PROFESSIONAL SUMMARY

• 7+ years of experience Network & Security Engineer in Administration of LAN, WAN and Security Technologies.
• Experienced in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls
• Configuration of Palo Alto Firewall PA - 5k and CMS
• Advanced knowledge, design, installation, configuration, maintenance and administration of CheckPoint Firewall R55 up to R77, Secure Platform Installation, VPN.
• Experience in configuring firewalls Fortinet, firefly.
• Utilized the Blue Coat Proxy, SIEM, SOC, Tuffin, IPS/IDS
• Advanced proficiency in designing, deploying, and maintaining perimeter security devices such as IPS, IDS, Radware, etc.
• Experienced Checkpoint Firewall, Security and Network Administrator.
• Good Knowledge on bluecoat Proxy (white listing, blocking URLs, PAC file changes etc.).
• Analyzed network traffic with Splunk and ArcSight tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs. 
• Advanced knowledge in design, Installation and configuration of IPS/IDS, FireAMP, Lanco and other security devices.
• Real-time experience in designing and assisting in deploying enterprise wide Network SSL Security and High Availability Solutions for ASA.
• Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP.
• Advanced knowledge in design, installation and configuration of Juniper NetScreen Firewall ISG 1000/2000, SSG series and NSM Administration.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers, Cyber Security, Amazon Web Service (AWS), and Bluecoat URL filtering & Packet Shaper systems.
• Configuration and maintenance of SIM/SIEMS tool - QRadar , Splunk & Arcsight
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance.
• Upgrading the Imperva WAF and DAM module to the latest released version.
• Implementation and administration of Juniper WX/WXC devices for WAN Traffic acceleration
• Technical knowledge & proficiency in system administration, network maintenance, hardware maintenance, OS
• Fulfilling routine change requests of Firewall and resolving trouble tickets, maintain and monitoring firewalls using scanning software Nesses
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Juniper, Check Point Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration.
• Experience in handling Infoblox tool for DHCP and DNS.
• Experienced in DHCP DNS, AD, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management and system troubleshooting skills
• Experience in managing and migration of large scale enterprise networks, extensive knowledge in developing test plans, procedures and testing various LAN/WAN products and protocols
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP
• Manage network capacity in cooperation with the Network Operations Center (NOC)
• Worked on implementation strategies for the expansion of the MPLS VPN networks

TECHNICAL SKILLS

Protocols: NAT, VTP, VLAN, TCP/IP, UDP, ARP, NTP, EIGRP, OSPF, RIP, SSL, VPN, HTTP, HTTPS, FTP, POP3, SMTP, DNS, ICMPSwitches: Cisco Catalyst VSS 1440/2960/4900/6513

Routers: Cisco Routers ASR 1002/2600/3945/7606

Firewalls: Palo Alto PA 500/2k/3k/5k, Checkpoint R65/R70/R77/Firewall-1, Cisco ASA

Languages: C/C++,Python, Java, Ruby and BASH.

Operating Systems: Windows XP/7, RHEL

PROFESSIONAL EXPERIENCE

Security Engineer

Confidential, Las Vegas NV

Responsibilities:

• Worked as Primary Perimeter security engineer and lead security project initiatives that protect the Caesars IT enterprise network
• Worked as an advisor to the properties and network/infrastructure teams and offer solutions to new risks and threats 
• Working on Firemon for network security policy audit and PCI/DSS compliance audit
• Provided Support to the Security Operations & Engineering (SOE) team on activities working directly with the network/infrastructure teams and project teams and take on hands-on work as needed (e.g., tight deadlines, issues, etc.) 
• Leading onboarding calls with customers to address all technical consideration like Network related questions, who are interested to following cloud service providers such as Microsoft Azure, Amazon Web Services, Cisco WebEx, Sales Force, Box, Blue Jeans and addressing all technical networking questions.
• Worked with the SOE team with penetration testing and vulnerability threat assessments, security reviews and assessments, firewall rule changes, IPS fine-tuning, etc. as needed, of new systems, network changes, third-parties, etc. as part of projects 
• Create policies, alerts and configure using SIEM tools (Splunk, SolarWinds, LogRhythm, ArcSight.
• Configured IPSec tunnels with Palo Alto to enable secure transport and cloud-based/site-site VPN to both   Azure  and AWS.
• Worked on bluecoat Proxy servers, initial setup of web proxy server and configuration
• Supported the SOE team with the DDS NIS Protection Systems once they are in place (including various infrastructure and network security tools such as firewalls, IPS, anti-malware tools, etc.) 
• Wrote an automated script in  Python for OWASP ZAP to reduce time spent conducting scans.
• Performed oversight and monitoring of network and system controls through the use of existing security solutions, such as Firewalls, IPS/IDS, DDoS Prevention solution, etc. 
• Coordinated day-to-day operational tasks performed by the managed services provider (when required) 
• Experience on working with heterogeneous tool named Firemon for policy optimization
• Assisted with reviews of company projects and provide input on potential risks, threats, and appropriate solutions to meet information security requirements. 
• As needed, ensured timely responses to information security requests in the Remedy ticketing system and Service Now.
• Migrated 9 Firewalls from old Junipers to Checkpoint R77.30.
• Worked on security tools and software’s like Cisco WSA, Qualys, Splunk, Symantec Endpoint Protection, Bit9, HP Network Node Management
• Worked on the Project Resource for Installation & Implementation of CastNet Project (Firewall Setup and Servers setup in DMZ).
• Configured, Administered & Installed Palo Alto, Checkpoint and Juniper firewalls.

Network Security Administrator

Confidential, New York City NY

Responsibilities:

• Manage firewall policy lifecycle process from review, approval, implementation, publishing, verification and maintenance
• Configure, manage, and upgrade FW, IDS, IVS, IPS, TAP’s, Xstream load balancers (XLB), Encryption and a wide variety of other security products/appliances.
• Configuring and Troubleshooting Cisco Firewall/ASA, Checkpoint FW, Bluecoat ProxySG and Cisco Ironport. 
•   Deployed and configured VPN appliances including ASA 5500 for site-to-site VPN, DMVPN and Any Connect with LDAP based authentication and Cisco ISR 4451 for AWS, MS   Azure  VPNs 
• Worked on Firemon with Security manager in providing the reports or policy status for audits
• Worked on implementation of Firemon by adding multiple Clusters and Management
• Experience in working with Firemon on adding multiple domains and forwarding logs from different platform appliance to Firemon
• Performed Checkpoint firewall upgrade of 20 firewalls from R55 to R65.Administered Juniper 50, 200, 500, and SSG 520 firewalls.
• Proficient in Palo Alto Next-Generation Bluecoat web proxy, HP ArcSight, Splunk Enterprise, Wireshark, FireEye, and various internet tools to assist in analysis.
• Experience on Cyber Security & Penetration Testing tools such as, Metasploit, SQL Map, Appscan, Burp Suite , Nmap , Nessus Vulnerability Scanner and familiar with shell scripting
• Implementing and Managing VPN Networks of the Customer through Checkpoint R75 firewalls.
• Analyze and review security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Radware, and other security threat data sources.
• Expertise in standardizing  SIEM Splunk Forwarder deployment, configuration and maintenance across UNIX and windows platforms. 
• Configured firewalls Fortinet, Palo alto, firefly etc.
• Lead migration project of replacing Juniper SSG site-to-site VPN infrastructure to a Checkpoint 1100 global VPN mesh.
• Worked on Citrix Netscalers for accelerating performance and ensuring that applications are always available and protected.
• Responsible to check the SPLUNK logs for web server so as to avoid server time down during production. 
• Worked on all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system
• Performed system and network audits against FISMA and FIPS200 regulatory requirements
• Worked on Cisco 871 DSL, IAD, 1800, 1900, 3900, 7200 series routers
• Third Party VPN migration from old data center to new data center.
• Designed and implemented Windows networks and Active Directory (AD) and security group hierarchy based on delegation requirements
• Implement Cisco Secure Intrusion Detection Sensors, IDSM and CSPM to monitor network activities
• Configure and maintain Windows NT/2000 environment services, including Active Directory, DFS, WINS, DNS, DHCP, file replications and logon scripts.
• Develop and automated scripts for tools using embedded scripts and some  python. 
• Configuration and maintenance of Juniper Net Screen SSG -550.
• Experience with working on cisco switches like 2960, 3750, 4500, 6500
• Designing, Implementing and Troubleshooting Cisco Routers and Switches using different routing protocols like RIP, OSPF, EIGRP, BGP, ISIS & MPLS L3 VPN, VRF
• Implement LAN protocols like STP, RSTP, VTP, VLAN and WAN protocols like Frame relay, PPP, port channels protocols like LACP, PAGP
• Implemented VLAN, VTP domain, trunking and Ether Channel on Cisco 5500 switches

Confidential, San Francisco CA

Responsibilities:

• Troubleshooting complex CheckPoint issues, Site-to-Site VPN related
• Performed upgrades for all IP series firewalls from R65-R75
• Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments
• Support for all firewalls and related environments
• Checkpoint firewall upgrade from R55 to R65 for remote sites.
• Supported Bluecoat proxies for URL filtering and content filtering.
• Detailed knowledge of SNMPv3, Syslog, Net flow management protocols
• Documented network problems and resolutions for future reference.
• Experience with Imperva Web Application Firewall (WAF and DAM).
• Assisted in troubleshooting complex layer 1, 2 and 3 connectivity using Wireshark protocol analyzer and recommended solution for better performance.
• Implement SecuRemote VPN for high speed remote access.
• Monitoring Arcsight tool(SIEM) and managing logs. Troubleshooting and escalating security alerts like malware, Mcafee, Mssql, wintel, Unix, Oracle alerts.
• Risk assessments where done using Nessus, and Internet scanner, on a monthly basis to help ensure that risks to the network are mitigated in a timely manner.
• Utilized the Blue Coat Proxy, SIEM, SOC, Tuffin, IPS/IDS.
• Propagate local changes from Infoblox members to master and vice versa using Infoblox grid.
• Experience on device-based policy for application access, automatically confirm compromised hosts with Palo Alto.
• Managed Smart Center Checkpoint management server (SmartView Tracker).
• Imperva SharePoint 2010, Imperva WAF, Fortigate.
• Managed Checkpoint Firewalls from the command line (cpconfig and Sysconfig)
• Installing and setting up Firewall Analyzer product to facilitate consulting on an IDS deployment project, using my Cisco Nexus 7k/5k experience to place IDS devices globally
• Working and commenting on global firewall polices.
• Used Palo Alto for Reporting and Logging and to Reduce Risk by Enabling Applications.
• Migration with both Checkpoint and Cisco ASA VPN experience
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500
• Implemented and troubleshooting the Virtual firewalls solutions in ASA
• Providing input on day-to-day security architecture policies and procedures.
• Firewalls are R65 and R70 clusters. Administration of Juniper firewalls at corporate and remote locations.
• Developing systems and process to protect, various user groups while accessing public Internet content from malicious hack attacks
• Perform troubleshooting through command line interface
• Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches
• Network migration from OSPF to EIGRP

Network Security Engineer

Synnex, Fremont, CA

• Configuring multiple Cisco 6509 with MSFC2, 3500, 2948G-L3 switches, 2600 and 3600 routers, Frame relay, dedicated T1s and ISDN lines Implement network security for remote access
• Configure and maintain Windows NT/2000 environment services, including Active Directory, DFS, WINS, DNS, DHCP, file replications and logon scripts.
• Worked on Cyber Security & penetration tool such as Armitage , Nmap, AppScan , SQL Map
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Responsible for setting up Web Application Firewalls (WAF) like SQL injection, http conversation.
• Configuration and maintenance of ACL lists on Cisco routers
• Worked on Cyber Security & penetration testing tool such as Ettercap , Nmap
• Responsibility includes regular maintenance, security patch update and troubleshooting
• Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Knowledge of Juniper environment including SRX, Junos Space and ScreenOS.
• Administration and management of all firewall environments.
• Supported F5 ASM and McAfee IPS in an eCommerce environment providing WAF security and IPS for over 90 public financial web applications.
• Management of each firewall is done remotely and onsite at client sites
• Black listing and White listing of web URL on Blue Coat Proxy servers.
• Upgrading Radware Appwall WAF (Web application firewall) and fixing hot fixes and patches.
• Managed network IP access via Dynamic Host Configuration Protocol (DHCP)
• Redistribution of routing protocols and Frame-Relay configuration
• Prepared technical documentation of configurations, processes, procedures, systems and locations

Network Technician

Confidential

Responsibilities:

• Setting up Checkpoint devices, configuring, maintaining and troubleshooting
• Perform network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), CISCO, TCP/IP, and Checkpoint firewalls
• Setting up Windows server 2000/2003 as domain controller & adding client machines to domain
• Managing Agilent software and configuring it on LAN
• Managing remote Location user PCs at grid stations and troubleshooting the same either remotely or visiting the clients as and when required
• Advance Knowledge in Cyber Security and Ethical hacking
• Creating SQL Database, everyday Backup and maintenance plans
• Installation and configuration of Thin Client Pc's
• Re-punching of around 200 points done on jack panel, managing of Network Cables in the Server room
• Manage LAN & WAN and Bluecoat proxy servers
• Provides technical expertise in configuration and troubleshooting of various IP routing protocols including OSPF, EIGRP, and BGP
• Troubleshooting Network Problems