SUMMARY

• Almost 9 years of professional experience in Network engineering with Cisco Certified Network Engineer, performing Network analysis, Implementing, capacity planning with a focus on performance tuning and support of large Networks.
• Implemented firewalls using Cisco ASA, Cisco PIX, CheckPoint R77 Gaia, R75, VSX, Cluster XL, Provider - 1 /MDM, NGX R65, Firewall-1/VPN-1 NGX R65 Gateways, Secure Platform.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewall Smart Domain Manager command line & GUI, Cisco ASA
• Implemented and Configured Palo Alto Networks Firewall models and centralized management system to manage large scale firewall deployments.
• Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Extensive working knowledge of Cisco ASA 5500 series firewalls, and Palo Alto Firewalls.
• Knowledge of JUNOS platform and worked with code upgrade of Juniper devices.
• Working experience with ACL and NAT techniques on firewalls such as Cisco PIX, Cisco ASA Appliance.
• Managed the upgrades of Cisco WAAS, AP’s, WIPS and Switches.
• Have experience on different network tools like Tufin, Firemon, Algosec, Splunk, IBK Qradar SIEM, ASDM, CSM, Panorama, Juniper NSM, Service Now, Remedy ticketing Systems, Solarwinds and checkpoint Smartlog.
• Helped the customers resolve various issues in the Palo Alto firewalls including related to syslog servers, RADIUS, LDAP, user-IDs, High-Availability issues Dynamic Updates like Anti-virus.
• Advanced knowledge in Cisco ASA 5500 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS, Securityrisk analysis, attack mitigation & penetration tests based on LPT methodology.
• Working knowledge and experience supporting ITIL/ Project management.
• Implementing security policies using Cryptography, ACL, SDM, PIX Firewall, IPsec, VPN, and AAA Security on different series of routers.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls (SRX240, SRX550).
• Expertise in installing, configuring and troubleshooting Juniper Routers ( E,J,M and T-series)
• Extensive work experience with Cisco Routers, Cisco Switches, Load Balancers and Firewalls.
• Dealt with Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems using Infoblox.
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 SONET POS OCX / GigE circuits, Firewalls
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• ConfigureVRRP & GLBP andVLANTrunking802.1Q & ISL, STP, Port Security on Catalyst 6500 switches.
• Configured and did the troubleshooting in Security policies, NATs, QoS, Policy based forwarding, Application-Override, Dos Protection, Static routes, OSPF and BGP.
• Experience in working with Cisco Nexus 5k, 7k series Switches and Virtual Port Channel configuration.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Experienced working on network monitoring and analysis tools like, Ix Chariot Pro, SOLAR WINDS, CISCO works and RIVER BED and Wireshark.
• Enterprise Routing experience using protocols ISIS, RIP v1 & 2, EIGRP,OSPF and BGP
• Experience with different Network Management Tools and Sniffers like Wireshark (ethereal), HP-Open view, RSA envision, and Cisco works to support 24 x 7 Network Operation Center.
• Experience with F5 load balancers andCiscoload balancers (CSM, ACE and GSS).
• Hands on experience with Cisco 5500 series wireless controllers and cisco access points.
• 802.11 wireless handheld device experience, familiar with migration from Cisco to Avaya and Polycom phones
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyses results and implement and delivering solutions as an individual and as part of a team.

PROFESSIONAL EXPERIENCE

Confidential

Sr. Network Security Engineer - Lead

Responsibilities:

• Deploying and configuring Checkpoint R77 Gaia and Cisco 5540 firewalls in the datacenter environment.
• Configure and implemented firewall rules in Checkpoint, CISCO ASA, CISCO PIX Firewalls and implemented site to site VPNs using Checkpoint firewalls to third party sites.
• Technical Team lead working on deployments of Cisco 3945, ISR 4351 and stacks of 3850 switches.
• Configuration, Testing, Planning, Design of Cisco routers, Cisco Catalyst 2900,3570 and 6500 switches and Cisco AirNet and wireless appliances.
• Configuring and Implementing Security rules as per the business needs in Checkpoint R77 Gaia, R75.40, Provider-1/MDM/MDS, VSX, Palo Alto, Panorama, Cisco ASA and PIX firewalls.
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management
• Proficient in IKEv1 and IKEv2 IPSec site-to-site VPN tunnel creation and troubleshooting, remote-access (client-to-site) IPSec and Any Connect SSL VPNs and integration with RADIUS or LDAP servers for 2 factor authentication.
• Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR
• Experience with converting Cisco 6500 IOS to Cisco Nexus NX-OS in the data center environment.
• Responsible for the global design, engineering, and level 1/2/3 support of existing ofnetwork technologies services and the integration of newnetworktechnologies/services.
• Conducted site surveys and performed site survey documentation of AIG sites for US, EMEA and APJAC sites.
• Troubleshooting company LANs, WANs, and wireless networks, including UCS servers, routers, switches, UPSs, and other hardware.
• Configured and deployment of routing protocols OSPF, EIGRP & BGP over Cisco Routers in Production environment.
• Worked on Layer 2 Switching and Cisco Nexus 5k, 7k switches and did implementation on multiple sites, specifically Cisco 6509, 6513, 3750, 3850 and 4510 switches for LAN requirements that include managing VLANs, Port Security and troubleshooting LAN issues.
• Performing troubleshooting on VPN connectivity issues, slow network connectivity issues, identifying the root Cause of the issues.
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
• Creating dedicated VLANs for Voice & Data with QOS for prioritizing VOICE over DATA
• Deployment of Ixia xr2000 network monitoring probes around 45 sites. Managed IXIA Hawkeye server and conducted load testing for the new sites using Spirent.
• Troubleshooting issues related to Layer 1/2/3 skills like switching / routing, WAN/Hardware and critical network links by coordinating with the vendor.
• Performed LAN operations and troubleshooting which involves working on VLANs, inter-VLAN routing, Trunking, STP, RSTP, port aggregation & link negotiation.
• Worked on Cisco Firewall ASA 5500(5510/5540) Series. Performed Security operations in terms of pushing new policies and deploying new rules.
• Worked with enterprise level Wi-Fi configuration, troubleshooting, IP routing, protocols and topologies
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
• Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.
• Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Experience in Configuring, upgrading and verifying the NX-OS operation system
• Configuring and adding, moving, removing of various cisco, Avaya and Polycom IP phones
• Working knowledge about SFP and worked with various ISP for circuit turn ups
• Configuration of Cisco WLC 5508, cisco AP, upgrading firmware in WLC
• Experienced with strong F5, Viprion Chassis, LTM/GTM and DNS.
• Worked with different ISP globally for any WAN circuit and BGP routing issues. Opening up cases for CE Routers, Riverbed optimizer issues
• Worked on the structure fiber cabling, WAN circuits, network hardware, racks elevation, IDF/MDF layouts, power, server expansion details, Cisco access points, Motorola WIPS, conducted Ekahau wireless sites surveys and network diagrams for existing 25 plus AIG sites.
• Worked with Capacity management on network bandwidth utilization reporting of the sites WAN link and vendor co-ordination for new site turnovers / WAN links.

Confidential, Austin, TX

Security Engineer

Responsibilities:

• Responsible for Check Point, Cisco ASA and Palo Alto firewalls configuration and administration across global networks.
• Responsible for firewall rule set migration from Cisco ASA to newly implemented Palo Alto.
• Configured and managed security policies using Checkpoint smart dashboard in Provider-1 environment.
• Successfully installed Palo Alto PA-3050, PA-5050 firewalls to secure zones of network.
• Install and maintain Palo Alto firewall configuration to protect cardholder data for payment card industry (PCI).
• Managed and configured all Palo Alto PA 3000 series, PA 5000 series, PA 7000 series firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Implementing and configuring Checkpoint VSX for security gateways.
• Configured and maintained IPSEC, SSL Decryption, high availability, port mirroring, SSL VPN's on Palo Alto Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Centrally managed all Palo Alto firewall using Palo Alto Panorama M-100 management server.
• Researched, designed, and replaced aging with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Working on cross-platform Firewall migration: Juniper SSG to Palo Alto and Juniper SSG to Cisco ASA.
• Configure Palo Alto firewall for wild fire feature of Palo Alto.
• Actively use smart view tracker, and Checkpoint CLI for troubleshooting.
• Build complete new datacenter environment having 4500-x VSS, NEXUS 5576 & 2248 VPC FEX.
• Firewall Policy Optimization using third party tool Tufin.
• Responsible for design and administration of network switches (Cisco), routers (Cisco), and firewalls (Palo Alto and Cisco ASA).
• Worked on Nexus platform7018, 5K series (5548, 5020 and 5010) and FEX (2248, and 2232) and deployed VPC, VDC and OTV and successfully implemented VSS on the Cisco switches.
• Responsible for setup and configuration of Site to Site VPN's, and remote access VPN's using Cisco ASA solutions (ASA 5505 and 5520).
• Working experience with virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Created and configured management report and dashboards using Splunk.
• ITIL Based Service Delivery and Management
• Performed upgrade process for CiscoISEsoftware from version 1.0.4 to 1.1 ADE-OS, patch management and data backup management.
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Installed high availability Big IP F5LTM and GTM load balancersto provide uninterrupted service to customers.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
• Management of Infoblox DNS IPAM for Microsoft DNS/DHCP setup and management.
• Management of Infoblox Grid Manager to manage DNS Forward and Revers Lookup Zones.

Confidential, Durham, NC

Network Security Engineer

Responsibilities:

• Maintaining all the security devices of multiple clients of Confidential America and maintain 99.9% uptime.
• Configure and implement security solutions for various clients as per their requirements in Checkpoint R75, R65, Provider-1, Palo Alto firewalls, Panorama, Cisco ASA 5540, ASDM, PIX 535 firewalls.
• Built Site-to-Site VPN, Remote access VPN, Any connect VPN for different clients.
• Troubleshoot firewall issues and solve them using packet capture mechanisms like TCPDUMP, FW monitor, zdebug, Wireshark, capture and smart view tracker.
• Support complete firewall lifecycle like Change management, Configure management, Incident and response management.
• Deliver complex network security solutions in support of customer billable projects on time and meet business and technical requirements.
• Used Firemon firewall optimization tool, Wireshark and Splunk to analyze logs and perform root cause analysis of critical issues.
• Strong experience in configuring Checkpoint SPLAT, IPSO, Gaia-OS Platforms.
• Worked on migration of Cisco PIX to Cisco ASA firewalls.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Configured Juniper SRX and SSG firewalls using NSM and via CLI.
• Adding zone based rules in Juniper SRX and netscreen SSG firewalls as per client requirements.
• Research attempted or successful efforts to compromise systems security and design countermeasures.
• Maintain hardware, software and network firewalls and encryption protocols.
• Manage security policies to control physical and virtual access to systems.
• Provide information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.

Confidential

Network Administrator

Responsibilities:

• Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1 / VPN-1 / Cisco PIX / Secure VPN / Secure IDS)
• Implementation, support and administration of multiple security products running CheckPoint R70, R65 and Provider-1
• Migration with both Checkpoint and Cisco ASA VPN experience
• Experience with convert PIX rules over to the Cisco ASA solution.
• Configuring failover for redundancy purposes for the security devices. Implemented the Stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features
• Using SmartUpdate, User Management and Authentication in Checkpoint Firewall
• Worked on configuring, managing and supporting Checkpoint VSX firewalls.
• Regularly performed firewall audits around CheckPoint Firewall-1 solutions.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Implemented and troubleshooting the Virtual firewalls / multiple context solutions in ASA.
• Technologies supported include dial up connections, ISDN, frame relay, T1/E1, ATM, MPLS, HSRP, NAT, Quality of Service, Voice over IP, WLAN, Redistribution
• Implemented Fast Ether Channels between switches to increase backbone bandwidth
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard

Confidential

Network Engineer

Responsibilities:

• Connected switches using trunk links and Ether Channel.
• Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
• Implemented redundant Load balancing technique with Internet applications for switches and routers.
• Support Network Technicians as they require training & support for problem resolution including performing diagnostics, & configuring network devices
• Used Network Monitoring tool to manage, monitor and troubleshoot the network.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Responsible for network evaluations, troubleshooting a variety of network problems, and implementing various software and hardware upgrades efficient performance.
• Troubleshoot Cisco hardware: Inspected devices, Read device LEDs, loose connections, cards, dirty devices, interior IOS upgrade, switch configuration usage of Visual Switch Manager, switch port configuration, port monitoring. Watch over Flooding Control/Network port.
• Designed IP addressing schemes, VLAN’s, subnetting and trunking to meet requirements.
• Setup Access list and configured Firewall.
• Designed and implemented IT security policies and networked backup systems.
• Documented and maintained technical diagrams, documented logical and physical topology, and other IT procedures.
• Reviewed, approved, procured various IT hardware and software products to fulfill strategic and operational needs of various departments.