SUMMARY

• Cisco Certified Network Engineer with almost 8 years of professional experience in Network security engineering, performing Network analysis, design, Implementing, capacity planning with focus on performance tuning and support of large Networks.
• Experience in Cisco Routing, Switching and Security with strong Cisco hardware/software experiences with Cisco Routers such as 1900, 2900, 3900, Cisco ASR - 1k/9k, Cisco Multilayer Switches 4500, 6500, Cisco Nexus 2k/5k/7k/9k and Juniper: M320, MX80, MX480, MX960 and EX4200, EX8200 switches.
• Implemented firewalls using Cisco ASA, Cisco PIX, CheckPoint Provider-1 /SiteManager-1 NGX R65, Firewall-1/VPN-1 NGX R65 Gateways, Secure Platforms.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewall Smart Domain Manager command line & GUI, Cisco ASA
• Implemented and Configured Palo Alto Networks Firewall models and centralized management system to manage large scale firewall deployments.
• Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Adding websites to blocked list on the bluecoat proxies based upon business requirements.
• Seasoned professional in Checkpoint firewall policy administration and support between various zones
• Hands on Experience with blocking of IP's on Checkpoint which are suspicious
• Experience in Checkpoint IP Appliances R65, R70, R75, R77 & Cisco ASA Firewalls
• Migration with both Checkpoint and Cisco ASA VPN (Checkpoint R75.30 to Gaia R77.30 GA version)
• Worked on migration from legacy PIX to new Cisco ASA appliances
• Proficient in configuration of routing protocols like RIP, IGRP, EIGRP, OSPF multiple areas and BGP.
• Involved in designing L2VPN services and encryption system and other VPN with IPSEC based services.
• Expertise in IP subnetting and worked on various designing and allocation various classes of IP address to the domain
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• Good knowledge and experience in Installation, Configuration and Administration of Windows, HTTP, FTP, DNS, NTP, DHCP servers under various LAN and WAN environments
• Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
• Access Control Server configuration for RADIUS & TACACS+.
• Have experience on different network tools like Tufin, Firemon, Algosec, Splunk, IBK Qradara SIEM, ASDM, CSM, Panorama, Juniper NSM, Service Now, Remedy ticketing Systems, Solarwinds and checkpoint Smartlog.
• Ability to Install, Manage & Troubleshoot Large Networks & Systems Administration on Windows & Linux platforms in Development, Staging, Lab & Production Environments.
• Strong Experience in using various tools for management, analyzing, and troubleshooting, monitoring & process automation in Lab & Production environment.
• Highly valuable Project Management and Operations Planning skills.

PROFESSIONAL EXPERIENCE

Confidential, Pittsburgh, PA

Network Engineer Consultant

Responsibilities:

• Configuring and Implementing Security rules as per the business needs in Checkpoint R77 Gaia, R75.40, Provider-1/MDM/MDS, VSX, Palo Alto, Panorama, Cisco ASA and PIX firewalls.
• Work with business to find out what devices needs to be migrated and create new set of rules in appropriate environments.
• Working on day to day firewall management activities like looking into troubleshooting tickets and firewall rule change requests.
• Deleted unused Checkpoint policies, unused gateway objects, and unused VPN communities to clean up the Checkpoint firewall environment.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Checking firewall logs in checkpoint smart view tracker and doing packet capture in command line during troubleshooting via TCPDUMP, FW monitor and Zdebug drop commands.
• Experience configuring VPC, VDC and ISSU software upgrade in Nexus 7010.
• Extensive working knowledge in BGP, OSPF, EIGRP, RIP, IS-IS, HSRP, L2/3 VPNs in IOS, IOS XE, and IOS XR platforms.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocol
• ConfiguredJuniperMX480s, EX8200s, EX4500s, EX4200s, and SRX5800s from scratch to match design.
• Possess a good experience working with the Trouble Tickets on F5 Load balancers.
• Managing enterprise BGP setup by configuring and troubleshooting BGP related issues. Responsible for adding new BGP peers for remote branch offices and business partners.
• Involved in Configuring and implementing of Composite Network models consists of Cisco7600, 7200, 3800 series and ASR 9k, GSR 12K routers and Cisco 2950, 3500, 5000, 6500 Series switches.
• Configured networks using routing protocols such as OSPF, BGP and manipulated routing updates using route-map, distribute list and administrative distance for on-demand infrastructure.
• Working on the firewall rule optimization tool called Tufin to generate reports for usage reports along with Splunk for traffic analysis.
• Configured BIG IP (F5) Load balancers and also monitored the Packet Flow in the Load balancers.
• Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.
• Administration of ASA firewalls in the DMZ and FWSM in the Server Farm to provide security and controlled/restricted access.

Confidential, Chicago, IL

Network Security Consultant

Responsibilities:

• Configuring, administering and troubleshooting the Check Point, Palo Alto, Cisco ASA and juniper Firewall.
• Implementation and support of firewalls in the environment including policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Perform Firewall upgrades with minimum or no downtime.
• Work in a Checkpoint VSX environment with Virtual firewalls.
• Configure High Availability Checkpoint Cluster XL on VSX as well as perform Upgrades
• Experience working in Provider-1 Environment with Multiple CMA's and dozens of gateways.
• Optimizing Firewall Policy, grouping objects, verify NAT and clean-up of unused firewall rules.
• Building of New Check Point Security Gateways and performing in place upgrades.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Work with Site to Site VPN including building new tunnels as well as support existing tunnels.
• Use Provier-1 /Multi Domain Security MDS platform with several hundreds of gateways administered through group of CMA's / Smart Centers.
• Use both Automatic and Manual NAT on Check Point Security Gateway and troubleshoot NAT.
• Use Tools such as Tufin for Firewall Policy optimization and rule base Clean up.
• Work with Cisco ASA Firewalls as well as Fortinet FortiGate Appliances.
• Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Backup and restore of checkpoint Firewall policies.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Installing Jun OS upgrade package on SRX devices and also Upgrading the SRX cluster with minimal downtown.
• Implementing the High Availability both Active/Passive and Active/Active using NSRP in Juniper firewalls.
• Migrating the juniper ISG firewalls form L2 mode to L3 mode and also implementing the active/passive configuration using NSRP.
• Configure NAT in Juniper SRX platforms using Jun OS based on the zones.
• Configure and troubleshoot Remote Access VPN using Juniper SA VPN / MAG appliance for Vendor access and also for all employee corporate Access.

Confidential

Sr.Network Engineer

Responsibilities:

• Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPSec/GRE to Get VPN.
• Primary responsibility is to design and deploy various network security & High Availability products like Juniper other security products
• Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
• Firewall Policy administration and work with user requests submitted by users. Use HP Service Manager Ticketing System for change and incident management.
• Cisco ASA Firewall configuration and troubleshooting.
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Perform advanced troubleshooting using Packet tracer and TCPDump on firewalls.
• Performed firewall optimization using Firemon optimization tool.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Troubleshoot and hands on experience on security related issues on Cisco ASA/PIX, Checkpoint, IDS/IPS, Palo Alto and Juniper Net screen firewalls.
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Backup and restore of checkpoint Firewall policies.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Review Firewall rule conflicts, unused rules and misconfigurations and clean up.
• Checkpoint firewall policy administration and support between various zones.
• Upgraded and converted 6 HA CheckPoint SPLAT pairs to PaloAlto.
• Architected and designed were on the network to place (multiple) IDS, FireEye and DLP devices.
• Implemented the SPAN ports to facilitate the various network device traffic captures.
• VPN User access management on Check point firewalls.
• Build and support Site to Site IPsec based VPN Tunnels
• Work on Cisco based Routing and Switching environment with Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
• Manage LAN & WAN and BlueCoat proxy servers.

Environment: Cisco 3750 switches and Cisco 3825 Routers, Juniper SRX 240,JUNOS, J-Series 4350 Routers, Checkpoint 12400, Palo Alto 5060, GAIA,RIP, OSPF, VPN

Confidential

Network Engineer

Responsibilities:

• Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches to perform functions at the Access, Distribution, and Core layers.
• Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248.
• Designing and installing new branch network systems. Resolving network issues, running test scripts and preparing network documentation.
• Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
• Ensuring problems are satisfactorily resolved in a timely manner with focus in providing high level of support for all customers.
• Working with wireless technologies troubleshooting and configuration.
• Working with BGP, OSPF protocols in MPLS Cloud.
• Establishing VPN Tunnels using IPSec encryption standards and also configuring and implementing site-to-site VPN, Remote VPN.
• Work with Engineering on Server Farm refresh project on consolidation and increasing the bandwidth on Server Access silos.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configure BGP features such as as-override, Local pre, EBGP load sharing on client connections
• Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers.
• Working with Juniper JUNOS on M and MX series routers.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
• Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
• Configuring GLBP, VLAN Trunking 802.1Q, STP, Port security on Catalyst 6500 switches.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Configuring, Monitoring and Troubleshooting Cisco’s ASA 5500 security appliance, Failover DMZ zoning and configuring VLANs/routing/NATing with the firewalls as per the design.
• Providing Level 3 support to customers, resolving issues by attending to conference calls.
• Configuring BGP, MPLS in Cisco IOS XR.
• Configuring multiple route reflectors within a cluster.
• Working on HP open view map for Network Management System and Ticketing.
• Working on a broad range of topics such as routing and switching, dedicated voice access, planning and implementation, large-scale high-visibility outages, change management coordination, proactive monitoring and maintenance, disaster recovery exercise and core network repairs.
• Involved in L2/L3 Switching technology administration including creating and maintaining VLANs, Port security, Trunking, STP, Inter VLAN Routing, LAN security.
• Working on security levels with RADIUS, TACACS+.

Confidential

Network Engineer

Responsibilities:

• Implemented ISL and 802.1Q for communicating through VTP.
• Working with Client teams to find out requirements for their Network Requirements.
• Designing solutions for frozen requirements using Cisco Routers and Switches.
• Other responsibilities included documentation and support other teams.
• Performed RIP, OSPF, BGP EIGRP routing protocol administration.
• Installed wireless access points (WAP) at various locations in the company.
• Maintained redundancy on Cisco 2600, 2800 and 3600 router with HSRP.
• Migration of RIP V2 to OSPF, BGP routing protocols.
• Deploying the network infrastructure to meet the requirements
• Created VLAN and Inter-vlan routing with Multilayer Switching.
• Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, and etc)
• Providing technical consultancy for better application response using QoS
• Monitor performance of network and servers to identify potential problems and bottleneck.
• Real time monitoring and network management using Cisco Works LMS.
• Provided technical support on hardware and software related issues to remote production sites.

Environment: Cisco Routers:2500, 3640, 7200, 7900 series Routers. Cisco Switches:2900, 3550, 4000.