SUMMARY

• Over 7 years of experience in routing, switching, firewall technologies, systems design, and administration and troubleshooting.
• Exposure to LAN/WAN setup, installation, configuration and troubleshooting.
• Planning, Designing & implementing various solutions in distributed environment using Checkpoint, Palo Alto and Cisco Routers.
• Working experience of firewalls Cisco ASA Appliance.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Experience in Implementing Check Point Firewalls R77.20 and R80
• Successfully installed Palo AltoPA - 3000/PA-5000firewalls to protect Data Center and provided L3 support for routers/switches/firewalls. Worked on SSL forward Proxy and SSL decryption on PA
• Experience in Implementing Palo alto Firewalls PAN 7.0 PAN 8.0 PAN 9.0
• Strong noledge on leveraging advanced firewalls features like APP-ID, User-ID, Global Protect, Wildfire, NAT policies and Security Profiles.
• Profound working noledge of administration and management of Palo Alto firewalls using centralized Panorama M-500 devices.
• Expert level noledge on configuring and troubleshooting IPsec VPN and VPN tunnels for connectivity between site-site and remote location users by using IKE and PKI.
• Strong noledge on Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), DDoS attacks and Kill Chain mitigation techniques.
• Experience in Configuration and Support ofLAN protocols on Cisco Switches such as (Layer2, Layer3 and Multi-Layer).
• Technical Knowledge on Cisco ASA 5500 series Routers.
• Hands on experience implementing HSRP, SNMP, NTP, NAT Access Control, QOS, Route-maps, Multicast.
• Good noledge of IPv4 and IPv6 Addressing, Fixed Length and Variable Length Subnet Masking (VLSM), OSI and TCP/IP models.
• Experience in installing and configuring NAT, DHCP server and DNS in large networks.
• Implemented traffic filters using standard and extended access-lists, distribute-lists and route maps.
• Knowledge about TCP/IP and OSI models.
• Strong experience in working wif SIEM tools such as Splunk, Rapid7 and monitoring tools including Wireshark wif strong troubleshooting skills.
• Checkpoint Series appliances running Gaia R77 and R80.
• Palo Alto Networks next-generation firewall dat includes teh Palo Alto Networks PA-5000 and PA-3000 series running PAN OS-8.x and 9.x.
• Cisco Core, distribution and access layer network devices including 7200, 3800, 3600, 2800, 2600XM series routers.
• OSI Layer, TCP/IP, MPLS, dynamic routing protocols EIGRP, OSPF, BGP, HSRP, RIP.
• Web Proxy - McAfee, Forward proxy and Reverse proxy.
• DMZ segregation and perimeter Security
• Two factor autantication using RSA as well as Certificate based.
• Design and implement secured Firewalls for Various Business Partners between DMZ Segments
• Building secure IPSec Remote VPN connections using strong encryption (3DES/AES) & autantication.

TECHNICAL SKILLS

• Firewall Technologies
• WAN Connectivity
• WAN Acceleration
• Load balancing (F5 LTM)
• MPLS
• Frame Relay
• VLAN configurations
• 802.1q trunking and Spanning tree
• STP
• VTP
• VOIP
• IP Addressing
• IP Subnet
• VRF
• NAT/PAT
• IPSec based VPN
• DNS
• DHCP
• ADS. Sniffer tracing and TCP dump analysis using: Ethereal
• Wire shark
• Policy Tracing user logs
• Splunk
• Rapid7.

PROFESSIONAL EXPERIENCE

Confidential, St. Louis, Missouri

Sr Network Security Engineer

Responsibilities:

• Responsible for network monitoring, troubleshooting, reporting and maintenance.
• Manage change requests Palo Alto firewalls/router access-lists for internal and external applications.
• Using Service Now for ITIL Based Service Management. (Incidents, Problem and Change Management).
• Troubleshooting teh issues wif connectivity wifin teh server zones of teh Data center (between application servers, database and web servers).
• Configure & monitor Global Protect and Gateways to create IPSec and SSL VPN's Tunnels wif Users & Customers on Palo Alto Firewall.
• Implement advanced Palo Alto Firewall features like URL filtering, User-ID, App-ID, Content-ID on both inbound and outbound traffic.
• Enablefile forwarding to Wildfire cloud through Content-ID implementation to identify new threats.
• Leveraged Palo Alto Network’s Wildfire inspection engine to prevent Zero-Day attacks.
• Blocking all teh firewall ports dat are not used for teh legitimate business case by analyzing both user and server inbound and outbound traffic of teh DMZ firewalls.
• Building and supporting more than 150 IPsec based peer to peer VPN Tunnels between teh client and various business partners using teh Checkpoint and Cisco ASA firewalls as well as building teh Remote access VPN for teh remote users of teh client using ANYCONNECT.
• Working wif CISCO tetration on recent project which it states dat Tetration offersholistic workload protection for multi-cloud data centersby enabling a zero-trust model using segmentation
• We are working Cisco tetration using ACI and Zero trust model .
• Support access list, NAT and routing on firewalls. Work wif users to identify firewall ports required and provision them through teh change management system. Configure Advance NAT Network address translation on Checkpoint.
• Configuring, monitoring and troubleshooting Anomaly Detection Service on IPS and Configuring and tuning IPS blade on Checkpoint firewall.
• Interface wif costumers to resolve Access Use Policy issues on web proxy servers.
• Administering policies for both HTTP and HTTPS traffic. URL categorizing and administration of user access based on Active Directory groups.
• Review and modified access control lists (ACLs) on network switching and routing equipment as needed to maintain security standards.
• Firewall policy risk analysis based on teh IP address zone allotment.
• Optimize firewall policies by grouping objects and re using existing object groups etc.
• Day-to-day work involves Firewall policy provisioning on teh Paloalto firewall.
• Maintain High Availability and clustered firewall environments for customers using Paloalto High Availability.
• Perform level 3-4 security implementations.
• Build Palo alto firewall, and configured GUI to open/close TCP/IP ports.
• Installed, configured and maintained Checkpoint R75, R77 and R80 Gaia/SPLAT.
• Identified and removed security policies dat are no longer needed to reduce Paloalto firewall policy lookup.
• Configured necessary routing and NAT on teh firewall appliance to communicate wif teh internet.
• Monitored Checkpoint VPN tunnel activities wif Smart View monitor and troubleshoot VPN issues wif CLI.
• Optimize existing policies to improve security and performance. Identify and remove security policies dat are not no longer needed to reduce Checkpoint firewall policy lookup.
• Troubleshoot and monitor firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor).
• Analyze logs and make necessary network reports using Smart Reporter console application.
• Configure NAT and PAT such as Static, Source (Hide) as well as Destination NAT policies as required.
• Configure Persistence Profile for session sticky based on Source and cookie.
• Dealt wif creating VIP pools, nodes and created custom iRules for teh virtual servers.
• Troubleshooting on F5 LTM providing level 2 and level 3 support for teh customers.
• Advanced NAT including identity NAT, Static, Policy and Global implementation on Checkpoint firewalls.
• Creating and Administering SSL and IPsec VPN, Site-to-Site VPN tunnels between various client locations.
• Configure Active-Standby High Availability for Stateful failover and replication as well as zero downtime upgrade & maintenance.
• Backup and Recovery of security gateway configurations as well as firewall policy.
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on teh routers.

Confidential

Responsibilities:

• Reviewing of firewall change requests, allowing teh services in teh firewall as per teh request and creating and analyzing teh Tufin and Splunk reports for maintaining standards of teh organization.
• Troubleshooting connectivity issues wifin teh server zones of teh Data center (between application servers, database and web servers especially http, ssl based https and application services) as well as user requests and user connectivity issues from various branch locations, third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Performing advanced troubleshooting using TCPdump and FWmonitor on firewalls to verify teh flow of teh traffic in teh firewall.
• Enabled teh User-ID feature while creating policies based on users and groups rather than individual IP addresses.
• Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic.
• Created custom URL-filtering profiles and attached them to Security policy rules dat allow web access.
• Configured Global Protect gateway to provide VPN connections for Global Protect agents.
• Configured Log Forwarding to forward logs from teh firewall to Panorama and tan configured Panorama to send logs to teh servers.
• Hands on experience in blocking unauthorized users and allowing authorized users to access specific resources by configuring Access Control Lists (ACL).
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on wif F5 BIGIP LTM.
• Migrated Cisco ASA Firewalls to Palo Alto Firewalls and Installed Palo Alto PA 5260,5250 firewalls to teh Data Center and maintained IPSec and SSL VPNs.
• Performed Firewall migrations from ASA to Palo Alto using teh PAN Expedition Tool.
• Configuration of firewall (Palo Alto) security policies, Global Protect VPN, URL filtering, Data filtering and file blocking Profiles.
• Implemented High-Availability, URL filtering, SSL Decryption, Global Protect for VPN clients, layers 4-7 policies, User-ID using LDAP, App-ID, Threat Prevention, AutoFocus wif MineMeld integration, Zone Protection, DNS Sinkhole, Wildfire configuration, and leveraged multiple VSYS for trace separation.
• Troubleshoot, Conduct Scans and Access Network issues, tan patch Vulnerabilities and Mitigate DDoS attacks on Palo Alto Firewall.
• Use App-ID and URL Filtering for allowing or denying teh Web Trace and also prevent Hosts from accessing Malicious Websites.
• Configured ADS (Active Directory Sever) and LDAP wif Palo Alto Firewall to autanticate User IDs.
• Configured TACACS+, LDAP, IPSec and RADIUS for Cisco ASA and Palo Alto firewalls.
• Expertise in Conducting security policy rule review to identify and remove rules dat are not needed to reduce Palo Alto firewall policy lookup.
• Manage multiple Palo Alto firewalls centrally through teh Palo Alto Panorama M-500 centralized Management appliance.
• Implement teh Global Protect VPN, IPSec VPN through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.
• Deployed Active/Standby modes of High Availability (HA) wif Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on teh application of Active/Active HA mode.
• Firewall Policy optimization and rules base clean upon PAN devices using Tufin Secure Track.
• Firewall provisioning on PAN devices using Web GUI.
• Creating Data-filtering profiles in PAN devices which halps to prevent sensitive information.
• Experience working on next generation features using Palo Alto devices and features such as App-ID, User-based, URL Filtering, Wildfire and Threat Prevention.
• Working wif multiple VS and configuring tan from Panorama Using device Groups.
• Experience Configuring PAN Device High availability in Active/Standby wif HA1, HA2 links.
• Optimized rules which are causing High CPU Utilization by performing in depth analysis of rules which are involved in multiple gateways.

Confidential, Clay City, KY

Network Engineer

Responsibilities:

• Responsible for managing and supporting Network and Security at teh Data center.
• Level 3 support for Firewall and Network security related events
• Troubleshooting Connectivity issues through Check Point Command line as well as smart utilities.
• Work in a Provider-1 / MDS environment wif multiple CMA’s and Multiple access Policies
• Tweaking policies to optimize application traffic and applying bypass rules as applicable for non-optimized traffic use objects groups and shared policies.
• Perform Advanced NAT including identity NAT, Static, Policy and Global implementation on Checkpoint Security Gateways as per teh requirement between various zones.
• Upgrade Checkpoint Security Gateways as well as Backup and Recovery of security gateway configurations and firewall policy
• Build and configure Checkpoint Security Gateways from ground up and ship it to remote office locations.
• Work wif users to identify firewall related issues and log change records through change management system and execute teh changes in approved window.
• Using CLI for troubleshooting and OS Upgrades (Zero Down Time Upgrades)
• Configure stateful Failover of firewalls (Active/Active & Active/Standby) for high availability.
• Troubleshooting of traffic using Packet Capture and analyze using Wire shark.
• Simulate traffic through firewall using Packet Tracer and validate it against NAT, Routing and ACL.
• IPsec VPN Implementation and Troubleshooting between various 3rd parties and remote locations. These tunnels were built on Checkpoint Security Gateways.
• Configuring Perimeter firewall and support Site-to-Site VPN tunnels.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Configured Mac-filtering on corporate wireless networks and configured dynamic ARP inspection on all user switch for security.
• Experience in using management tools, SNMP, Syslog, Sniffer and Wireshark.
• Worked Extensively in configuring, Monitoring and Troubleshooting Cisco ASA 5500 wif ACL, NAT, Object Groups, Failover. Multi-Contexts.
• Performed IOS upgrades on various models of IP Inter-networking layer 2/3 switches.
• Analyzed and tested network protocols (Ethernet, TCP/IP) using Wireshark tool.
• Used Nmap tool to map our networks. Used Nmap tool to find live hosts on network, to perform port scanning, ping sweeps, OS detection, and detecting security risks.
• Performed system software conversion from cat OS to Cisco IOS on Catalyst 6500 switches.
• Responsible for layer 2securities which was Implemented using a dedicated VLAN ID for all trunk ports, setting teh user ports to non-trunking, deployed port security when possible for user ports.
• Configure and manage Data and Voice VLANs and access interfaces on Cisco layer 2 and layer 3 switches.
• Upgrade from Checkpoint IP Appliances from R75 to R77 following teh upgrade path recommended by teh Checkpoint.
• Use Advanced NAT on teh firewall for Policy based traffic including identity NAT, Policy Static etc.
• Layer 2 Administration including creating of VLANs and Spanning tree tuning for teh network and routing between VLANs. Work wif Dynamic Routing Protocols including EIGRP, RIP, OSPF and BGP.

Confidential, Las Vegas, Nevada

Network Engineer/ F5 load Balancer

Responsibilities:

• Configuring teh Nap 7 and Nap 9, installing teh F5 license process for teh CLI and GUI.
• Configuring teh cisco switches, 3600,6500,3650,9600, nexus 3k’s.
• Changing teh ports from 80 to 443 in teh F5 portal for a certain VIP and pool members.
• Teh curl from teh blocked URLs and allow Mozilla 5.0 and attaching teh right SSL certs in teh resources.
• Removing teh weak ciphers and allowing teh strong ciphers in teh F5.
• To facilitate large amounts of computer hardware including server and network appliances in teh Data center.
• Creating Virtual Servers for required servers in teh production and test environment.
• Updating Rack Elevation Documentation and determining teh locations for teh installations, managing Ip’s and hostnames.
• Provide security by blocking unauthorized users in ACLand allowing authorized users to access specific resources.
• Configure Cisco 3650s as management switches. Moving devices off for management VLAN and physically move 3750.
• Provision VPC uplinks in ACI dat connect to 3k’s.
• Design and develop Load Balancer configurations, create and maintain documentation ofdesign approaches.
• Create and maintain documentation on internal architecture of teh system.