SUMMARY

• Computer Networking Cisco Certified Engineer with 7 plus years of experience in network design, implementation, troubleshooting and management of large - scale enterprise networks. Demonstrated history of delivering systems with excellent protection against internal and external threats, without undue costs or diminished usability
• Enterprise experience and knowledge on latest products of Checkpoint R80.10, R77.30 Gaia, R75, Provide-1, VSX, Cluster XL, Cisco ASA, Palo Alto and Juniper SRX/SSG firewalls.
• Installed and configured Palo Alto firewalls PA-500, PA-800, PA-3000 PA-5020, on a complex environment.
• Configured High availability, User ID on Palo Alto firewall. Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools. Demonstrated experience in developing, implementing, auditing Checkpoint firewall (R77.30) configurations and analyzing, optimizing rule sets.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Palo Alto rules. Extensive experience with Check Point and CISCO Security Firewall Configurations and network configurations, Strong TCP/IP understanding. Knowledge of debugging Check Point Firewall.
• Experience in implementing redundant L2 stretch network using VXLAN BGP EVPN using a collapsed spine-leaf architecture
• Extensive experience in designing and implementing LAN solutions utilizing Cisco Nexus and Catalyst series switches, ASR & ISR routers and AnyConnect/OpenVPN remote connectivity
• Extensive experience with routing protocols BGP, OSPF, EIGRP and make it highly efficient and reliable
• Implement High-Availability from VDC and VSS, implement protocols from OSPF, IS-IS, BGP, GRE, NAT, VRF/Routing Instances and work with layer 2 best practices from a Data Center perspective using vPC, Fabric Patch and VPLS/OTV, Multihop FCOE, and FCIP
• Complete basic configurations on the F5 Big-IP LTMs and GTM load balancer on existing network to split traffic on web-servers. Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Lab & Production Environments.
• Expertise with Installation, configuration and troubleshooting of Cisco Routers (ASR 9K, NSX 5K, Meraki MX84, CISCO ISR 1K, 7600, 3800, 2800, 2600, 1800 series). and Juniper Routers (MX, PTX, T4000-series)
• Expertise with Installation, configuration and maintenance of Cisco Switches (6500,3560, 2960, 1900 series); Nexus 2000, 9000 series switches while implementing advanced features like VDC, VPC, OTV and Fabric Path and Juniper EX Switches (4300, 4550, 9200), QFX Switches (5100,5200,10000), OCX1100 series.
• Good knowledge in implementation of network access control (NAC) related rules on Palo Alto NGFW, Cisco ASA 55xx series, CheckPoint, FortiGate FW’s and Juniper SRX FW’s.
• Experience in working Infoblox appliances for DDI solutions and performed device upgrades and replacements
• Mastered network monitoring using tools like NetScout, Graylog, Cisco Prime Infrastructure, Wireshark, Solar winds, Cisco ISE for troubleshooting network issues.
• Deployed multihomed BGP solutions across several ISPs for redundant Internet/WAN connectivity and performed used BGP attributes to redirect traffic as needed.
• Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional.
• Willing to work hard for the success of the company, a determination to see things through in the face of unexpected setbacks and a desire to learn.

PROFESSIONAL EXPERIENCE

Confidential, Indianapolis, IN

Network Security Engineer

Responsibilities:

• Configuring rules and Maintaining Palo alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.
• Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
• Configured systems log on the Palo Alto firewall and moved the logs to Splunk.
• Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Responsible for Palo alto and Cisco ASA firewall administration across our global networks Maintenance and configuration of Cisco ASR1000 series
• Installing and configuring new Cisco equipment including Cisco catalyst switches 9300, Nexus 7010, Nexus 5548 and Nexus 9k as per the requirement of the Organization.
• Experience with F5 load balancers and Cisco load balancers (CSM, ACE, and GSS).
• Configuring and managing F5 ASM (Application security manager). Developed security policies.
• Work with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers
• Thorough understanding and Experience in F5 concepts which include Virtual servers, Pools, Health monitors, SSL Profiles, Persistence profiles, Load balancing methods, HA pair, iRules.
• Perform configuration changes on Checkpoint R77 Gaia, R80.10, Cisco ASA and Palo Alto on a large-scale environment.
• Experience in risk analysis, security policy, rules creation and modification of Check Point Firewall Provider-1, R77.30 Gaia and R80.10.
• Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA-7000(7050, 7060), PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls.
• Change and Incident Management using HP Service Manager. Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
• Responsible for installation, configuration of Checkpoint 12400, 12600, 21400 Appliances.
• Very good experience in Palo alto APP-ID, User-ID, and Security profiles like Ant-virus, Anti-Spyware and Wildfire.
• Migration of firewall rules from Cisco ASA, Checkpoint to Palo Alto firewalls using PAN migration tool
• Administering and supporting Juniper SRX and SSG firewalls using cli, NSM and/or Junos Space.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Executed changes on various Firewalls, proxies and scripts over entire network infrastructure using Service Now ticketing tool.
• Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama. Provides updates and upgrades to the Palo Alto Firewall and Panorama devices.
• Converting Checkpoint VPN rules over to the Cisco ASA solution and migrating with both Checkpoint and Cisco ASA VPN.
• Implemented Site-to-Site VPNs between ASA Firewall and third-party vendor management devices.
• Performing packet captures using TCPDUMP, fw monitor, Snoop, Wireshark and other network monitoring tools.
• Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker)
• Implementing the Access list on day-to-day basis as per customer's Develop and maintain standard operating procedures, processes and guidelines for firewall operations, support and maintenance.
• Create and manage multi-national Checkpoint firewalls on a secure platform in a complex DMZ environment.
• Configure and maintain IPSEC VPN, Proxy and SSL; included advance networking and TCP/IP.
• Implement and maintain firewall rule migration, URL filtering, DLP, and rules cleanup.
• Working in Tufin secure change - firewall optimization tool to implement rules and Tufin Secure track to optimize the policies.
• Push firewall rules to live production environments during maintenance windows and open bridge conference call for testers to call in to test and troubleshoot.
• Investigate security incidents and recommend actions needed to resolve vulnerability issues.
• Perform peer review of work plans for standard changes as requested.
• Responsible for implement and configure managed Nexus switches.
• Experience of technologies including: Nexus switches (2k, 5k, 7k, 9k), and A10 load balancers.
• Perform internal / external vulnerability and Penetration tests to assess the level of exposure and risk to client. Reports are created and shared with Sr. Security Management. Utilize many open sources as well a commercial tool, such as Nmap, Nessus, Qualys, Metasploit, Qradar and other tools
• Configure Bluecoat proxies using bluecoat director for content and URL filtering.
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include routing protocols EIGRP, BGP and OSPF.
• Raised RMAs (Return Merchandize Authorization) to replace the problematic Checkpoint and new items were racked and stacked in the data center

Confidential, Weehawken, New jersey

Network Security Engineer

Responsibilities:

• Configuring rules and maintaining Palo Alto Firewall & Analysis of firewall logs.
• Monitored, reported and Explore Sessions, App-scope and Application Command Center (ACC)
• Configured, Report and managed wildfire for PAN.
• Configuring VPN solutions using Palo Alto Global Protect for new B2B connections.
• Troubleshooting application issues with various network packet captures and examining the data flow by observing the TCP, UDP, HTTP, HTTPS etc., communications over LAN/WAN
• Successfully installed Palo Alto PA 3000/PA 5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Implemented VPC best practices to configure high availability across the access layer Nexus 5K-2K switches
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall. Executed changes on various Firewalls proxies and scripts over entire network infrastructure using Service Now ticketing tool
• Setup Cisco ISE server in a distributed redundant deployment mode for secure login to remote network equipment using TACACS + and RADIUS
• Extensive experience with the Palo Alto Panorama management console. Packet analysis with Wireshark. Configuration of Palo Alto firewalls, access policies, Application & URL filtering, Security Profiles, Global Protect VPN, Data filtering and file blocking
• Continuously monitor the network infrastructure for any vulnerabilities in software and hardware, resolve as per product vendor recommendations and industry best practices
• Extensive experience with the Palo Alto Panorama management console. Packet analysis with Wireshark. Configuration of Palo Alto firewalls, access policies, Application & URL filtering, Security Profiles, Global Protect VPN, Data filtering and file blocking.
• Worked on implementing the redundant internet connection for the company with multiple ISP's across different data centers
• Replaced aging Cisco ASA with new next generation Palo Alto appliances using migration tool.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500. Implemented and troubleshooting the Virtual firewalls solutions in ASA.
• Performing URL and Content filtering using Bluecoat SG proxies and also do packet capture, checking access logs during troubleshooting proxy issues.
• Deploying site to site IPsec VPN, managing Certificate Authority server for PKI based authentications, Configuring Remote Access IPSEC VPN using cisco VPN client.
• Configuring IPSEC VPN (Site-Site to Remote Access), Negotiated VPN tunnels using IPSEC encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
• Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments. Worked on F5 GTM, configuring Wide IPs and pools to load balance the client traffic between the two datacenters.
• Change management (System Configuration & Rule base, Signature Updating, Fine-tuning) and change request approval for firewall administration.
• Performing firewall optimization using Firemon by removing unused rule.
• Servers that assign and manage IP addresses from specified address pools using Infoblox.
• Worked on implementation of Check Point Nokia advanced features such as VRRP for high availability.
• Identify, troubleshoot, and resolve LAN/WAN network problems (DNS, DHCP, TCP/IP and a variety of hardware and other networking issues).

Confidential, Richardson, TX

Network Security Engineer

Responsibilities:

• Implement and configured firewall rules in Checkpoint Gaia R77.20, R77.30, VSX and Palo Alto Pa-5k, Pa- 3k series, panorama, APP-ID, User-ID, Wildfire and Paloalto Anti-virus.
• Managing Firewall products - Checkpoint Appliance Gateways, Provider-1, and Cluster XL and VSX environment. (R77.10 and 77.20) and ASA environments.
• Upgraded to latest Checkpoint R80 version from R77.30.
• Configure and implemented firewall rules in Checkpoint, cisco ASA Firewalls and implemented site to site VPNs using cisco firewalls to third party sites.
• Used PCI auditing system to test for any exposed vulnerability and reviewed and filed exceptions for all potential vulnerabilities
• Used Tufin firewall optimization tool, Wireshark and Splunk to analyze logs and perform root cause analysis of critical issues
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management.
• Stay updated and educate/share enterprise network security strategy, solutions, and ongoing technology refresh and enhancements
• Assist in vulnerability assessment and planning by using tools like Nexpose.
• Analyze firewall rules to categorize / prioritize the rules and recommend remediation action plans based on Client’s Application types and Domain Boundary environment.
• Constantly work on various changes and technical designs of large-scale Checkpoint firewall environment, including MLM, CLM, CMA, MDS components, gateways and Palo Alto firewall environment, Panorama, Global Protect and heavy app-ID utilization
• Operate on different firewall technologies, including hardware refresh, software testing, software upgrades, and complex troubleshooting techniques
• Experience with Checkpoint and Palo Alto firewalls, including advanced rule base design, rule base optimization, global/shared objects, and DDoS protection measures (IPS)
• Examine the SIEM events using WildFire threat analysis, data filter logging, etc. and create custom reports based on the needs and schedule to share them with others in the organization.
• Implement protection measures against Distributed Denial of Service (DDoS) on network security devices.
• Work with other teams to understand and troubleshoot issues encountered in SIEM/Nitro.
• Utilize the in-depth knowledge of Interior Gateway Routing protocols (e.g., OSPF, EIGRP), Border Gateway Protocol (BGP) configuration, BGP peering, BGP route advertisements, prefix-lists and route-maps
• Extensive knowledge and work experience with several teams involved in web application security controls using MFAs and SSOs
• Work on projects collaborating different engineers supporting multi-tiered application traffic flow, server load balancing, global load balancing, and routing.
• Analyze firewall rules to identify shadows rules and recommend best course of action to reduce shadowed rules
• Analyzing Firewall logs and troubleshoot any connection issues with internet-based banking applications and systems
• Review Client’s server / systems configuration & make recommendations on migration to Cloud services.
• Packet Capturing and Analysis using different tools like (Wireshark, Ethereal)
• Implemented Scrutinizer NetFlow monitoring to track internet usage across the global WAN.
• Upgrading data network equipment to latest stable firmware releases
• Extensive knowledge in implementing and configuring F5 Big-IP LTM 3900, and 6900 Load balancers
• Experience with moving data center from one location to another location, from 6500 based data center to Nexus based data center
• Performing troubleshooting on slow network connectivity issues, routing issues involves EIGRP, BGP and identifying the root cause of the issues

Confidential

Network Support Engineer-2

Responsibilities:

• Review, consolidate, optimize and translate firewall rules and configurations for high availability firewall clusters from a cisco PIX platform to Cisco ASA platform and Juniper Net screen Firewalls. Cisco ASA firewall upgrade. Rules Cleanup, optimization and consolidation.
• Work and co-ordinate with engineers for upgrading and replacing old pix firewalls on specific cutover dates.
• Documentation of all rules using spreadsheet and Visio for Network diagrams.
• Co-ordinate with engineers in international site locations (India, China, Philippines, Singapore) for firewall migration/optimization.
• Support, update, tune and troubleshoot Campus Network of Cisco 2900, 5500 and 6500 Switches. VPN (GRE/Site-to-site) tunnel & Failover testing before cutover dates.
• Team member for new installation of Cisco 6509 Distribution Gigabit Switches including setup, debug, configurations, load and distance testing.
• Provide and update detailed documentation of network using Visio Pro.
• Planning and configuring the proposed connectivity model approved by the client.
• Configuring the router in accordance to the router present at the customer location.
• Configuring VLAN and enabling IP routing in order to allow restricted connections from some resources.
• Building and configuring VPN tunnel over IPsec and Creating a rule on the checkpoint firewall for a NAT (used ACLs to block unauthorized users) to the VLAN IP and allowing the IPsec traffic. Installing and monitoring web proxy - bluecoat & ISA server
• Adding routes whenever there is a new requirement of accessing the client servers.
• Monitoring servers like domain controllers, exchange servers and connectivity.
• Responsible for client PCs troubleshooting and network connectivity.
• Troubleshooting problems pertaining to Performance Tuning, Network Administration and Application Conflicts.
• Installing, configuring and maintaining Application Software & Hardware.
• Configuration of Cisco routers 3700 series, 3800 series, 7200 series, 7600 series and Cisco Catalyst series switches 2960, 3750, 3560, 6500 at central and remote locations.
• Assigned and configured IP VRF (Cisco) forwarding for customer usage of the MPLS network.
• Involved in the implementation of VRF module. VRF which adds the IP capability to DSLAM. VRF takes care of IP related configurations namely VRFs, interfaces, IP addresses, and routes. Managing and Working with IPSEC tunnels, LAN to LAN VPN implementations.
• Configuring and troubleshooting routing issues related to protocols like RIP, OSPF, BGP.