SUMMARY

• Extensive experience in Networking Security and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise network devices.
• Currently working on Zscaler (Internet Security & Private Access), Palo Alto Firewalls, Global Protect VPN, Pulse Secure VPN, Fortinet Firewalls, Splunk, Logic Monitor & few more Network Security appliances on a daily basis.
• Experience with AWS services, such as Lambda, Cloudwatch, ec2 management, and basic functions with VPC.
• Experience in risk analysis, security policy, rules creation and modification of Bluecoat Proxies, Zscaler Proxies, Netscaler Infoblox DNS, Palo Alto Firewalls, and Check Point Firewall & Pulse Secure VPN.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Palo Alto Firewalls, Pulse Secure VPN, Palo Alto IDS, F5 Load Balancers, and Blue Coat Packet Shaper systems.
• Worked on Migrating DHCP and DNS services from AD to Infoblox Sever.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Gaia R65, R70 & R77, R77.1, VSX R77.1 & Palo Alto.
• Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200.
• Experience working in Cisco Nexus 9K switches, Arista switches, Cisco ACS, Cisco AS, Cisco ASR 1000, Cisco UCS Chassis.
• Knowledge and working experience of Monitoring and management tools such as Solarwinds, LiveAction.
• Experience in configuring F5 Load Balancer.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocol.
• Migrated Bluecoat Proxies to Zscaler Cloud Proxies.
• Provided tier 3 support for Infoblox DNS & Zscaler Proxies to support customer
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance
• Capabilities include an extremely broad knowledge base and familiarity with the latest cutting - edge technologies including firewalls, VPN, IDS, and IPS.
• Experienced in DHCP DNS, AD, NFS, SMTP, FTP, TCP/IP, and LAN, WAN, LDAP, security management and system troubleshooting skills.
• In-depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP
• Experience with deploying the Layer 3 MPLS VPN in all the Branches and Campus locations.
• Worked on Service Now ticketing tool to provide customer support, by resolving high priority incidents.
• Works with client engineering groups to create, document, implement, validate, and manage policies, procedures, and standards that ensure confidentiality, availability, integrity, and privacy of information.
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating. Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM

TECHNICAL SKILLS

Proxy: Zscaler(ZIA & ZPA), Bluecoat, Symantec, NetScaler, F5

VPN: Zscaler Private Access, Global Protect, Pulse Secure

Firewalls: Check Point GAIA R55/R65, R71/R75/R77, Palo Alto, Panorama

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, Firewalls/IPS/IDS,Proxy

Nexus: Nexus 7010 / 5548 UP / 5020 / 2232 PP / 2248 TP / 1000 V

Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900 / 3750- X / 2960/3850/6880/9508

Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Hardware: Dell, HP, CISCO, IBM, Checkpoint, Infoblox, Palo Alto

PROFESSIONAL EXPERIENCE

Network Security Analyst, Consultant

Confidential, Wichita, KS

Responsibilities:

• Major Projects - Zscaler Private Access Deployment and Troubleshooting, Cisco ASA code Upgrade and Migration, Deployed and supported Palo Alto GlobalProtect, Provided support in multiple projects involved with configuring and troubleshooting firewalls(Palo Alto,Fortinet, Cisco ASA ), proxy (ZIA) & VPN(ZPA and Global Protect) as per business requirements.
• Deployed Zcaler Private Access VPN solution for more than 130,000 users enterprise wide during COVID-19. Migrated from Cisco AnyConnect to ZPA. Experienced with Zero Trust Network Access/Software Defined Perimeter and Secure Web Gateway. Provided escalation support for operations team.
• Troubleshoot and configure IPSec VPNs for third party vendors.
• Upgraded more than 50 Cisco ASA Firewalls to 9.8.4 code version in an effort to remediate vulnerability. Integrated Cisco ASA into Logic Monitor for better monitoring.
• Lead process and business changes to decouple company reliance on legacy hardware technologies and company data centers.
• Utilize ansible to manage configuration and deployment to 150+ Zscaler Connectors.
• Utilized Splunk for alerting, trending, and log data manipulation & Wireshark to troubleshoot network latency and application problems.
• Provide on call support for all network security related capabilities.
• Work with business change leaders to coordinate large changes to ensure proper communication and alignment or mitigation to end user impact from the change.
• Experience with AWS services, such as Lambda, Cloudwatch, ec2 management, and basic functions with VPC.
• Attending call with Zscaler Technical Manager on a weekly basis for discussing issues and working on current projects.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Successfully installed Palo Alto PA-3060 and - PA-5020 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
• Creating object, groups, updating access-lists on Palo Alto, apply static, hide NAT using smart dashboard.
• Troubleshooting connectivity issues on the firewall. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
• Configuring Fortinet Firewalls for Process Control Network and configuring policies as per the business requirements & standards.
• Performing upgrades on Fortinet firewall from Fortiauthenticator.
• Analyzing data dealing with traffic composition, usage and throughput.
• Troubleshooting high priority security issues and writing technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
• Performing code upgrade on Proxy and Firewalls as per the requirement and updated versions available for the service.
• Build and test the solution for effectiveness based on user’s policies.
• Investigate security incidents and recommend actions needed to resolve situations.

Network Security Engineer, Consultant

Confidential

Responsibilities:

• Configure, administer and maintain all security platforms and their associated network devices in infrastructure such as routers, switches, firewalls, proxy servers.
• Converting existing rule based onto new platforms.
• Performing deployment, rule migration on firewalls and proxy servers.
• Analyzing data dealing with traffic composition, usage and throughput.
• Configured access lists on Pulse Secure VPN. Upgraded vulnerable code on Pulse Secure.
• Troubleshooting high priority security issues and writing technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
• Work in collaboration with technical vendors like cisco, AT&T, verizon, zscaler to upgrade the code on the devices as per the security requirements & ensure that notification is sent to all stakeholders.
• Migrating from Bluecoat proxies to Zscaler.
• Configure Zscaler to protect user and company devices based on security policies.
• Build and test the solution for effectiveness based on user’s policies.
• Work closely with Firewall team to migrate rules from proxies to Firewalls as per requirements.
• Work with Azure team to monitor and implement authentication policies on zscaler.
• Configure, implement and maintain all security platforms and their associated software, as routers, switches, firewalls, intrusion detection/intrusion prevention, SIEM.
• Deployment and management of Bluecoat proxies in forward proxy scenarios as well as security in reverse proxy scenario.
• Upgrading code on Infoblox from 6.12.24 to 8.2.