SUMMARY:

• Network Engineer with 8 years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Implementation, Configuration and Support of Checkpoint (R80, R77 Gaia, R75 and R71), VSX,MDM/MDS, Provider - 1, Juniper Firewalls (SSG 550M, SSG520M, ISG 1000, ISG 200, SRX5400, SRX5600, and SRX5800), Cisco Firewalls (ASA 5505, 5506-X, 5585 with firepower), Palo Alto Networks Firewall models (Panorama M-100, PA-2k, PA-3k, and PA-5 k).
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enable business functionality.
• Administration, Engineering, and Support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing and wireless.
• Policy development and planning / programming on IT Security, Network Support and Administration.
• Good knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender (223, 2248)
• Experience with F5 load balancers and reverse proxy design and setup and Configured Virtual server, service groups, Session persistence, Health monitors and Load balancing methods in new F5 and A10 LTMs
• Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances.
• Experience in working with Cisco Nexus Switches and Virtual Port Channel configuration.
• Experience with Checkpoint VSX, including virtual systems, routers and switches.
• Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
• Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
• Provides management level reporting of firewall and Intrusion Protection System (IPS) activity on a periodic
• Utilized the Blue Coat Proxy URL filtering, Splunk SIEM, IBM Qradar, Nesssus, Infoblox, Tufin, Algosec, Firemon, CSM, NSM, ASDM, Source fire IPS/IDS.
• Hands on experience in configuring and supporting site-to-site and remote access Cisco, IPsec, VPN solutions using ASA/PIX firewalls, Cisco, B2B VPN client in addition to providing TACACS+ and RADIUS services
• Extensive experience in configuring and troubleshooting of protocols RIP v1/v2, EIGRP, OSPF, BGP and MPLS. Basic knowledge on Wireless Access points of 802.11 a,b,g

PROFESSIONAL EXPERIENCE:

Confidential, Universal City, CA

Firewall Administrator

• Configuring, Administering and troubleshooting the Palo Alto, ASA and Juniper firewall.
• Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
• Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies
• Responsible for installation, configuration of Palo Alto using Panorama
• Performing migration from old network to a new network of millions of users.
• Provide on call support with network operations teams resolving incidents
• Deployed Paloalto-7000 series device to the production environment, managed them via Panorama.
• Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
• Performed code upgrades on the ASA 5585, 5555 series
• Worked on splunk to gather generated logs for the firewalls, to maintain application flow on firewalls
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user’s requirement to getting access for different servers like internal firewalls, dmz firewalls and Internet firewalls and also worked on Splunk for troubleshooting.
• Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
• Migrate NAT rules with counter NATs as per the new IP request
• Participate daily scrum meetings, maintain project flow to meet deadlines.
• Migrate and configure Juniper firewalls to Palo Alto using Panorama
• Setup Global Protect VPN in the production environment, test and maintain VPN firewalls
• Create and run the automation script to push configuration into the firewalls
• Maintain definitions in bluecoat proxies, with splunk integration.
• Creating Perform and fulfill service now request for Port service, create policies and migrate rules to new subnet

Confidential, Englewood, CO

NetworkSecurityEngineer

• Implementing security Solutions using PaloAlto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia, VSX and Provider-1/MDM.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for Stateful replication of traffic between active and standby member.
• Deployed Cisco ASA Firepower Services Delivers cultivating rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP
• Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA-3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Knowledge on Amazon AWS Virtual private cloud services
• Worked on network security design and installation using Palo Alto Firewall (Application and URL filtering, Threat Prevention, Data Filtering).
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration
• Administration and L3 support of our Infoblox DDI deployment and F5 GTM's and configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, and HA) on F5 BIG IP appliances.
• Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
• Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Configure Syslog server in the network for capturing the log from firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Experience working on Network support, implementation related internal projects for establishing connectivity in various field offices and Datacenters.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000. Configuring VDC & VPC in Nexus 9k, 7k, 5k and 2k.
• Participated in data center upgrade from Cisco IOS platforms to NX-OS platforms.
• Running vulnerability scan reports using Nessus tool.
• Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
• Working on Service now tickets to solve troubleshooting issues.

Confidential, Baltimore, MD

Security Administrator

• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet and internal.
• Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 on a daily basis, using NSM as well as CLI when needed.
• Troubleshooting Firewall Connectivity related issues using Smart view tracker on Checkpoint, NSM Log viewer for Juniper Firewalls.
• Configure and administer Cisco ASA Firewalls (5585, 5550, and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Provide support and for 2Tier and 3Tier firewall architecture, which includes various Checkpoint, Cisco ASA firewalls and Palo-Alto firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Firemon.
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Experience on ASA firewall upgrades to 9.x from 8.x.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce CheckPoint Firewall policy lookup
• Extensive Knowledge in configuring and troubleshooting as well as creating Virtual Servers, Nodes, Pools and iRules on BIG-IP F5 load balancer LTM for load balancing and traffic management in DC environment.
• Configured Panorama web-based management for multiple firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Build and configure Active/Standby Failover on Cisco ASA with Stateful replication.
• Upgrade of Juniper firewalls and management servers from SRX 3750 to SRX 6509
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network.
• Troubleshooting connectivity issues through Blue coat as well writing and editing web policies.
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Support Data Center Migration Project involving physical re-locations.
• Expertise in the administration, support and operation of the Orion SolarWinds platform including Network Performance Monitoring (NPM), Network Configuration Manager, Server & Application Monitor (SAM), Netflow, Traffic analyzer and IP address Manager
• Implemented Ticketing tools like JIRA, Remedy, IP-Center and related tools for logging the troubleshooting issues and the resolutions.

Confidential, Waltham, MA

Network Security Engineer

• Configured, troubleshoot, and upgraded Checkpoint Firewalls which included network and/or resource access, software, or hardware problems.
• Maintained High Availability and clustered firewall environments for customers using Check Point High Availability.
• Perform Level 3-4 security implementations, vulnerability assessments and intrusion detection.
• Build Checkpoint firewall, and configured GUI to open/close TCP/IP ports.
• Worked with both GAIA and SPLAT operating system.
• Installed, configured and maintained Checkpoint R75-R77 Gaia/SPLAT.
• Identified and removed security policies that are no longer needed to reduce Checkpoint Firewall policy lookup.
• Configured necessary routing and NAT on the Firewall appliance to communicate with the internet.
• Backup, Restore and Upgrade of Checkpoint Firewall appliance.
• Monitored Checkpoint VPN tunnel activities with Smart View Monitor and troubleshoot VPN issues with CLI.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce CheckPoint Firewall policy lookup.
• Configure IPSec, SSL-VPN (Mobile Access) on CheckPoint Gaia and troubleshoot VPN tunnel connectivity issues
• Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, Smart Log and SmartView Monitor).
• Analyze Logs and make necessary network reports using Smart Reporter console application.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
• Respond to emergency outages, disaster recovery and the corporate firewall.
• Interface with vendors and service providers to ensure security is maintained and integrated into all network connectivity activities efficiently and effectively, with minimal downtime.
• Created a lab environment using VMware and Oracle Virtual Box to effectively test policies, software distribution as well as scripts prior to deployment in production
• Configured and managed VPNs, remote access solutions and perimeter security in Cisco ASA firewalls
• Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls
• Configured routing protocols such as Static Routing and OSPF on checkpoint Firewalls

Confidential

Network Engineer

• Responsible for the configuration of Cisco Routers (7000, 5300, 4000, 2500, 3000, 2600) using RIP, OSPF, EIGRP, BGP
• Managed office network with Cisco devices with network devices including 2500 and 3600 series routers and 3500, 2900, 1900 series switches
• Dealt with customer problems to management and support groups utilizing standard escalation model.
• Extensive experience in configuring and implementing OSPF and BGP.
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF.
• Configured EIGRP and OSPF as interior gateway protocol with route filtering and route redistribution, installed and maintained Cisco 3600, 2600 and 7200 backbone routes with HSRP.
• Implemented stub/Totally stub areas and various OSPF features like route-summarization and SPF throttling.
• Configured Security policies including NAT, PAT, VPN, Route-maps and Access Control Lists.
• Configured, maintained and troubleshot routing protocols such as OSPF, EIGRP and BGP.
• Engaged in office moves, helped in identifying network requirements of new building, installed new networking hardware, and coordinated with vendors for cabling/wiring.
• Performed troubleshooting, while maintaining trouble ticket tracking, following both internal/external routes.
• Assisted with escalation procedures and customer notifications.
• Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
• Upgraded Cisco Routers, Switches and Firewall (PIX) IOS using TFTP.
• Worked on the security levels with RADIUS, TACACS+.
• Involved in configuring Checkpoint (R65) Firewall rule base and objects as per the requirements.
• Troubleshooting checkpoint firewall connectivity related issues using Smart view tracker.
• Involved in the integration of F5 Big-IP load balancers with CheckPoint firewalls for firewall load balancing and was responsible was troubleshooting and maintenance.
• Determining the functionality with the DNS naming conventions and migrations from old load balancing environments to the F5 environment.
• Acted as Tier 3 support for connectivity, failures, configuration, implementation, and troubleshooting.
• Provided project management for data center cabling, documented all network drawings using Visio