SUMMARY

• Over 5+ years of experience as a Network Security Administrator specializing Network security, Firewalls.
• Experience in the areas of Technical Implementation/Support, Project Management, System Administration, Networking and end - to-end Infrastructure Management
• In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 Sonnet POS OCX / GigE circuits, Firewalls.
• Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
• Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
• Expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
• Highly experienced in VPN Implementation IPsec VPN and SSL VPN Server-to-Server and Client-to-Server.
• Experienced in DHCP DNS, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management, and system troubleshooting skills.
• Configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
• Experience in tools like SNMP, AAA, RADIUS and designed VPN with IPSEC security layer.
• Expertise in IP sub netting and worked on various designing and allocation various classes of IP address to the domain.
• Involved in monitoring network traffic and its diagnosis using performance tools like Snort, Snortsnarf, ping tools, and packet player.

TECHNICAL SKILLS

Routers: (1800, 2500, 2600, 2800, 3600, 3750, 3800, 7200).

Cisco Switches: (2900, 3500, 4000, 4500, 5000, 5800, 6500, Nexus 2k, 3k, 5kand 7k), MSFC, MSFC2.

Routing Protocol: (BGP, OSPF, EIGRP, IGRP, IGMP, RIP), Routed Protocol TCP/IP, Multicasting (PIM).

Management tools: SNMP, Syslog, HP Open View NNM, Sniffer, and Wireshark

LAN Protocol: VLAN, PVLAN, VTP, Inter-vLAN routing, ISL, dot1q, STP, IS-IS, RSTP, MSTP, ISL PVST, LACP, HSRP, GLBP, VPC, VDC, Ethernet, Port security.

WAN Technology: Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3

Network Management: SNMP v2, v3, Cisco Works, 3Com Network Analyzer, MRTG, Solarwinds, and Orion

AAA Architecture: TACACS+, RADIUS, Cisco ACS.

Operating systems: Linux, UNIX, DOS, Windows XP/2007, Windows 2003 server and Windows 2008 server

Firewalls: Check Point R65/R70/R75, ISA 2004/2006, Palo Alto PA-500/PA-2K/PA-3K/PA-5K, ASA 5585/5520/5510

Network Security: Knowledge of Firewall, ASA, Cisco FWSM/PIX/ASDM, Cisco ISE, Sourcefire IPS/IDS, Cisco NAC, IPsec, Nokia Checkpoint NG,IPS/IDS(Snor), VPN

Application Protocols: DHCP, DNS, FTP, HTTP, SMTP, TFTP

Documentation: Microsoft Office, Visio

PROFESSIONAL EXPERIENCE

Confidential, CA

Network Security Engineer

Responsibilities:

• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE), VPN
• Configured Firewall and updated rules(Palo Alto/Cisco ASA)
• Managed, operated and analyzed results from Sourcefire detection systems
• Experience setting up PCI zone(PCI compliance project)
• Configured and performed troubleshooting routers and switches.
• Updated routes and ACL(Access Control List)
• Troubleshoot network routes and ACLs (Cisco, Juniper)
• Technically supported in configuring, troubleshooting and analysis of customers networks related to Cisco Identity Services Engine (ISE)
• Monitored and Optimized network performance

Confidential, TX

Network Security Administrator

Responsibilities:

• Designed, installed, configured & commissioned Palo Alto, Cisco Network
• Security Device - Palo Alto/ASA Firewalls, Sourcefire IPS/IDS, VPN
• Prepared presentations and Visio diagrams
• Exposed to best practice design & Implementation methodology
• Identified, isolated and resolved network security problems
• Managed remote access Palo Alto, Cisco VPN, webvpn and AnyConnect
• Performed intrusion detection and intrusion prevention using Cisco Sourcefire IDS/IPS
• Experience with Problem and Change Management processes and applications

Confidential, Boston, MA

Network Security Admin

Responsibilities:

• Configuring firewall filters, routing instances, policy options.
• Dealt with creating VIP(virtual servers), pools, nodes and applying rules for the virtual servers like cookie persistency, redirection of the URL
• Replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided support
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Exposure to wild fire feature of Palo Alto.
• Responsible for configuring policies in Palo Alto device.
• Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls - PA200, PA2000 series, PA3000 series,PA4000 series and PA5000 series.
• Experience with devices Palo Alto Network firewalls such as security NAT, Threat prevention & URL filtering.
• PANDB migration and code upgrades for Palo Alto Firewall
• Configured and managed policies on Palo Alto firewalls using Panorama GUI.
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
• Co-ordinate with the Data Network and Security team and come up with possible solutions.
• Work on different networking concepts and routing protocols like BGP, EIGRP, OSPF, VRFS, Tunnels, L2TP, and VPLS and other LAN/WAN technologies.
• Configuring and install hardware and software required to conduct network penetration testing.
• Configuring and testing Multicast for both IPv4 and IPv6 routing in Data Center Environment and Implemented standard configuration template scripts in various network devices for snmp v2, logging, and ntp.
• User admin on the firewalls, adding and deleting users as they come and go.
• Configuring VLAN’s, Trunking and routing part for Cisco Catalyst 6500, 4500, 3750, 2980 switches.
• Assist in the migration from Cisco 6500 equipment to Cisco Nexus 7000 equipment and stacked Catalyst 3850 switches.
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP, Ping Concepts, Planning and implementation of OSPF protocol and internet IBGP and EBGP peering relationship with other ISP

Confidential, Jersey City, NJ

Network Security Engineer

Responsibilities:

• Planned, installed, monitored and was the single point of contact for all intrusion detection for client systems. Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1/VPN-1/Cisco PIX/SecureVPN /SecureIDS).
• Perform Checkpoint and PIX firewall/IDS design, integration and implementation for Cyber Trap client networks
• Monitor the ticket queue for incoming tickets, update tickets in accordance to Service Level Agreement (SLAs) requirements and, escalate based on severity levels using Axios Assyst.
• Perform network security, administration, analysis, and problem resolution for networks, including NT 4.0, Windows 2000, UNIX (Solaris & BSD), CISCO, TCP/IP, and Checkpoint firewalls
• Implemented and troubleshooting the Virtual firewalls (Contexts) solutions in ASA
• Responsible for installation, troubleshooting of firewalls (Cisco firewalls, Checkpoint firewalls and Juniper firewalls,) and related software, and LAN/WAN protocols.
• Troubleshooting the VPN tunnels by analyzing the debug logs and packet captures
• Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
• Planning, designing and implementing a secure ODC Network setup for upcoming projects.
• Responsible for implementing Data Center Security best practice, audit and compliance (PCI/SOX/DOD) requirements.
• Automation of security operations and optimizing the usage of infrastructure.
• Responsible for managing Network & Security Engineering implementation that architect, design, builds, manages and supports Network and Security Infrastructure and Data Centers.
• Configured redundant interfaces, DHCP server, DHCP relay, ntp settings, and sub interfaces on firewalls.
• Implemented the redundancy for ACS servers by replicating the database between primary & secondary servers.
• Maintain the periodical software update on security devices depends upon the bugs fixed with the new software releases.
• Testing the new features/Product in the lab and preparing the reports.
• Maintain the security standards across the security devices as per the security policies. IDS/IPS Signature updates and CSM Management.

Confidential

Network Engineer

Responsibilities:

• Experience with design and implementation of Virtual Switching System (VSS) on 6500 Switches
• Manage a very large DNS environment using Lucent QIP and manual management of DNS for DMZ/External servers broad Hands on Experience in Inter-vLAN routing, redistribution, access-lists and dynamic NAT
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience
• Worked on Extensively on Cisco Firewalls, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5540) Series.
• Experience with CSM, F5 (LTM) Load balancers to provide efficient switching and routing for local and global traffic.
• Configured and set up of Juniper SRX firewalls for policy mgmt. and Juniper SSL VPN's
• Configured RIP, OSPF and Static routing on Juniper M and MX series Routers
• Configured VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches
• Designed and implemented remote dial up solution for clients
• Installed and configured workstations for IP based LAN’s
• Installed and configured DHCP Client/Server
• Implementation Route redundancy protocols like HSRP,VRRP,GLBP
• Configured and managed networks using L3 protocols like RIPv2,
• Configured VLANs, Private VLANs, VTP and Trunking on switches.
• Recommended Security considerations for the Intranet data center, integrating security, providing solution design details and configuration details
• Configuration of Access List ACL (STD, Ext, Named) to allow users all over the company to access different applications and blocking others.
• Convert Branch WAN links from TDM circuits to MPLS and to convert encryption from IPsec/GRE to GetVPN.
• Efficient in cabling as per co-location contracts with loop-back testing, including all DS1, DS3, T1, T3,CAT 6 and CAT 5 connections as per defined cabling procedures.