PROFESSIONAL SUMMARY:

• A passionate Network Security Engineer, with 8 plus years of experience in IT, Health and Finance industries with specialization in Datacenter Management and enterprise wide security. Experience in configuring, optimizing, and troubleshooting of complex network infrastructure which includes expertise at enterprise - wide Routing, Switching, Network Security and Wireless domains.
• Experience in configuring, designing and troubleshooting security policies, NAT policies, routing and different failover mechanisms on Palo Alto PA-7000,7050,5260,3260 series, Cisco ASA 55XX, Juniper SRX, Check point R77 Series, Fortinet’s Firewall.
• Expertise in migrating Cisco ASA and Fortinet firewalls to Palo Alto’s Next-Generation Firewalls using PAN migration tool/ Expedition Tool.
• Extensive knowledge in Configuring, troubleshooting and monitoring Palo Alto Firewalls from central management device Panorama M500.
• Expertise in implementing IPS/IDS.
• Expert in configuring Threat prevention which includes Anti-Virus, Anti-Spyware and Vulnerability and implementing File Blocking, Wildfire analysis and DoS protection on Palo Alto Firewalls.
• Expertise in configuring and deploying Global Protect VPN with multiple Gateways and rolled out to 30k+users .
• Expertise with configuring, Implementing and Troubleshooting remote access solutions like IPsec VPN, Remote VPN, SSL VPN, DMVPN.
• Extensive knowledge in implementing URL filtering, application-based policies and implementing zones.
• Strong knowledge on mitigation of DDoS attack’s, IPsec & SSL implementation on Cisco and Palo Alto firewalls.
• Experience in Kill Chain management.
• Strong hands on experience in install, configuring and troubleshooting Cisco 7200,3800 series routers.
• Expert level knowledge of troubleshooting, implementing, optimizing and testing of static and dynamic routing protocols such as EIGRP, OSPF, iBGP, eBGP and ability to interpret and resolve complex routing issues.
• Hands-on knowledge on Citrix NetScalar, F5 Big-IP Load balancing (LTM & GTM) method implementation and troubleshooting.
• Strong hands on experience in implementing, configuring and troubleshooting Data Center Switches like Cisco Nexus 7k and Arista Switches.
• Expert level knowledge on standard and extended ACL’s. Versed with Route-map; implemented Policy Based Routing, Redistribution.
• ClearPass policy manager and ClearPass guest access manager to authenticate wireless users, Worked with Aruba Virtual Mobility Controller and AP’s. (Aruba 6000 controller, Aruba AP65, 70, 124, 125).
• Experience in installing and configuring DNS, DHCP and Forward Proxy servers.
• Expert level Knowledge in OSI model, in depth knowledge and hands on experience on IPV4 addressing, subnetting, VLSM, ARP, reverse ARP, proxy ARP and ICMP concepts.
• Packet analysis tools such as Wireshark and monitoring tools like SolarWinds, Nagios, Netscout and SIEM tools like Splunk, QRadar.

SKILL:

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, WAPs, IEEE 802.11, Token Ring, Workgroup, Domain, HSRP, DNS, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Technologies: HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet, ATM, SONET, MPLS, VPN, IPsec-VPN.

Routing Protocols: OSPF, EIGRP, BGP, RIP v1/v2, Route redistribution, Route filtering, Summarization, Static & Default Routing, Distance vector, Path Vector, Link state, OSPF, BGPv4, MP-BGP.

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP& VTP Modes, VTP Pruning, HDLC & PPP authentication (PAP & CHAP), Spanning Tree Protocols like PVST+, RSTP, MST, BPDU (Guard and Filter), Multi-Layer Switching, Port security, VSS, and CEF.

Network Security Technologies: ASA 5550/5540 Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 3050, PA 5260, PA 5220, PA 5250, PA7050, Check points, Access Control Lists, IPsec, IDS, and IPS, McAfee Security Center.

Firewalls: Palo Alto, Cisco ASA 55XX Series, Checkpoint Appliance, Juniper, fortigate

Network Management: Wireshark, SNMP, Netflow, Solar winds, Tufin, Splunk, Qradar, NESSUS Security Center, SYSLOG, NTP, DHCP, TFTP.

Load Balancers: F5 Networks (BIG-IP) LTM, GTM, APM, ASM 6800, 6400,2000s and 1500 and Citrix NetScaler

GRE Tunneling, Remote Access VPN, Site: to-Site VPN, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, ACL- Access Control List, IPS/IDS, NAT, PAT.

NEXUS Features: VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Cisco IOS, PANOS, NEXUS: OS

WORK EXPERIENCE:

Confidential, Austin, TX

Network Security Engineer

Responsibilities:

• Various greenfield and brownfield large dispersed Cisco ISE deployments for TACACS+ device administration and RADIUS Wired/Wireless/VPN endpoints using AD, SecurID, and RADIUS External Identity Sources.
• Migrated of Cisco ACS to Cisco ISE, virtual ISE appliances to physical ISE appliances, forklift rip and replaces, patches and software upgrades.
• Tasks include installing software on Linux based systems, installing patches and upgrades, configuring the authentication systems to support a variety vendor platforms.
• Review, approve and provision tokens for user authentication. Enable locked user accounts. Perform periodic audits of users and groups in the authentication system.
• Designed and deployed automation for network configuration, troubleshooting and monitoring.
• Developed customized monitoring checks, alerting, reporting and business intelligence.
• Performed several network and security review and remediation projects including Cisco ACS, Cisco ISE, Aruba ClearPass, Cisco network infrastructure, and Juniper network infrastructure.
• Good understanding in setting up IPv6 tunnels via MPLS core, IPv6 based IBGP core, IPv6 DMPVPN, GREs VPLS, BGP multihomed ARIN prefix allocation
• Expert level knowledge on standard and extended ACL’s. Versed with Route-map; implemented Policy Based Routing, Redistribution.
• Designed and deployed Palo Alto Network physical/virtual firewalls in private/public cloud infrastructures and datacenters. Worked with F5BigIP LTM appliances, written I Rules, SSL offload, and everyday WIP and VIP tasks
• Software upgrades of F5 Load-balancers, Juniper switches and Cisco Nexus switches time to time in order to meet compliance.
• Implemented Security system, Intrusion Detection System and protocols like GRE, VPN, IKE, TACACS, RADIUS etc.
• Assisted in deploying and troubleshooting VPN tunnels (IPsec, open VPN). Also, managed site to site VPN connectivity, its capacity and redundancy.
• Expertise with setting up NAT to secure resources in LAN by enabling PAT (Dynamic NAT Overload).
• Configured ADS (Active Directory Sever) and LDAP with Palo Alto Firewall to authenticate User IDs.
• Configured TACACS+, LDAP, IPSec and RADIUS for Cisco ASA and Palo Alto firewalls.
• Expertise in Conducting security policy rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
• Worked on AWS to Corporate connectivity and AWS EC2, Auto scaling, NAT Gateways. Managed Cisco PIX firewall for ACL and VPN and also worked with the physical server migration to AWS data center.
• Involved in designing and implementation of AWS network and connectivity b/w physical and AWS DC and designing and deploying dynamically scalable, highly available, fault tolerant and reliable applications on AWS.
• Established BGP peering between onsite datacenter in Newark and AWS cloud.
• Involved in troubleshooting network for health issues and reduced network downtime by using monitoring tools like Splunk and SolarWinds.

Confidential, Arlington, TX / NJ

Network Security Engineer

Responsibilities:

• Responsible for managing and maintaining Data-center, DR and network Infrastructure. Respond to outages, user problems by triaging and troubleshooting, plan for Device & OS upgrades.
• Have implemented OSPF within the four areas I administer. Setup Data-center and DR in area 0 and other regions in different areas.
• Install, configure, administer, deploy and document firewall infrastructures.
• Migrated Cisco ASA Firewalls to Palo Alto Firewalls and Installed Palo Alto PA 7000, 5260,5250 firewalls to the Data Center and maintained IPSec and SSL VPNs.
• Performed Firewall migrations from ASA 55XX Series to Palo Alto using the PAN Expedition Tool.
• Configuration of firewall (Palo Alto) security policies, Global Protect VPN, URL filtering, Data filtering and file blocking Profiles.
• Currently working on Palo Alto (3050, 5060,7000) and Panorama 100, 500 series machines, (PAN - OS 8.6).
• Troubleshoot, Conduct Scans and Access Network issues, then patch Vulnerabilities and Mitigate DDoS attacks on Palo Alto Firewall.
• Use App-ID and URL Filtering for allowing or denying the Web Traffic and also prevent Hosts from accessing Malicious Websites.
• Configured ADS (Active Directory Sever) and LDAP with Palo Alto Firewall to authenticate User IDs.
• Configured TACACS+, LDAP, IPSec and RADIUS for Cisco ASA and Palo Alto firewalls.
• Expertise in Conducting security policy rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
• Configure & monitor Global Protect and Gateways to create IPSec and SSL VPN's Tunnels with Users & Customers on Palo Alto Firewall.
• Configured ACLs in Cisco ASA 5520 firewall for internet Access requests for servers, Protocol Handling, Object Grouping and NAT and Implemented and configured Fortinet firewall FortiGate 600, 800 series.
• Designed & implemented Fortinet network & third party equipment as per ISP SR (service request) the included Juniper, F5, Cisco Catalyst, Cisco Nexus 7K and higher end FortiGate.
• Create Rules (Pre, Post and Default), Objects, Device Groups and Templates on Panorama. Configure NAT/PAT Policies as well as Captive Portal.
• Perform Independent verification and validation of project requirements, including data.
• Configured site-to-site IPSec VPN from Cisco ASA to FortiGate firewall
• Troubleshoot and created prevented measure to stop spamming by implementing, spam filtered ACL list, content filtering and configuring recipient variation through LDAP for the (FortiMail) spamming appliance.
• Provided customer support for (FortiGate & FortiMail) to protect and authenticate local-net and DMZ. Defined policies, NAT and anti-spoofing for internal, external networks as well as Internet gateways.
• Monitored and maintained Switches, Routes, Firewalls and Load Balancers. Assisting Tire III troubleshooting of Switching and Routing issues in Production environment.
• Deployed one-Armed and two-Armed Architecture with F5 BIG-IP Load Balancer including LTM, GTM, APM, ASM, and custom iRules development
• Configure WAN technologies like PPP, HDLC, MPLS & Frame Relay on Cisco 7200 Edge Routers.
• Fixed issues related to Network and analyze traffic flow using Wireshark & TCP dump.
• Administered Cisco catalyst (6500, 4500), Nexus (2k, 5k, 7k), and Juniper (EX2300 EX3400) switches, enabled all L2 critical configurations like 802.1Q encapsulation, Port channels, VTP, VLAN, inter VLAN routing, etc.
• Designing f5 solutions for migration work of applications and websites from Cisco CSS Load Balancers to the f5 BIG IP Load Balancers using 6400, 6800 devices.
• Implementation of wireless access over LAN. Reallocated Cisco Routers and Access-Points when needed.
• Experience with Network Automation, Firewall Migration (FTD, FMC) and experience with configuring onsite to cloud connectivity using AWS.
• Configuring HA pair for two Palo VM-300 series AWS instance firewalls and testing the failover activity as well as ENI migration.
• Involved in troubleshooting network for health issues and reduced network downtime by using monitoring tools like Splunk and SolarWinds.

Confidential, Merrimack, NH

Senior Network Security Engineer

Responsibilities:

• Administered Core, Distribution and Access layer Routing, Switching and Firewall infrastructure. Setup Out of Band for management for all this infrastructure.
• Used BGP for Internet traffic, worked with attributes like Local P for out-bound traffic and AS Path for in-bound traffic. Used these attributes to steer traffic and set up HA / Active Passive model connectivity with 2 different ISP connections.
• Lead Security Engineer responsible for the enterprise Palo Alto firewall platform, including the Panorama management stations & 35+ firewalls.
• Responsible for building the network security infrastructure for the Confidential Investments separation using PA-5250, PA-5260, and Amazon AWS virtual firewalls (VM-300) integrated into a Cisco ACI fabric.
• Selecting appropriate AWS service to design and deploy an application based on given requirements.
• Defined and deployed monitoring, metrics and logging systems on AWS. Migrated existing on-premises applications to AWS
• Helping the cloud architecture with next steps on proof of concept with AWS, Open stack, MS Azure, CISCO ACI, Juniper Contrail SDN/NFV. Selecting the appropriate AWS stack.
• Implemented High-Availability, URL filtering, SSL Decryption, Global Protect for VPN clients, layers 4-7 policies, User-ID using LDAP, App-ID, Threat Prevention, AutoFocus with MineMeld integration, Zone Protection, DNS Sinkhole, Wildfire configuration, and leveraged multiple VSYS for traffic separation.
• Migrated CheckPoint .10 to Palo Alto PA-5250 PAN OS 8.0.
• Migrated from Checkpoint Firewall to Palo Alto Firewall using PAN Migration 3.0 tool.
• Configured and managed CheckPoint and Palo Alto firewalls.
• Implemented Checkpoint DLP (Data Loss Prevention) on SG 4800 firewall.
• IPS IDS / Application Filter / Web Filter Configurations, IDS/IPS Signature for various vulnerability.
• Efficacy Testing for various sets of attack with respect to signatures, performance Tuning for Signatures
• Deployed Realize Network Insight to get the existing traffic patterns and other Network information from their physical/virtual NSX & Non-NSX network which will help leveraging NSX adoption at optimum level to achieve the required Micro Segmentation of critical components.
• Installed and maintained VMware NSX.Experience in developing & implementing use cases of next generation firewalls in VMware NSX & Palo alto Network.
• Maintained multi-segmented application-based network with VMware NSX and Palo alto firewalls.
• Created enterprise multi-Zones in VMware NSX and Integrated that with Palo Alto network. Experience in integration of NSX manager 6.0 with Palo alto firewalls.
• Also responsible for the VPN migration from Cisco Any Connect to Palo Alto Global Protect
• Involved in the deployment of Cisco Nexus 7k, 5k and 2k along with ASR 9K, 6509s (Sup 720), Cisco 4900, 3750, 2960 switches.
• Worked on configuring BGP, OSPF, EIGRP protocols on Cisco (7200, 3800), Juniper (MX240, MX280) series Routers, also enabled HSRP and VRRP protocols for redundancy
• Assisted in setting up new 510 and 810 Blue Coat Proxy SG units, performed one to many proxy migrations.
• Good Hands on experience in deploying, troubleshooting and configuring Cisco Meraki Layer 2 and Layer 3 switches like MS 225, MS 250 and MS 350.
• Performed firewall policy optimization using third party tools like Tufin to ensure policy auditing across many dependent firewalls.
• Set-up Tufin clusters in virtual environment, worked on monitoring tools like, SolarWinds &Splunk, Qradar and Sniffing tools like wireshark.

Confidential

Network Security Engineer

Responsibilities:

• Installation and configuration of Cisco switches and Routers along with ASA Firewalls as per the user requirement.
• Installation and Configuration of Cisco routers (2800, 2900, 3900, ASR1K and 9K).
• Involved in the deployment of Cisco Nexus 7k, 5k and 2K along with ASR 9K, 6509s (Sup 720), Cisco 4900, 3750, 2960 switches.
• Using command line or ASDM in ASA firewalls.
• Configuring Route filtering on BGP and EIGRP on WAN links for the traffic hitting internet and DC.
• Installation, configuration and troubleshooting of Cisco ASA 5505, 5510 firewalls.
• Worked on route maps to understand and implement different BGP attributes like local p, MED, AS-PATH etc. Managed enterprise BGP setup, made configuration changes and troubleshooting when needed.
• Deployed IOS upgrades on Catalyst 1900, 2900, 3500 series switches and 2500, 2600, 3600 series routers along with ASA Firewalls.
• Development of conceptual and physical Horizon design through technical workshops, whiteboard sessions and consultation, Validation of conceptual design and physical design to ensure design meets customer requirements with consideration of constraints, vSphere and Horizon View Health Check, Assessment of current Horizon Pools, Composer Golden Images, OS images, App Volumes, UEM, vSAN, storage, PCoIP, networking, vSphere, vCenter, ESXi hosts, and configuration of all required components to ensure solution alignment with VMwarebest practices.
• Configured VLAN Trunking 802.1Q, STP and 802.1Q, STP and Port Security on Catalyst 6500 switches.
• Deployed and worked on Active/Standby Failover mechanism on Cisco ASA firewalls in order to provide High-Availability (HA).
• Experienced in implementing and managing F5 BIG-IP load balancing, including GTM, APM, ASM, and custom I Rules development.
• Configured Dynamic and Static NAT, extended access-list on Cisco ASA firewalls.
• Hands on experience with Content Security, Control Security Services Module (CSC-SSM), Advanced Inspection and Prevention Security Service Module (AIP-SSM) on Cisco ASA firewall.
• Created VLAN and Inter-Vlan routing with Multilayer Switching.
• VMware Horizon View 7.0 Session with 2 onsite Engineers, 2 VMware AP Appliances, 2 Connection Servers, Composer Server, Updated Master Image dedicate to 1 View Pool, Persona Configuration Overview, New Horizon View 7.4 Environment: Designed and Implemented
• Installed, Configured and Upgraded View Horizon Server from 5.1,6 to 7.0,7.1 • Installed View Composer on vCenter server or stand-alone server
• Installed, Configured View Connection Server
• Experienced on configure Dedicated or Link Cloned VM • Experienced on configure View Security Server with Connection server
• Experienced on configured Authority for Internal VDI and SSL on View Security on a DMZ.