment.
• Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS, IPS, proxy (Bluecoat) and firewalls (CheckPoint, ASA, and Paloalto).
• Converted Checkpoint VPN rules over to the Cisco ASA solution.
• Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA-3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Juniper, Cisco IDS/IPS and IPSEC/SSL VPN, Load Balancer.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Install and maintain Palo Alto firewall configuration to protect secure data as part of PCI and SOX compliance.
• Perform Checkpoint and ASA firewalls design, integration and implementation of networks.
• Experience in using Smart Update, User Identity Management and Authentication in CheckPoint Firewall.
• Responsible for Checkpoint and Cisco ASA firewall administration across our global networks.
• Configure IP-SEC VPN, and SSL-VPN (Mobile Access) on Check Point Gaia based on user traffics that needs to be encrypted using Checkpoint.
• Worked in a large enterprise level data center supporting more than 1500+ network devices.
• Identified and fixed security and network loop holes in datacenter environment
• Design, Build and Implement various solutions on F5 Load balancers and F5 Global Traffic Managers (GTM), Check Point Firewalls, Blue Coat Proxies.
• Upgrading code on Palo Alto firewalls PA5050/3020 to meet company security policy
• Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080.
• Utilized application groups, SSL decryption, IPS, antivirus, anti-spyware, URL filtering, NAT, Microsoft VPN, and the Reporting features.
• Working on setup Cisco ASA 5555-X firewall on IPsec VPN, Palo Alto IPsec VPN and Global Protect VPN, and AWS VPN solution.
• Configure all Palo Alto Networks Firewall models and Panorama to manage large scale Firewall deployments
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
• Install and upgrade Bluecoat proxy SG (900, 810 and SG9000 series) and Proxy AV (510,810 and 1400series) Performing firewall optimization using Tufin by removing unused rule, duplicate objects, fully shadowed rules, and disabled rules.
• Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments.
• Troubleshooting access control lists, port securities, server vlans, load balancing and Firewall rules. Creating Virtual IPs on F5 BigIP 6800/3400 series appliance for website.
• Installing the F5 TMOS upgrades/downgrades, Hot-fix installations depending on Business need.
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN, F5 Load Balancer.
• Experience with Tufin Secure Track for Usage report analysis.
• Experience of technologies including: Nexus switches (2k, 5k and 7k).
• Manage third party connections using Cisco ASA Firewalls via CSM.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint NGX, VSX, Provider-1/MDM/MDS, Cisco ASA other security products.

Confidential, Phoenix, AZ

Sr Network Security Engineer

Responsibilities:

• Implementing security Solutions using Palo Alto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
• Worked on Juniper SRX Versions 300, 3400, 3600, 220 implementing new and additional rules on the existing firewalls for a server refresh project.
• Responsible for all Juniper SRX firewalls consisting of SRX 3560, 1400, 550. Using CLI and/or Junos Space Security Director for management. Install, upgrade, troubleshoot, design, etc
• Responsible for Check Point to Palo Alto Migration and Palo Alto, ASA and Checkpoint firewalls configuration and administration across global networks.
• Implemented Check Point to Palo Alto Migration by using Expedition tool
• Implementing security Solutions using Palo Alto Pa-5000/3000.
• Experience in designing and assisting in deploying enterprise wide network security and high availability solutions for Palo Alto and ASA
• Plan and designing of corporate Firewalls architecture by implementing it in distributed Planning environment.
• Provide support for 2Tier and 3Tier firewall architecture, which includes various Checkpoint R80 Gaia, Cisco ASA firewalls and Palo Alto firewalls.
• Configuration of Palo Alto Next-Generation Firewall mainly VSYS per client topology and working on User-ID, App-ID.
• Research, recommend and leverage new features supported by Palo Alto networks, including User-ID, Autofocus and Global protect.
• Analyze and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV) and other security threat data sources.
• Expertise in VPN configuration, routing, NAT, access-list, Security contexts, and failover in ASA firewalls.
• Actively responsible for upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Implemented Site-to-Site VPNs between ASA Firewall and Router
• Established IPSec VPN tunnels between branch offices and headquarter using Palo Alto Firewall
• Maintaining Corporate Firewalls & Analysis of firewall logs.
• Used security groups, network ACL's, internet gateways and route tables to ensure a secure zone for organization in AWS public cloud.
• Used IAM for creating roles, users, groups and also implemented MFA to provide additional security to AWS account and its resources.
• Performed Troubleshooting and monitored routing protocols such OSPF, EIGRP & BGP.
• Configured ACL & NAT through CLI.
• Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 and Cisco 3550/4500/6500 switches in multi VLAN environment.
• Maintenance of the whole network and troubleshooting the network issues for efficient performance.
• SPLUNK SIEM tool: Using SIEM / Syslog (SPLUNK) for troubleshooting purpose including rule tracing, port or protocols analysis and troubleshooting. Creating own dashboard to monitor / generate reports using SPLUNK. Real time troubleshooting using SIEM logs.
• Installed high availability Big IP F5 LTM, GTM and ASM Load balancers to provide uninterrupted service to customers.
• Hands on knowledge/experience on F5 Load balancers, its methods, Implementation and troubleshooting on LTMs and GTMs.
• Used Fire Eye to scan the servers for any vulnerabilities and work with server team to mitigate them.
• Creating Virtual Servers, Nodes, Pools and I Rules on BIG-IP F5 in LTM module.
• Supported Infoblox appliances grid environment for DNS, DHCP and IP Address Management tools (IPv4).
• Managing AD, DHCP, DNS and Print Services for end client for different projects
• Set up Internet, implementing Networking products like Servers, Proxy servers, Switches, Firewalls, Routers.
• Analyze IP data using industry standard tools i.e. Wireshark, SolarWinds.
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems
• Created Documentation by using word Excel, PowerPoint and Visio
• Planning, Designing & Implementing VPN connections using site-to-site VPN’s.
• Maintaining and providing Level 2 and Level 3 technical supports for all network related issues and providing the requirements of the customer by interacting with the customer on daily basis via email and phone.
• Responsible for managing and configuring Layer 2 and layer 3 devices for customer’s network.
• Configuring and troubleshooting QOS, Vlan, Spanning Tree, VTP, HSRP and Trunking.
• Making configuration change recommendation for routers, switches and firewalls.
• Managing and working with VPNs within the organization and to third-party entities.
• Performing an analysis of source host and destination path by tracing it through the network router and switches as well as the firewalls it passes.
• Attending the managerial and Technical meetings to discuss the current progress of the project.

Confidential, Bloomington, IL

Senior Network Admin - Security

Responsibilities:

• Worked on change request, incident tickets and service request by using service now tool
• Deployed Tunnels (GRE, DMVPN), IPsec VPN in the customer environment.
• Managed Checkpoint, ASA firewall, Palo Alto, Cisco Switches, Cloud Proxy (Zscaler), IDS, IPS as part of operation.
• Improved company process and the turnaround time for each ticket.
• Handled escalation, resolved issues by engaging with Vendor TAC within agrees SLA.
• Created Data-filtering profiles in Palo Alto devices which helps to prevent sensitive information. Firewall Policy provisioning on Palo Alto devices using Web UI as well as PANORAMA. Provided day-to-day operational support for all firewall and VPN platforms including Checkpoint and Palo Alto firewalls.
• Performed upgrades on Palo Alto OS devices in High Availability pair. Firewall OS upgrades and Maintenance of OS up maintain dates as part of addressing Vulnerabilities on Firewalls. Configured rules and Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Configured and maintained the HP Switches with OS Upgrades and routing protocols (OSPF, BGP). Used Cisco Prime Infrastructure for troubleshooting and managing wireless networks.
• Involved in configuration of Access lists (ACL) on checkpoints firewall for the proper network routing for B2B network connectivity. Designed security policies on Palo Alto network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements.
• Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system. Involved in designing GRE tunnels for encryption of data flow from source to destination. Installing and configuring TACACS/RADIUS, Performed ISSU to upgrade to the core Nexus 7k switches.
• Creating guest users and providing access to limited services by providing limitations with cisco ISE, Performed IOS upgrades on various catalyst series switches and maintained latest IOS versions according to company's policy.
• Good automation experience using programming languages like Python and Shell scripting. Excellent knowledge in Routing, Switching, Firewall and Gateway technologies, system design, wireless design, data network design, capacity management and network growth.
• Deployed the Cisco 3500 Access Points using Cisco Wireless controllers 5500 and 2500 and WCS System. we need to Auto roll back if there is a failure in the new image versions when RP is not reachable. If there is a software failure it will be automatically switching over to the old version. Standby will reset and load new software/firmware
• Configured EBGP load balancing and ensured stability of BGP peering interfaces. Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps.
• Installation, Maintenance, Troubleshooting Local and Wide Areas Network by using ISDN, Frame relay, DDR, NAT, DHCP, and TCP/IP. Practical experience in Active directory, OU, DNS, DHCP, Group policy, Replication, Active directory domain trust relationship. Created new DHCP scopes and reserved DNS entries for IPs using Infoblox
• Configured BGP over MPLS links and redistribution between EIGRP and BGP routes over multiple MPLS providers. Configured EBGP load balancing and ensured stability of BGP peering interfaces. Configured Nexus 7010 including NX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer links. Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.

Confidential

Network Engineer

Responsibilities:

• Troubleshooting and resolution of incidents, working to critical SLA’s.
• Joining conference calls to solve the issue with the customer
• Deployed and configured new Cisco devices on the Customers network.
• Changes done on switches for creating new VLAN’s and adding subnets.
• Configured IPsec VPN tunnels between 2 customers site.
• Configuration & management of around 2500 + Security Devices which includes Checkpoint, Cisco PIX (OS 6.x, 7.x), Nokia
• Firewalls (IPSO products), FWSM, ASA, Cisco IDS, Cisco VPN Concentrator, Cisco ASA, ArcSight (ESM), Cisco switches, F5 LTM & GTM.
• DDOS detection, mitigation and prevention using Cisco Guards and Arbor Peak flow
• Raising vendor fault tickets, managing the replacement and return of failed devices with hardware suppliers inaccordance with SLA. Utilizing escalations matrices where required.
• Working to predefined SLAs & KPIs
• Maintaining accurate logs via ticketing system (Remedy)
• Configured Cisco ASA firewalls in Single and Multiple Context Mode firewalls. Upgrade of Cisco ASA Firewall in Active/Standby mode.
• Cisco ASA Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• Configured ASA 5510 appliance as a Firewall and as a VPN server. Troubleshoot TCP/IP problems; troubleshoot connectivity issues.
• Cisco ASA Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
• Coordinated with higher-level support and external vendors for resolution.
• Experience in Designing and assisting in deploying enterprise wide Network Security and High Availability Solutions for ASA.
• Installed, configured and managed Cisco routers such as 3700 series and Cisco Catalyst switch series 4500, 3500, and 2900.
• Experience in working with load balancer for converting CSS to ACE.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control.
• Experience in working with LTM and GTM for scaling and securing DNS infrastructure during high volumes.
• Installation and maintenance of Cisco Layer 3 switches 3750, 4500X, 6500 and Cisco 3550/4500/6500 switches in multi VLAN environment.
• Included network services such as DNS, email, web, Servers, VPN and Firewall.