SUMMARY

• 7+ years of extensive hands on experience in Networking and Security, with strong troubleshooting skills specific to network security.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next - Generation Firewalls R65, R70 & GAIA R77.30, NetScreen Firewall, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Experienced in Network Security, Juniper Firewalls, SSL VPN, Checkpoint, Palo Alto, RSA, Cisco Nexus, Cisco ACE, Cisco Wireless. Enterprise experience and knowledge of CheckPoint, & Cisco ASA.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in Configuring, maintaining and troubleshooting IPS and IPS-1 in Checkpoint
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Using SmartUpdate, User Management and Authentication in Checkpoint Firewall.
• Configure and troubleshoot Remote access and site to site-in Checkpoint & ASA firewalls.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70 & R77, Palo Alto and Cisco ASA
• Experience with network security design implementation Assessment, evaluation, design, and implementation of solutions.
• Knowledge of Intrusion Detection and Prevention System, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Experience with F5 load balancer, administration, management and upgrades to support 24x7 operations.
• Hands on experience using diagnosis tools like TCPDUMP, Wireshark for analyzing the real time statistics during the packet flow.
• In-depth knowledge of deploying and troubleshooting Cisco IOS LAN, WAN, QoS, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP & VTP
• Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
• Advance Knowledge in Penetration testing tools such as Metasploit, Nessus, Qualys, Nmap, Zenmap, AppScan, SQL Map, Burp Suite, IBM Appscan
• Security monitoring process with the help of Log management tools (i.e. Splunk) and Security Information Event Management (SIEM) tools (i.e., Orion).
• Strong ecommerce, general management, negotiation, inter-personal, communication and team building skills.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus 2K/5K/7K

Routing Protocols: BGP, OSPF,, GLBP, and RIP, EIGRP, VRRP, HSRP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN

IP Services: DHCP, NAT, DNS, FTP, LAN/WAN

Firewalls: Palo Alto/Checkpoint R65/R70/R75/R76/R77, Cisco ASA, Juniper

ANS: F5 BIG-IP LTM 6900/6400, APM

Hardware: Confidential, Compaq, Dell, IBM Servers

Operating System

: Windows XP, Windows 7, SPLAT (SECURE PLATFORM),UNIX, Linux

Diagnosis Tool: TCPDUMP, Wireshark

Third Party Tool: Tufin

PROFESSIONAL EXPERIENCE

Confidential, TX

Network Security Engineer

Responsibilities:

• Firewall Policy administration and work with user requests submitted by users. Use Confidential Service Manager Ticketing System for change and incident management.
• Work on Big IP Load balancer LHA requests. Create Nodes, Virtual pool, Virtual server and sticky group etc. SNAT and NAT.
• Implemented and configured security policies in Checkpoint R75.40, R77 GAIA a
• Worked on various platforms of Checkpoint like - Nokia, Checkpoint (SPLAT).
• Manage checkpoint Firewalls split through multiple CMA's and administer using provider-1.
• Cisco ASA Firewall configuration and troubleshooting.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Exposure to Wildfire feature of Palo Alto.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Configured and maintained IPsec and SSL VPN's on Palo Alto Firewalls.
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various branch locations, office locations and third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Work on JUNOS platform including SRX Firewalls, Network & Security Manager (NSM), Juniper Space and, STRM, Juniper UAC, Juniper Pulse.
• Worked on the migration to new Checkpoint R75.20 firewalls from Juniper firewalls.
• Strong knowledge and understanding with IPsec, Juniper SA Remote Access VPN, and SourceFire intrusion prevention systems
• Strong knowledge in configuration and troubleshooting Juniper SA SSL VPN in a dual-factor integration environment.
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Firewall Policy Optimization using third party tool Tufin.
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Backup and restore of checkpoint Firewall policies.
• Black listing and White listing of web URL on Blue Coat Proxy servers
• Review Firewall rule conflicts, unused rules and mis-configurations and clean up.
• Checkpoint firewall policy administration and support between various zones.
• Modify and implement ACL changes on store routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS.
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (Visio's) and Records Management.
• Installation, configuration, administration and troubleshooting of IPS/IDS, check point firewalls, LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls/SIEM tools.
• Administration and management of all firewall environments.

Confidential, OH

Network Security Administrator

Responsibilities:

• Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
• Complete rename of all firewall objects and rules.
• Review and optimize firewall rules using Secure Track Tufin tool and run firewall audit reports.
• Provide security engineering for implementation in the Motorola enterprise network.
• Daily responsibilities included design, implementation, support and administration of multiple security products running CheckPoint Provider-1.
• Provide best practice security consulting for multiple compliance initiatives, with a focus on highly resilient solutions.
• Performing network monitoring, providing analysis using various tools like Wireshark, SolarWinds etc.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint, Cisco ASA other security products.
• Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Creating technical implementation plans, project plans, and worked closely with internal and external customers to supply solutions that fulfill their needs.
• Configuring, administering and troubleshooting the Check Point, Palo Alto and ASA Firewall.
• Regularly performed firewall audits around CheckPoint Firewall-1 solutions for customers.
• Provided tier 3 support for CheckPoint Firewall-1 software to support customers.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Configuring rules and maintaining Palo Alto Firewalls & analysis of Firewall logs using various tools.
• Implemented, configured redundancy protocols HSRP, VRRP, GLBP for Default Gateway Redundancy.
• Implementing, configuring, and troubleshooting various routing protocols like RIP, EIGRP, OSPF and BGP etc.

Confidential, Houstan, TX

Network Engineer

Responsibilities:

• Configuration and troubleshooting L3 switches with VLAN, STP, SPAN, ETHERCHANNEL, HSRP, VRRP and GLBP
• Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using WireShark protocol analyzer and recommended solution for better performance
• Working with Cisco ISE / FWSM
• Monitor devices in Netcool and Event Manager
• Implemented Windows NT domain, domain name services, e-mail, Web, and FTP services
• Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures
• Analyze data logs (system, proxy, IDS) for host and network security threats
• (HIPS, NIPS)
• Experience working with Cisco IOS, IOS-XR, NXOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
• Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI
• Built and support VRRP / Cluster based HA of Checkpoint firewalls
• Perform Checkpoint and PIX firewall/IDS design, integration and implementation for Cyber Trap client networks
• Working experience with A10 and F5 Load Balancer.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.

Confidential

Network Engineer

Responsibilities:

• Responsible for implementing, supporting, and maintaining 24x7 network services.
• Coordinated efforts with Engineer's to ensure all network devices conformed to defined network standards.
• Configured and troubleshooting HSRP, BGP, OSPF, EIGRP, MPLS WAN, QoS and Route Maps.
• Configured and maintaining Cisco 7200, 4400, 5000 and 6500 platforms.
• Troubleshoot connectivity issues involving VLAN's, OSPF, QoS etc.
• Support, monitor and manage the IP network.
• Performance monitoring of various applications and web servers to maintain quality of service and network stability.
• Maintained core switches, creating VLAN's and configuring VTP.
• Designed IP Addressing schemes, VLAN tables and Switchport assignments, Trunking and Ether-channel implementation.
• Gained hands on experience with VLSM, STP, VTP, VLAN Trunking.
• Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
• Installed and set up Cisco routers and switches according to deployment plans.
• Applied access lists and NAT configurations based on implementation guidelines.
• Managed and developed network projects designed to strengthen network continuity and deploy security elements in an attempt to meet and exceed contract requirements, including system analysis and troubleshooting.
• Change management, monitoring network performance with network tools.
• IP Distribution for existing devices and new devices as they were added.
• Preformed maintenance on equipment as necessary, performing device upgrades, modification of configurations, password changes and diagnostic testing.
• Worked with vendors and Engineering team to test new hardware and procedures.
• Prepared and maintained documentation using MS Visio.
• Route configuration and point code checks for System Technician and Network Technician.
• Knowledge and experience of 802.11 a/b/g/n Ethernet standard for wireless Technology.
• Worked with other team members in testing of the network architecture.
• Participated in quality system implementation project.
• Experience in migration of VLANS.
• Installed various network hardware including concentrators, bridges, and hubs to establish communication connections with remote locations.