SUMMARY:

• Around 8 years of experience in planning, design, implementing and troubleshooting complex networks and advanced technologies.
• Advanced knowledge, design, installation, configuration, maintenance and administration of different Checkpoint products like NGX R60, R65, R71, R75, SPLAT, R77 Gaia, R80, VSX, Provider - 1, Nokia IPSO Smart Center and Cluster XL.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Build and Configured and troubleshooted Cisco ASA 5505, 5540, 5550, Cisco source fire and Cisco 5585 firewall with firepower module.
• Worked on Juniper JUNOS and SCREEN OS Firewalls like SRX 220, SRX 1400, SRX 3400, SSG 550M, SSG520M, ISG 1000 and ISG 200.
• Managed firewalls using Checkpoint Provider-1, Smart Dashboard, Cisco ASDM, CSM, Juniper NSM and Panorama.
• Experienced on Monitoring the Network performance based on company's Service Level Agreement (SLA)
• Experience in configuring, implementing, and troubleshooting F5 LTM and GTM load Balancer in the enterprise network.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption, and integrity protocols on Palo Alto firewall as well as cisco ASA and checkpoint.
• Worked on migration from legacy PIX to new Cisco ASA appliances, ASA to Palo Alto firewalls.
• Experience with Blue Coat URL filtering with whitelisting and blacklisting URL, creating rules for content filtering.
• Had Knowledge on ISO guidelines, Statistical Information and Risk Management software.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Experience in Implementing & managing Symantec Data Loss Prevention.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption, and integrity protocols.
• Proficiency in the following: Cisco Routers 3800, 7200, 7600 series / Catalyst Switches 2950, 3550, 3560, 3750, 5500, and 6500 Series running Cisco Cat OS or Cisco IOS, Nexus 2K, 3K, 5K, 7K running NX-OS.
• Configuring and implementing Routed and routing protocols including TCP/IP, RIP, OSPF, EIGRP, BGP, VRRP and HSRP.
• Experience on Network tools like SolarWinds Orion, SPLUNK, IBM @Radar, SIEM, NetScout, HPSM, Remedy, Service Now, Tufin, Algosec, Firemon, Easy-IP, Cyber Ark, HPNAS, Meraki Wireless, Wireshark, Packet Tracer, Tacacs+, Radius, ISE, NAC, ACS, and ITIL process.
• Ensure Firewall Policy compliance for standards including PCI, SOX auditing and rule base remediation.
• Experience Configuring VDC&VPC in Nexus Switches 7k, 5k and 2k.

PROFESSIONAL EXPERIENCE:

Confidential, Concord, CA

Sr. Palo Alto Firewall Engineer

Responsibilities:

• Deploy new Palo Alto Firewalls using virtual-wire, Layer 3 modes and VPN Sites.
• Work on firewall administration cleaning rules, Change port rules to application rules and Tags.
• Work on Network Segmentation moving firewalls from one place to other place and protect all the networks and move behind the firewall.
• Work on firewall migrations. Migrating Cisco ASA firewalls to Palo Alto firewalls using expedition tools.
• Work on tools like remedy and Infoblox to maintain the networks and assets.
• Work on Network Security policy management and Firewall management and Network Audits using Tufin.
• Work on Dynamic updates and Software updates for Palo Alto Firewalls from 8.0.0 to 8.0.14
• Configure Palo Alto Panorama centralized management system from 8.0.16 to 8.1.6
• Provide support for Tier-2 and Tier-3 firewall architecture, which includes various Cisco ASA firewalls and Palo-Alto firewalls.
• Configure High availability on the firewalls and test the failure conditions and recorded.
• Participate in design and draw current and proposed network design implementations using Visio's.
• Manage server life cycles and inventory by analyzing older legacy systems, and assessing options for upgrading, consolidating, or disposal.
• Utilize available resources for capacity planning and performance analysis, and identifying resources needed to put plans into action.
• Monitor and troubleshoot firewall logs using Qradar and verify the traffic in Palo Alto Firewalls
• Create and analyze packet captures and prevent threats from the internet with file blocking.
• Work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using Palo Alto CLI.
• Provide support and troubleshoot for Low, Medium and High NERC classified firewalls, which includes various Cisco ASA firewalls and Palo-Alto firewalls.
• Implemented VPN sites using Pre-Shared Key and Certificate based for Palo Alto Firewalls and Cradle Point.
• Implemented a solution between Palo Alto firewalls and 4G DIGI model number WR31.
• Deployed more than 150 Palo Alto Firewalls at all the NERC low sites and GAS Sub Stations at Confidential & Electric.
• Migrated cisco ASA’s to Palo Alto firewalls for Medium NERC Sites at Confidential & Electric using Palo Alto expedition tool.
• Firewall cleanup and Firewall administration implemented on more than 50 Palo Alto Firewalls.
• Implemented rules on 150 new Palo Alto firewalls using Tufin Automatic Policy Generator.

Confidential, Austin, TX

Network Security Engineer

Responsibilities:

• Implementing and troubleshooting firewall rules in Cisco ASA 5540, 5580, Checkpoint R77.30 Gaia and VSX as per the business requirements
• Worked on Gaia Versions 77.30, 77.20 implementing new and additional rules on the existing firewalls for a server refresh project
• Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20
• Established IPsec VPN tunnels between branch offices and headquarter using Cisco ASA Firewall
• Responsible for Check Point, Cisco ASA and Palo-Alto firewalls configuration and administration across global networks.
• Configure and implement security solutions for various clients as per their requirements in Checkpoint R77, R75, Provider-1, Palo Alto firewalls, Panorama, Cisco ASA firewalls, ASDM and in CSM.
• Working on tickets using Cisco Secure change to stage rules into checkpoint Firewalls.
• Responsible for installation, configuration, maintenance, and administration of Palo Alto firewalls PA 50, 7060), PA -5000, series (5060/5050/5020 ), PA 60/4050/4020 ) firewalls.
• Integrating Panorama with Palo Alto Firewalls, managing multiple Palo Alto Firewall using Panorama. Provides updates and upgrades to the Palo Alto Firewall and Panorama devices.
• Skilled in creating security Policy, App-ID, URL filter and Threat Prevention in Palo Alto firewalls.
• Involved in upgrade of Panorama to version 7.1.14.
• Worked on the Checkpoint R80 in the lab environment.
• Worked on firewall optimization tool using Tufin secure track and monitored logs in SPLUNK.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering and Wildfire)
• Configure the Global Protect Portal to provide the Clientless VPN service
• Map users and user groups to applications and mapping controls applications users or user groups can launch from a Global Protect Clientless VPN session
• Performed firewall migration from Cisco ASA firewalls to Palo Alto firewalls using Palo Alto Migration tool.
• Working with Level-2 team for code upgrades on Cisco ASA firewalls.
• Working on Hardware replacement for Cisco ASA, checkpoint Firewalls and other network devices.
• Implemented Cisco ISE for delivering consistent, highly secure access control across wired and wireless multivendor networks and remote VPN connections.
• Provide support for Tier-2 and Tier-3 firewall architecture, which includes various Cisco ASA firewalls and Palo-Alto firewalls.
• Using NSX enabled granular firewalling and security policy enforcement for every workload in the data center, independent of the network topology and complexity.
• Using NSX enables security and advanced services to be dynamically assigned to workloads independent of the underlying physical network.
• Had Knowledge on ISO guidelines, Statistical Information and Risk Management software.
• Using VM-Series enabled to expedite the deployment of next-generation security in your private and public clouds.
• Worked on Integration between Palo Alto Networks Panorama network security management and NSX Manager allows a VM-Series virtualized firewall to be dynamically provisioned on demand.
• Worked on SolarWinds risk management software helps to minimize cybercrime and develop strategies.
• Implementing proxy rules in Bluecoat Proxy SG using blue coat director.
• Worked on changing global objects and global rules to local objects and local rules for migration project
• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for Stateful replication of traffic between active and standby member.
• Support Data Center Migration Project involving physical re-locations.
• Using the VMware NSX platform’s extensible service insertion and service chaining capabilities, the virtualized NGFW is automatically and transparently deployed on every ESXi server.
• Context is shared between VMware NSX and Palo Alto Networks’ centralized management platform, enabling security teams to dynamically apply security policies to virtualized application creation and changes.

Confidential, Cleveland, OH

Network Security Engineer

Responsibilities:

• Implementing security Solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R77.20, R77.30 Gaia and Provider-1/MDM.
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configure and administer Cisco ASA Firewalls (5585, 5550 and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration
• Primary responsibility is also to maintain, monitor and make production changes on R77.30 Checkpoint Firewall
• Implemented site to site VPN in Cisco ASA firewalls for third party connectivity.
• Build IT security infrastructure including Checkpoint, Juniper, and Palo Alto firewalls.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Implementation, maintenance and monitoring of IDS/IPS, WAF, antivirus and Syslog Servers.
• Configure and maintain Cisco IDS/IPS, ASA firewalls, and Bluecoat web proxies.
• Troubleshoot and Worked on Security issues related to Cisco ASA, and IDS/IPS firewalls. Large-scale Deployment and installation of Juniper SSG5, Cisco ASA, and Fortinet firewalls.
• Implemented site to site VPN with IPSEC via. GRE ISKAMP.
• Configured IPsec VPN access for client to site remote access.
• Migration of existing IPSEC VPN tunnels from Pre-Shared key to Certificate Authority for purpose of scaling.
• Using NSX enabled granular firewalling and security policy enforcement for every workload in the data center, independent of the network topology and complexity.
• Using NSX enables security and advanced services to be dynamically assigned to workloads independent of the underlying physical network.
• Hands on experience with Cisco Nexus 7K, 5K and 2K series equipment including configuration of protocols.
• Attended few conference on Cisco Meraki wireless managed network.
• Completed IOS upgrade project for firewalls from 8.2 to 8.6 codes. Upgraded 20 ASA Firewalls across the organization
• Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
• Perform network engineering, design, planning LTM & GTM load balancing implementation and scheduling infrastructure related tasks by coordinating with other teams.
• Configured NAT and SNAT in F5 12.0 LTM. Managed virtual servers in F5 12.0 LTM.
• Using the VMware NSX platform’s extensible service insertion and service chaining capabilities, the virtualized NGFW is automatically and transparently deployed on every ESXi server.
• Context is shared between VMware NSX and Palo Alto Networks’ centralized management platform, enabling security teams to dynamically apply security policies to virtualized application creation and changes.

Confidential, Irving, TX

Network Implementation Engineer

Responsibilities:

• Supporting and troubleshooting Checkpoint (R77.10 Gaia, R77, R76, Provider-1, MDM/MDS, VSX, SPLAT and IPSO) and Cisco firewall (ASA 5550, 5540, 5520, PIX 525, 535, CSM and ASDM) technologies.
• Migration and implementation; new solutions with Palo Alto Next-Generation Firewall series PA-500, PA-3060 and PA-5060.
• Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
• Configured Juniper SRX and SSG firewalls using NSM and via CLI.
• Adding zone-based rules in Juniper SRX and SSG Net Screen firewalls as per client requirements.
• Experience on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
• Extracted the logs, perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
• Performing packet captures using TCPDUMP, firewall monitor, Snoop, Wireshark, and other network monitoring tools.
• Worked with Checkpoint Firewall (SPLAT/Gaia) for management (Smart Dashboard, Smart Monitor), Logging (Smart Log, Smart View Tracker)
• Prepared engineering documents and network diagrams in Microsoft Visio.
• Troubleshoot and hands on experience on security related issues on Checkpoint R75, Cisco ASA and Juniper Net screen firewalls.
• Involved in large firewall configuration, deployments, and implantation rollouts for several company's security needs including SSL VPN tunnels.
• Administering multiple Firewall of Juniper SRX and SSG Net screen in a managed distributed environment. Fulfilling routine change requests of Screen OS Firewall and resolving trouble tickets, maintain and monitoring firewalls.
• Worked on the conversion of Juniper SSG to SRX firewalls.
• Creating MOPs (Method of Procedure) and Provided On-call support to Clean-up the changes in configuration on migrated Cisco routers.
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers
• Experience with Firewall Administration, Rule Analysis and Rule Modification on cisco ASA 5540, 5585.
• Responsible for Cisco ASA firewall administration across our networks.
• Co-ordinate with the Data Network and Security team and come up with possible solutions.
• Provide solutions to Tier 1/2 escalated issues and tickets.
• Implementation and configuration of F5 Big-IP LTM-6400 load balancers
• Configuring and resolving various OSPF issues in an OSPF multi area environment,
• Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
• GRE tunneling & Site-to Site VPN configuration between other two sites in USA.