SUMMARY

• Network Engineer having 7+ experience in Networking and Security, widely in Network Security Products and Firewalls.
• Firewall installation, Policy implementation, NAT translation and System Software Upgradation of existing Firewalls.
• Expert Level Cisco ASA, Palo Alto, Check Point and Juniper SRX Firewalls Administrator.
• Involved in Project planning, Product Migration, Project handovers, perform maintenance and backup for the security products.
• Wide knowledge on cisco Iron port for URL filtering based on categories and for http & https traffic redirection via cisco IronPort.
• Monitor industry warnings and messages for all system patches, virus activity, and upgrades to maintain the overall information security integrity of the enterprise. Inform and recommend course of action to information security management.
• Security Policy setting & configuration as per the security requirement in various segments
• Palo Alto Network Security Device Administrator: Administration of Palo Alto Network Device,
• Configuration of New Access Policy, Firewall Rules, QOS Rules, User ID agents, Treat Policy. Monitoring the network traffic via wire shark network analyzer tool. Creation new Internet access policy for the global network, Trapshooting the internet filter, firewall, OOS.
• Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, FortiGate and Shell.
• Cisco switches and routers, LAN networks, VPN configuration, IPsec, PPTP VPN tunnel configuration for the client.
• Configuring F5 Load balancer LTMs ASM and GTMs, to isolate traffic from the web servers.
• Providing support and troubleshooting the network Problem for the client.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud - based) process that does not impact stream processing.
• Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP
• Assist customer team with the design and placement of Palo Alto Networks devices.
• Installation, configuration and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX Firewalls.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Deploying and support VOIP services with Cisco call manager express/CUCM.
• Hands on experience on Power over Ethernet (POE) and Ether Channel.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Design, implementation and support for network security technologies and products (WAF, Cisco ISE, AMP, Firepower, etc.)
• Optimizing and efficient use of policies in Palo Alto-5020 and FortiGate 311B Firewall v5.2.3.
• Experience in configuring Client-to-Site VPN using IPSEC VPN on SRX series firewalls
• Migrated Core Internal Network from Core Switch to Palo Alto Firewall and configuring Generating User Activity and Application Reports on PA5020 Firewalls.
• Managed implementation of Cisco IOS zone-based firewall to perform basic security operations on the network.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.

PROFESSIONAL EXPERIENCE

Confidential, Las Vegas, NV

Network Security Engineer

Responsibilities:

• Configuring, Administering and troubleshooting the Palo Alto, ASA and Checkpoint firewall.
• Implement and configured firewall rules in Checkpoint Gaia R77.30, VSX and Palo Alto Pa-500, Pa- 3000 series, PA-5k and Pa-7k series.
• A consultant working with enterprise customers to design, implement, migrate and integrate Palo Alto Networks products/solutions into their networks.
• Working on tickets using Tufin Secure change to stage rules into checkpoint Firewalls.
• Responsible for installation, configuration of Checkpoint 12400, 12600, 21400 Appliances.
• Assisted customer with complete migration from Cisco ASA to Palo Alto Networks Next Generation
• Firewalls at multiple Data Centers with full centralized management via Panorama.
• Worked with customer to implement 8 regional Azure HA site implementations of Palo Alto
• Networks Next Generation Firewalls with connectivity to physical locations also protected by Palo Alto Networks firewalls.
• Migrated existing configuration from on-site Panorama to Azure based Panorama and built new sites in Azure based Panorama.
• Facilitated customer implementation of Palo Alto Networks GlobalProtect for 35K users globally with multiple geo located portals and gateways.
• Monitoring and ensuring compliance to corporate security policies and regulatory guidance on IBAC with regards to user access and broader information security matters.
• Implemented user based IBAC/Identify based firewall rules using User-ID in Paloalto firewalls for all the campus users.
• Used Paloalto Expedition tool to analyze the logs and created IBAC rules for specific User-ID/AD groups in Panorama.
• Responsible for installation, configuration of Palo Alto using Panorama.
• Experience in configuring F5 BIG IP i7600 modules from scratch including deploying vCMP guests, setting up networking, upgrading firmware versions, enabling modules and features, importing UCS files to restore previous configurations and configuring Configsync, Network failover and device groups.
• Configured F5 BIG IP APM, ASM, LTM and GTM modules in the new DMZ build project.
• Dealt with creating VIP pools, nodes and created custom iRules for the virtual servers like cookie persistency and redirection of URL on F5 ASM cookies issues and configures ASM policies.
• Worked with application teams to configure ASM policies from concept to protection.
• Perform networking solution at data center for Bluecoat Proxies.
• Worked on splunk to gather generated logs for the firewalls, to maintain application flow on firewalls.
• Troubleshoot firewall issues and solve them using packet capture mechanisms like TCPDUMP, FW monitor, zdebug, Wireshark and smart view tracker.
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user’s requirement to getting access for different servers like internal firewalls, DMZ firewalls.

Confidential, Austin, TX

Security Analyst

Responsibilities:

• Responsible for Check Point R80.10, R77.30, Provider-1, VSX, Cisco ASA and Palo Alto firewalls configuration and administration across global networks.
• Responsible for firewall rule set migration from Cisco ASA to newly implemented Palo Alto.
• Configured and managed security policies using Checkpoint smart dashboard in Provider-1 environment.
• Successfully installed Palo Alto PA-3050, PA-5050 firewalls to secure zones of network.
• Install and maintain Palo Alto firewall configuration to protect cardholder data for payment card industry (PCI).
• Managed and configured all Palo Alto PA 3000 series, PA 5000 series, PA 7000 series firewalls.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Implementing and configuring Checkpoint VSX for security gateways.
• Configured and maintained IPSEC, SSL Decryption, high availability, port mirroring, SSL VPN's on Palo Alto Firewalls.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Centrally managed all Palo Alto firewall using Palo Alto Panorama M-100 management server.
• Researched, designed, and replaced aging with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Working on cross-platform Firewall migration: Juniper SSG to Palo Alto and Juniper SSG to Cisco ASA.
• Configure Palo Alto firewall for wild fire feature of Palo Alto.
• Actively use smart view tracker, and Checkpoint CLI for troubleshooting.
• Firewall Policy Optimization using third party tool Tufin.
• Responsible for design and administration of network switches (Cisco), routers (Cisco), and firewalls (Palo Alto and Cisco ASA).
• Worked on Nexus platform7018, 5K series (5548, 5020 and 5010) and FEX (2248, and 2232) and deployed VPC, VDC and OTV and successfully implemented VSS on the Cisco switches.
• Responsible for setup and configuration of Site to Site VPN's, and remote access VPN's using Cisco ASA solutions (ASA 5505 and 5520).
• Working experience with virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Created and configured management report and dashboards using Splunk.
• ITIL Based Service Delivery and Management
• Performed upgrade process for Cisco ISE software from version 1.0.4 to 1.1 ADE-OS, patch management and data backup management.
• Working on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
• Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
• Implementing and configuring F5 LTM's for VIP's and Virtual servers as per application and business requirements.
• Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
• Management of Infoblox DNS IPAM for Microsoft DNS/DHCP setup and management.
• Management of Infoblox Grid Manager to manage DNS Forward and Revers Lookup Zones.

Confidential, Madison, WI

Security Engineer

Responsibilities:

• Configured, troubleshoot, and upgraded Checkpoint Firewalls which included network and/or resource access, software, or hardware problems.
• Maintained High Availability and clustered firewall environments for customers using Check Point High Availability.
• Perform Level 3-4 security implementations, vulnerability assessments and intrusion detection.
• Worked with both Checkpoint GAIA and SPLAT operating system.
• Installed, configured and maintained Checkpoint R75-R77 Gaia/SPLAT.
• Identified and removed security policies that are no longer needed to reduce Checkpoint Firewall policy lookup.
• Configured necessary routing and NAT on the Firewall appliance to communicate with the internet.
• Backup, Restore and Upgrade of Checkpoint Firewall appliance.
• Monitored Checkpoint VPN tunnel activities with Smart View Monitor and troubleshoot VPN issues with CLI.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce CheckPoint Firewall policy lookup.
• Configure IPSec, SSL-VPN (Mobile Access) on CheckPoint Gaia and troubleshoot VPN tunnel connectivity issues
• Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor).
• Analyze Logs and make necessary network reports using Smart Reporter console application.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
• Respond to emergency outages, disaster recovery and the corporate firewall.
• Interface with vendors and service providers to ensure security is maintained and integrated into all network connectivity activities efficiently and effectively, with minimal downtime.
• Created a lab environment using VMware and Oracle VirtualBox to effectively test policies, software distribution as well as scripts prior to deployment in production
• Configured and managed VPNs, remote access solutions and perimeter security in Cisco ASA and checkpoint firewalls
• Managing Checkpoint (NGX 70) on SPLAT platform, Standalone and HA mode implementation, Hide NAT and Static NAT configuration as per clients requirement.
• Managing Juniper Firewall (SRX) configuration, VPN configuration, configuring Netting, Routing.
• Configuring and Implementation of VPN-Sites to Site and Remote access using Cisco ASA and Checkpoint firewall.
• Regular basis Implementing Network Changes on Schedule time within Window. Participation in various conference call, meeting related to Project work, interaction with clients for resolving issues or for their old or new concerns.
• Handling network and security of internal infrastructure, Gateway firewalls.
• Managing Infoblox Administrator A/c, Create an HA pair, Build a Grid, DHCP member configuration, DHCP Network & Network object configuration, DHCP Options, DHCP IPAM, File distribution, DNS member configuration, DNS Records, Data import, Microsoft Management, Network discovery

Confidential

Network Support Engineer

Responsibilities:

• Level II Network & Security support team on 24x7.
• Configuration and support Cisco based Routers, Switches and firewalls.
• Experience in security consulting, support and/or engineering, security architecture, planning, design and implementation of Cisco security products
• Basic Firewall Access list configurations and support.
• Primarily responsible for proactive, incident and problem management.
• Configuring switch ports for various vlans in the network.
• Responsible for designing and securing the entire network for the India operations center, including designing of VLAN, inter VLAN routing, firewall with multiple DMZ's on Cisco PIX Firewalls.
• Cisco CSS Load balancing support for various website hosted at the Data center.
• Layer 2 and Layer 3 support using Cisco routers and Switches
• Built IPSec based Site to Site VPN tunnels between various client locations.
• Frame Relay, T1, multilinking T1, Fractional DS3, WAN troubleshooting.
• Debugging abilities at L1, L2, L3, and L4 protocols in an Internet-centric environment. Troubleshooting Active Directory, DNS, and DHCP related issues.
• Assist internal project teams by determining rules that need to be added to the firewalls and identifying the proper routing and addressing for new devices in managed DMZs
• Trouble shooting Network related problems
• Monitor bandwidth utilization, analyze traffic patterns and volume