SUMMARY

• I have over 7 years of experience working in Network and Security domains both on - prem and cloud.
• Worked as Network and Security Engineer in various organizations performing design, engineering and operational maintenance of Firewall (Cisco ASA all models, Check Point, Palo Alto and FortiGate), Sourcefire/Firepower, VPN, Proxy and IPS/IDS.
• Good knowledge of all major network protocols.
• Supports application security controls development, configuration and security operations activities.
• Managed Security Services, monitoring and reporting, incident response.
• Excellent verbal communication skills.

TECHNICAL SKILLS

Protocols: RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, 802.11/802.11 e

Firewalls: Check Point, Cisco ASA, Firepower, Palo Alto

Monitoring& SIEM Tools: CA Spectrum, Tufin, Solarwinds, Splunk, ArcSight

Compliance & Audit Readiness: Tufin Security Policy Orchestration, FireMon, AlgoSec, SkyBox

Web & Proxy: Symantec/ Bluecoat ProxySG, ZScalar

Cloud Platforms: AWS, AZURE

Endpoint Protection: Check Point and Symantec Endpoint Security

Authentication: Cisco ACS/ Tacacs+, Aruba ClearPass, RSA Authentication, SafeNet, DUO

Ticketing Tools: Remedy, FireMon, Service Now

PROFESSIONAL EXPERIENCE

Confidential, Chicago, IL

Network Security Engineer

Responsibilities:

• Design, implement and test the security infrastructure to support a DR solution for a production datacenter
• Evaluate the organization’s security program for strengths, weaknesses, and gaps
• Perform gap assessments of critical infrastructure for both compliance and security purposes
• Identify and document requirements related to security application performance and operations
• High-level and low-level design that aligned with the recovery strategy and requirements
• Prepared DR implementation plan to integrate design into existing data center architecture
• Develop technical recovery plan outlining the steps to failover to DR
• Design and enforce Vormetric Encryption solutions to protect the data at rest
• Developed and executed test plans as required to certify the operational status of the United's Disaster Recovery design and architecture, as it relates to network and security services
• Developed detailed “To-Be” & “As-built” playbooks necessary to successfully build, configure, test, and integrate the United DR architecture into the overall United network, data center, and security footprint
• Built Firewalls and migrated application firewall rules and added OSPF routing in the DR Data Center
• Configured the data center network elements associated with the low-level design
• Configured all security appliance and application elements associated with the low-level design
• Configuration of security appliances and applications include:
• Firewall appliances (Check Point and Palo Alto)
• Encryption Solutions (Vormetric and FutureX)
• Load Balancers (F5)
• IDS/ IPS Systems (Cisco Firepower)
• SIEM (Symantec, Exabeam)
• Proxy appliances (Zscaler & Bluecoat)
• Public Key Infrastructure (PKI)
• Gigamon Network Traffic Analyzer
• Aruba Clearpass as TACACS+ & Radius Server
• Validated the security services are operating as required and expected, through established test plan execution
• Ensured the infrastructure is compliant with the PCI requirements
• Developed and documented detailed runbooks necessary to build the approved United DR data center architecture - Includes port-mapping, logical configurations, diagrams, operational test plan (not Technical Recovery Plan), etc.
• Executed runbooks per United’s established change management processes and methodologies, as required.
• Validated the design and configurations meet the operational requirements of United’s disaster recovery objectives.
• Developed detailed Security Technical Recovery Runbook outlining methods and procedures for failover recovery of data center network assets.
• Ensure the organization’s applications are following required PCI, NIST, HIPAA, Privacy Act, and CMS guidance, policies, and procedures for secure computing.
• Work with cross functional team members to design, develop, implement, and document security solutions to obtain an Authority to operate (ATO) of cloud systems in accordance with NIST and FedRamp security requirements.

Confidential, Boston MA

Network Security Engineer

Responsibilities:

• Worked effectively in a fast-paced team environment, prioritized multiple tasks with strict adherence to timelines and worked with clients to provide a solution to complex problems.
• Engineering and operational support of Check Point - 5800, 12400, 12600, 23500, Provider-1 Appliances, and Palo Alto 5280, 5260 series firewalls
• Engineering, Operation, and maintenance of the Symantec/ Bluecoat proxy SG-600 and SG-900.
• Oversee and maintain security for network of Confidential system through various security tools that include Check Point, Cisco ASA Firewalls, and IPS-IDS instruments.
• Deployed multi-layered security for the Azure cloud environment, protecting assets in the cloud from attacks while enabling secure connectivity from enterprise networks to the Azure cloud (hybrid networks).
• Migration from Cisco ASA to Palo Alto firewalls platforms PA5260 and PA5280 firewalls.
• Migrated various L2L customer VPNs from Cisco ASA to Check Point firewalls.
• Monitor and adjust R77.30 Check Point Firewall as needed to ensure continued streamlined operations.
• Garner hands on experience in Configuring and upgrading Check Point Security Gateways (5800 Series), Check Point VSX appliances (12400, 15400, 23500 series), Check Point Multi-Domain Management Servers (Smart-1 50, Smart-1 3050).
• Deployment of CloudGuard in Azure to provide advanced threat protection to inspect traffic entering and leaving private subnets in the VNET.
• Deployment of Check Point with the integration of Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot in Azure
• Investigate various issues, deliver troubleshooting to resolve network problems efficiently, both on-site and remotely.
• Maintain and Administer Perimeter Security Systems such as Firewalls and Intrusion Detection Systems.
• Comply with and enforce internal Network Security Policy, which was built using Tufin APG’s, as well as ensuring adherence to external audits and recommendations.
• Facilitated Network Connectivity and Service by collaborating with vendors to build Site-to-Site VPN tunnels.
• Configure and support site-to-site and remote access Cisco, IPsec, VPN solutions using ASA, Cisco and VPN client.
• Configure Access lists (ACL) on ASA firewall for the proper network routing for the B2B network connectivity.
• Enable daily optimized operations by working ITSM Based Tool Remedy, FireMon, Service-Now addressing Problem Tickets, Change Requests and Change tasks related to production changes on the firewall.
• Worked with Bluecoat Proxy SG 900, whitelisting and backlisting the URL’s, updating the PAC file and Configuring the VPM to access and deny different categorized URLs.
• Worked primarily as a part of the network security team and daily tasks included firewall administration, rule analysis, and rule modification.
• Check Point and Palo Alto Firewall log review and analysis and troubleshoot connectivity issues.
• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Palo Alto and Check Point firewalls.
• Continuous coordination with various IT and engineering teams to review the requests before they get implemented.
• Configured High Availability protocols using Check Point Cluster XL.
• In place firmware upgrade of Check Point Firewalls & MDS from R75.40VS to R77.30 & R77.30 to R80.20 with zero downtime.
• RCA (Root Cause Analysis) of critical issues - layer1/layer2/layer3 problems and incidents.
• Implement and configured firewall rules in Check Point Gaia R77.30, R80.30 VSX and Palo Alto PA-5060 series.
• Review of Firewall access requests to ensure adherence to enterprise security standards as part of ITSRM.
• Handle inter network troubleshooting and deployment during major incidents and led the team towards resolution.
• Used Tufin firewall optimization tool to analyze and perform Firewall policy cleanup.
• Management of Check Point VSX environment and using VSX with Multi-Domain Security Management.
• Review and remediate the firewalls to follow PCI requirements.
• Work with application team to understand their requirements for the best load balancing options.

Confidential

Network Operations Engineer

Responsibilities:

• Configured, implemented, and troubleshoot routers and switches.
• Installed, configured, maintained, and worked on troubleshooting issues of Data center.
• Configuring HSRP between VLANs, Configuring Ether-Channels, port channel on catalyst 6500 switch.
• Worked on Extensively on Cisco ASA Firewalls 5500 (5510/5540) Series.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE.
• Aided Tipping Point's network migration from public to private management space.
• Configured Wireless Access Points, Controllers using Cisco Prime.
• Provided administrative support to Tipping Point's full array of network security products including IPS/IDS, Next-Gen Firewalls, databases, and storage systems.
• Configuration and maintenance in a 24x7x365 SLA production environment.
• Configured Network Security policies to ensure that all the network is segmented in the way that no data leak happens from one zone to another.
• Review of the rules in security policies in multi-vendor firewall environment like Check Point and Cisco ASA,
• In place firmware upgrade and patch updates on Cisco ASA Firewalls.
• Check Point Firewall firmware upgrade from R75.40VS to R77.20.
• Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non - trunking, deployed port security when possible for user ports.
• Proficient in handling high availability solutions on all kinds of firewalls, configuring them in cluster and troubleshooting failover issues.
• Worked with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers.
• Maintaining SSL certificate on Citrix net scalar load balancer and managing the virtual servers.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where required.

Confidential

Network Engineer

Responsibilities:

• Planning, designing, Installing and Configuring of Cisco Routers (1800, 2500, 2600, 3200, 3600, 3700, 3800 and 7200, 7609) & Cisco L2 & L3 Switches (2900, 3650, 4500 & 6500).
• Configuring and implementing Routed and Routing protocols including TCP/IP, IPX/SPX, RIP, RIP2, OSPF, EIGRP, IS-IS, BGP.
• Configure the WAN network elements associated with the low-level design (LLD).
• Through established test plan execution, validate that WAN network services are operating as required and expected.
• Finalize and document detailed low-level “To-Be” design based on approved high-level design (HLD).
• Finalize and document detailed low-level “To-Be” design (LLD) to support mainframe and midrange server requirements.
• Providing comprehensive networking support leveraging VMware, Active Directory, SolarWinds Orion, with Cisco Catalyst & Nexus switches and Arista appliances.
• Worked on Net scalar and A10 Load balancers and deploying them into the network.
• Provided test and evaluation recommendations for SAM and NCM modules for future SolarWinds platform expansion.
• SolarWinds administration of NPM v10.4, UDTv2.5.1, NCM v7.1, WPM v2.0.0, VNQM v4.0 and SAM v5.2 including onboarding, configuration & administration for 500+ devices and 70,000+ interfaces
• Establishing VPN tunnels using IPsec encryption standards, configured, and implemented site-to-site VPN, Remote VPN.
• Upgraded Wireless controllers (8540 to latest code 8.2.130.0).
• Executing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Expert in IKEv1 and IKEv2 IPsec site-to-site VPN tunnel creation and troubleshooting, remote-access (client-to-site) IPsec and Any Connect SSL VPNs and integration with RADIUS or LDAP servers for 2 factor authentications.
• Configuration of client-side network monitoring IDS/IPS, Tipping Point and Deep Discovery Sandboxes.
• Deployed, configured, managed, and troubleshot JUNOS-based enterprise routing and switching platforms, including EX2200, EX4200, EX4500, SRX240, and SRX650 devices.
• Performed migration project involving migration of edge routers cisco 7600 to Juniper MX 240 and MX 480 as a part of data center edge routers migration.
• Worked in configuring and troubleshooting switching and routing protocols on Juniper EX series switches.
• Experience in global implementation of Infoblox DNS/ IPAM management tool.
• Manage multiple Infoblox devices both physical and virtual for IPAM, DNS, and DHCP services.
• Resolved ticket escalations for Call Manager, Call Manager Express, Unity Connection& Unity Express
• Creating Security policies and rules in FortiGate firewalls used as egress filtering firewall in the enterprise network environment.
• Auditing and review of the rules in security policies in multi-vendor firewall environment like Check Point, FortiGate.
• Design, implement, and manage highly available network and systems architecture solutions according to established SLA requirements.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Remediation of firewall rules from Cisco ASA firewalls to F5 and their implementation.
• Experience in working with Splunk authentication and permissions and having significant experience in supporting large-scale Splunk deployments
• Develop and document detailed playbooks necessary to build to the approved architecture

Confidential

Network Support Engineer/Systems Engineer

Responsibilities:

• Perform systems administration of desktop and server’s system connected to local and wide area networks. Desktop system management responsibilities involving account monitoring, security, Operating System (OS) installation, and other local area system administration related functions.
• Provide on-going production support, including problem analysis, systems troubleshooting and 24X7 on-call supports.
• Providing support in classified network to multiple workstations as well as end users.
• Provide Tier 1 and Tier 2 problem identification, diagnosis and resolution of problem.
• Document, troubleshoot, respond and resolve to all incoming requests and incidents from internal/ external employees via email, phone, in person and remotely in the help desk ticketing system.
• Maintain operation of multi-user computer systems, including coordination with network engineers.
• Perform Installation, customization and support for Information Technology Systems/ Servers/ Virtual environment/ Storage/ Network Printing and related software.
• Administer user access through Active Directory.
• Document workflow process, manage and implement standard policy and procedures.
• Work as a member of the Enterprise Infrastructure (EI) team to assist with the research, recommendations, implementation and support of enterprise systems and applications.
• Deploy Windows 10 using Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager (SCCM).
• Execute all aspects of videoconferencing including MX200, SX80 & C40 Codec, call setup, end user training, troubleshooting & follow through on escalation of trouble incidents occurring during calls.
• Use Secure Shell to troubleshoot Server issues.
• Monitor and tuning of systems, diagnose and correct operating and performance issues.
• Work with Wireshark tool to capture the packets at the time of debugging.
• Proactively found new technology trends and solutions for knowledge base.
• Developed solid working relationships with team members