SUMMARY:

• Certified CCNA consultant with 5 years of experience in Network configuration and Management and Palo Alto Ace Certified.
• In depth understanding about TCP/IP and OSI models.
• Having hands - on experience on switches like CAT 9000, 6500, 4500 and like Cisco 3600 series and 3700 series.
• Experience with Configuration, Testing and troubleshooting of Switches with VLAN, STP, and VTP.
• Configuring and Troubleshooting Route Redistribution between RIP, EIGRP OSPF & BGP protocols.
• Extensive knowledge in different networking protocols DHCP, DNS, FTP, VOIP (SIP, H.323, MGCP), Quality of Service (QOS).
• Implementation of HSRP, VRRP and GLBP for Default Gateway Redundancy.
• In-depth knowledge in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Hands-on deployment, tuning, and troubleshooting experience, ideally with Palo Alto Networks, Check Point, Juniper, or Cisco security product suites.
• Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration.
• Configure and implement Network Infrastructure monitoring, alerting, backups, and system management solutions built on Linux Firewall and ACL security implementations.
• Hands-on experience in Planning of Corporate Firewalls architecture and implementing in distributed environment i.e. configuring & troubleshooting - Checkpoint, Cisco ASA and Palo Alto Firewall.
• Cisco ASA Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 80 firewalls.
• Advanced Knowledge in site-to-site IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Responsible for configuring and implementing network, firewall andsecurity solutions (IDS/IPS) usingPaloAltonetworks.
• Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark, Splunk, PRTG and Bluecoat Proxy.
• Processing application load balancer requests using F5 LTM, GTM and NetScaler load balancers.
• Knowledge in AAA related technology like Cisco Identity Services Engine (ISE), Cisco ACS.
• Extensive understanding of the Application Security Module (ASM) technology.

TECHNICAL SKILLS:

Routing and Switching protocols: OSPF, DNS, HDLC, PPP, MPLS, EIGRP, BGP, RIP, PPPoE, Static and Dynamic Routing, LAN switching, Ethernet, DHCP, LAN/WAN, SMTP, FTP, VLAN, Inter VLAN, 802.1q TrunkingNetworking Tools

Soloar Wind: Telecom technologies

Topologies: Networking Hardware

Port: Network Configuration

Protocol: BGP, EIGRP, OSPF, Access Control Lists (ACL), Network Address Translation (NAT), Cisco Discovery Protocol (CDP), Port Address Translation (PAT)

Firewalls: Palo Alto, Juniper SRX, Cisco Asa, Fortinet

Load Balancers: F5 LTM GTM and NetScaler

PROFESSIONAL EXPERIENCE:-

Confidential, NY

Network Security Engineer

Responsibilities:

• Worked as a Security Engineer in Firewall Migrations to help create a migration path from one vendor specific firewall to the other.
• Responsible to evaluate, test, configure, propose and implement network, firewall andsecurity solution withPaloAltonetworks.
• Configured Palo Alto Firewall Clusters in Active/Passive mode for High-Availability. Thorough knowledge on the Active/Active HA mode for complex infrastructure.
• Migrated multiple Cisco ASA 5580/5520 firewalls to Palo Alto 5060/500 firewalls.
• Configuration ofCiscoIdentifyServicesengine(ISE) and 802.1X to enable the creation and enforcement of security and access policy(ACL) of End users to company network.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting. Perform advanced troubleshooting using Packet tracer and TCPdump on firewalls.
• Managed VPN, IPsec, Endpoint security, status policy, Application control, IPS, Monitoring, Anti-Spam, Smart Provisioning, DLP using Palo Alto.
• Helped secure the Network from the “WannaCrypt” and “WannaCry” ransomware attacks by enforcing and deploying IPS signatures ( ) and anti-malware signatures for the SMB vulnerability exploit.
• Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
• Performing Vulnerability scans across the Assets, Web Application Scanning for PCI compliance, running Reports and sharing with Compliance team for remediation of Vulnerabilitiesand performing firewall policy Audits.
• Configured and maintained Secure Shell (SSH) on routers using RSA.
• Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
• Worked on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA 5500(5510/5540) Series.
• Planning, Designing & Implementing VPN connections using Checkpoint, ASA, Cisco PIX, and Cisco Routers using site-to-site VPN’s.
• Processing application load balancer requests using F5 LTM, GTM and NetScaler load balancers.
• Provided administration and support on Bluecoat Proxy for content filtering.
• Editing and Changing Palo Alto Polices and Monitoring threats on firewalls according to the latest versions.
• Addressing Vulnerability exceptions and false positives reported by Audits and fix the audits to stop reporting false values.

Technologies: Cisco ISE, TCPdump, Wireshark, Palo Alto Firewalls, Checkpoint, Cisco ASA, F5 LTM and GTM, NetScaler, Bluecoat Proxy, IPS signatures, Cisco PIX (506E/515E/525), ASA 5500(5510/5540), RSA, SSH, VPN, HA, Data Loss prevention, RAPID 7, Migration tool V3.3

Confidential, OH

Jr. Network Security Engineer

Responsibilities:

• Installed, configured and maintained of Cisco 7206/3660/3640/2600/2500 series routers
• LAN/WAN hardware including Cisco Switches, switches panel’s installation, configuration and troubleshooting.
• Performed switching technology administration including VLANs, inter-VLAN routing, Trucking, STP, RSTP, port aggregation & link negotiation.
• Worked with network services like DNS, DHCP, DDNS, IP4, IP6, IPSec, VPN etc.,
• Involved in Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Expertise in Cisco ASA 5525 firewalls with ACL security in a multi-VLAN environment.
• Implement and configured firewall rules in Checkpoint Gaia R77.20, R75, R70, VSX and Palo Alto Pa-500, Pa- 3000 series.
• Performed multiple firewall changes on the PIX, ASA, and Palo Alto firewall based on the requirements and monitored firewall changes usingfiremonTool.
• Involved in importing the ASA rules to Palo Alto Networks Firewall rules using migration tool.
• Administered IDS / IPS to maximize network security, pushing and updating policies, and analyzing traffic.
• Worked extensively in configuring, Monitoring and Troubleshooting Check Point R77.XXSecurity appliance, Failover DMZ zoning & configuring VLANs / Routing / NATing with the firewalls as per the design.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Configuring and troubleshooting of Palo Alto, Juniper NetScreen & SRX Firewalls and their implementation.
• ImplementRemote AccessSSL VPN based solution (Cisco AnyConnect) onCisco ASA firewalls and also, helped in preparing for a SSL VPN migration from cisco to Palo Alto Firewalls.
• ImplementGlobalProtectSSL/IPSec VPN based solution onPaloAltoPA-3000 series firewalls.
• Review and optimize firewall rules usingTufin SecureTrack and run firewall audit reports. Streamlined firewall and network equipment preparation for remote sites from a multi-week process to a few hours using Tufin SecureTrack and SecureChange.
• Performing Vulnerability scans across the Assets, Web Application Scanning for PCI compliance, running Reports and sharing with Compliance team for remediation of Vulnerabilitiesusing Rapid 7.
• Monitored various hardware and software firewall attributes through SNMP polling to PRTG. Created a dashboard on PRTG for NOC to look into and monitor these attributes 24x7.
• Review network change settings to make sure access interface settings and appropriate uplink to help QoS and VoIP.
• Created, deployed and managed BigIP F5 load balancer nodes and pools.
• Using iRules for host header configurations.
• Worked with MPLS to improvequality of service(QoS) by defining LSPs that can meet specificservice level agreements (SLAs) on trafficlatency,jitter, packet loss anddowntime.
• Involved in software development and testing using C language on Linux and Unix Platforms.
• Extensively worked on virtual F5 LTM and GTM module on VMware for application testing.
• ExpandDataLossPrevention(DLP) program to include all the high-risk applications, protocols, platforms, and devices.Optimize DLP rules to increase identification of sensitivedataand reduce overalldataexposure.
• Participated in testing the internal network infrastructure in the new building, troubleshooting and remediating any issues.

Technologies: Cisco 7206/3660/3640/2600/2500, LAN/WAN, STP, RSTP, DNS, DHCP, DDNS, IP4, IP6, IPSec, VPN, BGP, OSPF, EIGRP, Cisco ASA 5525, FireMon, Tufin, PA (3000, 500), Cisco ASA, Juniper Netscreen and SRX, SSL VPN, QoS, VoIP, Big IP F5 load balancer, SLA, DLP, F5 LTM and GTM, Migration tool, NAT

Confidential

Network Engineer

Responsibilities:

• Installed and configured Cisco Catalyst 3550, 3750, 4500, and 6509 switches.
• Hands on experience with Cisco based L2/L3 Ethernet Switches and Routers.
• Maintained redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
• Configured IT LAN/WAN elements and held responsibility of maintaining and monitoring performance of network.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree for creating Access/distribution and core layer switching architecture.
• Executed BPDU Guard, port-fast, uplink fast and other spanning tree features on various layer 2 and layer 3 switches.
• Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP and IPv4.
• Implemented ISL and 802.1Q for communicating through VTP.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Experience with all F5 BIGIP Platforms running LTM and GTM 9.x - 11.x, from planning greenfield installations to conducting platform upgrades to an existing install base of the F5s.
• Resolving issues reported due to changes made on network devices by backing up all configurations and rolling back configurations using Solar Winds.
• Configured static NAT, dynamic NAT, dynamic NAT overloading.
• Troubleshoot and resolved dynamic routing, Ethernet switching and host connectivity issues in a window and network environment.
• Troubleshooted TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.

Technologies: Cisco Catalyst 3550, 3750, 4500, and 6509, LAN/WAN, VLAN, L2/L3, MP-BGP, OSPF, LDP, EIGRP, RIP, BGP and IPv4, IPSEC, NAT (Static, Dynamic), TCP/IP, VPN, ISL