SUMMARY

• Having 9+ years of experience in the Network Designing, Security and Implementation of Routing, Switching, Firewall technologies and troubleshooting of Complex Network systems.
• Strong hands - on experience in deploying and configuring firewalls like Palo Alto, Checkpoint, and Cisco ASA.
• Experience on Palo Alto NXG Firewall configurations including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL-VPN and Zone Protection.
• Hands on experience in Integrating VMware NSX Palo Alto Firewalls.
• Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
• Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
• Hands on experience in configuring Pre-rules, Post-rules, object groups and templates in Panorama.
• Working experience in creating custom URL filtering profiles and attached them to Security policy rules that allow web access.
• Extensive knowledge in securing networks using Palo Alto, Cisco FirePower, Fortigate Checkpoint and Juniper Firewalls.
• Experience to adding Palo Alto Firewall to current network infrastructure. intergrade Cisco ISE with Cisco Firepower to enable automated remediation
• Knowledge on mitigating various attacks like DOS, DDOS, KILLCHAIN, and ZERO DAY ATTACKS.
• Profound knowledge in Cisco ASA 5000 series installation, configuration and maintenance.
• Configured Firewall-security context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on CISCO firewalls.
• Working experience in deploying Cisco appliance as a firewall, VPN, troubleshooting skills and policy change requests, enabling granular traffic inspection through network segmentation.
• Responsible for configuring and maintaining Check Point firewalls, Cisco firewalls, and F5 Load Balancers.
• Experience in configuring and managing Cisco and F5 Load Balancers to provide reliable distribution of traffic across some servers by creating pools, nodes, and health checks.
• Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
• Monitored firewall traffic through the Checkpoint firewall smart dashboard and smart view tracker and implemented dedicated SMART EVENT server and generated traffic log reports by checkpoint SMART EVENT.
• Configured High Availability links between Checkpoint firewalls (Active/Passive) to prevent a single point of failure on the network.
• Configured Client VPN Technologies such as Cisco’s VPN Client via IPSEC and Global protect from Palo Alto Networks
• Working experience in managing and troubleshooting the core, distribution and access switches.
• Substantial working experience on Cisco Nexus switches (2000, 3000, 5000, and 7000 series) and ASR & ISR Routers.
• Configured and managed Cisco routers and Switches using Cisco Security Device Manager (SDM).
• Profound knowledge of layer 2 protocols such as VTP, STP, RSTP, MST and layer 3 routing protocols like BGP, EIGRP, and OSPF.
• Experience to adding Palo Alto Firewall to current network infrastructure. intergrade Cisco ISE with Cisco Firepower to enable automated remediation.
• Experience in adding Policies in Palo Alto firewall PA-500, PA-3020 using GUI 6.1.
• Working experience on network topologies and configurations.
• Hands-on experience with ACLs, Syslog.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC.
• Depth knowledge in HSRP and VRRP for Redundancy over layer 2, 3 switches.
• Knowledge of TCP/IP suite to solve complex networking issues including IP routing protocols, ACLs, VLANs, and VPNs.
• Working experience on packet analyzer tools like Tcpdump and Wireshark.
• Monitored and Troubleshoot physical and virtual network infrastructure using SIEM tools like Splunk, Qradar.
• Troubleshoot connectivity issues on Cisco ACE, GSS, and CSM balancers.
• Configured role-based access to allow the authorized users to access the servers and network infrastructure.
• Deployed Cisco and Aruba wireless 802.1X infrastructure across the enterprise network.
• Installed and maintained Aruba switches Aruba Wireless AP’s and Aruba Virtual Controllers.
• Technical proficiency with Cisco wireless (AP’s, Controllers, ISE, Prime).
• Worked on INFLOBOX for Network Device Monitoring. Setting up Infoblox for local DNS and DHCP Configurations.
• Proactively used monitoring tools (Netcool Solar Winds trending graphs) to determine production issues

TECHNICAL SKILLS

Network Configuration: Advanced switch/router configuration (Cisco IOS access list, Route redistribution/propagation).

Routing Protocols: RIP, IGRP, EIGRP, OSPF, IS-IS, BGP v4, MP-BGP

Routing/ Switching: Cisco routers (7206 VXR, 4431, 4331, 3945, 3925, 3845, 2901, … 1900, 1800, 800) Cisco catalyst switches (6800, 6509, 6506, 6513, 3750, Catalyst 37xx stack, 3550, 2960, 2800, 1900 series), Cisco CSR 1000V, Cisco ASR 1000, 9000, Cisco Nexus (7000 series 10- slot switch, 5548P, 5548 UP, 2248TP. 2248TP-E, 2232PP), Juniper MX960 VPC, VDC, OTV, AS4.

WAN Protocols: HDLC, PPP

Circuit switched WAN: T1/E1 - T3/E3/OCX (Channelized, Fractional & full).

Packet Switched WAN: ATM, FRAME RELAY

Security Technologies: Cisco FWSM/PIX/ASDM, Checkpoint, Fortinet, F5 Load Balancer, Blue coat proxy server

Cisco Routers: Cisco 3640, Cisco 3600

Redundancy & management: HSRP, VRRP, GLBP, RPR, NSF/NSR, Wireshark, Solarwinds, SNMP, Firemon.

Physical interfaces: Fast Ethernet, Gigabit Ethernet, Serial, HSSI, Sonet (POS)

Layer 2 technology: VLAN, HSRP, VRRP, GLBP, STP, RSTP, PVST+, MST, PVLAN, Optimizing STP (Port Fast, Uplink Fast, Backbone Fast, Root Guard, BPDU Guard)Layer 3 Switching CEF, MLS, Ether channel (PAGP & LACP, Load Balancing)

Switches: Catalyst 6500, 3700, 3500

Operating Systems: Microsoft XP/Vista/7, Windows Servers … MS-Office. Microsoft project server 2013

Programming Language: Perl, Python.

PROFESSIONAL EXPERIENCE

Confidential, Allentown, PA

Sr. Network Security Engineer

Responsibilities:

• Responsible for firewall rule set migration from Cisco ASA to newly implemented Palo Alto.
• Responsible for implementing firewall technologies including general configuration, optimization, security policy, rules creation and modification of Palo Alto Firewalls. Extensive Packet level debugging and troubleshooting on Palo Alto Fire wall.
• Working with Palo Alto firewalls PA3020, PA5020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
• Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
• Working with F5, FortiGate and Radius Authentication Services.
• Engineered new LAN Infrastructure Utilizing Cisco, FortiGate and other managed Network equipment.
• Working on Firewall optimization tools like Tufin secure track and secure change.
• Performed Firewall rule cleanup. Delete unused firewall rules using Tufin secure track.
• Centrally managed all Palo Alto Firewalls using Palo Alto Panorama M-100 management server.
• Implementing brand new Cisco ASA Firewalls with updated Security Policies.
• Help replenish Fortinet Depots (IR/ISO). Perform firewall rule audit and optimization using Algosec.
• Exposure and Experience of IDS/IPS - Cisco Sourcefire, Firepower 4120.
• Implementation, configuration and deployment of Cisco new generation firewall Firepower4120 to support vendor connectivity over IPsec tunnel.
• Inline deployment of Cisco Firepower 4120 appliance including traffic filtering based on risk type and business relevance.
• Controlled leveraged Cisco and checkpoints firewalls infrastructure to secure customer network access.
• Working experience on checkpoints firewalls R61 version.
• Expertise in installation, configuration and administration of Windows and VMware servers on different platforms.
• Maintain customer service relationships with all Fortinet employees.
• Configured Security policies including NAT, PAT, VPN and access control lists.
• Worked with different application team and firewall operation team to support firewall related issues using the Service now ticketing system and Create change request RFC for any production changes.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems. Worked with snipping tools like Ethereal (Wireshark) to analyze the network problems. Hands on Experience working with security issue like applying ACL's, configuring NAT and VPN. Configuring and analyzing ASA firewall logs.

Confidential, Collegeville, PA

Sr. Network Security Engineer

Responsibilities:

• Troubleshoot and Worked with Security issues related to Cisco ASA, Checkpoint and IDS/IPS.
• Assisting in identifying security risks and exposures by participating in security reviews, evaluations, and risk assessments
• Providing expert level research and analysis for planning, organizing, and managing divisional security functions
• Experience with Firewall Administration, Rule Analysis, Rule Modification.
• Installed, configured, and set security policies on cisco and checkpoint firewalls.
• Worked on Extensively on Checkpoint Firewalls (4800/12600/23800 ) & ASA 5500(5510/5540) Series
• Support customer with the configuration and maintenance of security systems.
• Working knowledge of configuring routing protocols such as RIPv2, EIGRP, OSPF and BGP.
• Worked extensively in configuring, Monitoring and Troubleshooting Checkpoint R77.XX and R80.XX security appliance, Failover DMZ zoning & configuring VLANs / Routing / NATing with the firewalls as per the design.
• Worked on implementing cloud instances for checkpoint security gateways.
• Evaluated, designed, tested and implemented AWS IAM polices, KMS policies, bucket policies, roles, access requirements
• Worked closely with AWS support team to review the overall security for cloud environment and VPN traffic between on-premise and in cloud systems.
• Participating in day-to-day information security activities such as questions, problems, exceptions, etc.
• Worked on INFLOBOX for Network Device Monitoring. Setting up Infoblox for local DNS and DHCP Configurations.
• Lead security architect for the FireMon initiative.
• Implementing Security Manager core module for approximately 150 Cisco ASA and Checkpoint firewalls to report into FireMon. Report creation in support of audit. Advise and work with auditors to ensure compliance.
• SME involving FFIEC, NIST, Confidential, PCI/DSS, ISO/IEC 9000, 27001, Cyber Security / baselining operations to meet compliance objectives.
• Monitoring Network infrastructure using SNMP tools HP NNM, Solar-winds.
• Knowledge of F5 Best Practices used iHealth, SSL offloading, Route Domains, GTM Sync Group.
• Installed NSX firewalls in VMware workstation and VSphere.
• Implemented Zone Based Firewalling and Security Rules on the Checkpoint and NSX Firewalls.
• Involved in troubleshooting software, hardware and network problems.
• Cyber Security Service request management to meet SLA’s and provide high levels of service
• Experience in Security information and Event management (SIEM) tools like, ArcSight, and QRadar.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
• Experience with configuring and administering backup solution like BackBox.

Confidential, Herndon, VA

Network Security Engineer

Responsibilities:

• Configuring, Administering and troubleshooting the Palo Alto, ASA firewall.
• Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
• Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies.
• Worked with PA-500, PA-3020, PA-5020, PA-5050 and PA-5060 and PA-7050 to perform the day-to-day operations.
• Deployed Palo Alto firewalls using VMware NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
• Responsible for installation, configuration of Palo Alto using Panorama.
• Performing migration from old network to a new network of millions of users.
• Provide on call support with network operations teams resolving incidents.
• Deployed Paloalto-7000 series device to the production environment, managed them via Panorama.
• Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
• Performed code upgrades on the ASA 5585, 5555 series.
• Worked on Splunk to gather generated logs for the firewalls, to maintain application flow on firewalls.
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user's requirement to getting access for different servers like internal firewalls, DMZ firewalls and Internet firewalls and worked on Splunk for troubleshooting.
• Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
• Migrating NAT rules with counter NATs as per the new IP request
• Participated daily scrum meetings, maintain project flow to meet deadlines.
• Setup Global Protect VPN in the production environment, test and maintain VPN firewalls.
• Created and implemented firewall policy to allow/block services on specific TCP/UDP ports in production firewall.
• Created and run the automation script to push configuration into the firewalls.
• Maintain definitions in bluecoat proxies, with Splunk integration.
• Performed Cisco ASA and Palo - Alto Firewall Code upgrades.
• Creating Perform and fulfill service now request for Port service, create policies and migrate rules to new subnet.
• Troubleshooting and escalation of P1 & P2 incidents includes in day-to-day responsibilities.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls.
• Worked with Panorama 8.1.3 to configure the perimeter Palo alto firewalls.

Confidential, Chicago, IL

Network Security Engineer

Responsibilities:

• Configuring, Administering and troubleshooting the Palo Alto, ASA firewall.
• Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
• Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies.
• Worked with PA-500, PA-3020, PA-5020, PA-5050 and PA-5060 and PA-7050 to perform the day-to-day operations.
• Deployed Palo Alto firewalls using VMware NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
• Responsible for installation, configuration of Palo Alto using Panorama.
• Performing migration from old network to a new network of millions of users.
• Provide on call support with network operations teams resolving incidents.
• Deployed Paloalto-7000 series device to the production environment, managed them via Panorama.
• Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
• Performed code upgrades on the ASA 5585, 5555 series.
• Worked on Splunk to gather generated logs for the firewalls, to maintain application flow on firewalls.
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user's requirement to getting access for different servers like internal firewalls, DMZ firewalls and Internet firewalls and worked on Splunk for troubleshooting.
• Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
• Migrating NAT rules with counter NATs as per the new IP request
• Participated daily scrum meetings, maintain project flow to meet deadlines.
• Setup Global Protect VPN in the production environment, test and maintain VPN firewalls.
• Created and implemented firewall policy to allow/block services on specific TCP/UDP ports in production firewall.
• Created and run the automation script to push configuration into the firewalls.
• Maintain definitions in bluecoat proxies, with Splunk integration.
• Performed Cisco ASA and Palo - Alto Firewall Code upgrades.
• Creating Perform and fulfill service now request for Port service, create policies and migrate rules to new subnet.
• Troubleshooting and escalation of P1 & P2 incidents includes in day-to-day responsibilities.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls.
• Worked with Panorama 8.1.3 to configure the perimeter Palo alto firewalls.

Confidential, Hillsboro, OR

Network Engineer

Responsibilities:

• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
• Installed and configured Cisco 2600, 2800, 3600, 3800 routers and 2950, 3700, 6500 switches.
• Maintained and managed networks running OSPF and BGP routing protocols.
• Configured route redistribution between OSPF and EIGRP in a multi-area OSPF network.
• Daily monitoring of network traffic using sniffers (Wireshark) and access logs to troubleshoot and identify network issues.
• Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Implementing security policy configurations and nodes via Juniper SRX-3400 FW and NetScreen 5500.
• Design and Implementation of F5 GTM based on topology load balancing methods.
• Implemented F5 ASM for Internet Facing LTM virtual servers providing applications layer 7 firewall protection, configuring and managing F5 Web Accelerator module and Application Security Module (ASM) technology or with similar/competing ADC and Security product solutions
• Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
• Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, iRules, and SNATs on the F5 Big IPs using the Web GUI and CLI.
• Planned, designed and executed ground up new multi-domain Active Directory forest including Exchange and migration of employees with zero downtime in the process. This included having a team that executed the migration while business.
• Worked in Primary Environment: SRX220, SRX650, SRX3600 and Checkpoint R77.
• Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V- E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR.
• Interact directly with the Avaya's IT organization to plan, implement and deploy application updates into our corporate production environment.
• Senior platform engineer for the configuration, deployment and migration of the production VM-ware infrastructure from existing Dell platform to UCS blade center.
• Handled SRST and implemented and configured the Gateways, Voice Gateways.
• Configuring HSRP between the 3845 router pairs for Gateway redundancy for the client desktops.
• Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
• Knowledge of implementing and troubleshooting complex L2/L3 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP, MPLS and MST.
• Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, Fortinet, IDS/IPS and Juniper NetScreen firewalls.
• Implementing IPsec and GRE tunnels in VPN technology.
• Created Visio Dean / Visio Documentation to give complete picture of network design for each building.
• Experience in Configuring, upgrading and verifying the NX-OS operation system.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.

Confidential

Network Engineer

Responsibilities:

• Dealt with implementation of deployment related to Cisco devices and applying security policies on it.
• Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
• Involved in configuring and implementing of Composite Network models consists of Cisco 3750, 2620 and, 1900 series routers and Cisco 2950, 3500 Series switches.
• Implemented various Switch Port Security features as per the company's policy
• Configured RIP, and EIGRP on 2901 and 3925 Cisco routers.
• Configured VLANS to isolate different departments
• Co-ordinated with global Security Management teams and support teams as required and completed Palo Alto and Checkpoint Firewall rule add, modification, and delete.
• Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.
• Configured IPSEC VPN on SRX series firewalls
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
• Design, installation and troubleshooting networks with hand-on experience with OSPF, ISIS, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.
• Involved in implementation of Trunking using Dot1Q, and ISL on Cisco Catalyst Switches
• Worked with snipping tools like Ethereal (Wireshark) to analyze the network problems.
• Maintenance and troubleshooting of network connectivity problems using PING, Trace Route.
• Performed replacements of failed hardware and upgraded software
• Performed scheduled Virus Checks & Updates on all Servers & Desktops.
• Implementing Routing and Switching using the following protocols; IS-ISOSPG, BGP on Juniper M series routers.
• Involved in Local Area Network (LAN) design, troubleshooting, and maintenance as per company's requirements.