PROFESSIONAL SUMMARY:

• IT professional with around 9+ Years of extensive hands on experience in Networking Security and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next - Generation Firewalls R65, R70 & GAIA R77.30, NetScreen Firewall, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA
• Worked on different firewall & security appliance such as, Checkpoint 4400,4600,4800, 21700,Palo-Alto 200,500,3020,3060, 5020,5060, Panorama M-100, Cisco ASA 5505, 5510,5512-X, 5500-X,5585-X, Cisco WSA S370, S680, Radware DefensePro IPS, Radware Appwall (WAF)
• Experience on working with different migrations environment such as, Staging, Sandbox, Development, Production(Go live)
• Managing and implementing remote firewall for State agencies using NSM, SPACE, SmartDashboard and CSM.
• Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS module, security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols
• Maintaining Corporate Firewalls by analysis of firewall logs and implementation of security firewall policies for the migration of Datacenter
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, 2800 and switches 6500, 4500, 3700, 3750, 3900, 2900, 2960 and 3500XL, 3950 switch series.
• Knowledge of Intrusion Detection and Prevention System, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers, Cyber Security, Amazon Web Service (AWS), and Bluecoat URL filtering & Packet Shaper systems.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Proficient with Cisco routing and switching products, UNIX, Linux such as Kali, shell scripting and routing protocols.
• Configuration and implementation of Cisco Firewall PIX/ASA
• Experience on PCI and ISO compliant security implementations on the firewalls and perimeter devices
• Configuration, implementation and maintenance of Cisco Catalyst Switches 3850, 3750-X and 2960X and working on VRF
• Advance Knowledge in Penetration testing tools such as Metasploit, Nessus, Qualys, Nmap, Zenmap, AppScan, SQL Map, Burp Suite, IBM Appscan
• Configured Check Point clusters with Nokia box and crossbeam.
• Checkpoint - R75/R70/R65 with product like Nokia IP 390, 560, 690, 1280, 2450, 61000 etc.; in Provider-1 environment
• Configured Cisco Routers and switches and dealt with the remote issues
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2003/2008/2012 , TCP/IP, Active Directory, FTP,SNMP,SMTP,DNS,HTTP,HTTPS,DHCP, TFTP, LDAP, Linux OS under various LAN and WAN environments
• Experience in working with Nexus 7K, 5K and 2K series.
• In-depth knowledge of deploying and troubleshooting Cisco IOS LAN, WAN, QoS, Frame-Relay, Ether-channel, IP Routing Protocols - (RIPV2, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP & VTP
• Knowledge in Documenting and preparing the Process related Operational Manuals and worked on office 365
• Ensuring network availability, vendor management, fault management
• Strong ecommerce, general management, negotiation, inter-personal, communication and team building skills.

TECHNICAL SKILLS:

Firewall: Checkpoint R65/R70/R75/R77.30 GAIA/Firewall-1, Palo Alto, Cisco ASA, FortiGate, Panorama, Wildfire, Radware WAF

Protocols: NAT, VTP, VLAN, TCP/IP, UDP, EIGRP, OSPF, RIP

Nexus: Nexus 7000/ 8

ANS: F5 BIG-IP LTM 6900/6400, APM

Switches: Cisco Catalyst VSS 50- X / 2960X

Routers: Cisco Routers ASR / 2600

Operating Systems: Linux, Windows XP/7/8, Windows Server 2003/2008/2012

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

PROFESSIONAL EXPERIENCE:

Confidential, Charlotte, NC

Network Security Engineer

Responsibilities:

• Implementing security Solutions using Palo Alto Pa 5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20 Gaia, VSX and Provider-1/MDM.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for Stateful replication of traffic between active and standby member.
• Deployed Cisco ASA Firepower Services Delivers cultivating rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP
• Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA 3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Knowledge on Amazon AWS Virtual private cloud services
• Worked on network security design and installation using Palo Alto Firewall (Application and URL filtering, Threat Prevention, Data Filtering)
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration
• Administration and L3 support of our Infoblox DDI deployment and F5 GTM's and configuring various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, and HA) on F5 BIG IP appliances.
• Executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
• Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
• Worked on configuration, maintenance and administration of Palo Alto PA3000 Firewalls and migrating customers from Cisco ASA to Palo Alto in HA network
• Understand the flow of traffic through the Check Point Security gateway cluster and troubleshoot connectivity issues using advanced troubleshooting from Command Line Utilities.
• Configure Syslog server in the network for capturing the log from firewalls.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configure and Monitor Cisco Sourcefire IPS for alerts.
• Experience working on Network support, implementation related internal projects for establishing connectivity in various field offices and Datacenters.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Network.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000. Configuring VDC & VPC in Nexus 9k, 7k, 5k and 2k.
• Participated in data center upgrade from Cisco IOS platforms to NX-OS platforms.
• Running vulnerability scan reports using Nessus tool.
• Troubleshoot connectivity issues and Monitor health of the firewall resources as well as work on individual firewall for advanced troubleshooting.
• Working on Service now tickets to solve troubleshooting issues.

Confidential, NY

Network Security Engineer/ Firewall Engineer

Responsibilities:

• Designs, tests and deploys IT security systems, solutions and ecommerce environment.
• Working on Service Now ticket management tool by providing support service to client by implementing and working on change request, Incident request and troubleshooting.
• Configuration of checkpoint firewall mainly VSX according to client topology and checkpoints features such as Application & URL filtering, IPS, Identity Awareness, IPS, VPN.
• Configuration of Palo Alto Next-Generation Firewall mainly VSYS according to client topology and working on Content-ID, User-ID, App-IP
• Experience on working on Cisco IPsec VPN, SSL VPN and natting
• Firewall technologies including general configuration, optimization, security policy, rules creation and modification of Check Point Next-Generation Firewalls GAIA R77.10, R77.20 & R77.30
• Experience on working with checkpoint next-generation firewall on various modules such as SMART View Tracker, SMART View Monitor, SMART Update, SMART Log, SMART Event.
• Experience in Qualys policy compliance in detecting internal and external threats and vulnerability
• Experience in working with designing, installing and troubleshooting of Palo Alto firewalls
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN
• Create policies, alerts and configure using SIEM tools (Splunk, SolarWinds, LogRhythm)
• Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
• Experience in Configuration, Management, Deployment, Optimization and Troubleshooting Checkpoint VSX
• Performed upgradation of checkpoint firewall from old platforms to new platforms R7 .30
• Performed upgradation of Palo Alto firewall from old platforms to new platforms 6.1.5 to 6.1.10
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Worked on network packet analyzer tools such as, Wireshark, Microsoft Network Monitor, Snort, Tcpdump
• Experience with working on Palo Alto centralized management GUI PANORAMA
• Migration from Cisco to Palo Alto firewall & Cisco to Checkpoint firewall
• Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN
• Experience on working with migration with both Checkpoint and Palo Alto Next-Generation
• Firewall as well as virtualization of firewall, both VSX and VSYS
• Worked on security tools and software’s like Cisco WSA, Qualys, Splunk, Symantec Endpoint Protection, Bit9, HP Network Node Management
• Upgrading Radware Appwall WAF (Web application firewall) and fixing hot fixes and patches.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto
• Worked on Bit9 Endpoint protection whitelisting tool for the security of Endpoint servers and implement daily report
• Experience on working in datacenter and on different devices console
• Maintain a thorough understanding of the basics behind the Internet and its workings (DNS, Security, IP Routing, HTTP, VPN)
• Configured Site to Site IPsec VPN tunnels and Split tunnel to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.
• Routing and Switch protocols: BGP,OSFP, VLAN,VTP, STP, RIP, RSTP
• Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Represent the changes at the weekly change review and application migration meetings.

Confidential, Orlando, Florida

Network Security Engineer

Responsibilities:

• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Smart Domain Manager (SDM) command line & GUI.
• Experience in a Unix/Linux environment and expertise in several flavors of Linux including Red Hat, CentOS, Gentoo Linux and Ubuntu
• Supports the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.
• Experience with working on wireless site survey using Air-Magnet
• Upgrading checkpoint Web application firewall and fixing hot fixes and patches.
• Installation of checkpoint Next-Generation firewall GAIA R76/77.30 in Open Server, UTM
• Configuration of checkpoint firewall mainly IPS (Intrusion Prevention System) module according to client topology and checkpoint MDS.
• Experience on Endpoint security SME with McAfee Endpoint
• Experience with working on Enterprise Desktop Administrator on Windows 7
• Worked on Imperva Secure Sphere Web application firewall
• Experience with using F5 Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance
• Experience with working on Imperva web application firewall for granular correlation policies reduce false positives and Dynamic application profiling
• Working on implementation and configurations of wireless points and wireless process
• Cisco routing and switching technologies and devices LAN / WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, Cisco IOS administration
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks
• Experience on working with the TRAPS which is the Advanced Endpoint protection and Palo Alto Migration tool 3.0
• Experience in working with Nexus 7010, 5020, 2148 devices.
• Worked on RSA authentication manager and Cisco NSA (Network Admission control) to authenticate users and devices to the network
• Experience in working with designing, installing and troubleshooting of Palo Alto firewalls
• Advance Knowledge on Lancope Stealth watch system for monitoring, analyzing and responding In-depth network activities
• Worked on Windows Management Interface (WMI)
• Experience with working on Amazon Web Service (AWS) environment for cloud computing
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Configuration and troubleshooting of Next-Generation Firewalls ASA 5520, ASA 5510, Nokia Check Point VPN­1 NGX R55/R65/R70
• Advance knowledge on design, implementation and maintenance of QoS for LAN and WAN networks
• Performed upgradation from old platforms to new platforms R65 to R77.30
• Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Checkpoint firewall MDS.
• Worked on Migrating from ASA 5540 to ASA 5585
• Experience with working on Microsoft Active Directory
• Experience with Using GTM, APM & LTM F5 component to provide 24“7 access to applications
• Worked on PCI-DSS of DELL secure works and also on ISO 27001 compliance
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN
• Worked on implementation strategies for the expansion of the MPLS VPN networks
• Worked on Intrusion prevention system (IPS) SME with McAfee IPS
• Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
• Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature
• Worked on Kali Linux and automated security tool such as Client Fortify, IBM Asppscan
• Experience with Cisco ASA firewall Cisco security Manager (CSM) and migration from Cisco to Palo Alto
• Experience with network based F5 Load balancers with software module ASM, APM & AFM
• Experience in working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a flexible Access Solution for a datacenter access architecture
• Worked on network packet analyzer tools such as, Wireshark, Microsoft Network Monitor, Snort
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Configure Cisco switch ME 3800X and 3600X
• Knowledge on enterprise security standard such as OWASP
• Configuration of DNS, RADIUS and KERBEROS
• Experience in handling Infoblox tool for DHCP and DNS
• Worked on McAfee ESM (Enterprise Security Manager) & IPS appliance which handled both SIEM/Correlation and Log Management.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto
• Maintained and Configured Checkpoint VSX with firewall virtualization and checkpoint clusters
• Configuring rules and Maintaining Palo Alto Firewalls with IPS module & Analysis of firewall logs
• Advanced knowledge of Windows 7, Windows 10 and Office 365
• Worked on automating process for migration of security policy using Palo Alto Migration tool 3.0 and Symantec Endpoint Protection
• Experience on Cyber Security & Penetration Testing tools such as, Metasploit, SQL Map, Appscan, Burp Suite, Nmap, Nessus Vulnerability Scanner and familiar with shell scripting
• Worked on SIEM tolls such as Splunk, SolarWinds, LogRhythm
• Experience with Qualys Guard Vulnerability Management
• Experience in handling and installing FortiGate next generation firewall and FortiWeb Web Application firewall 400C, 1000D, 3000E
• Strong Knowledge on DNS Administration using BT Diamond and Aruba wireless LAN
• Worked on bluecoat proxy to optimize WAN Performance by analyze and scan malwares to protect the infrastructure and URL filtering
• Advance knowledge on Network segmentation and checkpoint Next-generation firewall GAIA R77.30 host migration as well as the QoS of the LAN network
• Worked on configuration of Cisco Catalyst Switch 3850
• Worked on bluecoat proxy to provide both client and server with web service encryption and decryption and digital signature authentication.
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.

Confidential, Columbus, OH

Network Security Consultant

Responsibilities:

• Planning and designing of corporate Firewalls architecture by implementing it in distributed environment.
• Maintaining Corporate Firewalls & Analysis of firewall logs
• Experience with working on some ecommerce technologies
• Experience on Check Point Next-Generation Firewalls R65, R70, R75.
• Worked on Juniper NSM central management software
• Worked on Imperva web application security for Logging, Monitoring, Data leak prevention, network and platform security.
• Configuring Juniper NetScreen Firewall Policies between secure zones using NSM (Network Security Manager)
• PCI and ISO compliant security implementations on the firewalls and perimeter devices
• Migration from Cisco to Palo Alto firewall
• Upgradation of Checkpoint MDS to support mobile access blade on Checkpoint Web application firewall
• Experience on McAfee Endpoint security & IPS
• Strong Knowledge under enterprise security standards such as SANS and web application security using Burp Suite
• Advance knowledge of Amazon Web Services (AWS) with broad IT infrastructure services, Deep visibility into compliance and governance and Hybrid Cloud capabilities
• Strong knowledge under Imperva web application firewall for monitoring for In-depth analysis of attacks and SIEM tools such as Splunk for analysis and log monitoring
• Verifying & configuring the rule-sets on firewalls. (Firewall Change Request processing).
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters
• Bluecoat proxy server’s setup, configuration, upgrade and Troubleshooting with optimization of WAN Application, SSL traffic, Web traffic, URL filtering & Content filtering.
• Experience with LTM & GTM F5 component to provide high availability with providing services across data centers.
• Experience using Nessus & Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking.
• Managing and implementation of remote firewalls for State agencies using NSM, SPACE, CSM and SmartDashboard
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Build IT security infrastructure including Checkpoint, Juniper and Palo Alto firewalls
• Designed and configured the commands for QoS and Access Lists for Nexus 5K and 2K.
• Worked on configuration and maintenance of Cisco Catalyst Switch 3850, 3750-X, 2960X
• Migration with both Checkpoint and Cisco ASA VPN experience
• Experience with Juniper environment including SRX/Junos Space.
• Worked on vulnerability scanning tool such as Nessus and Qualys Guard
• Worked on McAfee Network Security Platform where incident response were managed using SIEM
• Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management (SDM)
• Worked on Cyber Security & penetration tool such as Armitage, Nmap, AppScan, SQL Map
• Worked on Panorama which is the centralized management system of Palo Alto firewall
• Performed other related duties as assigned or requested in compliance with ISO 27001 and 9000 (International Standards Organization).
• Experience in creating multiple policies and pushing them in to Checkpoint Firewall (Gateways) and hands on experience in managing the Checkpoint Management Server with SPLAT operating system & maintaining checkpoint clusters
• Administer, Maintain, and deploy Juniper IPS & VPN systems
• Configuring VLAN, Spanning tree, VSTP, SNMP on Juniper EX series switches
• Experience with System Center Endpoint Protection 2012 and Websense Triton Administration
• Managed network security processes using ASA firewalls and worked on Cisco Scan Safe (CWS)
• Experience in Installation and Configuration of FortiGate 5000, 3000, 900 series firewalls
• Experience with APM, LTM & GTM F5 component to provide high availability with providing services across data centers
• Configuring and troubleshooting Access-lists, Service Policies, and NAT rules, Network Object Groups, Service Object Groups on ASA 5585 and 5505 Firewalls.
• Having experience in Bluecoat proxy server’s firmware upgrade, URL filtering and content filtering
• Strong knowledge regards to design, plan and optimize the quality of service (QoS) related to the traffic prioritization and inception to delivery
• Worked on Cyber Security & penetration testing tool such as Ettercap, Nmap
• Experience with connectivity of Cisco Networking Equipment with F5 Load Balancer
• Managing and implementation of remote firewalls for State agencies using NSM, SPACE, CSM and SmartDashboard
• Experience with working on maintaining, installing and handling policies on Palo Alto Firewall PA-200

Confidential, Dallas, TX

Network Engineer

Responsibilities:

• Migration of RIP V2 to OSPF, BGP routing protocols.
• Configured EIGRP for Lab Environment.
• Cisco routing and switching technologies and devices LAN/ WAN, VPN, Routing protocols, VLANs, Trunking, Cabling, IOS administration
• Advance Knowledge in Cyber Security and Ethical hacking
• Implemented ISL and 802.1Q for communicating through VTP.
• Configure Cisco routers 1900 and switches 2960.
• Experience with Cisco IOS and NS-OS.
• Configuring Port Mirroring, VLAN,SMTP, STP, RSTP, SNMP, and Routing Policies on switches
• Working with Client teams to find out requirements for their Network Requirements.
• Installed and Configured DNS server and Checkpoint Firewall with IPS feature in Internet Edge.
• Designing solutions for frozen requirements using Cisco Routers and Switches.
• Deploying the network infrastructure to meet the requirements
• Proficient in VPN technology and TCP/IP protocols
• Dynamic routing protocol configuration (RIP, RIP V2).
• Troubleshooting network problems and working knowledge of HTTP, SNMP, HTTPS, SMTP, DNS, DHCP, etc.
• Knowledge in Dynamic routing protocols
• Implementation & trouble shooting of complex WAN, LAN, VLANS, private VLANS, high availability solutions like HSRP, VRRP, GLBP, ether channels, site- to- site VPN, access control lists, NAT, PAT, routing solutions etc.
• Maintaining all the network devices routers, firewall, switches
• Incorporated VLANS to segment traffic on managed switches.
• Installing service pack upgrades.
• Use of TCP Dump to troubleshoot access issues.
• Configuring VRRP, Static route, BGP, Routing policies, ACL
• Implemented Secure Remote VPN for high speed remote access.
• Managed network connectivity and network SSL Security, between Head offices and Branch office
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco IOS, Router, switches) coordinating with the system/Network administrator during any major changes and implementation