SUMMARY

• Senior Network Engineer with almost 8 years of strong hands on experience in planning, designing, implementing, troubleshooting of WAN/LAN technologies such as Routing & Switching with Cisco devices. Security appliances such as Cisco FW PIX/ASA, Checkpoint FW, Juniper, Palo Alto and Bluecoat Proxies in a 24*7 support environment.
• In - depth Cisco technology noledge in design, administration, implementation and support.
• In-depth noledge of deploying and troubleshooting IP protocols.
• Experience on layer3 routing and layer2 switching.
• Handled key responsibilities in documenting network changes and updating topologies accordingly.
• Configuring and Implementing Security rules as per teh business needs in Cisco ASA Firewall and Juniper SRX, Juniper mag firewall and Palo Alto Firewalls.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Knowledge of Server Maintenance, including establishing Security Protocols, Configuring Network, and Troubleshooting Problems.
• Worked in OSI model, TCP/IP, UDP, IP addressing and Sub netting.
• Hands-on experience in teh setup of HSRP, ACL, and tunnel installations.
• Extensive noledge in different networking protocols DHCP, DNS, FTP, ARP and TCP/IP.
• Involved in monitoring network traffic and its diagnosis using performance tools like CiscoWorks, Snort, Snortsnarf, ping tools, and packet player.
• Implementation and maintaining backup schedules.
• A good team player with meticulous nature and a persevering attitude.
• A fast learning with excellent communication skills.
• Installing & configuring firewalls - Juniper Netscreen SSG, SRX, Cisco ASA, Cisco Pix, FWSM, Palo alto Pa-2000, Pa-3000, Panorama, Checkpoint NG R55 & NGX R60, R75, R77 Gaia, Provider-1 and VSX.
• Planning, Designing & Implementing VPN solutions using Netscreen, Cisco PIX, ASA, Checkpoint and Cisco Routers using site-to-site VPN’s.
• Configuring firewall rules using checkpoint smart dashboard, CSM, NSM, ASDM, Panorama and CLI.
• Planning, designing of Corporate Firewalls architecture and implementing in distributed environment.
• Maintaining Corporate Firewalls & Analysis of firewall logs.
• Creating IPSEC, GRE tunnels, Frame-relay in Cisco routers.
• Planning & implementation of information security guidelines as per teh security standards.
• Verifying & Configuring teh Rules in firewalls. (Firewall Change Request processing).
• Configuring Network Address Translation (NAT) according to teh connectivity requirements.
• Configuring Bandwidth allocations (QOS) in Checkpoint Firewalls.
• Implement security policies using ACL, PIX firewall (515, 520), ASA (5520, 5540, 5550 and 5580). Upgrading Operating Systems for various network equipment’s & applying Hot-fixes.
• Performing vulnerability assessment for enterprise networks using Nessus tool.
• Taking Regular backups & testing teh backups by restoring in test lab frequently.
• (DRP) Disaster Recovery Planning.
• Working on firewall optimization tools like Tufin, Algosec and Firemon.
• Working on teh Sourcefire IPS/IDS, Cisco Identity Services Engine (ISE)
• Strong hands on experience on security information and event management(SIEM) performing Log management, Security event manager and Forensic analysis in datacenter environment using tools Splunk, Cisco SEIM and IBM Qradar.
• Planning, designing, Installing and Configuring of Cisco Routers (1700, 1800, 2500, 2600, 3200, 3600, 3700, 3800, and 7200) using RIP, EIGRP, OSPF and BGP in MPLS network.
• Redistribution of routing protocols, Route-maps (Policy Based Routing), ACL, NAT and PAT.
• HSRP, NSRP, VRRP implementation on routers.
• Troubleshooting of Enterprise application response problems & connectivity issues.
• Installing and configuring of Cisco L2 & L3 Switches (2900, 3560, 4500 & 6500).
• Designing of LAN Network as per Cisco 3-tier Architecture (Core, Distribution, and Access).
• Configuring STP, VLAN, VTP, SPAN port and Port binding.
• Installing & Configuring Network Access Control (NAC) using Cisco Clean Access (CCA).
• Implementing & maintaining tools like Snort (IDS), MRTG, JFFNMS, Netflow Analyzer, WhatsUP Gold, Smokeping, Tufin, Splunk, Wireshark, TCPDUMP, HP Openview, CiscoWorks, HP NAS, Bluecoat, Algosec, Infoblox and NTOP.
• Implementing Cisco Secure Access Control Server (ACS 4.0) for Tacacs+/ Radius.
• Installing & Configuring of DHCP and DNS using Infoblox.
• Configuring on F5 LTM and GTM load balancers as per teh client requirements.

PROFESSIONAL EXPERIENCE

Confidential, St. Louis, MO

Sr Security Engineer

Responsibilities:

• Responsible for installation, troubleshooting of firewalls (Cisco / Checkpoint/ Palo Alto firewalls) and related software, and LAN/WAN protocols.
• Worked on Gaia Versions 77.10, 77.20, R65 implementing new and additional rules on teh existing firewalls for a server refresh project.
• Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20.
• Established IPSec VPN tunnels between branch offices and headquarter using Cisco ASA Firewall.
• Maintained, upgraded, configured, and installed Cisco ASA 5510, 5520, & 5505 Firewalls from teh CLI and ASDM.
• Used Bluecoat proxies to whitelist and blocklist websites as per company policy.
• Worked on extended internet access requests on bluecoat proxies to give extra access to user based upon business requirements.
• Experience with data security monitoring and management tools including Splunk, Tufin and Infoblox.
• Working on Sourcefire IPS/IDS and Cisco Identity Services Engine (ISE).
• Experience on working with migration with both checkpoint and Palo Alto next generation firewall as well as virtualization of both VSX and VSYS.
• Day-to-day work involves changes on teh Checkpoint Firewall using teh Smart Dashboard NGX R70 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.
• Configuration and support of Juniper Netscreen firewalls and Palo Alto firewalls.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Review and optimize firewall rules using Secure Track Tufin tool and firewall audit reports
• Experience with convert Checkpoint VPN rules over to teh Cisco ASA solution.
• Planned, installed, monitored and was teh single point of contact for all intrusion detection for client systems.
• Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1 / VPN-1 / Secure VPN / Secure IDS)
• Configuring failover for redundancy purposes for teh security devices. Implemented teh stateful & serial failover for ASA firewalls, Checkpoint Clustering and load balancing features.
• Implemented and troubleshooting teh Virtual firewalls (Contexts) solutions in ASA.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Technical experience with F5, Juniper or Bluecoat products.
• Adding websites to blocked list on teh bluecoat proxies based upon business requirements
• Designed and Implemented secure management infrastructure with teh help of Splunk and Cisco SEIM device environment.
• Utilizing Tufin and Splunk for analyzing and/or reporting tool to remediate idle firewall polices dat were leaving teh network open to unnecessary vulnerabilities.
• Experience with F5 BIG-IP global traffic manager for topology based load balancing during IP inspection and denial of service attacks
• Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.
• Experience on Endpoint security SME with McAfee Endpoint, IPS and Anti-virus.

Confidential - Lexington, SC

Network Security Engineer

Responsibilities:

• Responsibilities for teh installation, configuration, maintenance and troubleshooting of teh company network. Duties included monitoring network performance using various network tools to ensure teh availability, integrity and confidentiality of application and equipment and to provide support for Cisco network.
• Analyze syslog generated by IDS, IPS, Firewalls, Routers, and Switch devices.
• Manage third party connections using Cisco ASA Firewalls
• Key contributions include troubleshooting of complex LAN/WAN infrastructure dat include routing protocols EIGRP, BGP and OSPF.
• Configuration, Testing, Planning, Design of Cisco routers, Cisco Catalyst 2900,3570 and 6500 switches and Cisco AirNet and wireless appliances
• Implementation and Configuration of F5 BIG-IP LTM-6400 Load Balancers.
• Migration for Frame-Relay/ATM network to MPLS based VPN for customer’s WAN infrastructure.
• Troubleshooting latency and throughput issues onMPLS and dedicated internet access circuits.
• Configured Cisco 7204 routers which were also connected to Cisco ASA security appliances providing perimeter based firewall security.
• Upgrade Cisco Routers, Switches and Firewall (ASA) IOS using TFTP.
• Resource management through deployment of network based monitoring applications to keep bandwidth & activity alongside each other.
• Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
• Convert Checkpoint VPN rules over to teh Cisco ASA solution,Migration with both Checkpoint and Cisco ASA VPN.
• Configured Firewall logging, DMZs and related security policies and monitoring.
• Installed and Configured a Cisco secure ACS server for AAA authentication (RADIUS).
• Manage a very large DNS environment and manual management of DNS for DMZ/External Servers.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint NGX, Cisco ASA other security products.
• Process creation of VPN requests for remote users. Also VPN Tunneling
• Performed switching technology administration including VLAN, Inter-VLAN routing, Trucking, Port aggregation and Link negotiation.

Confidential - Omaha, NB

Network Security Engineer

Responsibilities:

• Negotiate VPN tunnels using IPSec encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
• Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to teh switches.
• Experience in source fire implementation and design
• Install, set firewall rules, deploy VPN's on Cisco ASA 5510 firewalls during Allergannetwork infrastructure upgrade project
• Maintain SourceFire IDS/IPS systems
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Working on Network design and support, implementation related internal projects for establishing connectivity between teh various field offices and data centers.
• Ensure Network, system and data availability and integrity through preventive maintenance and upgrade. Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.
• Installed and configured Cisco LAN\WAN routers, Cisco LAN switches, Blue Socket wireless access points, Sonic and ASA firewalls
• Programmed VPN tunnels on ASAs and Palo-Alto appliances
• Worked on FireEye Scanner to generate reports on teh servers and work stations vulnerabilities
• Providing daily network support for national wide area network consisting of MPLS, VPN and point-to point site.
• Configure NAT (Source and Destination) on Palo Alto Firewall
• Implemented full LAN-WAN project with OSPF Protocol inside and ASA firewall security
• Implementing Bluecoat Proxy Server experience for outbound internet traffic
• Completed service requests (i.e. - IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc)
• Configuring HSRP between teh 3845 router pairs for Gateway redundancy for teh client desktops.
• ConfigureVRRP & GLBP andVLANTrunking802.1Q & ISL, STP, Port Security on Catalyst 6500 switches.
• Bluecoat SG Proxy administration and support for URL filtering
• Skilled with Setting-up, configuring, and implementing a firewall, and proxy server
• Creating teh Rules for VPN users to restrict based on their Static IP address in ASA
• Handled SRST and implemented and configured teh Gateways, Voice Gateways.
• Provisioning of Bluecoat proxy policies for various clients at teh data centre
• Verification of unique firewall routing requirements for ASAs at remote locations
• Responsible for service request tickets generated by teh helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support
• Designed and implemented Cisco VoIP infrastructure for a large enterprise and multi-unit office environment. Met aggressive schedule to ensure a Multi-office reconfiguration project which was successfully delivered
• Troubleshooting Palo Alto firewalls for Policy, HA (High Availability) issues
• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-VLAN routing, LAN security.
• Worked on teh security levels with RADIUS, TACACS+
• Network Cabling, dressing, labeling and troubleshooting various network drops onsite.

Confidential

Network Support Engineer

Responsibilities:

• Upgrade Cisco 7200, 3600 Router IOS Software, backup Routers and Catalyst 3560, 4500 switch configurations
• Involved in installing and configuring PIX 515E firewall.
• Support 24x7 operations and answer calls from teh customers on network emergencies and resolve issues
• Install and manage Cisco Catalyst 3500XL, & 2960 series Switches and Cisco 1800, 3900 series routers
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.
• Worked on Juniper J series j230, M 320 routers and EX 3200 series switch.
• Implemented Hot Standby Router Protocol (HSRP) by tuning parameters like preemption.
• Hands on Experience in Inter-vlan routing, redistribution, access-lists and dynamic NAT’ing
• Log messages using Syslog server and analyze teh issues related to high CPU utilization and parameters dat can degrade performance of teh network
• Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required
• Conduct through analysis, problem solving, and infrastructure planning
• Provide assistance to Network Manager and serve as Secondary Network support.
• Troubleshoot and fix any backup and monitoring systems related issues in conjunction with Systems team and external vendors
• Created & documented wiring and network diagram using MS- Visio.

Confidential

Network Engineer

Responsibilities:

• Create and test Cisco router configurations with OSPF, routing protocols.
• Trouble shooting single and multi-arm topologies, Fix routing issues and misconfigurations.
• Performed on-call rotation schedule using SNMP network monitoring tool for client support sites.
• Work with field engineers and escalation teams to patch and update networking software on client’s network gear, mostly using Cisco routers and switches.
• Provide staff support for a multi-campus enterprise using Cisco equipment including 6509s with Firewall and Cisco Catalyst switches.
• Provide recommendations on network infrastructure and reorganization with detailed network analysis using VISIO network drawings.
• VLAN design and implementation for new network requirements, including VLAN bridging and multi-port Trunks.
• Provide on call network support for various enterprise network clients.