SUMMARY:

• 8+ Years of experience in networking and security engineering with strong hands - on experience on network and security appliances.
• Extensive knowledge in configuring and deploying Next Generation Firewalls including Palo Alto, Cisco ASA and Checkpoint Firewalls.
• Strong knowledge on leveraging advanced firewalls features like APP-ID, User-ID, Global Protect, Wild Fire, NAT policies and Security Profiles.
• Profound working knowledge of administration and management of Palo Alto firewalls using centralized Panorama M-100 and M-500 devices.
• Expert level knowledge on configuring and troubleshooting IPSec VPN and SSL VPN tunnels for connectivity between site-site and remote location users by using IKE and PKI.
• Experience in configuring and managing AAA architecture including RADIUS and TACACS+ servers through Active Directory.
• Strong knowledge on Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), DDoS attacks and Kill Chain mitigation techniques.
• Expert level working knowledge on Wireless Infrastructure such as Cisco Meraki, Aruba, Clear Pass Access points, WLANs, RF tuning and BYOD management.
• Extensive knowledge on integrating firewall policies with 802.1X wireless, proxies, NAC solutions and any other source of user identity information.
• Experienced in load balancing with F5 LTM and GTM products and implementation of iRules and High availability of F5.
• Profound experience in working with Nexus-OS, VPC, VDC, OTV, FEX in the datacenters.
• Strong experience in upgrading Cisco IOS to Cisco Nexus NX-OS in the data centers.
• In-depth knowledge of routing protocols like BGP, OSPF, EIGRP, MPLS and Static routing.
• Expertise in installing, configuring and troubleshooting of Cisco routers (7600, 7200, Nexus 7000, ASR 12000, 9000) and Cisco switches (Nexus 7000, 5000, Catalyst 6500, 6800).
• Hands-on experience in implementing layer3 security through IPSEC tunneling, Access lists, NAT, PAT and preventing the layer2 attacks like Mac flooding, VLAN hopping and DHCP snooping.
• Strong working experience in layer2 technologies and protocols including VLANs, VTP, Link Aggregation (LACP/PAGP), STP, RSTP, PVST+ and MSTP.
• Expertise in TCP/IP, Subnetting, Network Diagrams, Documentation and troubleshooting L2, L3 connectivity issues.
• Strong experience in working with SIEM tools such as Splunk, QRadar and monitoring tools including Wireshark, SevOne, SolarWinds with strong troubleshooting skills.
• Experience in handling and resolving tickets and strong hands-on experience on ticketing tools such as BMC remedy, Service Request and Open View.
• Excellent client/customer management, problem solving and troubleshooting skills with good communication skills.

TECHNICAL SKILLS:

Firewalls: Palo Alto Networks, Cisco ASA firewalls, Checkpoint, Panorama Palo Alto Networks firewall management.

Load Balancers: F5 Networks (Big-IP), Cisco ACE & Brocade Load Balancers.

Routers: Cisco 7600, 7200, 3800, 3600, 2900, 2800, 2600, ASR 7K, ASR 12K.

Switches: Nexus 2K/5K/7K, Cisco Catalyst 6500, 4500, 3850,3560, 3750, 2960.

Communication Protocols: TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP, PPP, HDLC, ISDN, SDN, and SD-WAN.

Routing Protocols: OSPF, EIGRP, BGP, MPLS PBR, Route Filtering, Redistribution, Summarization and Static Routing.

Switching Protocols: LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, Ether channels, Transparent Bridging.

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, RSTP, 802.1W, Cisco Prime.

Wireless Technologies: Airwatch & WLC s (8510, 5508, 5706), Cisco AironetAP s (2600, 3600, 3700), Aruba 225, Aruba 3000 controller & Airwave.

Network Security: Cisco ASA 5540, ACL, IPSEC, F5 Load Balancer, ISE, SSL, IPSec VPN, GRE VPN.

Network Management and Packet Analyzers: SolarWinds, Wireshark, SNMP, and Tcpdump.

Operating systems: Windows XP/ 7/ 8/10, Windows Server 2003/ 2008, Mac OS and Linux.

Applications: MS (Office, Word, Outlook, Excel, PowerPoint, Visio), Confidential, Adobe Photoshop, and Illustrator.

PROFESSIONAL EXPERIENCE:

Senior Network Security Engineer

Confidential, Palo Alto, CA

• Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA-5050 and the PA-5260).
• Performed migrations from Check Point firewalls to Palo Alto using the PAN Migration Tool MT3.3.
• Implement advanced Palo Alto Firewall features like URL filtering, User-ID, App-ID, Content-ID on both inbound and outbound traffic.
• Deployed Palo Alto firewalls using Confidential NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
• Enable file forwarding to Wildfire cloud through Content-ID implementation to identify new threats.
• Leveraged Palo Alto Networks’ Wildfire inspection engine to prevent Zero-Day attacks.
• Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
• Implement the Global Protect VPN, IPSec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.
• Deployed Active/Standby modes of High Availability (HA) with Session and Configuration synchronization on multiple Palo Alto firewall pairs. Knowledge on the application of Active/Active HA mode.
• Enforce policy checks on north-south and east-west data center traffic through Panorama M-500. Provided escalated technical support in troubleshooting firewall and network issues.
• Hands-on experience with Bluecoat Proxy Secure Web Gateways for content filtering, Data loss prevention and prevent Zero-Day exploits.
• Implement security measures to resolve data loss vulnerabilities, mitigate risk and recommend security changes or system components as needed.
• Demonstrated competency using security controls to disrupt the attack kill chain.
• Configured AAA Server (RADIUS and TACACS+) for authentication and authorization of all remote VPN users.
• Configured and implemented Enhanced VPC, OTV, and Fabric path between Nexus 7k and 5k series switches for the datacentre operations.
• Experience working in Data Centers managing cabling infrastructure (copper and fiber) and power provision.
• Experience on Cisco Nexus 2248 FEX and Nexus 5500 series switches to provide flexible solution and access port connectivity across datacentre architecture.
• Coordinated with the Network administration team to implement and test Disaster Recovery plan for the Data Center.
• Hands-on experience in the connection of LAN MDF to IDF using Nexus 5000 series switches and Catalyst 3850 series switches.
• Configure F5 Big-IP load balancers through GUI and writing IRules to monitor and tune the load on network servers.
• Extensively used SevOne (Collects network data) to collect data from F5, by polling through SNMP and log collection through Syslog, create reports and forward to Operations team.
• Provided technical assistance to the team in configuring F5 full proxy LTMs by creating profiles, defining Load balancing algorithms, SSL Bridging and implementing SNAT, NAT rules.
• Responsible for advanced enterprise wireless LAN administration and design, mesh networks, and point-to-point and point-to-multipoint topologies.
• Strong experience in working with Network Access Control(NAC) policies using MAC Authentication Bypass(MAB) protocol and IEEE 802.1x protocol.
• Configured Authorization rules in Cisco ISE for wireless by enforcing 802.1x Authentication to allow user access to proper Data, based on user Security group in the Active Directory.
• Hands-on experience with Aruba Clear pass in providing network access security and NAC, based on user roles and device types (BYOD).
• Extensive knowledge on BGP peering and BGP attributes such as AS Path, Next Hop and Local Pref.
• Responsible for management of PCI Compliance Program which includes collection of reports to be presented to PCI QSA for assessment.
• Strong Knowledge on Anomaly detection system (ADS), Intrusion Prevention System (IPS) and SPLUNK/QRadar SIEM tools to monitor and analyse security related issues.
• Configured HSRP, VRRP, GLBP for default gateway redundancy.
• Provide operations and engineering support for critical network and application security systems

Network Security Engineer

Confidential, Playa Vista, CA

• Configured, Troubleshoot and Maintained Firewalls policies on Cisco NGFW 5500 series and Palo alto including Security, NAT policy definitions; application filtering; Regional based rules; URL filtering, Data filtering, file blocking, User based policies.
• Configured Active/Passive HA links between Cisco Firewalls.
• Configured Firewall-security context modes, interfaces, objects and access list, NAT, AAA for network access and advanced network protection on Cisco Firewalls.
• Migrated from Cisco ASA to Palo Alto firewalls.
• Enabled the User-ID feature while creating policies based on users and groups rather than individual IP addresses.
• Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.
• Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic.
• Created custom URL-filtering profiles and attached them to Security policy rules that allow web access.
• Configured Global Protect gateway to provide VPN connections for Global Protect agents.
• Configured Log Forwarding to forward logs from the firewall to Panorama and then configured Panorama to send logs to the servers.
• Hands on experience in blocking unauthorized users and allowing authorized users to access specific resources by configuring Access Control Lists (ACL).
• Configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM
• Deployed Web Security Appliance like Cisco WSA S170 and Bluecoat Proxy SG S200/400 for Web Filtering, data loss prevention, and inspection.
• Installed and maintained Aruba switches, Aruba Wireless AP’s and Aruba Virtual Controllers.
• Configured role-based, device-based access and self-service capabilities using Clear Pass access management system.
• Configured 802.1X port-based authentication on Cisco switch-to-TACACS+ server communication.
• Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800 Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls.
• Implementing and Maintaining Network Management tools (OPAS, Solar Winds, Cisco Works).
• Switching technologies like VLAN, Inter-VLAN Routing, Ether-channel, VTP, MLS, HSRP, VRRP
• Perform advanced troubleshooting using Packet tracer and tcp dump on firewalls.
• Developed customized application configurations in SPLUNK to parse, index multiple types of log format across all application environments.

Network Engineer

Confidential

• Provided support for network infrastructure using Cisco equipment including Cisco ASA firewalls and Cisco routers.
• Worked on basic firewall configurations and the maintenance of the firewalls.
• Configured VLANs with 802.1q tagging, trunk groups, ether channels and spanning tree protocols.
• Performed Cisco IOS configurations on Cisco routers and Cisco switches.
• Configured and upgraded network devices including Cisco 3k, 5k series switches and Cisco 2k, 3k series routers.
• Configured and resolved complex OSPF issues in a multi area network.
• Troubleshoot LAN/WAN infrastructure including routing protocols like EIGRP, OSPF, HSRP and VRRP.
• Configured complete routing access to the local network infrastructure by implementing EIGRP as the primary routing protocol.
• Deployed Cisco routers and ethernet switches to simulate EIGRP, OSPF, DHCP protocols.
• Configured Spanning tree protocols, VLAN trunking 802.1q and VLAN routing on Cisco 5500 catalyst switches.
• Worked with layer2 switching, VLANs, Trunking technologies, Link aggregation protocols (LACP/PAGP), VPC, STP, MSTP and PVST+.
• Hands on experience with monitoring, network diagnostics and network analytics tools.
• Worked on optimization of the network performance by troubleshooting network problems and outages by collaborating with the network architects.
• Created documentation and network diagrams of the network infrastructure using MSVISIO.
• Worked actively with the networking teams to fix the application and network latency issues using Wireshark/packet analyser.
• Worked on service request tickets generated by the helpdesk such as troubleshooting, maintenance, upgrades, patches and solutions with all around technical support.

Junior Network Engineer

Confidential

• Worked with layer2 switching, VLANs trunking technologies and spanning tree protocols.
• Worked on Cisco switches and routers including physical cabling, IP addressing and Wide Area Network configurations.
• Performed troubleshooting in TCP/IP related problems and connectivity issues.
• Performed troubleshooting and resolved Layer2 and Layer3 issues.
• Established the network specifications by conferring with users through analysing work flow, access information, designing router administration, interface configuration and routing protocols.
• Created network diagrams and documentation for design using documentation tools like MS VISIO.
• Maintained network performance by network monitoring analysis, performance tuning and escalating support to the vendors.