SUMMARY

• 6+ years of Experience in Checkpoint firewalls, Palo Alto Firewalls, Juniper Firewalls, McAfee Forcepoint, Cisco WSA/CWS, Cisco ASA, SSL VPN, Cisco Nexus, Bluecoat Proxy configurations, Cisco ACS, Cisco ISE, IPS, and Microsoft TMG.
• System Administration and with technical expertise in specializing in Cisco Environment in Data Centers, LAN / WAN Security, managing the complete system admin and technical support functions.
• Experience working on SIEM tools - HP Arcsight products like Arcsight Express, ESM, Logger, Connector, ArcMC (Arcsight Management Center).
• Demonstrated abilities in large enterprise wide network design, implementation as well as administration support and network integration.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Palo Alto Firewalls, Checkpoint Firewall R75 up to R77 version, VPN.
• Advanced Cisco Router, Switch, Firewall, VPN Concentrator, Clean Access, Wireless AP experience.
• Advanced configuration of Cisco 2500/2600/4000/7000/12008/2900/3750/6509.
• Advanced troubleshooting of data circuits such ATM, SMDS, T1, Frame Relay, ISDN circuits.
• Has Experience working in Enterprise Data Centers with 50 + Firewalls.
• Checkpoint IP Appliances and SPLAT & Cisco ASA Firewalls.
• Proven success managing multiple Information Security Systems.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R75 up to R77 version, Secure Platform Installation including, VPN.
• Advanced knowledge in Design, Installation and configuration of CheckPoint Provider Environment.
• Advanced knowledge in design, installation and configuration of Firewall ISG 1000/2000, SSG series and NSM Administration.
• Drafted and installed Checkpoint Firewall rules and policies.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Experience working on Check Point vSEC for VMware NSX in a Software-Defined Data Center (SDDC).
• Working knowledge of Symantec Endpoint Protection, Upgrading packages, installing policies, cleaning the hosts and updating the ticket.
• Advanced knowledge in configuration and installation of IOS security features and IPS.
• Advanced knowledge in Cisco Switches and Routers Configurations.
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
• Advanced Knowledge in IPsec VPN design connection and protocols, IPsec tunnel configuration, encryption and integrity protocols.
• Demonstrated skills managing and analyzing servers, databases and security within a data center environment.
• Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration.
• Configuration of VTP, VLANs, UDLD, BGP, OSPF, EIGRP, IGRP, RIP, MPLS, DLSw, GRE Routing, Troubleshooting, Monitoring and Maintenance.
• Comprehensive understanding of networking concepts pertaining to LAN and WAN, Information security, IT communication and maintenance in multi-platform environments.
• Familiar with Network virtualization concepts with VMware NSX.
• Experience in managing a team and the resources during Server Infrastructure migrations and platform upgrades.
• Excellent communication and presentation skills and a good team player, Extensive experience in working at 24x7 Support.
• Adapts to new systems and environments quickly, takes ownership of all duties, meeting management skills, Good work ethics, Group and individual based problem solving and decision making abilities.

TECHNICAL SKILLS

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS, SIEM

Hardware: Dell, HP, CISCO, IBM, SUN, CheckPoint, SonicWall, Barracuda Appliances, SOPHOS email appliances, Arcsight ESM, Arcsight Express, Logger, Connector, Bluecoat Proxy

Operating Systems: Windows, NT, MS-DOS, Linux, Microsoft Windows 2008 R 2/ 2008/20 NOS family, Microsoft Active directory 2008/2003/2000 VMware ESX/ESXi server, Cisco ISO, RHEL 7.0

Application Servers: DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010 , Microsoft SharePoint 2007/2010, HP iLO

Firewalls: CheckPoint, vSEC, VMware NSX, ISA 2004/2006/ ASA 5585/5520, FWSM, Palo Alto /Checkpoint 4200/Nokia IP-560, Cisco PIX 535/525, McAfee Forcepoint

Routing/Routers: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing, Cisco Routers ASR 06 / 06 / 51 / 2600

Infrastructure Hardware: IBM, HP, Compaq, Dell desktops\laptops\servers, Cabling, Network printers, IP KVM Switches, Cisco Routers & Switches, 802.11x Wireless gateways, Access Points, Network UPS, Storage Area Network, NAS, iSCSI SAN

Switching: VLAN, VTP, STP, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Protocols: TCP/IP, L2TP, PPTP, IPsec, IKE, SSL, SSH, UDP, DHCP, DNS

VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500

Security Tools: Wireshark, MBSA, MS Visio, Apache, VMWare ESXi 3.5, VMware Server, Encase, Symantec Endpoint Protection

PROFESSIONAL EXPERIENCE

Confidential, RI

Responsibilities:

• Worked on SEIM HP Arcight products including ESM, Express, Loggers and Connectors.
• Performed data migration on Arcishght Express, ESM, Loggers and Connector appliances.
• Installed and Configured six Arcsight Express 6.5 boxes from scratch using RHEL 7.1 OS on HP iLO.
• Deployed manager, logger and http web as a service on Arcsight Express appliances.
• Migrated data from old Arcsight Express appliance to all the new Express appliances.
• Create packages on the console, exported them and imported/installed on the new appliances.
• Troubleshooted the dependency errors in the SIEM packages, added the fix and installed them to the appropriate Arcsight Express appliance.
• Configured Arcisght ESM appliance from scratch using CLI commands.
• Imported CA signed certificates on the appliances using keytool gui.
• Worked on FIM (File Integrity Monitoring) on Arcsight Express, created correlation rules, added filters, created reports that ran daily/weekly.
• Troubleshooted case customization issue on the Arcsight Express appliance, updated the case-ui.xml and other property files on the appliance.
• Performed data migration from logger to logger, connector to connector.
• Created storage groups on the logger, managed the storage size to migrate data from 8 loggers to 4 loggers.
• Forwarded SIEM events from logger to ESM by providing ESM destinations on the connectors.

Confidential, Boston, MA

Information / Network Security Engineer

Responsibilities:

• Implemented identity based access management using Checkpoint vSEC and VMware NSX in a cloud environment.
• Installed vSEC controller into Checkpoint management server to make it SDDC aware.
• Deployed gateways in VMware NSX, registered the service and established a communication between Checkpoint vSEC and NSX.
• Defined data center objects to connect NSX with vSEC controller to operate it on management server.
• Installed hotfixes and licenses using Smart Update to keep checkpoint products updated and working.
• Configured VMware NSX to redirect the traffic to Checkpoint vSEC.
• Created security groups in AWS and replicated them in the NSX.
• Replicated AWS security groups using service composer and added the security groups to the DFW rule base.
• Segregated the NSX security groups based on the user based access control.
• Imported the NSX security groups in vSEC management server to control the user access using checkpoint firewall policies.
• Used Identity Awareness Checkpoint blade to achieve identity management in Checkpoint vSEC.
• Troubleshooting the Identity Awareness issues using pep and pdp commands
• Monitored logs using Smart Log and Smart View Tacker to find issues in the system.
• Created AD groups in Active Directory and fetched them in the vSEC management server.
• Defined rule base to control the access to the internal networks and other sensitive areas.
• Also worked on the checkpoint firewalls to secure the internal networks with the highly secure rule base.
• Troubleshooting random disconnect issues from the virtual desktops using Clish.
• Maintained connectivity between AWS cloud applications and virtual desktops with highly secure techniques.
• Allowed a secure communication between AWS SAS application and VDI clients to make sure the clients using virtual desktops get access to AWS server.
• Created OPSEC application to establish connectivity with Checkpoint support.
• Managed and maintained McAfee Forcepoint firewalls with new policies and updates.
• Worked on IPsec and defined VPN rules to establish a secure VPN tunnel in the system using IKE (Internet Key Exchange).
• Worked on Symantec Endpoint protection to keep employee workstations secure and updated.
• Installed packages on Windows, Linux and Mac clients and upgraded them in a silent install with maintenance window.
• Generate reports of Virus Definition, Site Health and clean the infected clients if encountered in the report.

Confidential, Philadelphia, PA

Network/ Security Engineer

Responsibilities:

• Designing and implementing new Firewalls requirements for Customers such as Cisco PIX, ASA, Checkpoint UTM, FortiGate and Juniper SSG and SRX Firewalls.
• Configuring and maintaining the firewall, analyzing the firewall syslog and performing rules reconciliations and capacity planning in every quarter year using Algosec.
• Configuring Site to Site IPsec VPN and RA VPN for the Customers' requirements.
• Worked on NSX - Networking and Security Virtualization Product.
• Implemented VXLAN and configured with VCNS and NSX platform.
• Worked with VMware NSX with deployment of greenfield environment and managing and troubleshooting issues with NSX.
• Submit website review to Bluecoat if a particular URL is not categorized correctly.
• Updated Local production database of Bluecoat manually if it failed to update by self.
• Blacklisted & Whitelisted URL's in Visual policy manager of Bluecoat Proxy appliance.
• Designed and Implemented Multi-VC support with Primary and Secondary NSX.
• Worked on Check Point vSEC with Vmware NSX to protect network traffic in a VMware deployed data center.
• Implemented East West multi-layer threat prevention between the virtual machines and hypervisors using vSEC.
• Involved in modeling of Primary, secondary and tertiary structure for the vSEC fixed platform using PDMS design.
• Reviewing the Change request plans created by L1 and L2 administrators.
• Analyzing Checkpoint IPS syslog and closing the vulnerabilities in the network.
• Performing Vulnerability Analysis test for Firewalls and other network devices and providing the closures for vulnerabilities.
• Designing and implementing Wireless network in the Campus for both internal and project requirements. Configuring and Maintaining Cisco Wireless LAN controllers, Access points and Airtight Sensors and SpectaGuard.
• Analyzing and closing the Vulnerabilities found in the Wireless using Airtight SpectaGuard.
• Configured and Maintaining Cisco ACS 1121 Appliance running with 5.3 for Network devices access and Guest WIFI solution.
• Have configured and implemented Checkpoint VSX (Virtual Firewall solution) in the campus.
• All Firewall and Wireless devices backup has been automated using Shell Scripting and also automated change request expiry alert in the firewall rules.
• Implemented Guest WIFI solution using Web-authentication method and Cisco ACS.

Confidential, Houston, TX

Security Engineer

Responsibilities:

• Worked as a systems engineer to implement vendor projects using multiple firewalls like checkpoint security firewall, Juniper and PaloAlto.
• Troubleshooting the projects by providing support.
• Attending remote support to client testing of projects, upgrading firewalls.
• Installing new policies of the firewall, configuring it and protecting it.
• Configured VPNs like SSL, IPsec, Site to Site VPNs, VPN configuration in AAA and routing in ASA.
• Worked on various network monitoring tools like Wireshark and logging monitoring traffic to monitor the ongoing data packets.
• Also implemented the L3 and L2 security.
• Manage Cisco ASA & Checkpoint Firewalls as per users change management forms.
• Monitoring Cisco ASA, Checkpoint Firewalls, WAN Links on (WhatsUp Gold)
• Submit all security devices reports on daily & weekly basis respectively.
• Backup of all security devices.
• Make the log reports for various attacks detail on network from IBM's Site Protector software.
• Worked on VCNS to configure Virtual Firewall, Edge technologies (NAT, SSL VPN, Site to Site VPN, Load balancers), Endpoint.
• Worked on VXLAN and configured with VCNS and NSX platform.
• Perform new firewall installations, configurations and their troubleshooting.
• Build site to site tunnels on Cisco ASA, Checkpoint R65 firewalls, Palo Alto firewalls, remote to site VPN on Cisco ASAs and DMVPN on the Cisco Routers, configured Avaya IP phones.
• Provide daily administration and management of the Cisco Identity Service Engine, the Cisco WLC 5500 wireless system and the global 802.1x wired/wireless environment.
• Architect, implement, support and document ISE and wireless environments; audit the existing installation and make recommendation for improvements; provide support of general wireless issues; monitoring and administration of global ISE and WLC deployment.
• Perform business continuity plans, vulnerability Assessment of firewalls, routers and switches, rules reconciliation and log analysis of the firewalls. Perform security audits.
• Work on the devices like Cisco routers (2600 series), Firewalls ASA (5505, 5510, 5520), PIX, Checkpoint (R55, R65, UTM Edge N), Juniper (Junos SRX 210 and NetScreen SSG 140), L2 (2950, 2960, 3750) and L3 switches (6509E, Nexus 7k), Nexus 5k and 2k, Cisco NAC Servers, Cisco Access Points (Aironet), Airtight Sensors, Airtight WIPS Server, Cisco Wireless Controller, Avaya IP Phones. Configured all the network devices like Access Switches (2960 in stacking), Core Switches (Cisco 6509-E in VSS), Routers (Cisco 2900), Firewalls (ASA 5555-x in A/A mode), (ASA 5545-x in A/S mode) and Cisco Nexus 5K and 2K switches for datacenter.

Confidential, NY

Firewall Administrator

Responsibilities:

• Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
• Firewall Policy administration and work with user requests submitted by users. Use HP Service Manager Ticketing System for change and incident management.
• Work actively on Fortinet UTM firewall administration using FortiManager
• Cisco ASA Firewall configuration and troubleshooting.
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Perform advanced troubleshooting using Packet tracer and TCPDump on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Firewall Policy Optimization
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Backup and restore of checkpoint Firewall policies.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Review Firewall rule conflicts, unused rules and misconfigurations and clean up.
• Checkpoint firewall policy administration and support between various zones.
• Upgraded and converted 6 HA CheckPoint SPLAT pairs to PaloAlto.
• Architected and designed were on the network to place (multiple) IDS, FireEye and DLP devices.
• Implemented the SPAN ports to facilitate the various network device traffic captures.
• VPN User access management on Check point firewalls.
• Part of migrating the entire store Cisco ACL's to Fortinet UTM devices.
• Build and support Site to Site IPsec based VPN Tunnels
• Work on Cisco based Routing and Switching environment with Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
• Hardened Cisco routers and switches.
• Manage LAN & WAN and BlueCoat proxy servers.

Confidential

Systems Administrator/ Support Admin

Responsibilities:

• Systems Administrator builds and support.
• Managed network engineers for in house development and support of production IT environment.
• Provided all data and network security. Designed and built all remote office connectivity.
• Worked closely with database developers to build and assist with database servers.
• Designed and built front end solutions for most major database manufacturers
• Responsible for supporting all hardware and software engineers.
• Performing all Microsoft and Linux server builds for cooperate network and labs.
• Build and maintain all WAN connectivity for remote offices with a global Checkpoint firewall infrastructure.
• Support all sales staff worldwide for remote connectivity.
• Maintain all Cisco switches and routers for maximum uptime.