SUMMARY

• Palo Alto Firewall specialist with good experience with specialization in network administration and network security.
• Strong understanding and experience of Firewalls on various platforms including Palo Alto, Cisco ASA and Checkpoint.
• Extensive knowledge and experience of TCP/IP protocol suit with practical implementation of switching protocols, routing protocols and LAN/WAN services.
• In - depth knowledge of configuring and troubleshooting routing protocols namely, RIP, EIGRP, OSPF and BGP on Cisco routers.
• Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, STP and RSTP.
• Experience in configuring Windows Servers (2008 & 2012) and configuring networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
• Experience in configuring latest VDC and vPC features on Cisco Nexus 7000 NX-OS.
• Installing configuring and troubleshooting Palo Alto Firewalls.
• Experience in configuring security policies and next gen features like Application and URL filtering, Threat Prevention, Data Filtering on Palo Alto Firewall.
• Good experience with web/content filtering
• Advanced Knowledge in IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in migration from Cisco ASA to Palo Alto using PAN migration tool.
• Experience with risk-management tools like Gemalto and Verafin.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series

Firewalls: Palo AltoPA-3050, PA-5050, Cisco ASA 5500, Checkpoint

Routing Protocols: BGP, OSPF, EIGRP, VRRP, HSRP, GLBP, and RIP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS

VPN Technologies: Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, WireShark, Solar Winds, What’s Up IP, Nagios and Fluke Networks

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

PROFESSIONAL EXPERIENCE

Confidential, Ellicottville, NY

Sr. Network Security Engineer

Responsibilities:

• Responsible for implementing firewall technologies including general configuration, optimization, security policy, rules creation and modification of mainly Palo Alto Firewalls.
• Researched, designed, and replaced aging Cisco ASA firewallarchitecture utilizing the PAN Migration tool with new next generation Palo Alto devices serving as firewalls and URL and application inspection devices.
• Successfully installed Palo AltoPA-3050, PA-5050 firewalls to secure zones of network.
• Converted Cisco ASAVPN rules over to the Palo Alto solution.
• Backup and restore of Palo Alto and Cisco ASA Firewalls policies.
• Implemented many security policy rules and NAT policy rules on Palo Alto, created Zones, implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Configured next-gen Palo Alto Firewall features viz. Application and URL filtering, Threat Prevention, Data Filtering
• Integrated Panorama with Palo Alto Firewalls, managing multiple devices simultaneously.
• VPN User access management on Palo Alto Firewalls. Used LDAP for identifying user groups
• Responsible for configuration and troubleshooting of Site to Site as well as Remote Access VPN on Palo Alto Firewall.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto Firewalls.
• Implemented IPS, DLP and UTM features on the firewall for added security purposes.
• Configured syslog on Palo Alto Firewalls and moved the logs to Splunk and reviewed it.
• Designed, Implemented and configured Web authentication, SSL Decryption and URL categorization rules using Blue Coat Proxies and SSLV appliance.
• Configured content Analysis using Bluecoat CAS appliance and Malware analysis using Blue Coat Malware analysis appliance.
• Experience in implementing and configuring F5 Big-IP LTM load balancers.
• Configured HA Active/Standby failover on F5 BIG-IP LTM.
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.

Confidential, Bridgewater, NJ

Network Security Engineer

Responsibilities:

• Performed System Security checking against emerging OS and subsystem technology automated tools.
• Extensive implementation of dynamic routing and switching protocols on Cisco routers and switches.
• Configured Virtual Device Context (VDC) on Cisco Nexus 7000 series switch to logically segment into 4 different virtual switches for easy administration and management.
• Deployed AWS and Azure public cloud infrastructure.
• Create redundancy and increase bisectional bandwidth by enabling Layer 2 multipathing using vPC feature on Nexus 7000 series device.
• Responsible for configuring, administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
• Configured blocking of IP’s on Checkpoint which are suspicious to network.
• Created multiple policies and pushed them in to Checkpoint Firewall (Gateways) and the Checkpoint Management Server with SPLAT operating system.
• Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices.
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
• Configured NAT policies viz. Static NAT, Dynamic NAT and Dynamic PAT in Cisco ASA Firewall.
• Configuration and troubleshooting of Cisco Security Manager (CSM), integrated with ASAdevices.
• Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic with ASA 5500 series Firewalls.
• Designing and implementing DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls.
• Configured rules and maintained Palo Alto Firewalls & analyzed of firewall logs using various tools.
• Implemented & administered of Zoning Architecture project (Implementation of various zones like Server, Intra & Internet Zone)
• Configured SSL Decryption and URL blocking on Palo Alto Firewall.
• Coordinated with network operations center for change notifications, alerts & escalation of security incidents.
• Experience in Cisco Routing, Switching and Security with strong Cisco hardware/software.
• Proficient withnetworkhardware and technologies including routers, switches, firewalls, Ethernet, Fast Ethernet, Gigabit Ethernet.
• Configured Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Configured Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches.
• Supervised installation and configuration of Cisco 3550 Layer3 Switch.
• Upgraded IOS on existing Cisco router from 11.x to 12.1.
• Implemented, configured BGP WAN routing, converting local OSPF routes to BGP.
• Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
• Configure Multicasting Protocols like IGMP and CGMP.
• Configured VLANs by segregating different departments in the organization and setup inter-VLAN routing.
• Worked on FTP, HTTP, DNS, servers in window windows server-client environment with resource allocation to desired virtual LANs of network.

Confidential

Network Engineer

Responsibilities:

• Configured user authentication rules/policies to permit or deny user traffics on role-based access.
• Monitored network using network management and support tools like Solar Winds, Netscout, Cisco Works, SNMP Management and Wireshark.
• Monitored bandwidth and network activity by analyzing information provided by MRTG to ensure both efficient and effective network operation.
• Performed advanced troubleshooting using Packet Tracer and TCP dump on firewalls.
• Reviewed firewall rule conflicts, unused rules and misconfigurations and clean up.
• Assisted in firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps.
• Working knowledge of leveraging F5 devices for web acceleration and caching,
• Document network problems and changes working in diverse management environments.
• Assisted in setting up of LAN and Wi-Fi Access points around the organization
• Installed Windows Server (2008 & 2012) and configured networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
• Acquired skills to configure maintain and troubleshoot network services.
• Hands-on experience in configuring routing protocols viz. RIP, EIGRP and OSPF on Cisco 2700 series routers.
• Configuration & Management of VLANs, 802.1q trunks, VTP, Security policies on Cisco 3200 series switches.
• Full Command on Cisco IOS Commands and Administration of Cisco IOS 11.x and 12.1 versions
• Designed VLAN's and set up both L2 and L3 logical to have it communicate to the Enterprisenetwork.
• Utilized packet sniffing tools like Wireshark, TCP Dump and Capsa to monitor and troubleshoot access issues.
• Implemented and configured SecuRemote VPN Server for high speed remote access.
• Setting up of company’s broadband services for implementing high speed connectivity.
• Utilized Firewall log from Palo Alto Firewall to manage and troubleshoot network security issues.
• Assisted in upgradation of older 100mbps hubs to HP managed switches in the company
• Daily assessment of and preparation of report based on network functionality and handled issues.
• Encouraged network redundancy for backup of network devices in case of disaster recovery.
• Active participation in handling client issues and maintaining quality of service provided.
• Spearheaded meetings & discussions with team members regardingnetworkoptimization and performance issues.