SUMMARY:

• Ambitious Network Security Engineer with over 7 years’ experience deploying, administrating, & securing network infrastructures.
• Expert on Palo Alto Next Generation Firewall (7K, 5K, 3K series) configurations including URL filtering , Threat prevention, USER - ID, IP sec tunnels , SS L -VPN & Zone protection .
• Extensive knowledge in configuring Security Policies using Services, APP-ID , Security profiles & URL category .
• Thorough knowledge in configuring & troubleshooting High-Availability , Zones , VLANs , Routing , & NAT on firewalls as per requirements.
• Hands on experience configuring and utilizing Global Protect, Panorama & Wildfire with Palo Alto Firewalls.
• Configured IPS/IDS features, Anti-Virus scanning, Anti-Spyware , Malware detection , File & Data blocking mechanisms.
• Hands on experience migrating from Cisco ASA/Checkpoint to Palo Alto firewalls using the PAN migration tool .
• Extensive knowledge on Kill Chain processes .
• Knowledge in mitigation of DDoS attacks on Cisco & Palo Alto Firewalls.
• Hands on experience analyzing network traffic using tools like Wireshark & TCP dump.
• Extracted logs & performed real time analysis using SIEM tools like Splunk & Solar Winds.
• Substantial working experience on Cisco Nexus switches (7k & 5k series).
• Strong experience with Checkpoint R77 series and Cisco Firewalls ASA 55xx Series.
• Hands-on experience working with load balancers such as the f5 BIG-IP (LTM & GTM) & Brocade.
• Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
• Designing schemes for IP addressing and subnetting.
• Experience with route manipulation and route filtration by implanting offset lists, distribute lists and access lists.
• Experienced in configuring protocols like the PPP, HDLC, & SNMP.
• Implemented redundancy protocols like HSRP, VRRP, & GLBP.
• Expertise in Configuration & troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard & BPDU filtering on Switches.
• Proficient in implementation of filters using Standard & Extended ACLs, Time-based ACLs, & Route Maps.
• Knowledge in configuring & troubleshooting Cisco Wireless Technologies & Aruba Networks including LWAPP, WLC, WCS, APs, Roaming, Wireless Security Basics, & IEEE 802.11 a/b/g.
• Experienced in configuring & deploying AAA Architecture such as RADIUS & TACACS+.
• Experienced in documenting tools like Microsoft VISIO & Microsoft Office Suite.
• Good knowledge & experience in installation, configuration, & Administration of HTTP, FTP, DNS, NTP, DHCP servers under various LAN & WAN environments.
• Operating Systems: Linux, Windows Server 2008/2012, Windows OS, Microsoft Hyper-V.
• Expert in leveraging & implementing cutting-edge technologies.
• Effective at communicating with technical & non-technical audiences.

TECHNICAL SKILLS:

Routing Protocols: OSPF, EIGRP, BGP, MPLS, Route Filtering, Redistribution, Summarization & Static Routing

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging

Switches: Nexus 2K/5K/7K, Cisco Catalyst 2960, 3560, 3750, 3850, 4500, 6500

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime

Firewalls: Cisco ASA 55XX series, Checkpoint R76/R77; Palo Alto Networks 7k, 5k, 3k Series

Load Balancers: F5 Networks (Big-IP), Brocade

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, PPP, HDLC, ISDN, SDN, & SD-WAN

Wireless Technologies: Aruba 225, Aruba 3000 controller & Cisco Aironet (2600, 3600, 3700)

Network Security: Cisco ASA 5540, ACL, IPSEC, SSL, IPsec VPN, GRE VPN

Network Management Tools: SolarWinds, Wireshark, SNMP, & TCPdump

Operating Systems: Windows OS, Windows Server 2003/ 2008, & Linux

Applications: Microsoft Office, VMware, Visio

PROFESSIONAL EXPERIENCE:

Network Security engineer

Confidential, san francisco, ca

• Configured, Troubleshoot & Maintained Firewalls policies on Palo Alto firewalls like Security, NAT, QoS, policy-based forwarding, Tunnel Inspection, Application override, authentication & DOS protection.
• Hands on experience in configuring Interfaces/zones to segment network infrastructure for minimizing the surface attack.
• Configured Active/Passive HA links between Palo Alto firewalls (Between pairs of 3050s & 5220s)
• Enabled the USER-ID feature while creating policies based on users & groups rather than individual IP addresses.
• Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.
• Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility & control over traffic.
• Created custom URL-filtering profiles & attached them to Security policy rules that allow web access.
• Configured Global Protect gateway to provide VPN connections for Global Protect agents.
• Configured Log Forwarding to forward logs from the firewall to Panorama M-500 & then configured Panorama to send logs to the servers.
• Worked on configuring WILDFIRE forward settings on Palo Alto firewall to prevent Zero-Day & Malware attacks.
• Hands on experience in Firewall Configuration, logging, reporting & User-ID redistribution using Panorama.
• Managed licenses, software (PAN-OS) & content updates (Application, wildfire, & Antivirus) using Panorama M-500.
• Configured SSL-Forward Proxy & SSL-Inbound inspection on Palo Alto Firewalls.
• Assisted in implementing Palo Alto Global Protect VPN replacing their legacy VPN infrastructure.
• Worked on DNS Sinkhole in Anti-Spyware profile of Palo Alto Firewall to identify infected hosts on the protected network & forge a response for DNS query.
• Configured IPSEC tunnels using Generic Routing Encapsulation between multiple branch offices.
• Migrated policies & firewall settings from Checkpoint to Palo Alto firewalls using Palo Alto Migration tool.
• Configured route-based VPN to connect Palo Alto firewalls located at two branch offices.
• Hands on experience in blocking unauthorized users & allowing authorized users to access specific resources by configuring Access Control Lists (ACL).
• Deployed Web Security Appliance like Cisco WSA S170 & Bluecoat Proxy SG S200/400 for Web Filtering, data loss prevention, & inspection.
• Installed & maintained Aruba switches, Aruba Wireless AP’s & Aruba Virtual Controllers.
• Configured role-based, device-based access & self-service capabilities using Clear Pass access management system.
• Configured 802.1X port-based authentication on Cisco switch-to-TACACS+ server communication.
• Configured & troubleshoot Cisco 4k, 5k & 6k Nexus Switches in the data center.
• Developed customized application configurations in Splunk to parse, index multiple types of log format across all application environments.
• Performed Method of Procedures (MOP) for building firewalls & failover tests.

Network Security Engineer

Confidential, round rock, tX

• Responsible for managing & maintaining Data center, DR & network Infrastructure. Respond to outages, user problems by triaging & troubleshooting, plan for Device & OS upgrades.
• Have implemented OSPF within four areas. Setup Data center in area 0 & other branch offices in different areas.
• Worked with PAN migration tool to migrate from Check Point to Palo-Alto
• Configured VM100, VM300, PA-220, PA-5020, & PA-5050 to meet organizational requirements & industry best practices.
• Worked on Panorama to manage multiple Palo Alto firewalls from one central location. Constantly ensured Software Upgrades & Content Updates are up to date on those devices.
• Worked on configuration of Anti-Virus, Spyware, Wildfire, APP-ID, USER-ID, & Global Protect on Palo-Alto devices. Also enabled Security Policy, URL filtering, Threat Prevention etc.
• Implemented VDC, VPC, VSS, VRF & OTV on the Nexus 5505, 6500 & 7009 switches. Deployed Fabric Extender (FEX) 2248 for access layer.
• Made changes to data center environment, setup Nexus 7k & 5k hardware in a vPC topology
• Administered Cisco catalyst (6500, 4500), Nexus (2k, 5k, 7k), & Juniper (EX2300 EX3400) switches, enabled all L2 critical configurations like 802.1Q encapsulation, Port channels, VTP, VLAN, inter VLAN routing, etc.
• Deploying & decommission of VLANs on core ASR 9K, Nexus 9K, 7K, 5K & its downstream devices & configure 2k, 3k,7k series Routers.
• Gained abilities to take preemptive measures to mitigate DDoS attacks on Cisco & Palo alto Firewalls.
• Expertise on configuring & maintaining SSL VPN’s on Palo alto & Cisco ASA firewalls.
• Involved in migration from Site-to-site GRE tunnels network to MPLS-based VPN for customer's WAN infrastructure.
• Took initiative to block traffic from rouge nations, also worked in blocking traffic from malicious sites as per the Information Security Systems guidelines using bluecoat proxies.
• Completely administered & maintained F5 Big-IP (LTM & GTM) & Brocade Load balancers.
• Worked with Quality of service traffic. Involved in QoS issues related to Policing, Shaping & queuing towards access & distribution level L2 & L3 devices.
• Configured Cisco 6500, 4500 & 3750 Catalyst Switches for Network access.
• Worked on configuring BGP, OSPF, EIGRP protocols on Cisco (7200, 3800), Juniper (MX240, MX280) series Routers, also enabled HSRP & VRRP protocols for redundancy.
• Assisted in setting up new 510 & 810 Blue Coat Proxy SG units
• Implementation of wireless access over LAN. Reallocated Cisco Routers & Access-Points when needed.
• Worked on monitoring tools like, SolarWinds & Splunk & Sniffing tools like Wireshark.
• Worked with Infoblox IPAM & SolarWinds IPAM for IP address management.
• Secured endpoints using a variety of endpoint protections tools such as Trend Micro’s Endpoint Security and DLP.
• Familiar with Trend Micro Control Manager to perform root cause analysis and threat visibility.

Network Engineer

Confidential, Atlanta, GA

• Performed security policy analysis, rule modifications & administration on Cisco ASA firewalls.
• Implemented Threat prevention, Antivirus, Intrusion Prevention & VPN features on Cisco ASA firewalls.
• Configured & monitored DMZs, service policy rules such as NAT rules, AAA rules on the Cisco ASA firewalls according to the client requirement.
• Managed Dataflow diagrams to identify stored, processed, transmitted cardholder data & PHI securely within the network.
• Implemented site-to-site VPNs, remote VPNs & created VPN tunnels using IPsec encryption standards on Cisco ASA firewalls.
• Configured DMZs for web servers, Mail servers & FTP servers on Cisco ASA firewalls.
• Configured Active-Standby High Availability for stateful failover & Zero down time maintenance on Cisco ASA firewalls.
• Provided escalated support for Tier-1 & Tier-2 architecture of firewall which included Cisco ASA & Check Point firewall configurations.
• Analysed security logs generated by Intrusion detection systems (IDS), anti-virus, network flow systems & other security logging sources in the firewall.
• Performed upgrades of Check Point firewalls to Check Point GAIA R77.10.
• Monitored & managed the Check Point firewall through Smart Dashboard & Smart View Tracker applications.
• Implemented load balancing techniques such as Round Robin & Least connections on F5 along with F5 BIG IP configurations & troubleshooting.
• Assisted in the configuration of Enhanced VPCs on the Nexus 7k & 5k series switches in the Data centre environment.
• Provided security to the wireless network infrastructure from unauthorized access & threats by implementing security features like SSID, WPA & WPA2/802.11i.
• Optimized wireless performance through user/device authentication protocols such as 802.1x RADIUS using EAP-TLS.
• Configured & troubleshoot Aruba access points, WLAN controllers.
• Hands on experience in implementation & management of Wireless networks, which includes Cisco Light Weight Access Points (LWAP) & Cisco Wireless Controllers
• Performed allowing/denying traffic flow between different segments of the network based on the requested ports & protocols by change request.
• Developed & implemented network guidelines including performance standards for QoS & responded actively to network related issues.
• Performed redistribution of routing protocols & Frame-Relay configurations on Cisco routers & switches.
• Configured & troubleshoot Cisco ASRs, Nexus, catalyst switches & routers.
• Configured BPDU guard, Port-fast & uplink-fast on Layer 2 & Layer 3 switches to increase the convergence speed as a part of STP enhancements.
• Worked on Splunk SIEM tool for monitoring & analysing the firewall logs to identify IDS/IPS signature attacks & malicious activities on the network.
• Documented troubleshooting procedures for junior network engineers, including explanations of CLI functions, diagrams & flowcharts.
• Hands-on experience on packet sniffing tools such as Wireshark/TCPdump to analyse the packets & monitor the bottlenecks in the network.

Junior network engineer

Confidential

• Involved in configuration & management of different Layer 2 switching tasks, which includes address learning, efficient switching etc.
• Dealt with the escalation problems from Level 1, Level 2 & Level 3 for routing, switching & WAN connectivity issues using ticketing system Remedy.
• Responsible for day-to-day management of Cisco Devices, Traffic management & monitoring.
• Set up & troubleshoot secured wireless access points for broadband Internet.
• Configured & maintained LAN, WAN, VPN, & WLAN on Cisco Routers.
• Configured network access servers & routers for AAA Security (TACACS+).
• Managing & configuring of Wide Area Networking Protocols like HDLC, PPP.
• Troubleshooted routing protocols like EIGRP, BGP, & OSPF.
• Implemented the concept of Route Redistribution between different routing protocols.
• Involved in HSRP, VRRP, GLBP configuration & troubleshooting & Port channel management of the network.
• Dealt with NAT configuration & its troubleshooting issues related access lists & DNS/DHCP issues within the LAN network.
• Deployed Cisco 3k & 5k series switches.
• Switching related tasks included implementing VLANS, Ether channel & configuring ISL trunk on Fast Ethernet channel between switches.
• Configuration included VTP, STP port features, enterprise security using Cisco Port Security.
• Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows Server, & configured an FTP server.
• Troubleshooting of TCP/IP problems & connectivity issues in multi-protocol Ethernet environment.
• Analyze Log messages using Syslog server & analyze the issues related to high CPU utilization & parameters that can degrade performance of the network.
• Used various Network sniffers like Wireshark, TCP dump etc.