SUMMARY

• Experience wif Supporting both Network and Security infrastructure in data center environment and Campus environment, which involved wif devices such as routers, switches, firewalls.
• Strong hands on experience in installing, configuring and troubleshooting of Cisco Catalyst 6500, 4500, 3750, 2950 series switches, Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers
• Installation of Palo Alto firewalls platforms PA - 7000(7050,7060), PA-5000(5050,5060), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls
• Responsible for installation, configuration of Checkpoint 12400, 12600, 21400 Appliances
• Installation, Configuration & Troubleshooting of Cisco ASA firewalls 5505,5516,5585,5510,5520, 5540 and Hands on experience on cisco ISE
• Extensive experience in configuring and troubleshooting of routing protocols RIP v1/v2, EIGRP, OSPF, BGP.
• Excellent Knowledge on installing and configuring IP SEC VPN Tunneling, DNS, DHCP, SMTP server.
• Advanced noledge in installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R77.20 version, VPN.
• Designed, configured and support Networking and Security which include DMZ, IDS/IPS, Vulnerability assessments, Application/Websecurity and SIEM technologies.
• Coordination wif teh Palo TAC, Checkpoint Consultant, for teh critical cases/projects
• Proficient in handling Network Monitoring tools and Packet capture tools
• Excellent analytical, organizational, problem solving & resolution qualities.
• Good at Documenting and Understanding User requirements and System Specifications
• Taking ownership of teh tickets received from teh customers and resolve them as early as possible using teh tools like cisco prime infrastructure.
• Perform Monthly Firewall Rule Management & Remediation projects

TECHNICAL SKILLS

Cisco Platforms: Cisco Catalyst 6500, 4500, 3750, 2950 series switches, Cisco 3800, 3600, 2800, 2600, 2500, 1800 series Routers, Cisco ASA

Firewall: Checkpoint 12400, 12600, 21400 PaloAlto 200, 500, 2000 Series, Fortinet,Cisco ASA

Operating Systems: Windows 2000/2003/ XP/Vista/7, LINUX, Mac,Python

Network Management: Solar winds, SNMP, Wire shark

Network Security: IPS, IDS, Imperva, Bladelogic, Arcsight, Qradar Skybox, Firemon, NAT

Application Protocols: DHCP, DNS, TFTP, FTP, SMTP, ARP, TELNET, SSH

Documentation Tools: MS Visio, MS office, Jira, Confluence

PROFESSIONAL EXPERIENCE

Confidential, Austin, TX

Security Engineer

Responsibilities:

• Responsible for Palo Alto firewall management and operations across our global networks.
• Responsible for installation, configuration, maintenance and administration of Palo Alto firewalls PA-7000(7050,7060), PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) and PA 500 and PA- 200 firewalls
• Experience in Migrating from Checkpoint firewalls to Palo Alto firewalls platforms
• Upgrade of software versions on different models of palo chassis.
• Have hands on experience on Integration and Management of Palo Alto devices via Panorama
• Upgrade of Panorama from M-100 to M-500 to increase teh performance.
• Monitoring teh traffic through panorama logs and packet capture for troubleshooting teh incident tickets
• Built and configured new Vsys for different models of palo chassis and implemented them
• Implemented Zone Based Firewalling and Security Rules on teh Palo Alto Firewall
• Responsible for creating new policies,objects and pushing them on Palo alto firewalls, Checkpoint Firewalls
• Involved in Configuration and troubleshooting of HA on Palo Alto Firewall
• Vetting and approvals of teh new requests from teh customers
• Responsible for installation, configuration of Checkpoint 12400, 12600, 21400 Appliances
• Have hands on experience on Smart Dashboard, Smart view Tracker, Smart logger, Smart View Monitor
• Upgrade checkpoint from old platforms to new platforms R7 .45
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications
• Used Wireshark and packet analyzer for packet capture and analysis and traffic monitoring.
• Working wif Checkpoint Support for resolving escalated issues.
• Experience in adding rules and objects and monitoring them through panorama.
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Coordination wif teh Palo TAC/Palo AM, Checkpoint Consultant, for teh critical cases/projects
• Experience in configuration of new Palo Alto firewalls for implementation
• Responsible to evaluate teh need for upgrades, new installations, and license modifications using Smart Update
• Have good understanding on configuring NAT for Web and Gateway servers
• Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation..
• Responsible for Configuring SITE TO SITE VPN on VPN Concentrators series between Head office and Branch office
• Have hands on experience on Firemon which is used for collecting teh Policy usage reports.
• Vetting of teh requests from teh customers and implement teh new policies as a daily basis.
• Troubleshooting and handling of teh change tickets, incident tickets and on-call support 24/7

Environment: Checkpoint firewalls(12400, 12600, 21400), Palo Alto firewalls (7050.7060,5050,5060,500,200), Smart dashboard, Smart view tracker, Smart Update, Smart view monitor, Provider-1, Panorama, Service Now, CASD, Firemon

Confidential, Houston, Tx

Network Security Engineer

Responsibilities:

• UtilizedSecurityInformation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Perform internal / external vulnerability and Penetration tests to assess teh level of exposure and risk to Tiffany. Reports are created and shared wif Sr. Security Management. Utilize many open source as well a commercial tools, such as Nmap, Nesus, Qualys, Metasploit, Qradar and other tools.
• Research new developments in ITsecurityin order to recommend, develop and implement newsecuritypolicies, standards, procedures and operating doctrines across a major global enterprise.
• Define, establish and managesecurityrisk metrics and track effectiveness.
• Coordinate wif third parties to perform vulnerability tests and createsecurity authorization agreements and standards.
• Installation, Configuration & Troubleshooting of Cisco ASA firewalls 5505,5516,5585,5510,5540
• Configuration of ASA Units to be part of Cluster
• Configuration & Replacement of Failed units of Failover & Cluster Pairs.
• Software upgrades on Cisco ASA firewalls.
• Performed Licensing and Issuing certificates on ASA Units
• Teh ability to balance risk mitigation wif business needs.
• Monitored and analyzed Arcsight channels looking for any unusual activity, malicious executable code, obfuscated javascript, virus/trojans, or any other types of, issues, problems, or anomalies.
• Strong hands on and exposure to Checkpoint, cisco ASA & Palo Alto on a regular basis.
• Configuration and Administration of PaloAlto Networks Firewall to manage large scale firewall deployments.
• Researched, designed, and replaced aging Checkpoint firewall architecture wif new next generation Palo Alto appliances serving as firewalls and URL and application inspection
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Configuration, support and administration of Palo Alto and Checkpoint and to migrate all gateways and management servers to new hardware and software - Checkpoint SG appliances running GAiA OS and Checkpoint R75.40
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and Checkpoint
• Exposure to wild fire feature of Palo Alto.
• Reviewing & creating teh FW rules and monitoring teh logs as per teh security standards in Checkpoint
• Used Wireshark and packet analyzer for packet capture and analysis and traffic monitoring.
• Installed and configured Solar winds’ Orion Network Performance monitoring for network infrastructure monitoring purposes.
• Provide Tier1 technical support, wif voice over internet protocol (VOIP).
• Troubleshooting ofDNS, DHCP, Wintel, and UNIX server connectivity issues.
• Sound noledge of EIGRP/ BGP/ OSPF & Firewall / VPN / SSL VPN concepts.
• Sound noledge of VLAN / STP / RSTP / VRF / Static routing / Dynamic Routing / HSRP / VRRP / MST / Ethernet channel

Confidential

Network security Engineer

Responsibilities:

• Investigate potential or actualsecurityviolations or incidents in an effort to identify issues and areas dat require newsecuritymeasures or policy changes.
• Involved wif teh SIEM product ArcSight Log Management from product purchase to production deployment, maintenance and support as teh Lead Security Engineer
• Worked wif teh vendor personnel to assist in teh infrastructure design
• Configuration and support Cisco based Routers and Switches.
• Basic Firewall Access list configurations and support.
• Primarily responsible for proactive, incident and problem management.
• Configuring switch ports for various Vlans in teh network
• Installation Configuration and Troubleshooting of Cisco ASA and Checkpoint Firewalls in teh network.
• Day to Day work involves implementation of firewalls for new clients as well as managing and administering Cisco ASA and Checkpoint Firewalls at various zones including DMZ, Extranet .
• Creating VLANs and managing Spanning tree for teh network and inter VLAN routing. Use Dynamic Routing Protocols including OSPF, EIGRP and BGP.
• Using BGP in teh 3rd party and Internet wif various attributes wif good understanding of BGP configurations on teh provider edge routers
• Responsible for Configuration of router and switches.
• LAN Cabling, RJ-45crimping,Labelling,Patch Panel, PC Junction boxes, Phone Switches andRack set-up.
• Helped teh network team to install new switches and routers and configure teh IOS according to teh requirement which included VLAN, OSPF, Subnetting, EIGRP, BGP, VTP, PaGP, spanning - tree, IP Subnetting.
• Assist staff wif teh installation, configuration, and ongoing usability of desktop computers, peripheral equipment and software wifin established standards and guidelines.
• Work on day to day administration tasks and resolve tickets using Remedy
• Managed teh member server, a server which hosts services like DNS, and DHCP.
• Responsible for monitoring and reporting error incidents for remote location servers. Experience testing and troubleshooting layer1 circuit, layer 2 devices.