SUMMARY

• Having experience in networking, installing, configuring and maintaining network devices.
• Strong knowledge in implementing IP addressing schemes, LAN/WAN protocols, IP Services, to fulfill network requisites in different environments.
• Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 series, and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Cisco Nexus 7000 series, 5000 series, 2000 series data center switches.
• Work experience with NAT/ACLs, AAA, Layer 2 Security, Layer 3 Security, IPS/IDS, Cisco (ASA, PIX), Juniper firewalls (SRX & SSG), Cryptography, Checkpoint R77 Gaia, R75, R70, SPLAT, IPSO, Provider - 1, MDM, VPN 3000 connecter, Site to Site IPsec and remote access VPN.
• Expertise in the implementation of optimization, analysis, troubleshooting and documentation of LAN/WAN networking systems.
• Experience with Checkpoint Security Gateways including VSX for Virtualization and MDS for
• Management, Cisco ASA, FWSM blades
• Proficient in Configuring Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
• Expert Level Palo Alto, Check Point and Juniper SRX Firewalls Administrator.
• Manage Palo Alto Networks and juniper SRX firewalls.
• Experience in building, configuring and troubleshooting Cisco ASA 5540, 5550 and 5580 firewalls with firepower, managing them via CLI, ASDM and CSM.
• Better understanding of switching concepts-VLAN, ATM, STP, RSTP, network monitoring/management technologies (SNMP, Netflow, syslog)
• Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
• Worked extensively on Cisco Firewalls Cisco PIX (506E/515E/525) & ASA 5500(5510/5540) Series.
• Implemented redundancy with HSRP, VRRP, GLBP, Ether channel technology (LACP, PAgP) etc.
• Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps and route manipulation using Offset-list.
• Hands on in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
• Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP.
• Experience working with different frameworks, standards, and regulatory requirements such as HIPAA, GDPR and PCI-DSS.
• Mapped policies requirements based on PCI, GDPR, ISO 27001-2.
• Strong experience on Juniper SSG series Firewalls and Checkpoint R75, 76 Firewalls.
• Well versed and experienced in routing and switching protocols RIP, OSPF, EIGRP, BGP and VLAN.
• Exposed to handling and troubleshooting issues on NAT.
• Working knowledge on configuring access lists. Troubleshooting DNS/DHCP issues within the LAN network.
• Expertise in IP subnetting and worked on various designing and allocating various classes of IP address to the domain.
• Involved in troubleshooting network traffic and its diagnosis using tools like ping, traceroute, Wireshark, TCPdump and Linux operating system servers.
• Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.p
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.

TECHNICAL SKILLS

Switches: CISCO 2900, 3500,4500,5000,6500, Nexus 7k, 6k, 5k, 2k

Networking Technologies: LAN/WAN Architecture, TCP/IP, Frame Relay, VPN, LACP, VLAN, VTP, SVI, NAT, PAT, STP, RSTP, PVST, MSTP,VPC,VPD, PIM.

Networking Hardware: Cisco Switches, Cisco Routers, PIX firewalls

Routing Protocols: OSPF, IGRP, EIGRP, RIP, MPLS, IS-IS, IGP, EGP, BGP, and RSA

Firewalls: Cisco ASA, Palo Alto

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007, MS-DOS, Linux

PROFESSIONAL EXPERIENCE

Confidential, Dublin, OH

Network Engineer

Responsibilities:

• Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama
• PaloAlto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configuring and troubleshooting Access-lists, Service Policies, and NAT rules, Network Object Groups, Service Object Groups on ASA 5585 and 5505 Firewalls.Performing Firewall rule audit and Firewall policy optimization using Tufin analyzer tool.
• Provide support for 2Tier and 3Tier firewall architecture, which includes various Checkpoint R80 Gaia, Cisco ASA firewalls and Palo Alto firewalls.
• Designed Installed and Troubleshoot Palo alto firewalls with the cluster using Panorama.
• Cisco ASA/ Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come on line or that may have been altered during various planned network changes on the network.
• Have created lot of site to site IPSEC VPN tunnel with Checkpoint, and Cisco PIX/ASA firewalls.
• Design, Implementation and support of Checkpoint Security Gateways and manage them through Provider-1.
• Deploying Firewall Policies in a distributed environment with hundreds of Security gateways.
• Working with Client to comply with PCI compliance and remediation as required.
• Configure and tweak Checkpoint IPS Blades for false positives and Alerts
• Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static & Hide NAT's.
• Worked on Check Point Next Gen Threat Prevention and IPS blade as well as URL Filtering, anti-bot
• & Threat Emulation using the cloud-based updates for certain type of files.
• Configure and tweak Checkpoint IPS Blades for false positives and Alerts
• Configure and troubleshoot Checkpoint software blades such as Identity Awareness
• Implementing and troubleshooting firewall rules in Checkpoint R77.20 Gaia, Cisco ASA 5540, 5580 Implementing and troubleshooting firewall rules in Juniper SRX 5400, 550, 5600 Checkpoint R77.20 Gaia and VSX as per the business requirements.
• Managed global policy, global groups and global objects in checkpoint Provider-1/ Multi Domain Manager.
• Responsible for firewall rule set migration from Cisco ASA, Checkpoint to newly implemented Palo Alto.
• Configuring HA on checkpoint security gateways using cluster XL and PaloAlto firewalls.
• Upgrade of Juniper firewalls and management servers from SRX 110 to SRX 5400
• Established IPSec VPN tunnels between branch offices and headquarter using Juniper SRX Firewall.
• Extensive implementation of firewall rules on Juniper SRX 3600, SRX 650 and SRX 220 on a daily basis, using SPACE as well as CLI when needed.
• Ensure compliance with applicable policies, standards, and regulations such as SOX, PCI-DSS, and GDPR objectives.
• Perform day-to-day administration of Solarwinds Orion and Netflow monitoring tools.
• Helped with the implementation of new solarwinds environment, by upgrading poller hardware specs and running discovery on the complete infrastructure for monitoring.
• Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0, also configured on BIG IP (F5) Load balancers and monitored the Packet Flow in the load balancers.
• GDPR and Data Privacy: generated GDPR related policy and procedures with legal and executive teams.
• Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-ma Extensive Knowledge on the implementation of Cisco ASA 5500 series firewalls.
• A hands-on role, which involves installation, management, and support of globally developed extremely complex, highly available Palo Alto and Cisco ASA firewall infrastructure.
• VLAN configuration and assignments.
• Verify and Troubleshoot VLAN mapping.
• Switching related tasks included implementing VLANs, VTP and configuring and maintaining multi VLAN environment and inter-VLAN routing on Fast-Ethernet channel.
• Worked on Layer 2 protocols such as STP, VTP and other VLAN troubleshooting issues and configuring switches from scratch and implementing.
• Troubleshoots LAN/WAN connectivity using Netflow, Solarwinds.
• Configured ACLs to fit needs of customers and troubleshooted network through netflow and snmp.
• Worked on implementing Site-to-Site VPNs over the Internet.
• Engaged in assessment and mitigating network security issues, IPS/IDS
• Network Including NAT/PAT, ACL, IDS/IPS, Palo Alto firewalls and ASA/PIX Firewalls.
• Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS).
• Configuring switching and routing protocols (OSPF, MPLS, RIPV1, RIPV2, EIGRP, BGP, VLANS, IPV4, IPV6, STP, LACP, IPS, IDS and DHCP).
• Manage and deploy enterprise level wireless communications for Datacenter.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.
• Support senior wireless network engineer in researching, planning and implementing wireless network security protocols and technologies.
• Configuring various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs.
• Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
• Provided PKI engineering support in the operation of a number of PKI systems deployed at the Department of State.
• Manages and maintain enclaved server hardware, storage, switches, server operating systems, and Hardware Security Modules (HSMs).
• Issue PKI server certificates
• Maintaining of documentation on utilization, capacity and outages for Wi-Fi network.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA5500 Firewalls.
• Worked extensively on Cisco ASA 5500(5510/5540) Series, experience with convert PIX rules over to the Cisco ASA solution.
• Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration.
• Worked on migration of existing PIX firewall to ASA firewall, PIX OS upgrade from 6.3 to 7.0.
• Design and Implement DMZ for FTP, Web and Mail Servers with CISCO PIX 506, PIX515.
• Mapped, Network Diagrams and physical identification in MS Visio.
• Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently.
• Perform extensive testing around the upgrade, migration and configuration functionality of our software.
• Configured Easy VPN server and SSL VPN to facilitate various employees' access internal servers and resources with access restrictions.
• Responsible for entire company network infrastructure that includes Cisco Switches, Routers, Firewalls, Access Points, Servers and PBX.
• Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic with ASA 5500 series Firewalls.
• Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Experience in migration of VLANS & Configured VLANs with 802.1q tagging, Ether channels, and Spanning tree for creating Access/distribution and core layer switching.
• Creation of firewall rules on Checkpoint Smart Dashboard and install policies.
• Management of corporate Checkpoint Firewall implementing security protocols and alleviating network attacks.
• Deployed Palo Alto Firewalls for web filtering and application control.
• Configured EBGP load balancing and ensured stability of BGP peering interfaces.
• Configured Cisco 2800, 3800 routers and 3750, 4500, 6500 switches as part of the implementation plan

Confidential, NY

Network Consultant

Responsibilities:

• Installation, Configuration, Upgradation, Monitoring, Troubleshooting and Testing activities performed on Checkpoint and Juniper Firewalls.
• Responsible for approvals and Global guidelines.
• Data-Center Firewall projects which include Checkpoint MDS and multiple-CMA Environments. IPSO, SPLAT and GAIA Troubleshooting.
• Creation and support of BGP Policy-Based Routing on Palo-Alto and Checkpoint Firewalls.
• Involved in Checkpoint design and installation which includes Application and URL filtering Threat and Data Filtering.
• Daily administration of Checkpoint firewalls policies with rules, IPS and Threat Prevention.
• Using Smart Update, User Management and Authentication in Checkpoint Firewall.
• Completed a project to update the patch across all the firewall to overcome the bugs in the version of R77.10.
• Hands on experience in configuring Checkpoint R77.10, R77.30
• Implementing and Managing VPN Networks of the Customer through Checkpoint R77 firewalls.
• Managed Checkpoint Firewalls using Multi Smart Domain Manager, Cisco with Cisco CSMand Palo Alto with Panorama.
• Managed a multisite environment with more than 200 Palo Alto firewalls.
• Managed Palo Alto devices by implementing security rules and mitigating network attacks.
• Updated daily schedules to update security, threats, Wild fire update from Palo Alto.
• Writing MOPS for adding new Firewall rules, running reports on the unused and vulnerable rules.
• Migration of Cisco ASA to Palo Alto firewall with over 45000 security rules.
• SolarWinds Orion deployment and configurations for customers, as well as administer devices on their networks.
• Configured Fault tolerance and High Availability configuration for SolarWinds customers.
• Monitored the performance of the network using SolarWinds and Infoblox.
• Use Infoblox to update network with new IP’s.
• Managing DNS, DHCP and IP addressing using Infoblox.
• Manage IP address plans in Infoblox Grid Manager.
• Implementing security Solutions using Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint, Juniper, and Cisco ASA firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Creating new S2S VPN for all the sites all across the globe on the new Palo Alto FW's.
• Delivered PCI-DSS 3.2.1 gap assessment, policies and procedures, vulnerability, data flow diagram, access.
• Working with customers Site-to-Site and Remote Site VPNs using Cisco routers to Cisco routers, ASA Firewall to Palo Alto Firewall, Cisco Router to Palo Alto Firewall and troubleshoot and modify existing VPN.rector for management. Install, upgrade, troubleshoot, design, etc.
• Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration.
• Configured of Cisco PIX/ASA firewalls, IPS/IDS, F5 load balancers, AAA (TACACS+ & RADIUS).
• Manages reporting for IPS/IDS by monitoring suspicious user activity, network attacks, high bandwidths users, and suspicious websites
• Implementing and setting up VLAN, VTP, VPN, Spanning tree, Port channel, SNMP and Netflow.
• Configured High Availability using HSRP, VLAN's and spanning tree within the organization network.
• Implemented Layer 2 security by enabling STP, locking down VLAN trunking.
• Responsible for creating, modifying, removing VLAN confings as per the need.
• Set up HSRP, VLAN trunking 802.1Q, etherchannel, VTP and inter-VLAN routing using MSFC on catalyst 6509 and 6513 switches
• Configured ACLs to prevent access to internal network from unauthorized users on ASA firewalls.
• Advanced knowledge in Cisco ASA 5000 series, Palo Alto VM-300 series installation, configuration and maintenance.
• Provide remote and direct customer PKI troubleshooting support for routine and mission critical issues for both Windows and Linux users
• Managing and Configuring Cisco Unified Call manager 7.X, 8.X, 10.X and 11.X.
• Cisco Unity Connection (CUC), Unity Express, Jabber, and UCCX
• Implement security policies using ACL, IPSEC, SSL, and VPN on ASA.
• Configure new/replacement hardware including Cisco routers and switches, Cisco ASA firewalls.
• Devices monitored, assessed and maintained included Cisco ASA's, Check Point Firewalls and F5 Load Balancer.
• Network consists of Heavy Cisco equipment such as: Cisco 2924 switches, Cisco 5500 series Layer 3 switches, Cisco 7200 series routers, Cisco Pix firewall 500 series and Wireless Access points Cisco 1230.
• Responsible for installation and configuration of Cisco ISR-2901 AX used for providing granular visibility, control and optimization of Application layer.
• Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
• Responsible for configuring and troubleshooting Akamai IPA for monitoring and control internet traffic and site content.
• Worked on Layer 2 protocols such as STP, VTP, STP, RSTP, PVSTP+, MST and other VLAN troubleshooting issues and configuring switches from scratch and deployment.
• Responsible for deploying various network security & High Availability in Checkpoint Firewall.
• Network security involves web filtering on internet sites (User's restriction) checkpoint Firewalls.
• Configuring routing protocols OSPF, EIGRP, RIP, MPBGP, LDP and BGP V4.
• Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalyst.
• Build Logical design and Implementation of Wireless Solution.
• Responsible for Cisco ASA firewall administration across our global networks.
• Configured various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550.
• Configured Nexus 5020 and 7702 with multiple distribution VDC's running EIGRP for route propagation between them.
• Continual network monitoring of data center support, troubleshoot and diagnose hardware problems.
• Configured various Router interfaces like ATM interface, T3 & Channelized T1 interfaces.
• Configuring and troubleshooting CISCO catalyst 6509, 7609, 7613 with Supervisor cards, Cisco 3640, Cisco GSR 12416, 21418(with PRP and RPR processors).
• Configuring and implementing F5 BIG-IP LTM, GTM load balancers to maintain global and local traffic.

Confidential, Santa Clara, CA

Network Engineer

Responsibilities:

• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration.
• Adding and removing Checkpoint firewall policies based on the requirements of various project requirements.
• Administer Checkpoint firewalls with cluster gateways including pushing policies and processing user requests to allow access through the firewall using Smart Dashboard and identify unused rules and schedule change to mark it for permanent deletion at later point of time.
• Checkpoint Firewall Log review and analysis and troubleshoot connectivity issues.
• Configuring HA on Checkpoint security gateways using cluster XL and VRRP.
• Upgrading Checkpoint security gateways in cluster with minimal downtime.
• Implemented redundant Load balancing technique with Internet applications for switches and routers.
• Support Network Technicians as they require training & support for problem resolution including performing diagnostics & configuring network devices.
• Configured and troubleshoot OSPF and EIGRP.
• Hands-on experience in maintaining layer2 switching tasks which support VTP, VLAN, STP, PVST, RSTP and configure ether channel with LACP and PAGP along with inter-vlan routing troubleshooting.
• Tested authentication in OSPF and BGP.
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Used Network Monitoring tool to manage, monitor and troubleshoot the network.
• Back up a Cisco IOS to a TFTP server and Upgraded and restored a Cisco IOS from TFTP server.
• Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
• Received inbound calls of technical nature, independently resolved customer complaints, concerns and inquiries regarding their Internet connection.

Confidential

Network Security Consultant

Responsibilities:

• Identifying and implementing practices in security to enhance the operations of the clients.
• Maintaining framework to ensure that information security policies, technologies and processes are aligned with the business regulations of the clients.
• Managing SIEM- HP Arcsight, IBM QRadar and Splunk, Rapid7 Nexpose, Forcepoint
• Symantec Data Loss Prevention (DLP) policy engineering
• Experience in Deployment of Symantec HIDS Agents.
• Perform Daily Maintenance of The Symantec CSP console by grouping assets According to Function.
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Provides security configuration validation for internal/external systems and recommends potential remediation for identified vulnerabilities
• Conceptualize and implement end-user DLP training materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in the organization, key member of Incident Response Team.
• Log analysis and advisories to different customers through RSA envision SIEM.
• Design and implement the firewall configuration from scratch which includes failover configure, NAT, interface configuration, SNMP and syslog configuration, maintain backup to Syslog server
• Manage DLP Policies for Multiple clients