SUMMARY:

• Checkpoint Certified Security Administrator (CCSA, R80); Network Security Engineer with extensive experience in managing firewall deployment, rule implementation and monitoring.
• Stronghold in Checkpoint upgrades, site - to-site VPN configuration and cluster implementation/configuration.
• Provider -1 (MDS).
• Proven record of implementing test labs that comprises firewall appliances such as Checkpoint Gaia, Palo Alto and Fortinet firewalls.
• Management server HA for fail-over for network management reliability.
• Extensive experience at conducting hands-on training on network/security fundamentals and troubleshooting/ resolving software and end user issues.
• Ability to bridge the gap between technical and non-technical persons.
• Detailed-oriented team player with problem solving skills and the ability to convey technical information in a clear, concise and logical manner.
• Perimeter Security.
• Innovative thinker with proven leadership abilities, excellent communication and negotiation skills.

TECHNICAL SKILLS:

Checkpoint NGX R65, R75.20, R76, R77, GAIA R80, R80.20, Fortigate NGFW, Active Directory, DNS, DHCP, IPSEC, IPS, NGFW, Threat Prevention, HTTP, LAN/WAN, LDAP, NAT/PAT, SSL VPN, OSPF, OSI, TCP/IP, VLAN, VPN and Static & Dynamic IP Addressing, Checkpoint CloudGuard Cloud security

PROFESSIONAL EXPERIENCE:

Confidential, Lawrenceville, GA

Check Point Firewall Engineer

• Check Point Firewall upgrade from Gaia R7 .10
• High Availability mode security management upgrades
• Configured, troubleshoot, and upgraded Check Point firewalls for client
• Maintain High Availability and clustered firewall environments for customers using Check Point High Availability.
• Worked on various networking projects providing a secure environment for client customers.
• Monitored performance and help to troubleshoot any network issue across multiple locations.
• Secure networked system by enforcing policies, and monitoring access.
• Assist in the configuration of firewalls, switches, wireless access points, etc.
• Perform Level 3-4 security implementations and troubleshooting of Check Point.
• Firewall policies and rules management.

Confidential, Hunt Valley, MD

CheckPoint SME

• Checkpoint MDS upgrade from R80.10 to R80.20
• High Availability mode security management upgrades
• Configured, troubleshoot, and upgraded Checkpoint firewalls for clients
• Maintain High Availability and clustered firewall environments for customers using Checkpoint High Availability.
• Perform Level 3-4 security implementations and troubleshooting of Checkpoint.
• Firewall policies and rules management.

Confidential, NY

Security Lead Consultant

• Member of System Wide Analysis Team (SWAT) responsible for analysis of client security firewalls, servers, proxies and other devices in the networks.
• Leads remediation of security operations configuration audits. Planned and implemented remediation line items as approved.
• Configured, troubleshoot, and upgraded Checkpoint firewalls for clients, which included network and/or resource access, software, or hardware problems.
• Maintain High Availability and clustered firewall environments for customers using Checkpoint High Availability.
• Perform Level 3-4 security implementations and troubleshooting of Checkpoint and Palo Alto firewalls.
• Managed Checkpoint Gaia R80 SMS and gateways.
• Migrated Gaia R77 to Gaia R80.10.

Confidential, Atlanta, GA

Network Security Engineer

• Created detailed upgrade plan and step to step implementation documentation and comprehensive test plan.
• Migrated Gaia R77 to Gaia R80.10.
• Configured, troubleshoot, and upgraded Checkpoint firewalls for manage clients, which included network and/or resource access, software, or hardware problems.
• Maintain High Availability and clustered firewall environments for customers using Checkpoint High Availability.
• Firewall rules, policies and objects analyzer tools experience (FireMon, AlgoSec).
• Perform level 3-4 security implementations.
• Build Checkpoint firewall, and configured GUI to open/close TCP/IP ports.
• Worked with both GAIA and SPLAT operating system.
• Installed, configured and maintained Checkpoint R75, R77 and R80 Gaia/SPLAT.
• Identified and removed security policies that are no longer needed to reduce Checkpoint firewall policy lookup.
• Configured necessary routing and NAT on the firewall appliance to communicate with the internet.
• Backup, restore and upgrade of Checkpoint firewall appliance.
• Monitored Checkpoint VPN tunnel activities with Smart View monitor and troubleshoot VPN issues with CLI.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce Checkpoint firewall policy lookup.
• Configured IPSec, SSL - VPN (mobile access) on Checkpoint Gaia and troubleshoot VPN tunnel connectivity issues.
• Troubleshoot and monitor firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor).
• Analyze logs and make necessary network reports using Smart Reporter console application.
• Configure NAT and PAT such as Static, Source (Hide) as well as Destination NAT policies as required.
• Configure necessary routing and NAT on the firewall appliance to communicate with the internet.
• Manually fail-over in Checkpoint firewall Cluster XL.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs and Wireshark.
• Respond to emergency outages, disaster recovery and the corporate firewall.
• Interface with vendors and service providers to ensure security is maintained and integrated into all network connectivity activities efficiently and effectively, with minimal downtime.

Confidential, Deerfield, IL

Network Security Engineer

• Configured, troubleshoot, and upgraded Checkpoint firewalls for client, which included network and/or resource access, software, or hardware problems.
• Maintained High Availability and clustered firewall environments for customers using Checkpoint High Availability.
• Perform level 3-4 security implementations, vulnerability assessments and intrusion detection.
• Build Checkpoint firewall, and configured GUI to open/close TCP/IP ports.
• Worked with both GAIA and SPLAT operating system.
• Installed, configured and maintained Checkpoint R75-R77 Gaia/SPLAT.
• Identified and removed security policies that are no longer needed to reduce Checkpoint firewall policy lookup.
• Configured necessary routing and NAT on the firewall appliance to communicate with the internet.
• Backup, restore and upgrade of Checkpoint firewall appliance.
• Monitored Checkpoint VPN tunnel activities with Smart View Monitor and troubleshoot VPN issues with CLI.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce Checkpoint firewall policy lookup.
• Configure IPSec, SSL - VPN (Mobile Access) on Checkpoint Gaia and troubleshoot VPN tunnel connectivity issues.
• Troubleshoot and monitor firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor).
• Analyze logs and make necessary network reports using Smart Reporter console application.
• Network monitoring, packet captures and troubleshoot traffic passing through firewall via logs.
• Respond to emergency outages, disaster recovery and the corporate firewall.
• Interface with vendors and service providers to ensure security is maintained and integrated into all network connectivity activities efficiently and effectively, with minimal downtime.
• Created a lab environment using VMware and Oracle VirtualBox to effectively test policies, software distribution as well as scripts prior to deployment in production.

Confidential, Atlanta, GA

Network Security Engineer

• Successfully achieved main goal of project: Played an Integral role in upgrading company’s security firewall environment from FortiOS 4.0 firewall platform to FortiGate FG 100D.
• Worked extensively on FortiGate Firewalls. Configured FortiGate 60D.
• Implemented the policy rules and DMZ for multiple clients of the state on the FortiGate firewall.
• Member of a 5-person team responsible for systems and policy changes to firewall infrastructure. The firewall mesh consists of approximately 35 FortiGate firewalls and the infrastructure to maintain them. All firewalls are configured as high availability clusters.
• Creating and modifying rules, diagnose and resolve LAN/WAN problems.
• Day to day activity includes change implementation on firewalls, log analysis and troubleshooting of network access issues.
• Provided network and firewall support to various internal groups for upgrades, migrations and installations of various applications.
• Responsible for configuring of firewalls, routers & switches to meet business needs.
• IP Addressing, basic and advanced filtering and routing.
• Performed filtering based on user identity, URL and device.
• Site VPN (IPSEC) and Client VPN (IPSEC, SSL) on FG/FWF 60D
• NAT, WAN Optimization and two factor authentication.
• Application control and endpoint control.
• Maintain the security standards across the security devices as per the security policies.