SUMMARY:

• A competent professional with over 8 1/2 years of experience in Network Security, Project Management, Security Systems & Networks, Firewall Performance, Network Infrastructure Upgrade, Systems Administration, Maintenance, Virtual Private Network, System Analysis and Data center.
• Proficiency in managing the complex network security design, configuration, deployment, administration, management and troubleshooting complex security configurations
• Expertise in assessing/mapping security requirements/translating the requirements into techno functional specifications/custom designing solutions/troubleshooting for complex information systems management
• Extensively worked on Nexus 7000, 5000 and 2000 devices.
• Extensively worked on F5 load balancers - LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Handling Cisco ASA Firewall deployment, maintenance and troubleshooting including implementing adding, removing and editing firewall policies and rules as per requirement.
• Extensively worked in implementing and designing new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X.
• Implemented Site-to-Site VPNs over GRE tunnel on ASA Firewall.
• Experience on Juniper SRX240, SRX220, and SRX550 series firewalls.
• Configuration of Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) at central system to manage large scale firewall deployments.
• Configuration and Management of Checkpoint Firewalls R65/R70/R75/R77.10(IPSO/GAIA).
• Implementing of Secure Communications (IPSEC VPN), Branch to Branch VPNs, Third-Party remote access VPNs (VPN Clients) using Cisco ASA 5500 series, Juniper SRX, Checkpoint Firewalls and Palo Alto Firewalls.
• Worked on the migration to new Checkpoint R7x firewalls from Cisco ASA firewalls.
• Handled design, installation, configuration, maintenance and administration of Checkpoint FirewallR55 up to R77, Secure Platform Installation, VPN.
• Upgradation configuration changes, implement the Firewall Rules, configure the NAT, implement the new VPN, troubleshooting and handling the incident on number of vendor's Firewalls (ASA, Checkpoint) and other security products.
• Configuration of security policies including NAT, PAT, VPN, Route-maps, Prefix lists and Access Control Lists.
• Installing, configuring and troubleshooting of Cisco 7600, 7200, 3900, 3600, 2900, 2600, 2500 and 1800 series routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
• Maintenance WAN technologies frame relay, MPLS, HDLC, PPP AND T1/T3.
• Heavily configured various switching techniques like configuring VLANs, VTP, spanning tree and redundancy protocols like HSRP, VRRP and GLBP.
• Worked on authentication protocols PAP, CHAP, 802.1x and Port Security.
• Handled various network monitoring tools like SOLAR WINDS, CISCO works, Wireshark and Splunk.
• Experience in installing and configuring DNS, DHCP server.
• Deployment of IPV4 and implementation of Subnetting.
• Experience in design, installation and configuration of Juniper Netscreen Firewall ISG 1000/2000, SSG series and NSM Administration
• Implementation and configuring F5 Load balancing, proxy servers and Authorization, Authentication & Accounting (Radius, TACACS+).
• Experience in implementation, configuratuion and troubleshooting the Routing Protocols OSPF, EIGRP, RIP, BGP and switched L2 networks VLANs, Trunking, VTP, STP, PVST, RSTP, HSRP, VRRP, and Port Security.
• Expertise in Design, Configuration, Troubleshooting and Support of Security environment with VPN, Firewalls, NAT, Proxy, IPSec, DMZ Solution, IPSEC, Public Key Interchange (PKI) & SSL.
• Working knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender.
• Upgradation of VOIP Call Manager and by implementing Cisco WAAS.
• Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, Wireshark, TCPdump, and Linux operating system servers.
• Working knowledge on IPV4& IPV6, implementation of Subnetting, VLSM and ARP, reverse & proxy ARP, Ping Concepts.
• Advanced knowledge in Linux and Unix Operating Systems, web security devices or proxy - Cisco WSA/CWS and Bluecoat, understanding of global security policies
• Good knowledge in network management using cisco works and HP open view.
• Handled building Network topologies using MS-VISIO.

TECHNICAL SKILLS:

Cisco/juniper Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series) Juniper MX480, MX960, SRX, MX, EX Series Routers and SwitchesNetworking services Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi

Firewall: ASA Firewall (5505/5510),FWSM firewall(6500),Palo Alto (PA-5000/3000), Check Point (R77/R76/R75)

Network Tools: Solar Winds, SNMP, Cisco Works, Wireshark, TCP Dump

Load Balancers: A10 Networks(AX2500),Cisco CSM, F5 Networks (Big-IP)

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1,DS3,OC3, T1 /T3, E1/E3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPSEC, SSL-VPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA

VPN: IPsec, Remote access SSL,VPN, Access-lists, Regular expressions, content based filtering, Failover, Load Balancing (F5 Networks) IDS, IPS, PPTP L2TP, Packet filtering etc.

Operating System: Windows Server 2008/2003,Unix.

Switching: VLANs, VTP, STP, RSTP, InterVLAN routing and Multi-Layer Switching, Layer3 switches, Ether channels, Dot1Q,HSRP,Port Security.

Routing: OSPF, BGP, EIGRP, RIP-2, Route Filtering, Redistribution, Summarization, Static Routing.

PROFESSIONAL EXPERIENCE:

Confidential, Newark, DE

Sr. Network security engineer

Responsibilities:

• Configuration and maintenance security devices Checkpoint R77 Gaia, and Palo Alto.
• Deploying F5 GTM, configuring Wide IPs and pools to load balance the client traffic between the two data centers
• AAA,PAP and CHAP implementation using Cisco Secure ACS 5.x (TACACS+, RADIUS).
• Configuring and supporting various devices Cisco Routers 2600, 2800 and 3600 series using RIP, OSPF, EIGRP and BGP, Cisco Switches 3300 and 2900.
• Worked on Juniper J series j230, M 320 and MX960 routers and EX 3200 series switch.
• Configuration of Checkpoint Firewall as Standard and Distribution deployment to have the network secure and also maintaining Site to Site VPN Connection through the Firewalls.
• Administering and installing Checkpoint Firewall rules and policies.
• Revise Firewall rule conflicts, unused rules and misconfigurations.
• Working on Bluecoat proxy server, Tipping Point Intrusion Protection System management.
• Black listing and White listing of web URL on Bluecoat Proxy servers.
• Handling Network analysis tools like Netscout and Wireshark for troubleshooting the network.
• Working on F5 LTM, GTM series like 6400, 6800, 8800.
• Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required
• Design, installation and troubleshooting networks with hand-on experience with OSPF, ISIS, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.
• Worked with converting Cisco ASA solution over to the Checkpoint VPN rules. Migration with both Checkpoint and Cisco ASA VPN experience.
• Switching related tasks included implementing VLANS, VTP and configuring ISL trunk on Fast - Ethernet channel between switches.
• Involved in troubleshooting of DNS, DHCP and other IP conflict problems
• Performing scheduled backups and storage of Checkpoint management servers and firewall configurations, responsible for performing daily performance status report on all security devices.
• Prepare, update, and maintain technical and logistical network documentation

Environment: Checkpoint,PaloAltoPA-3060,PA-5000firewalls, CiscoASA5510OSPF,BGP,VLAN,HSRP,LAN,WAN,IPV4, Nexus 7K/5K/2K,BIGIP F5 5100(D51), 6400 (D63), Check Point R77, R76, R75, R71devices, Bluecoat proxy server.

Confidential, Mount laurel, NJ

Security Engineer

Responsibilities:

• Configuration and Management of Firewalls like Cisco ASA and Palo Alto.
• Troubleshoot and resolve connectivity issues down to packet level (fw monitor, tcpdump, and packet capture)
• Implementing of Secure Communications (IPSEC VPN), Branch to Branch VPNs, Third-Party remote access VPNs (VPN Clients) using Cisco ASA 5500 series and Palo Alto Firewalls.
• Configuring Bluecoat Proxy and Cisco WSA for Web access, Web authentication and content filtering.
• Joining outage response conference call representing GSOC if any network security related answers are needed on the bridge.
• Being a part of L3 team, majorly responsible handling all escalated issues like rebuilding firewall, upgrading the firewall with recommended OS.
• Managing Tier III Level Load Balancer on F5 BigIP LTM. Analyzing F5 solutions and support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIPLoad Balancers.
• Configuring RIP, OSPF and Static routing on Juniper M and MX series.
• Configured VLAN, Spanning tree, SPTP, SNMP on EX series swit ches.
• Managing and configuring Cisco 7600 and 7200 routers at data center for remote sites’ issues.
• Worked on Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for datacenter access architecture.
• Worked extensively in configuring, Monitoring and Troubleshooting Cisco's ASA 5500 security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Managing Servers using Hardware Load balancer F5and Cisco ACE load balancer by managing internal customized tools and creating of SSL and Digital Certificates.
• Configuring static NAT, dynamic NAT, inside global address overloading, TCP overload distribution, overlapping address translation. experienced with PLC’s and included VRP in IP for allowing multiple instances in routing table and with UCS Blades, as well as with Sonic firewalls.
• Worked on Firemon in order to analyze the risk, risk management and design policies.
• Implemented IP, RTP, TCP, UDP, IPV4 Data Packets capture and analysis using WIRESHARK.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
• Documentation of scheduled Engineering work orders as per the changes going in data center.
• Worked on creating VIP(virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL
• Using Beyond Trust’s vulnerability management software to prevent data breaches, to maintain compliance in ensuring the business continuity.
• Configuring Site to Site IPsec VPN tunnels to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Level 3 support for the global customer across globe and ensuring the SLA meet as defined with customer.
• Create and maintain comprehensive documentation for all implemented security infrastructures.

Environment: Cisco 2900/3550/4500/6500 switches,Cisco 1600/2600/2800/3600/7300 routers, Cisco ASA5510, Checkpoint, Cisco ASA, LAN, WAN, RIP,OSPF,EIGRP,BGP,Nexus2K/5K/7K,VLAN,F5 BigIP GTM/LTM, Bluecoat proxy server.

Confidential, LA, CA

Sr. Data Center Engineer

Responsibilities:

• Configuration and Implementation of Routers & Switches, Access Points and ASA Firewalls.
• Supporting various networking devices including routers 7206, 2800, 1800 Switches 3560 using Solar winds, and L2 switches D-Link., Cisco 2960 & Nexus 5548/96 & Nexus 2248 at Data center.
• Hands on experiences on switching technologies like VLAN, VTP, DTP, STP, RSTP, HSRP, VRRP, CSMA/CD and Port Security.
• Configuring CISCO ASA 5500 series Firewalls (5510, 5550, and 5585) for various application accesses for Application Vendors and implementation teams.
• Worked on ASA routed mode and transparent mode .
• Designing security solutions & zone based Firewalls.
• Hands on experiences on VLSM, Classless Inter Domain Routing (CIDR) and Route Summarization.
• Hands on experiences on Routing protocols like RIPv2, EIGRP, OSPF and BGP.
• Strong experience in Routing policy manipulations - Route-Map, Route-filters and Prefix-lists.
• Implementing back up paths using EIGRP routing protocols.
• Implementation of security policies to secure the Network devices like Switches, Routers, Firewalls, Access Points.
• Hands on experience on WAN link Protocols ATM, Frame Relay, HDLC and PPP.
• Redistribution of routing protocols and Frame-Relay configuration.
• Network Migration from RIP to OSPF.
• Upgrade Cisco Routers, Switches and Firewalls IOS using TFTP.
• Installed and configured DHCP Client/Server.
• Installing and configuring F5 load balancers and firewall using F5 load balancers with LAN/WAN/WLAN configuration.
• Configured LTM (Local Traffic Manager) and GTM (Global Traffic Manager) using F5 Load Balancers.
• Load balanced HTTPs traffic using SSL certificates at F5 Load Balancer Level Hands on experience on NMS - Solarwinds.
• Technical support to domestic as well as International clients.
• Managing and closing of Tickets created by customers by troubleshooting the Network issues within the SLAs.
• Execute TCP/IP & related Services-DHCP/DNS/WINS.
• Analysis of customers LAN/WANs to determine network performance problems. Provided solutions, and documentation.
• Re-engineering of enterprise network designs to meet increasing customer demands.
• Trouble shooting and problem resolution of elusive customer network difficulties.
• Evaluation of new network technologies, management, and analytical tools.
• Preparation of new network technology strategies and implementation recommendations.

Environment: CheckpointR75.40, R77, GAIA, SPLAT,PIX, BIG-IP F5 5110/6400, Cisco ASA5540, ASA5585, LDAP,TACACS,SNAT

Confidential, Basking ridge, NJ

Security Engineer

Responsibilities:

• Configuration of IPsec LAN-to-LAN (IOS/ASA), SSL VPN (Client/Clientless), Easy VPN (IOS/ASA), CA (PKI), Remote Access VPN (IOS/ASA), L2TP on multiple occasion for end customer.
• Experience in design, implementation and administration of VPN Solutions for mobile and remote users using SSL VPN technology.
• Review VPN implementation proposals and Connection Profiles and making changes as per the business requirements.
• Experience in Migration with both Checkpoint and Cisco ASA VPN .
• Troubleshooting the ASA firewalls using appropriate methods and tools like Packet capture, NSEL and syslog messages to ensure error free network.
• Formulate and review security policies, baselines and standards.
• Co-ordinating with Clients for the implementation of end to end connectivity, Planning and scheduling the site activities to meet deadlines without compromising quality norms and adhering to SLA.
• Configuring AAA (authentication, authorization, and accounting) using RADIUS, TACACS+ servers using Cisco Secure ACS.
• Integration of LDAP, Active Directory and RADIUS server to Firewall Using Cisco Secure ACS for efficient implementation of AAA services.
• Monitoring Secure VPN connections and resolving the problems associated with outage issues, latency issues and authentication issues for ensuring secure and error-free connection.
• Identify, Diagnose and analyse the escalated network issues and Follow-up for closure of incidents to ensure system returns to normal state.
• Configuring Virtuals, pools, Members, Nodes, Profiles, iRules on F5 BigIP Load balancers.
• Has a good experience working with the Trouble Tickets on F5 Load balancers.
• Configured Firewall logging, DMZs& related security policies& monitoring.
• Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
• Providing network solutions for the connectivity issues through REMEDY ticket management.
• Providing Technical Support to subordinates for handling technical issues and escalation.
• Handled building Network topologies using MS-VISIO.

Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS,RIP,OSPF,BGP,HSRP, Spanning tree.

Confidential

Network Engineer

Responsibilities:

• Configuring IP routing and VLANs, Access Control Lists, Failover, creating Security contexts (virtual firewall), transparent firewall.
• Handled converting Checkpoint VPN rules to Cisco ASA solution.
• Configuring AAA (authentication, authorization, and accounting) using RADIUS, TACACS+.
• Responsible for Hardware upgrades (network devices), Software upgrades (IOS) and Link decommissioning/ provisioning.
• Managing the group policies and user attributes of end user connectivity.
• Configuring Remote Access VPN and troubleshooting for connection related issues and authentication issues.
• LAN/WAN traffic analysis using Packet Sniffer tools like Wire Shark to understand the Packet Flow and to identify problems and performance issue
• Managing complete network infrastructure and monitoring entire network setup using Solar-winds monitoring system and SCOM Application.
• Worked on Cisco products like Routers - 1800, 1900, 2800, 3845 and Switches- 2960, 3550, 3750 and 4506, Cisco Firewalls.
• Generating clear documentations of implemented network with necessary information for future reference.

Environment: CISCO 1800, 1900, 2800 and 3845 series routers, CISCO 3550, 3750 and 2960 switches, DNS, DHCP.

Confidential

Network Engineer

Responsibilities:

• Responsible for supporting Level 2 escalations like troubleshooting issues, Engineering Changes, Process Management, Maintain Service Level Agreements regarding Network related issues and its resolutions at a minimum possible time.
• Configuration and troubleshooting LAN and WAN related issues on switches and routers. Switches configured include Cisco 6509/6506/4506/3750/3550/ 3500 etc. Routers include 7206VXR, 3845, 2851 and 2621.
• Maintenance and Troubleshooting of connectivity problems using PING, trace route.
• Planning and Implementation of Sub netting, VLSM to conserve IP addresses.
• Monitor the operability and reliability of the network.
• Installation and configuration of DHCP, DNS Server.
• Upgrading IOS, troubleshooting network outages.
• Configured Cisco Routers 2600 series using RIP, OSPF, EIGRP.
• Configured Cisco Switches 2900.
• Resolving all computer issues, monitoring and maintaining system functionality and reliability by identifying ways to prevent system failure.

Environment: CISCO 2600 series routers, CISCO 3300 and 2900 switches, DNS, DHCP, RIP, OSPF, EIGRP.

Confidential

Network Engineer

Responsibilities:

• Upgraded, configured routers 2800 series and cisco catalyst 4500, 4900 switches.
• Key contributions include IOS upgrade for switches and routers, troubleshooting of complex LAN/WAN infrastructure that include configuring firewall, monitoring traffic using Wireshark monitoring tool.
• Working knowledge in IP Subnetting for Class A, B, and C networks.
• Understanding of routing protocols such as OSPF, RIP, EIGRP.
• Analyzed and understood the issues related to DNS, DHCP and other IP conflicts.
• Responsible for Data Backup, System Update, Recovery and Restore, and Spyware removal.
• Installation and management of 600+ host systems.
• Document preparation of design based on MS Visio and MS Office.
• Configuring Ethernet ports at various levels.

Environment: CISCO 2800 series routers, CISCO 4500 and 4900 switches, DNS, DHCP, RIP, OSPF, EIGRP.