SUMMARY

• 7+ years of experience in Networking and Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN / WAN communication systems.
• Experience with designing, deploying and troubleshooting LAN, WAN, Frame-Relay, and Ether-channel.
• Experience in Configuring & implementing VLAN, VTP, LAN switching, STP and 802.x authentication in access layer switches.
• Switching tasks include VTP, ISL/802.1q, IPSec & GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP & RSTP.
• Experience securing and managing remote access using various VPN technologies like IPSec, SSL, and GRE.
• Experienced in handling and installing Palo Alto Firewalls.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Practical knowledge about TCP/IP, DHCP, DNS, SMTP, POP3, RIPV1, RIPV2, OSPF, IGRP. EIGRP, BGP Routing protocol Static, default and dynamic.
• Configuration and troubleshooting L3 switches with VLAN, STP, SPAN, ETHERCHANNEL, HSRP, VRRP and GLBP.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
• Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.
• Configuring, Administering and troubleshooting the Checkpoint and ASA firewall.
• Using SmartUpdate, User Management and Authentication in Checkpoint Firewall.
• Thorough understanding of VPN technologies like IPSec, GRE tunneling, MPLS for remote access security.
• Experience deploying BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series.

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series

Firewalls: Palo-Alto PA-500, PA-2k, PA-3k, PA-5k, Checkpoint R65/R70/R75/R76/R77/R80

Load Balancer: F5-Big-Ip, LTM.

Routing Protocols: BGP, OSPF, EIGRP, VRRP, HSRP, GLBP, and RIP.

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN.

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS.

Network Technologies: IPsec, GRE, NAT/PAT, ACL, IPv4, IPv6, Blue Coat Proxy.

Operating System: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

PROFESSIONAL EXPERIENCE

Confidential

Senior Network Engineer

Responsibilities:

• Configure, Administer and document the firewall structure, working with the Checkpoint Firewall.
• Implementing policies and firewall rules and Maintaining Checkpoint Firewall Using various tools.
• Configuration of the Checkpoint firewall 12200 and 12400.
• Configure, Administer and document the Load balancer structure, working with the BIG-IP F5 Load balancer.
• Configuration of Virtual servers and pools on F5 Load balancer.
• Performing server Migration.
• Configured and maintained IPSEC and SSL VPN's on Checkpoint Firewalls.
• Firewall deployment, rules migration and firewall administration.
• Converting existing firewall rules based onto new platforms.
• Worked on F5 BIG-IP Local Traffic Manager (LTM) to automate, and customize applications in a reliable, secure, and optimized way
• Configuration & Maintenance of Cisco ISE for Certificate based authentication for BYOD and Corporate Mobile Device Authentication using Xenmobile MDM
• Configured 6500, 3750 and 4500 for Network Access Solution integration with Cisco Identity Service Engine on ESX 4.0 VMware and physically with Cisco ISE appliances.
• Configured Cisco ISE for Domain Integration and Active Directory Integration.
• Configured Cisco ASA 5510 for VPN Network Access Control integration with Cisco ISE (Inline PEPs).
• Experience working on network monitoring tools like, SOLAR WINDS, CISCO works, Wireshark and splunk
• Designed & Deployed Cisco ISE 1.2/1.3 for Enterprise RADIUS Authentication with Active Directory, RSA Secure ID, Proxy Radius Services to Cisco ACS,Juniper Steel Belted Radius and Radiator Radius.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Experience on Check Point Firewalls NG, NGX R65, R70, R75, R77, NSX (VMware Network)
• Configuring, Administering and troubleshooting the Checkpoint, Palo Alto, Imperva and ASA firewall
• Installation, Administration, configuration and troubleshooting of Fortinet and checkpoint Firewalls
• Troubleshooting and resolve the Splunk - Performance, Log Monitoring Issues; Role Mapping, Dashboard creation, Data models etc.
• Hands-on experience with Cisco Nexus 7000, Nexus 5000 and Nexus 2000 platform.
• Experience in integrating identity federation with Cloud (SaaS) SAML based applications using F5 APM.
• Hands on Knowledge/experience on F5 load balancers, its methods, implementation and troubleshooting on LTM, GTM, APM and ASM. Worked on software versions including 9.2, 11.4.1, 11.5.3.
• Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency and redirection of URL and F5 ASM cookies issues and configures ASM policies
• Strong production experience in managing F5 BIG-IP APM and LTM.
• Used F5 BIG-IP Local Traffic Manager (LTM) and provided a flexible, high-performance application delivery system to increases operational efficiency and ensures peak network performance for critical business applications.
• Implement changes on switches, routers, load balancers (F5 and CSS), wireless devices per engineers’ instructions and troubleshooting any related issues
• Configuration of Palo-Alto PA 5000 series firewalls for outbound traffic via blue coat proxy server.
• Worked with level-2 team on migration project of CMA's from one Provider-1 to other Provider-1.
• Worked on changing global objects and global rules to local objects and local rules for migration project
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco, Check Point Provider-1, Palo Alto IDS, Foundry / F5 Load Balancers.
• Performed network scripting for operation and implementation of the branch network using Python.
• Security Device - Palo Alto/ASA Firewalls, tipping point IPS/IDS, Cisco Identity Services Engine (ISE), VPN
• Implementing checkpoint policies with multiple gateways in clusters
• Configured VLAN trunking with Palo Alto interface
• Integrating Panorama with Palo alto firewalls, managing multiple Palo Alto firewalls using Panorama
• Part of technical discussion at onsite with client.
• Review and update functionality whenever and wherever required enhancing the performance of the system and to meet the user’s requirements.

Confidential, Weehawken NJ

Network Engineer

Responsibilities:

• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
• Worked on F5's Traffic Management Operating System (TMOS) ensuring applications are fast, secure and available.
• Created well-defined requirements documentation and process for F5 LTM, GTM, ASM, APM deployment
• Participated in project scoping, estimating, delivery
• Worked with F5 Support and open and managed all cases
• Configured Network Vlans, Routes, Interfaces and Trunks on the F5 devices to integrate with Cisco routers and switches
• Planning, designing and Configuration of various Policy Configurations, Profile Authorizations, End device Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and Network Access.
• Worked extensively on lab build for POC comprising of Cisco Catalyst Switch 6500s, 4500s, 3750, Nexus 7000s, and Cisco ISE 3300 Appliances and 1.0.4 Cisco ISE software on VMware’s.
• Performed upgrade process for Cisco ISE software from version 1.0.4 to 1.1 ADE-OS, patch management and data backup management.
• Configured SSL Remote Access VPN with the F5 APM to handle over 1500 users.
• Working on the project of F5 LTM, GTM and ASM code upgrade project, doing couple of them every week.
• Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for
• Installation, Administration, configuration and troubleshooting of Fortinet and checkpoint Firewalls
• Involved in the Migration of checkpoint to Fortinet Firewalls.
• Assisting end user operations staff with technical support for Fortinet products
• Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.
• Working on the project of F5 LTM, GTM and ASM code upgrade project, doing couple of them every week.
• Developed python scripts to generate custom reports and FTP/Email.
• Responsible design, deployment operation of a Security Incident and Event Management solution based on Splunk.
• Network Consultant for Nexus Next-Generation project. Built out several MPLS/BGP VRF for multiple clients. Included implementation of 9K, 7K, 5K, 3Kand 2K configuration for integration witch UCS and legacy systems. Developed process for Network Engineering Peer review for all network related systems.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Experience in working with Cisco 5500-X Firepower and Cisco Sourcefire IPS & FireEye
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Designed and implemented IT security policies and networked backup systems.
• Configured route redistribution between OSPF and EIGRP in a multi-area OSPF network.
• Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.

Confidential, Bloomington, IL

Network Engineer

Responsibilities:

• Configured the Cisco router as IP Firewall and for NATting.
• Maintenance of ERP and troubleshooting of ERP.
• Managed and installed Firewall (Sonic wall).
• Installed & configured PIX 520, 525, 535 series firewalls, configured standard & extended access-lists & policy- based filters.
• Configured ASA 5510 appliance and VPN.
• Migrations included and not limited to Cisco to Cisco and Cisco to Checkpoint and Checkpoint to Checkpoint.
• Migration with both Checkpoint and Cisco ASA VPN experience
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system
• Experience on working with checkpoint next-generation firewall on various modules such as SMART View Tracker, SMART View Monitor, SMART Update, SMART Log, SMART Event.
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Configure Juniper QFX 5100 switches for managed colocation customers.
• Worked on F5 GTM, configuring Wide IPs and pools to load balance the client traffic between the two data centers.
• Responsible for implementing Qos prioritizing voice traffic over a data.
• Configuring, supporting, and maintaining routers, switches, network appliances, firewalls, concentrators, and other communication devices.
• Providing support for advanced level and on-call support for large variety of networks, systems, and infrastructures.
• Troubleshooting network systems and performance, and remediating issues professionally and concisely.
• Evaluating project fit and design, utilizing best practices and vendor comparison techniques to provide customer with best business solution.
• Working on the project of F5 LTM, GTM and ASM code upgrade.
• Tuned BGP internal and external peers with manipulation of attributes such as weight, local preference.
• Daily monitoring of network traffic using sniffers (Wireshark) and access logs to troubleshoot and identify network issues.
• Worked with vendors and Engineering team to test new hardware and procedures.
• Consulted with engineering team to resolve tickets and troubleshoot L3/L2 problems.
• Monitored LAN/WAN network activity utilizing CA/Spectrum monitoring tools.

Confidential

Network Support Engineer

Responsibilities:

• Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches.
• Configures Nexus 7010 including NX-OS virtual port channels, Nexus port Profiles, Nexus port profiles, Nexus version 4.2, 5.0, Nexus VPC peer link.
• Involved in configuring and implementing of composite network models consists of cisco 7600, 7200, 3800, 9000, CSR-1 series routers and cisco 2950, 3500, 5000, 6500 series switches.
• Involved in L2/L3 switching technology administration including creating and maintaining VLANs, port security, trunking, STP, RSTP, LAN security.
• Extensive implementation of firewall rules on juniper SRX 3600, SRX 650, and SRX 220 on a regular basis using space as well as CLI when needed.
• Designed multi-site ACI SDN networking solution for cloud environment
• Maintain redundancy on cisco 2600, 2800, and 3600 routers with HSRP and VRRP.
• Configuration of Access List ACL (STD, Ext, Named) to allow users all over the company to access different applications and blocking others.
• Responsible for Checkpoint and Cisco-ASA-firewall administration across global networks.
• Configured IPX/SPX, HDLC, PPP, TCP/IP, BGP, EIGRP, RIP, &HSRP.
• Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
• Coordinated with LAN/WAN engineers the development and implements security policy.
• Involved in the removal of EIGRP from all devices and making OSPF the primary routing protocol.
• Replaced outdated Cisco switches and routers in existing Data center and installed new Cisco switches and routers including migration of 2500 to 2600 series router

Confidential

Jr. Network Engineer

Responsibilities:

• Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows 2000 Server, also configured a FTP server; Installed configured & maintained MS Exchange Server.
• Knowledge and experience with DNS, DHCP, VPNs, Spanning Tree Protocol, and Virtual LANS.
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
• Designed network connectivity and network security, between various offices and data center. Installed and configured routers including 1800, 2600 along with Cisco switches including 3750 and 6500.
• Responsible for Configuring SITE TO SITE VPN on VPN Concentrators series between Head office and Branch office.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Assist the certification team and perform configuration of LAN\WAN technologies such as Ethernet, Fast Ethernet, and Gigabit Ethernet.
• Configuring and maintaining file sharing services using SMB, FTP, WebDAV, and HTTP/HTTPS protocols.
• Maintain domain controllers, DHCP, DNS, active directory, IIS, file share, MS Exchange Server, and SharePoint.
• Basic to advanced L2/L3 switching implementation using VLAN(s), QoS, Port Security, and STP.
• Installation of small, medium, and large VoIP solutions using either ShoreTel, Digium, or Cisco hardware.
• Implementing 3750 Stackable switches using Cisco Stack Wise technology. Experience to review and evaluate current and future design issues as required maintaining network integrity, efficient data flow.
• Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NAT, sub-netting, also including DNS, WINS, LDAP, DHCP, http, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP& Multicasting protocols.