PROFESSIONAL SUMMARY:

• Over 7+ years of Experience with Implementation as well as operational support of Firewalls/gateways specifically Check Point, Cisco ASA, Juniper, Palo Alto and Fortinet Firewalls.
• CCNA CCNP Certified professional with over 7 years of experience in experience in network design, implementation, and support
• Experience working with Bluecoat Proxy as forward proxy for URL filtering.
• Experience in layer - 3 routing and layer-2 switching. Dealt with Nexus models like 7K, 5K, 2K series, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches).
• Experience in Juniper product line for configuring and troubleshooting MX 480, MX 960 routers, SRX-1500, SRX-3600, SRX-5800 Firewalls.
• In-depth expertise with F5 BIG-IP … series installation/ configuration/ support.
• Configured F5 Big IPs with VIPs, Pool, iRules and SSL certificates to ensure traffic was load balanced.
• Experience with Management Platforms such as Provider-1/MDS, Juniper NSM, Cisco CSM.
• Expert in configuring, implementing and troubleshooting A10 load balancer in the enterprise network
• Responsible for the deployment, configuration, and managed the F5Viprion load balancing platform; including implementing, configuring, and integrating F5 GTM, LTM, APM, ASM, iRules, IPv6, SSL.
• Experience with Firewall Virtualization Platforms such as Check Point VSX, Cisco Multiple Context Firewall as well as VDC
• Experience working in Enterprise scale Security implementations with hundreds of security gateways segmented through multiple DMZ, Perimeter and External zones with Heterogeneous network/security appliances
• Vulnerability assessment using tools such as Nessus and Qualys.
• Flexible for On Call Rotation and off hour support especially upgrades & Maintenance.
• Demonstrated abilities in enterprise wide network design, integration and support.
• Unsurpassed customer service, dedicated, positive, team-oriented attitude with proven leadership and success in highly visible roles for various sized project implementations

TECHNICAL SKILLS:

Hardware: Check Point using Gaia, splat, ipso, Crossbeam, Cisco ASA Firewalls including 5585, 5525, 5540, PIX 535. Juniper Netscreen-5200 and 5400, SRX110, SRX210 running Jun OS 9.x, 10.x., Fortinet FortiGate Appliances including 3200D, 1500D, 1200D running Latest 5.2 FortiOS. Cisco Core, distribution and access layer network devices including Nexus 7K, 5K, 1K, Cisco 7200 series routers, Cisco Catalyst switches including 6500 switches.

Network Protocols: OSI Layer, TCP/IP, T1, T3, GRE, MPLS, ATM, LAN and WAN routing protocols, including RIP, EIGRP, OSPF, BGP, HSRP, network service protocols and standards (e.g., DNS, DHCP, NTP, FTP(S), HTTP(S), SSL, SMTP, etc)

Security: Design and implement secured Firewalls for corporate network at layer 2 (transparent mode) layer 3 (Routed mode), MSP and IDC using various security hardening procedures e.g.: DMZ, ACL (Access lists), Application inspection, NAT, reverse path verification etc. Cisco IDS (Intrusion detection system) and alert management, Vulnerability Scan using Nessus, building secure IPSec Remote/Site to Site VPN connections using strong encryption (3DES/AES) & authentication.

Additional Skills: Troubleshooting of CSU/DSU, Private Line, Frame Relay, ATM, VLAN configurations, 802.1q trunking, and spanning tree, STP, VTP, IP Addressing, IP Subnet, VRF, NAT/PAT, IPSec based VPN, IP sec over GRE Tunnels, VOIP, DNS, DHCP, ADS, Exchange, IIS, SNMP V2, load balancing and high availability. BIG IP from F5 Load balancer configurations. Packets level troubleshooting using sniffer tools like Wireshark.

PROFESSIONAL EXPERIENCE:

Confidential, NJ

Network Security Engineer

Responsibilities:

• Implementation and support of firewalls in the environment including policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Perform Firewall upgrades with minimum or no downtime.
• Work in a Checkpoint VSX environment with Virtual firewalls.
• Configure High Availability Checkpoint ClusterXL on VSX as well as perform Upgrades.
• Experience working in Provider-1 Environment with Multiple CMA’s and dozens of gateways. Optimizing Firewall Policy, grouping objects, verify NAT and clean-up of unused firewall rules. Building of New Check Point Security Gateways and performing in place upgrades.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Work with Site to Site VPN including building new tunnels as well as support existing tunnels.
• Worked on GTMs like F5 and A10's on DNS issues and also was a part of A10 to F5 GTM migrations
• Migration of servers from one datacenter to another, providing switch connections to the new servers, updating Check Point Firewall rules for the new servers, A10 to F5 load balancers Migration
• Use Provier-1 /Multi Domain Security MDS platform with several hundreds of gateways administered through group of CMA’s / Smart Centers.
• Use both Automatic and Manual NAT on Check Point Security Gateway and troubleshoot NAT. Use Tools such as Tufin for Firewall Policy optimization and rule base Clean up.
• Work with Cisco ASA Firewalls as well as Fortinet FortiGate Appliances. Manage Cisco ASA Firewalls using CLI, CSM (Cisco Security Manager).
• Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
• Configure and tweak the inspection policies on Firewall to allow legacy application traffic. Understand different types of NAT on Cisco ASA firewalls and apply them.
• Worked on Checkpoint Firewalls, Juniper (SRX, SSG/ISG), Blue coat proxies, Palo Alto firewalls. Installed, configured Checkpoint via GAIA, R55 and NGX R60, R75, R77.3, 77.2.
• Implementing High Availability both Active/Passive and Active/Active using NSRP in Juniper firewalls. Having Data Center Design Experience, installing and Configuring Network Devices in a Data Center including patching the cables in the Patch Panel. Design and implemented Network.
• Implementation of High Availability by creating the HA zones for Netscreen firewalls using NSRP and also supporting the cluster pairs.
• Managing the firewalls in Juniper management environment NSM 2010.x, 2012 Jun OS Space 13.x,14.x.
• Configuring and troubleshooting Juniper MX series high performance Ethernet service routers for advanced QoS and low latency.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Support Bluecoat proxy in explicit mode for users trying to access internet from corp network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Administer and support Big IP LTM for all Local Load balancing and GTM for load balancing between DC Experience in Configuring, upgrading and verifying the NX-OS operation system.
• Vulnerability assessment using tools such as Nessus and Qualys, and implementation of Security Policies. Knowledge in design and deploy of F5 LTM, GTM, APM, ASM solutions.
• Experience with working on latest cisco switches like Nexus 2000,5000,6000 and 7000 series switches while implementing advanced features like VDC, VPC, OTV and Fabric path.
• Configured Nexus 7010 includingNX-OS Virtual Port Channels, Nexus port profiles, Nexus Version 4.2 and 5.0, Nexus VPC peer links.
• Support routing protocols including BGP and OSPF routing, HSRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
• Support Data Center Migration Project involving physical re-locations.
• Design and configuring Overlay Transport Virtualization (OTV) on Cisco NX-OS devices like Nexus 7000. Created well-defined requirements documentation and process for F5 LTM, GTM, ASM, APM deployment.

Network Engineer

Responsibilities:

• Configuration and Troubleshooting of core, distribution and access switches in LAN and WAN network, Server Load Balancers such as Cisco CSS and Nortel Alteon web switch, F5 BigIP, Juniper (JUNOS) firewalls Checkpoint and Cisco firewalls (ASA).
• Planned and Migrated Intranet on to MPLS backbone from meshed NLD Architecture. Monitoring and troubleshoot servers, link, ISP, Router/firewall/Switches, storage
• Responsible for alerting all the L1 issues L2 will be working on to get the issues fixed.
• Established eBGP peering with all PE core routers. Applied prefix-lists for controlling routing updates. Redistributed the required routes from Internal LAN into BGP and vice versa.
• Conversions to BGP WAN routing. Which will be to convert WAN routing from OSPF to BGP (OSPF is used for local routing only) which involves new WAN links.
• Assistance with creation of implementation plans of new F5 management network. Experience in information security F5 APM Reverse proxy, Fortinet.
• Performed F5 appliance (LTM, APM, and ASM) maintenance and system upgrades including hot fixes and security configurations.
• Thorough understanding of F5 hardware platforms including virtualization segregation and distribution at the hardware, software, and partition level.
• Fine-tuned OSPF metrics to avoid routing loops and ensure redundancy in case of link failures. Responsible for monitoring and reporting error incidents for remote location servers.
• Create tickets for cloud database servers using Maxima Cloud and MS. Leigh tools.
• Monitoring Network infrastructure using SNMP tools HP NNM, Dynatrace, Solar-winds and OpNet.
• Work with ONOS to break free from the operational complexities of proprietary interfaces and protocols. Measure the application performances across the MPLS cloud through various routing and switching methods.
• Experience in Network LAN/WAN deployment. Expert in Monitoring, implementing Network Access Control (NAC) configurations on switch port.
• Implementation of HSRP, DHCP, DNS, FTP, TFTP, ARP
• Designed, developed, maintained and supported wired and wireless network.
• Configuring WEP WPA2 security protocols for wireless network environment.
• Configured L3 protocols (IP, BGP, OSPF, EIGRP, IGRP, RIP, ISIS), redistribution, summarization, Filtration (using distribute list, route map, prefix list, access list).
• Troubleshoot and Worked with security issues related to Cisco ASR 9K, Checkpoint, IDS/IPS and Juniper Netscreen, SRX 5600, 3400, 1500 etc., Palo Alto PA-5K, 3K series.
• Involved in configuring Policies on Juniper SRX, Check Point and Palo Alto. Involved in configuring and maintaining IPsec and SSL VPN's on Palo Alto Firewalls.
• Worked as L1 network (NOC) Engineer support and responsible for escalation of Redstone ISP issues. Network Monitoring using tools like Cisco Works 2000, HP Open view.
• Created Lab demonstrations for new technology deployments with loaner equipment from various vendors and presented the findings to upper management.
• Responsible for maintaining Active Directory applications.
• Installing, testing, configuring & deployment of 3750x switch and L3 switch catalyst 6509E. Virtual Switching System (VSS) implementation on 6509s (VS-S2T-10G SUP).
• Configuring VLAN's, trunking and routing part for Cisco 6506, 6509, 3750, 2980,2948. Worked on EIGRP routing protocol on the VSS core.
• Configuring WAN router 3845.using Python scripting Testing the network performance and analyzing.
• Understanding the fiber layout and design.
• Communicating with the site manager in the different state brewery for upgrading the particular area. Estimated Project costs and created documentation for project funding approvals.
• Managed various teams involved in site surveys, cabling specifications, Network equipment installation and configuration.
• Planned resources and presented project status to higher management.

Network Engineer / Firewall Engineer

Responsibilities:

• Installation and maintenance of network infrastructure and Configure, administer, and document firewall infrastructure, working with Checkpoint.
• Managed the firewall deployment, rules migrations, and firewall administration and was responsible for converting existing rule base onto new platforms.
• Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering). Successfully installed Palo Alto PA-3060 Firewalls to protect Data Center.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks. Exposure to Wildfire feature of Palo Alto.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs. Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Researched, designed and replaced aging Checkpoint Firewall architecture with new next generation Palo Alto appliances serving as Firewalls and URL and application inspection.
• Configured and maintained IPsec and SSL VPN on Palo Alto Firewalls. Investigation and resolution of 3rd line network support incidents.
• Configuration, support and administration of Palo Alto and Checkpoint and to migrate all gateways and management servers to new hardware and software.
• Implemented Zone-Based Firewalling and Security Rules on the Palo Alto Firewall.
• Researched, designed and replaced aging Checkpoint Firewall architecture with new next generation Palo Alto appliances serving as Firewalls and URL and application inspection.
• Subject Matter Expert for URL Content Filtering.
• Configured and maintained IPsec and SSL VPN' s on Palo Alto Firewalls.
• Assisted on URL web filtering migration from Blue Coat and Websense to Palo Alto firewalls. Problem resolution of leveraged and dedicated SIEM Environment.
• Hands-on experience on Cisco switches 2960, 3750, 3560, Cisco routers 2821 ISR.
• Penetration testing and vulnerability analyses of both internal and external of the networks.
• Palo Alto design and installation (Application and URL Filtering, Threat Prevention, Data Filtering). Experience analyzing both log and packet data to include the use to Wireshark, tcp dump and other capture/analysis tools.
• Support all security appliances, blocking and managing attack vector, malicious IPs, URLs, MD5 values and conduct analysis of malicious files and URLs using online tools.
• Implementation experience of VPN technology on Checkpoint SPLAT platform.
• Monitored network availability and performance using solarwinds Orion, NetQos, AppDynamics, and Extrahop.
• Configured CIDRIP RIP, PPP, BGP and OSPF routing.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Experience with Nexus models like 7K, 5K, 2Kseries, Cisco router models like 7200, 3800, 3600, 2800, 2600, 2500, 1800 series and Cisco catalyst 6500, 4500, 3750, 3500, 2900 series switches
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing). Technical assistance for LAN/WAN management and complex customer issues.
• Deployed 7613 as PE and CE router and Configured and troubleshoot the Edge Routers. Excellent troubleshooting knowledge on T1, T3, OC-3 and OC-12.
• Understanding of SDN and ONOS controller framework.
• Configuring IPSEC VPN (Site-Site to Remote Access) on Juniper SRX firewalls 210,220 and 240 series and also built chasis clusters on them.
• Design, implement and administer IPv4/IPv6 enterprise network infrastructure utilizing Juniper routers. Built several Software Defined Networking systems with Pica8 SDN switches and Controllers including ONOS.
• Troubleshoot the Network Issues onsite and remotely depending on the severity of the issues.
• Familiar with various MSIT Tools to check Networking Connectivity, Testing, Configuration and Adding or Removal of IP address blocks, Decommissioning or Adding the Devices.
• Deploying and decommissioning the TOR switches and their respective software upgrades.
• Created Visio Dean / Visio Documentation to give complete picture of network design for each building. Configured VLAN's, Private VLAN's.
• Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches.

Network Engineer

Responsibilities:

• Administer Checkpoint firewall with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Center based Smart Dashboard.
• Monitor the health and logs using Smart view tracker and smart monitor on the Checkpoint firewall.
• Check Point Firewall Log review and analysis using Manage Engine.
• Administer and Support Check Point Firewalls in the network between various security zones.
• Responsible for ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• Vlan implementation, Spanning Tree Implementation and support using rapid stp and mst avoid loops in the network. Trunking and port channels creation.
• Responsible for Firewall upgrades as well as Troubleshooting, Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Troubleshooting firewall using CLI including packet captures to identify issues related to policy, NAT and Routing.
• Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
• Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
• Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
• Project Documentation and MS Visio for drawing Network Diagrams and managing IP address information.

Network Engineer

Responsibilities:

• Manage office network with Cisco devices with network devices including 2500 and 3600 series routers and 3500, 2900, 1900 series switches.
• Configured and managed networks using L3 protocols like RIPv2, IGRP.
• Designed networks and provided security between various offices of the organization.
• Configured VLANs, Private VLANs, VTP and Tracking on switches.
• Configured L2 and L3 security features on devices.
• Hands on Experience in Inter-VLAN routing, redistribution, access-lists.
• Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
• Experience on Cisco IOS and Upgrading Cisco IOS using TFTP server.
• Optimized performance of the WAN Network consisting of Cisco 2500/3600 switches configuring VLANs
• Involved in SNMP Network management.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long-term planning, implementation, project management and operations support as required.
• Worked on various Sniffing tools like Ethereal, Packet Sniffer.
• Backups of Cisco router configuration files to a TFTP server