SUMMARY:

• 6+ years of professional experience in Networking and security, design, Implementing, performing Network analysis and support of large Networks.
• Experience in Configuration of all Palo Alto Firewall models such as PA - 3k and PA-5k, centralized management system (Panorama) to manage large scale firewall deployments.
• Strong hands on experience in configuring and troubleshooting of Cisco ASA (5540/5550) Firewalls, Checkpoint Firewalls and Juniper SRX Firewalls.
• Configuring Rules in Palo Alto Firewalls & Analysis of logs using various tools like NMAP, Solar Winds, Wireshark, and Splunk.
• Performed deep packet analysis to troubleshoot application issues using tool like Wire-shark .
• Strong knowledge in KILL CHAIN and mitigating various attacks such as ZERO-DAY ATTACK, DOS & DDOS ATTACK.
• Worked on Load balancers such as F5 Local Traffic managers (LTM), Global traffic manager (GTM) of series 8900, 6400, 6800, 3400, 5100, 3600 and Citrix NetScaler .
• Implementing standard security measures on all the Routers and Switches. Configuring AAA on all network devices with TACACS+ and RADIUS .
• Maintained Bluecoat proxy manager.
• Expertise in installing, configuring, and maintaining Cisco Switches, Cisco routers, Nexus 2k, 5k and 7k switches, and Juniper MX and EX Devices.
• Hands-on configuration and experience in setting up Cisco routers to perform tasks at the Access, Distribution, and Core layers.
• Worked on configuration and troubleshooting of routing protocols such as EIGRP, OSPF, and BGP.
• Enhanced level of knowledge with WAN technologies like E1/T1/E3/T3, HDLC, Frame-Relay and PPP.
• Advanced Knowledge in IPSEC VPN, DMVPN, SSL VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in troubleshooting various layer 2 and 3 issues related to VRF . Configured Cisco 7600, 7200 series routers for MPLS VPN connectivity and VRF tables on Edge routers for customer usage of the MPLS network .
• Experienced in the setup of complex routed LAN and WAN networks, MPLS, DS3 with Physical Labeling and IP Addressing
• Implemented traffic filters using Access list, Distribution list, prefix lists, route maps and policy based routing.
• Sound knowledge on IP Addressing, Sub netting, VLSM, VTP, ARP and Ping concepts.
• Experienced in configuring and troubleshooting layer2 technologies such as VLAN Trunks, Inter-VLAN routing, STP, RSTP, PVST and MSTP
• Experienced with layer 2 security features such as Private VLAN, VLAN ACL, Port security, CAM Table overflow, AAA (securing passwords), IP Spoofing, Rough DHCP & proxy Attacks Dynamic ARP inspection and STP Security features.
• Extensive knowledge in working with PANOS, Cisco IOS, JUNOS and NX-OS.
• Strong knowledge in configuring redundancy protocols such as HSRP, VRRP on core switches & routers and ether channel technologies (LACP, PAGP).
• Good Level Knowledge about TCP/IP and OSI models.
• Knowledge with 802.11x wireless technology.
• Experience in implementing the setup such as VPC, Routing, Route traffic through the AWS instance.
• Knowledge in Creating DMZ segmentation in AWS and solving AWS routing issues.
• Experience with the python & Perl Scripting to automate.
• Experience in Azura Palo alto VM deployment.
• Expert in Managing IP address blocks, Address inventory, DHCP scopes for the inside network infrastructure and DNS through IPAM Infoblox.
• Efficient at use of Microsoft VISIO/Office for technical documentation and presentation tools.

TECHNICAL SKILLS:

Cisco Routers: Cisco 7609, 2600, 2800, 2900, 3800, 3640, 810 Cisco 37 45, 7200 Series.

Network Management: Network Administration of SSH, Telnet, SNMP, SDM, ICMP, Cisco Works. Network Troubleshooting, Hardware Troubleshooting.

Networking Protocols: RIPv2, IGRP, EIGRP, OSPF, BGP, TCP/IP, IP Sec, UDP, VRRP, HSRP, ATM, MPLS, HTTP, FTP, STP, RSTP and PIM.

Cisco switches: 2900 series, 3560, 3750, 4500, 6500, Nexus 2K, 5K, 7K switches.

LAN Technologies: VLAN, Private VLAN, Spanning Tree, VTP, 802.1Q Trunkin, Fast Ethernet, Gigabyte Ethernet, IGMP & IGMP Snooping.

Network Security: Cisco ASA5550/ 5540,NetScreen, Sonic Wall, Juniper SRX, Palo Alto, AAA, Firemon, Filesystems, FREE RADIUS, CADA, LDAP, IPsec VPN, SSL SAN,VPN, IDS, IPS, Source Fire, Fire Eye, Aruba, RSA, RSA 2 Factor, SIEM, Qradar, Tripwire ACL, IPsec, VPN, Port-security, Zone-Based Firewalls, IDS/IPS, IOS based Build a Lab for the team using various Aruba controllers, Switches.

PROFESSIONAL EXPERIENCE:

Sr. Network Security Engineer

Confidential, Woodland Hills, California

Responsibilities:

• Reviewing & creating the Firewall rules and monitoring the logs as per the security standards in Palo Alto Firewalls.
• Pushed Policies from Panorama to Firewall in Palo Alto, and also Configured and Maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto.
• Implemented many number of security policy rules and NAT rules on Palo Alto, created Zones, implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN.
• Configured High availability, User ID, AppID and Global protect on Palo Alto firewall.
• Migration from Juniper, Cisco ASA to Palo Alto firewall.
• Backup and restore of Cisco ASA Firewall policies.
• Experience with Cisco ASA 5500 series firewalls.
• Designed, configured, implemented VPN Tunnels using IPSec encryption standards and implementing site-to-site VPN, Remote Access VPN on ASA Firewall .
• Implemented failover (Active-standby and Active-Active) and clustering with ipv4 & ipv6 on ASA Firewall.
• Configured and implemented dynamic routing protocols, ACL and Object Groups on Cisco ASA Firewall.
• Implemented CTP using TACAS+ and RADIUS on Cisco ASA Firewall.
• Configuring Site-Site VPN, Clustering, ISP redundancy on Checkpoint Firewall with R77 GAIA.
• Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
• Worked on software blades of CheckPoint firewall.
• Administering multiple Firewalls, in a managed distributed environment and Monitoring the network traffic with the help of Qradar and Cisco IPS event viewer.
• Experience with networking tools for analyzing the real-time traffic flow of the packets, Wireshark, Solarwinds Orion NPM for network monitoring and troubleshooting tools. .
• Implementing, Managing and troubleshooting Aruba ClearPass Appliance along with Designing.
• Worked with implementation of Cisco Meraki wireless environments.
• Configured the Clearpass servers to provide secure wireless connectivity for all corporate laptops using two factor, machine and user authentication.
• Configure and support F5 and A10 load balancers, and plan, implement and maintain enterprise security environments comprising of perimeter security, VPN's, virtualization, authentication controls, and other features.
• Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series for higher.
• Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, ASA, Netscreen devices for easier management and common configurations.
• Design and create dedicated VLANs for voice and data with for prioritizing VOICE over data on catalyst switches and basic VOIP configuration protocols such as H.323, MGCP, SIP, and SCCP.
• Experience with setting up MPLS Layer 3 VPN cloud in data center and also working with BGP WAN towards customer
• Configuration of routing protocols OSPF and BGP for small to medium sized branches based on company branch standards, including redistribution and route maps.
• Configuring new Nexus based devices and replacing the old 6500 catalyst devices in the environment as part of the End-of-life Project.
• Experience on managing Network-based Intrusion Detection/Prevention Systems (IDS/IPS).
• Experienced in Data center design, installing and configuring Network devices in a datacenter including patching the cables in the patch panel. Design and configuring the entire network infrastructure devices including Network printers and Registers.
• Configuring High availability on Cisco WLC's, adding Access points on Cisco wireless controller.
• Implemented inter-VLAN routing (on Juniper EX 3300 and EX 3400 switches) among the VLANs to allow communication on larger internetworks .
• Documenting all network changes and upgrades using Visio and Excel.

Environment: Cisco 2948/3560/4500/3560/ 3750/3550/3500/2960 6500 switches and Cisco 3640/12000/7200/3845/3600/2900/2800 routers, Cisco Nexus 7K/5K, Cisco ASA 5500,PaloAlto, F5 BIGIP LTM,OSPF,BGP,EIGRP,LAN,WAN,VPN,HSRP

Network Security Engineer

Confidential, Quincy, MA

Responsibilities:

• Installed and configured ASA5520 in customer locations.
• Hands on experience on F5 Load balancers.
• Responsible for maintaining Active Directory applications.
• Performed Network Address Translation on Cisco ASA 5520.
• Configuring failover and working on SSL-VPN when in active/standby failover on ASA
• Proficient in configuration of Cisco ASA firewall layers to secure the infrastructure for the Data Center.
• Planned, designed, and configured ASA 5580 Firewalls with software version 8.0, Cisco Load balancers, VPN concentrators, and implemented QoS and performing traffic engineering.
• Worked in configuring, Monitoring and Troubleshooting Cisco's ASA 5500 security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Experienced in Troubleshooting clientless VPN issues.
• Configured Site to Site IPsec VPN tunnel between data center and vendor.
• Knowledge on Juniper SRX 240 Firewalls.
• Configuring security policies on Juniper SRX240, SRX650 and SRX3600 based on the web and content filtering using the JunOS Space and CLI.
• Administering multiple firewall of Juniper/ NetScreen, in a managed distributed environment and Policies between secure zones using NSM (Network Security Manager).
• Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
• Installed and configured IPS and IDS services using the Juniper IDP devices.
• Implement URL filtering requests in Bluecoat Proxy SG for website blocklist and whitelist purpose.
• Configured Security policies including NAT, PAT, VPN, Route-maps and Access Control Lists.
• Experience in WAN connectivity using Cisco routers by using T1, T3 connections and its troubleshooting issues.
• Configured and troubleshot OSPF in single area and multiple areas.
• Extensive experience in designing and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configured HSRP, VRRP for High availability on Core Switches.
• Configuration and troubleshooting link state protocols like OSPF in single area and multiple areas
• Work on different connection medium like Fiber and Copper Connectivity.
• Monitored the ticket queue for incoming tickets; updated tickets in accordance to Service Level Agreement requirements and escalated based on severity levels using Remedy.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Experience in creating virtual servers, nodes, pools and rules on BIG-IP F5 in LTM module.
• Experience working with high availability and implemented it on F5 load balancer.
• Migrated Frame-relay based branches to MPLS based technology using Multi-layer stackable switch like 6500 series and 2800 series routers.
• Configuring High availability on Cisco WLC's, adding Access points on Cisco wireless controller.
• Experienced in configuring L3 protocols (IP, BGP, OSPF, EIGRP, IGRP), redistribution, summarization, Filtration (using distribute list, route map, prefix list, access list).
• Experienced on OSPF using features like TSA, SA, NSSA and route summarization. Organized EBGP/IBGP rules also implemented BGP attributes such as Local preference, MED, AS-PATH Prepend, Community and Weight.
• Deployed the switches in high availability configuration with HSRP.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features
• Network documentation using Microsoft Visio.

Environment: Cisco 3750/3550/3500/2960 switches and Cisco 3640/7200/6500/3845/3000/2800 routers, TACACS, EtherChannel, OSPF, BGP, VLAN, HSRP, LAN, WAN, IPV4, ASA Firewall, Juniper SRX, Nexus 7K/5K/2K, F5 BIGIP LT

Network Engineer

Confidential

Responsibilities:

• Managing and upgrading IOS image files and taking configuration back-up.
• Extensive technical experience working with VPN technologies (IPSEC, SSL VPN, WebVPN, AnyConnect, DMVPN).
• Providing technical consultancy for better application response using QoS.
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to-point site.
• Configured HSRP, VRRP, GLBP and VLAN Trunking (802.1Q & ISL), VTP, STP, RSTP, PVST+, Port Security on Catalyst 6500 switches.
• Designed ACLs, VLANs, Inter-VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
• Configured OSPF on CISCO devices with multiple routing processes and redistributed them. Tested and hands on experience in multi area OSPF topologies.
• Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
• Performed lab testing for network connectivity .
• Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
• Configuring and troubleshooting OSPF routing protocol on the corporate network.
• Knowledge with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP addressing.
• Work with Cisco routing on ASR routers with Access list and route maps.
• Configuring/Troubleshoot issues with the following types of routers Cisco (7200, 6500, 4500, 1700, 2 600 and 35 00 series), to include: bridging, switching, routing, Ethernet, NAT, and DHCP, as well as assisting with customer LAN /MAN, router/firewalls.
• Configured ACLs to provide accessibility and restrict unauthorized users.
• Build and maintain Visio documentations for Clients.
• Working on HP open view map for Network Management System and Ticketing.
• Working on security levels with RADIUS, TACACS+.
• Implementing iRules on LTMs for http traffic redirection on LTM and GTM devices.
• Configuring pools, Snats, health monitors on LTM and GTM devices (F5 & A10).
• Installed, configured and maintain with the latest updates on the 3700, 3800, 7 200 and 76 00 Cisco Routers and 2960, 3750, 3560, 6500 Switches.
• Configured VPC, FEX and VDC's on Nexus 5K, 7K and familiar with 9K.

Environment: Cisco 3750/3550/3500/2960 switches and Cisco 2600/7200/3600/6500/3000/2900 routers, OSPF, BGP, VLAN, HSRP, LAN, WAN, IPV4, Nexus 7K/5K/2K.

Network Support Analyst

Confidential

Responsibilities:

• Responsible for monitoring and reporting error incidents for remote location servers
• Create tickets for cloud database servers using Maxima Cloud.
• Worked as L1 network (NOC) Engineer support and responsible for escalation of Redstone ISP client’s issues
• Experience in Active Directory, GPOs, DNS, DHCP, File & Print Server, IIS (Web Server), FTP, Terminal Server, RIS, RRAS, NAT, WSUS, Microsoft Clustering, Exchange Mail Server and ISA Server installation, configuration and maintenance
• Installed, Configured and Implemented Terminal Server (TS) Remote App on IIS 7.0 Windows 2008 R2 published applications using TS Web Access, Remote App program and TS Gateway
• Implemented Microsoft Clustering for IIS Web Servers
• Installation, configuration and maintenance of Windows Servers 2003 and 2008
• Responsible for maintaining Active Directory applications
• Installation and configuration of DNS, DHCP, IIS WEB and FTP servers
• Responsible for report generation of Daily, weekly to tape, differential and incremental, and Monthly backups of remote database servers.
• Through presentations at client sites, enabled them to meet various technical standards related to IPv6 and their technology enhancements
• Experience testing and troubleshooting layer1 circuit, layer 2 devices and WAN connections establishment and protocol debugging.
• Worked on Routers Cisco 2620, 3 750 and 29 50 Switches & Link sys wireless access points.
• Experience in WAN connectivity using Cisco routers by using T1, T3 and frame relay connections and its troubleshooting issues.
• Liaison with ISPs related to circuit problems; raised tickets with Remedy ticketing system and related Remedy to HP OpenView system
• Performed troubleshooting of routers, and installed and configured Cisco Multi-Layer Switches like 3550.
• Managing various activities in setting up Data Centers & Disaster recovery centers
• Knowledge in OSPF, EIGRP and RIP
• Preparation of all Branches Link up time/down time report to maintain SLA with Customer
• Build and maintain Visio documentations for Clients
• Use of TCP Dump to troubleshoot access issues.
• Installing service pack upgrades.
• Configuring Port Mirroring, VLAN, STP, RSTP, SNMP, and Routing Policies on switches
• Maintaining all the network devices routers, switches