SUMMARY

• Highly motivated, result oriented Engineer with 7+ years of experience in Network & Security Implementation; Proficient in installing, upgrading, troubleshooting, configuring, and supporting variety of Network & Security Devices.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
• Experience in Implementing Check Point Firewalls R75, R77
• Worked on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA - 5500 and 5505
• Experience in Configuring Checkpoint Clusters with Nokia and GAIA OS
• Check Point Enterprise Firewall and End-Point Infrastructure Design and Deployment in large, branch office networks
• Global Provider-1 Deployment and Smart Centre consolidation
• Hands-on configuration and operational experience working on Juniper (SSG&ISG), SRX, Checkpoint Firewalls (Nat policies, VPN Configurations, policies) in both standalone and HA mode
• Security experience in deploying VPN Solutions like IPSec (site-site and client-site) & SSL VPN implemented across multiple vendors
• Experience in authentication protocols PAP, CHAP, 802.1x and Port Security and Configuring Security policies including NAT, PAT, VPN (DMVPN, GRE), Route-maps, prefix lists and Access Control Lists
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP etc.
• Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls
• Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 3700 series, 6500 series)
• Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800)
• Knowledge on Nexus 7000, Nexus 5000 and Nexus 2000 switches
• Expertise in maintaining stable STP topology using protocols such as Port fast, BPDU guard, root guard and UDLD
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Good knowledge about spoofing attacks and mitigating them using DHCP snooping, IP source guard
• Experience in implementing and troubleshooting layer 2 technologies such as VLAN Trunks, VTP, and Ether channel, STP, RSTP and MST. Implementation of HSRP, VRRP for Default Gateway Redundancy
• Worked with Bluecoat proxy servers and Administration.
• Knowledge of virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
• Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM
• Experience working on network monitoring tools like, SOLAR WINDS, CISCO works, Wireshark and splunk
• Highly motivated with the ability to work independently or as an integral part of a team and Committed to highest levels of professional

TECHNICAL SKILLS

Protocols: RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, 802.11/802.11 e.

LAN Technologies: HSRP, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Technologies: Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, Metro Ethernet.

Network Products: CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Router 3600, 3800, 7200, 12010. CISCO Switches 1900, 2950, 2960. CISCO Campus Switches 3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507.

Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, FWSM, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, RSA Secure ID, SRX,SSG series firewalls.

Monitoring Tools: Wire shark, Nmap, Nessus, OpManager, PRTG Packet Sniffer

Scripting Language: C, Perl, HTML

Firewalls: Palo Alto PA-500, PA-2k, PA-3k & PA-5k series, Checkpoint Provider-1 R65/R70/R75/R77 & Cisco ASA

PROFESSIONAL EXPERIENCE

Confidential, Kansas City, MO

Network & Security Firewall Engineer

Responsibilities:

• Firewall Policy administration and work with user requests submitted by users.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Configured and setting up DMVPN, GRE based VPN on Cisco-IOS based router.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Build Site to Site IPSec based VPN Tunnels between various client and business partner sites
• Manage over 40 checkpoint Firewalls split through multiple CMA's and administer using provider-1.
• Administer and support Juniper Firewalls Using NSM ( NetScreen and ISG firewalls).
• Administering multiple Firewall of Juniper / NetScreen, in a managed distributed environment. Fulfilling routine change requests of Net Screen OS Firewall and resolving trouble tickets, maintain and monitoring firewalls.
• Knowledge of Juniper environment including SRX/Junos Space.
• Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Implementing and configuring Checkpoint VSX for security gateways.
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Firewall Policy Optimization using third party tool Tufin
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Review Firewall rule conflicts, unused rules and miss-configurations and clean up.
• Checkpoint firewall policy administration and support between various zones.
• Modify and implement ACL changes on Client routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS.
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Support Client Migration Project involving physical re-locations and DR testing involving various Client locations.
• Working experience with virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques
• Supporting more than 100 Site to Site IPSec based VPN Tunnels for all B2B and 3rd party communications.
• Work on Cisco based Routing and Switching environment with MST and Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
• ITIL Based Incident, Change and Problem management.

Confidential, Phoenix, AZ

Network Security Consultant

Responsibilities:

• Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA Secure ID.
• Change and Incident Management using Confidential Service Manager. Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
• Firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
• Configuration and support of Juniper Netscreen firewalls.
• Extranet changes to Cisco nexus 6513, 6509 and 7204 series devices including FWSM firewall changes, routing switching changes and Juniper Netscreen based SSL VPN and ISG.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smartview monitor etc.
• Implementation of Checkpoint VSX, including virtual systems, routers and switches.
• Working experience with Web Application Firewall (WAF) rules.
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
• Actively responsible for PIX 7.x/8.x, ASA 8.x and Cisco FWSM 2.x/3.x upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ/ASZ Implementation and Troubleshooting.
• FWSM configurations in single/multiple context with routed and transparent modes.
• Supporting more than 150 Site to Site IPSec based VPN Tunnels for all B2B and 3rd party communications including Federal govt and other Banks/financial institutes.
• Juniper Netscreen ISG firewall implementation as active/passive mode.
• Implement and support Netscreen/Juniper SA 4500 SSL VPN Solution, ISG for DMZ solution.
• Support Data Center Migration Project involving physical re-locations.
• Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (VISIO's) and Records Management.
• ITIL Based Service Delivery and Management.
• Strong working knowledge of Checkpoint VSX virtual firewall.
• Actively work on Projects that involve Product prototyping and design of networks at the data center.
• Support Disaster Recovery for the applications between Primary and DR Data center locations.
• Work on Routing and Switching on the third party segment using Cisco based Routers and switches.

Confidential, Forth Worth, TX

Network Engineer

Responsibilities:

• Monitoring, testing and verifying for any backdoors or loopholes in the running mission.
• Migrated Firewall infrastructure from Check Point R65 to Net screen ISG2000.
• Implement Checkpoint firewall using VPN, VSX technology.
• Implement the firewall rules using Net screen manager (NSM).
• Manage the Net screen SSG550 and ISG1000 and 2000 firewalls with the NSM.
• Design the firewalls changes using various NAT types in Net screen firewalls like, MIP, VIP etc.
• Setup the IPSec VPNs with the third party clients to allow the access to data feeds in the Corporate network
• MPLS Circuits implementation between the different sites.
• Implemented VLAN’s with Spanning tree and HSRP for redundant paths.
• Installed and configured Cisco ASA firewalls.
• Working experience with Cisco nexus 7706, nexus 9300, 9372.
• Planned and implemented various security projects including (Intrusion Detection Systems deployment, network monitoring, and network architecture).
• Implement Cisco Secure Access Control Server (ACS) for TACACS+.
• Implementation of F5 Load balancers.
• Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800 Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations.
• Deploying VPNs (hands-on) to provide remote users with network access connect geographically separated branches into a unified network & enable the remote use of applications that rely on internal servers.
• Worked on Checkpoint Firewall policy provisioning and Checkpoint VSX firewall.
• Involved in Firewall Administration, Rule Analysis, and Rule Modification.
• Troubleshoot traffic passing managed firewalls via logs and packet captures.
• Configured and resolved various OSPF issues in an OSPF multi area environment.
• Layer 2 switching technology architecture, implementation and operations including L2 and L3 switching and related functionality. This includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.
• Worked with Checkpoint FW1 NG, PIX, and Net screen firewalls.

Confidential

Network Executive

Responsibilities:

• Maintenance responsibilities include software & hardware installation & configuration
• Maintaining and creating login credentials, privacy settings and user privileges for the employees in the company.
• Replacement of the older routes and switches, with new routers and switches by configuring set up.
• Assigned a task to set up their LAN. Worked on the entire project from cabling to IP addressing assignment.
• Configured 2600 series routers with OSPF protocol.
• Configured and maintained Cisco 2500, 4000, 7000 and 7500 Series Routers as well as Catalyst 5000 and 5500 Series switches.
• VLAN Configuration to different applications with RSTP, STP, VTP.
• Switching related tasks includes implementing VLANs and configuring ISL trunk on Fast-Ethernet channel between switches.
• Performed troubleshooting tasks on routing and switching an isolated the problem and finding the cause.
• LAN/WAN hardware including Ethernet Hubs, Cisco Switches, switch panel’s installation, configuration and troubleshooting, Frame-Relay configured support.
• Routing related tasks included providing Cisco router configuration and change management, providing technical support for Cisco Router configurations and installation for customer. Configuring IP RIP, EIGRP, OSPF and BGP.
• Redistributing from OSPF to RIP and vice versa by implementing hub and spoke topology with a Frame Relay Switch in between.
• Troubleshoot TCP/IP problems; troubleshoot connectivity issues in multiprotocol Ethernet, Environment.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution.
• Overlapping Address Translation.
• Physical cabling, IP addressing Wide Area Network configurations (Frame-relay)