We provide IT Staff Augmentation Services!

Sr. Network Engineer / Firewall Analyst Resume

0/5 (Submit Your Rating)

New York, NY

OBJECTIVE

  • An able, enthusiastic, skilled, and reliable Network Engineer seeking a position that reflects my experience, skills and personal attributes including dedication, meeting goals, creativity, and the ability to follow through.
  • My goal is to obtain a dynamic, challenging opportunity that contributes to the outstanding success via 7+ years Information Technology and Networking experience within several industries.

SUMMARY

  • Network Engineer with Over 7+ years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
  • Implementation, Configuration and Support of Checkpoint (NGX R65, R70 and R71), Juniper Firewalls (SRX5400, SRX5600, and SRX5800), Cisco Firewalls (ASA 5505, 5506 - X, 5585), Palo AltoNetworks Firewall models (PA-2k, PA-3k, and PA-5 k)
  • Checkpoint Firewalls, Firemon, VPN, Datacenter, Cisco, Nexus, ACS, WAN Optimization, Riverbed Cascade, Riverbed Profiler, Net flow, Planning, Budgeting, Supervising, Setting Standards, Documenting MOP, Managing Multiple Projects
  • Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
  • Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
  • Administration, Engineering, and Support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing and wireless.
  • Experienced firewall engineer with advanced knowledge of Checkpoint, Fortinet, Cisco ASA 5500 series, JUNOS and Palo Alto PA-200.
  • Knowledge of implementing and troubleshooting complex L2/L3 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP, MPLS and MST
  • In-depth knowledge and experience in WAN technologies including OC3, E3/T3, E1/T1, Point to Point, MPLS and Frame Relay
  • Experience in Proliferating the query performance with modification inT-SQL queries, removing unnecessary columns, eliminating redundant and inconsistent data, normalizing database, establishing necessary joins,creating usefulclustered indexandnon-clustered indexes.
  • Worked on Juniper Net Screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
  • Responsible for Checkpoint and Cisco firewall administration across global networks.
  • Worked on Cisco Catalyst Switches 6500/4500/3500 series.
  • Policy development and planning / programming on IT Security, Network Support and Administration.
  • Creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 in LTM module.
  • Experience in QOS on multicast VPN
  • Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
  • Experience with Bluecoat Proxy servers, LAN & WAN management.
  • Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
  • Experience with Checkpoint VSX, including virtual systems, routers and switches.
  • Experience in Network LAN/WAN deployment,
  • Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
  • Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
  • Configuration of Network and Security devices such as Cisco routers and switches (Cisco 7600/3500/Nexus 7K/5K), Firewall (Checkpoint R75/Gaia and Cisco FWSM), Load Balancers and DNS and IP Manager.
  • Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.
  • Proficient Knowledge of Cisco Administrative tools including Call Manager (CUCM) and Unity Server Applications.
  • Implementation and troubleshooting of Cisco Unified Communications Manager.
  • Proficient in installing and configuring Windows Server 2003, 2008, 2012 and Windows XP, 7 & 8 Professional Client Operating Systems
  • Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic basis.

TECHNICAL SKILLS

Domain Area: Network Designing, Network Troubleshooting, Network Security, etc.

Networking Equipment: Cisco series routers (2500, 2600, 2800, 3600, 3800, 7200, 7600) Cisco series catalyst switches (1900, 2900, 3500, 3750, 4900, and 6500) Juniper MX10, MX 40, SRX5400, 5600, 5800, Netscreen 5400, 6000, 6500 Nexus 1000v / 00 / 18 Juniper EX 2300, EX3300, M7i, M10i, M320 F-5 BIG-IP LTM (3900 and 8900), Blue Coat SG8100, AV 510, AV810 Cisco Aironet 1200/2600/3600 Cisco ASA Firewall 5505, 5506-X, 5512-X Check Point Firewall GAiA R77 Palo Alto Firewall 7k, 5k series.

Routing and Switching Protocols: Static Routing, RIP V1, V2; EIGRP, OSPF, BGP, MPLS, ACLs, Route Re-distribution and Summarization, VRF VTP, STP, RSTP, MSTP, VLANs, PAGP and LACP

LAN Technologies: Ethernet/ Fast Ethernet/ Gigabit Ethernet networks, VLANS, VTP, STP (CST, PVST, RPVST+, RSTP), 802.1q, ISL, Ether channel, EVPL, HSRP, VRRP, GLBP, Cisco SLB, GSLB, F5 load balancers.

Wireless, WAN and Cloud Technologies: 802.11 Standards, TCP/IP, OSI Layer, Fiber Optics, T1/E1, DWDM, OC192

Amazon Web Services: Airmon-ng

Communication Concepts: VPN, Multicasting, IPSEC VPN, TLS, SSL

VoIP: Cisco IP Phones, Asterisk server, SIP, RTP

Monitoring Tools: Zenoss, Netcool, Solarwinds

Platforms: Cisco IOS, NX-OSWindows XP, Vista, 7, 8, 10 and LINUX

Applications: MS VISIO, MS Office

PROFESSIONAL EXPERIENCE

Confidential, New York, NY

Sr. Network Engineer / Firewall Analyst

Responsibilities:

  • Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia and Provider-1/MDM.
  • Deployment of Palo Alto firewall into the network. Configured and wrote Access-list policies on protocol based services
  • Troubleshooting of protocol based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow
  • Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
  • Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) and GTM’s for managing the traffic and tuning the load on the network servers.
  • Provided support for 2Tier and 3Tier firewall architecture, which includes various Check Point, Cisco ASA firewalls and Palo-Alto firewalls.
  • Configured and maintained IPSEC and SSL VPN's on Palo Alto firewalls (5050).
  • Firewall rule base review and fine-tuning recommendation.
  • Hands on experience in configuration of Cisco ASA 5000 series firewalls and experience with checkpoints and FortiGate.
  • Administration and L3 support of our Infoblox DDI deployment and F5 GTM's and configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, and HA) on F5 BIG IP appliances.
  • Experience designing and implementing load balancing solutions for large enterprises working on F5 load balancers and Cisco load balancers.
  • Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
  • Configure and maintain securitypolicies on Fortinet firewall and manage Forti-Manager/ Forti-Analyzer.
  • Responsible for maintaining multi-vendor network environment including Cisco ASA, Juniper JUNOS, Fortinet firewalls, Palo Alto PA-200 and configuring different policies to provide connectivity
  • Administration Big IP F5 LTM 8900 for all Local Load balancing and configured profiles, provided and ensured high availability.
  • Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
  • Configure Syslog server in the network for capturing the log from firewalls.
  • Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
  • Configure and Monitor Cisco Sourcefire IPS for alerts.
  • Experience of IP/MPLS/Optical Transmission network for access transport & back haul network tofacilitate 2/3/4G Network
  • Experience working on Network support, implementation related internal projects for establishing connectivity in various field offices and Datacenters.
  • Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
  • Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
  • Implementation of Firemon for firewall policy compliance, rules cleanup, and complexity reduction
  • Deployed Firemon that continuously analyze visualize and improves the existing network security infrastructure and firewall management
  • Implemented configuration back-ups using WinSCP, cyberfusion to automate the back-up systems with the help of public and private keys
  • Documentation involved preparing Method of Procedures (MOPs) and Work Orders. Also creating and submitting Remedy tickets for user auditing.
  • Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
  • Working on the network team to re-route BGP routes during maintenance and FW upgrades.
  • Co-ordinate and Upgraded F5 LTM’s and Cisco ASA’s IOS images during window time.
  • Monitor network performance, security of assets, and security of the network through Cisco ISE, Cisco ACS, and Cisco Prime Infrastructure
  • Analyzing endpoints information collected by ISE for different endpoints and device types
  • Running vulnerability scan reports using Nessus tool.
  • Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, psk etc.
  • Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
  • Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
  • Working on Service now tickets to solve troubleshooting issues.

Confidential, Union, NJ

Network Security Engineer

Responsibilities:

  • Day-to-day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
  • Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
  • Juniper Firewall Policy management using NSM and Screen OS CLI.
  • Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
  • Configure and administer Cisco ASA Firewalls (5585, 5550, and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
  • Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
  • FireMon System Administration - patches, upgrades, user provisioning/Deprovisioning, system monitoring, troubleshooting user support, ticket triage, data feed maintenance.
  • Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
  • Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
  • Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
  • Experience on ASA firewall upgrades to 9.x.
  • Experience with F5 load balancers - LTM, GTM series like 6400, 6800, 5000 and 2000.
  • Extensive Knowledge in configuring and troubleshooting as well as creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 load balancer LTM for load balancing and traffic management in DC environment.
  • Configured Panorama web-based management for multiple firewalls.
  • Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
  • Implementing firewall rules and configuring Palo Alto Network Firewall
  • Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
  • Built site-to-site IPsec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.
  • Build and configure Active/Standby Failover on Cisco ASA with stateful replication.
  • Configure and tweak the inspection policies on Firewall to allow legacy application traffic.
  • Understand different types of NAT on Cisco ASA firewalls and apply them.
  • Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
  • Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
  • Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
  • Implementation of VOIP IP Phones at branches and upgrading old branch Avaya analog phones with Cisco IP Phones, configuration ports to support VOIP, IP Helpers, Voice VLAN, & QoS.
  • Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
  • FWSM configurations in single/multiple context with routed and transparent modes.
  • Support Data Center Migration Project involving physical re-locations.

Confidential, Bowie, MD

Network Analyst / Engineer

Responsibilities:

  • Designed and implemented Cisco VoIP infrastructure for a large enterprise and multi-unit office environment. Met aggressive schedule to ensure a Multi-office reconfiguration project which was successfully delivered.
  • Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
  • Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
  • Expert level skills in Objects creation such as Table, Normalization, Indexes, Stored Procedures, Cursors, Triggers and other SQL joins and query writing.
  • Configuring Big-IP F5 LTMs (virtual servers, pools, SNATs, health monitors, irules) for managing the traffic and tuning the load on the network servers.
  • Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP.
  • Updated the HP open view map to reflect and changes made to any existing node/object.
  • Handled SRST and implemented and configured the Gateways, Voice Gateways.
  • Configuring HSRP between the 3845 router pairs for Gateway redundancy for the client desktops.
  • Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.
  • Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
  • Implementation and Configuration ( Profiles, I Rules) of F5 Big-IP C2400 load balancers.
  • Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security.
  • Worked on the security levels with RADIUS, TACACS+.
  • Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
  • Identify, design and implement flexible, responsive, and secure technology services.
  • Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
  • Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900.
  • Configured switches with port security and 802.1x for enhancing customers security.
  • Monitored network for optimum traffic distribution and load balancing using Solar winds.
  • Validate existing infrastructure and recommend new network designs.
  • Created scripts to monitor CPU/Memory on various low end routers in the network.
  • Installed and maintained local printer as well as network printers.
  • Handled installation of Windows NT Server and Windows NT Workstations.
  • Handled Tech Support as it relates to LAN & WAN systems.

Confidential, Seattle, WA

Network Engineer

Responsibilities:

  • Firewall Clustering and High Availability Services using Cluster XL on Check Point.
  • Installed Solar winds Network Performance Monitor with traffic analysis, application & virtualization management, configuration management and other modules additionally installed. Tuned modules, customized the specific platforms used and trained staff. Support other smaller customer sites on similar analyze-recommend-implement site-wide upgrades and troubleshoot issues.
  • Firewall Policy Provisioning and troubleshoot connectivity issues through firewall.
  • Configuring and tweaking Core XL and Secure XL acceleration on Check Point gateways.
  • Troubleshoot User connectivity issues on Checkpoint and Cisco ASA using CLI utilities.
  • Packet capture on firewalls and analyzing the traffic using Wire shark utilities.
  • Troubleshot Clustering issues on Check Point and Sync issues monitoring and fix.
  • Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
  • Vulnerability Management using Security Information & Event Management
  • Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
  • Monitoring network platforms include IBM TivoliNetcoolmanagement systems, Siebel CRM, WebTop, utilizing HP Service Manager 9 logging tools.
  • Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
  • Network design and administration experience.
  • LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
  • Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
  • Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
  • Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation on Cisco ASA Firewalls.
  • Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
  • Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.
  • Documentation and Project Management along with drawing network diagrams using MSVISIO.

Confidential, San Diego, CA

Network Engineer

Responsibilities:

  • Responsible for PIX 7.x/8.x & ASA 8.x Firewall migration and in place hardware upgrades and Troubleshooting, IOS Security Configurations, IPSec VPN Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
  • Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
  • As part of Security and network operations team I was actively involved in the LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
  • VLAN implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and port channels creation.
  • IOS Upgrades from 7.x to 8.x as well as backup and recovery of configurations.
  • Work in an enterprise network environment with dynamic routing using OSPF and BGP for external connectivity.
  • Configured Switches with proper spanning tree controls and BGP routing using community and as path prepending attributes.
  • Install Windows Server 2003, configure IP addresses, network printers and configure Client Access for PCs.
  • Work with BGP routing protocol for communication with business partners and influence routing decision based on AS Path Prepend and other attributes.
  • Administer and support Cisco based Routing and switching environment.
  • Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay).
  • Implemented VLANS between different departments and connected them using trunk by keeping one Vlan under server mode and rest falling under client modes.
  • Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
  • Configured Firewall logging, DMZs and related security policies and monitoring.
  • Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

We'd love your feedback!