SUMMARY

• Network Engineer having 8+ experience in Networking and Security, widely in Network Security Products and Firewalls.
• Firewall installation, Policy implementation, NAT translation and System Software Upgradation of existing Firewalls.
• Expert Level Cisco ASA, Palo Alto, Check Point and Juniper SRX Firewalls Administrator.
• Involved in Project planning, Product Migration, Project handovers, perform maintenance and backup for the security products.
• Wide knowledge on cisco Iron port for URL filtering based on categories and for http & https traffic redirection via cisco IronPort.
• Designing/Deploying/Maintaining, Configuration, Monitoring and Troubleshooting for FortGate/Juniper
• SRX firewall/Cisco ASA 55XX ZBF (NGFW): URL filtering, Content Filtering, SSL inspection, User identity.
• Monitor industry warnings and messages for all system patches, virus activity, and upgrades to maintain the overall information security integrity of the enterprise. Inform and recommend course of action to information security management.
• AWS network engineering including VPC Peering, Transit Gateways, AWS Site - to-Site VPN, Transit VPCs, Hub VPCs, Palo Alto VM-Series, HA Proxy, Aviatrix Controller & Gateway, ELBs, NAT Gateways, Internet Gateways, OpenVPN and VPC endpoints/gateways/interfaces
• Recognized for performance excellence and contributions to success in network design projects. Strength in Cisco ISE and DNAC backed by extensive training in routing/switching.
• Security Policy setting & configuration as per the security requirement in various segments
• Palo Alto Network Security Device Administrator: Administration of Palo Alto Network Device, Configuration of New Access Policy, Firewall Rules, QOS Rules, User ID agents, Treat Policy. Monitoring the network traffic via wire shark network analyzer tool. Creation new Internet access policy for the global network, Trapshooting the internet filter, firewall, OOS.
• Designing, Configuration, Monitoring and Troubleshooting for Network Security Devices, which includes for Data center Cisco NGFW 5585X, IPS and FortiGate 2000E NGFW for DMZ, IP-VPN & Internet zone
• Worked extensively on firewalls and VPN gateways Checkpoint, Blue Coat Web Gateway, CISCO, Juniper, FortiGate and Shell.
• DAF/WAF (Guardium, Imperva WAF, Oracle DAF), Web Application Firewall (Imperva WAF)
• By Using transit gateway isa network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure.
• Network System Engineer wif experience in Cisco Identity Services Engine (ISE) and DNAC (DNA Center).
• Cisco switches and routers, LAN networks, VPN configuration, IPsec, PPTP VPN tunnel configuration for the client.
• Deploying and support Cisco VOIP (Call Manager, Unity Connections and CUPS) and Cisco IOS voice gateway.
• Hubs, Bridges, Routers, TCP and/or IP protocols, Addressing, Flow control
• Analyzing and troubleshooting network problems and Application slowness issues.
• Configuring F5 Load balancer LTMs and GTMs to isolate traffic from the web servers.
• Providing support and troubleshooting the network Problem for the client.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Working knowledge with Infoblox appliances such as DNS, DNSSEC, DHCP, IPAM and TFTP
• Assist customer team with the design and placement of Palo Alto Networks devices.
• Installation, configuration and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX Firewalls.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Deploying and support VOIP services with Cisco call manager express/CUCM.
• Hands on experience on Power over Ethernet (POE) and Ether Channel.
• Worked on Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale Firewall deployments.
• Design, implementation and support for network security technologies and products (WAF, Cisco ISE, AMP, Firepower, etc.)
• Optimizing and efficient use of policies in Palo Alto-5020 and FortiGate 311B Firewall v5.2.3.
• Experience in configuring Client-to-Site VPN using IPSEC VPN on SRX series firewalls
• Migrated Core Internal Network from Core Switch to Palo Alto Firewall and configuring Generating User Activity and Application Reports on PA5020 Firewalls.
• Managed implementation of Cisco IOS zone-based firewall to perform basic security operations on the network.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.

TECHNICAL SKILLS

Routers: Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series

Switches: Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series -2k,5k,7k

Firewalls: Palo Alto PA-3050, PA-5050, CISCO ASA 5500, Checkpoint

Routing Protocols: RIP v1&v2, BGP, OSPF, EIGRP, HSRP, VRRP, GLBP, FTP, SMTP, SNMP

Switching Protocols: STP, RSTP, PVSTP, VTP, ARP, and VLAN.

IP Services: DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN

WAN Technologies: ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS.

VPN Technologies: Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP

Monitoring Tools: OPNET, GNS3 Simulator, Packet Tracer, Wire Shark, Solar Winds, What’s Up IP, Nagios and Fluke Networks

Networking: TCP/IP, OSI Model, Socket Programming, LAN/WAN, Switches and Routers, IPV4/IPV6 Addressing & Subnetting, Ethernet, STP, VLAN, Trunking, DNS, DHCP, NAT, ACL, HTTP, ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS Web Services (REST & SOAP), Windows Servers 8 & 12

Tools: GNS3, Packet Tracer, Solar Winds, What’s Up IP, VMware Workstation, Wireshark, Nagios and Fluke Networks

Languages: C, Python

Operating Systems: Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux

DOCSIS: Cisco, RCA, Com21, GI, 3Com, Samsung, and Toshiba

DLP: Websense, Symantec & McAfee

Cloud Environment: Amazon AWS

PROFESSIONAL EXPERIENCE

Confidential, Chicago, IL

Sr. Network Security Engineer

Responsibilities:

• Configuring, Administering and troubleshooting the Palo Alto, ASA and Juniper firewall.
• Investigate security incidents, troubleshoot, resolve and recommend actions needed to resolve vulnerability issues.
• Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
• Experience in working on the Quarterly maintenance windows for failover, reboot of Checkpoint next-generation firewalls and Palo Alto firewalls, as well as other security devices
• Administer policy settings and upgrades to Forcepoint Triton APX Web, DLP, and Email applications
• Experience on working on Checkpoint firewall IDS/IPS module for setting up the upgradation of new signature patterns and monthly reporting for auditing purpose.
• Responsibility is implementation and troubleshooting forCiscoFirewall, Fortigate, CiscoWLC, Routing and Switching, VPN, ISE.
• Routing, switching, ASA firewall technologies, Palo alto NGFW - Firepower, system design, implementation and troubleshooting of complex network systems
• Using transit gatewayplaces a network interface in that subnet using one IP address from the subnet.
• Strong design and implementation skills on Transit Gateway, AWS VPC Endpoint Services
• Experience managing/building networks, using skills in routing, network engineering, data center operations, Cisco routers/switches (BGP, OSPF, VXLAN, etc.), and deployment of Stealth Watch.
• PrincipleSMEthat successfully led, developed, trained and optimized 64-person military team, as the sole civilian expert. Designed to be fully functional and compliant to operate as a self-contained cyber mission team
• Analyse/configure different firewall devices - Palo Alto, Cisco, Checkpoint,Imperva
• Design and implementation of Twenty F5 ASM to replaceImpervaWAF.
• Migration ofbluecoatenvironment for different departments.
• Responsible for installation, troubleshooting of firewalls (Palo Alto NGFW) and related software, and
• LAN/WAN protocols.
• Web Application Firewall/WAF(Citrix)
• Load Balancer, Waf(Citrix)
• Monitor performance, availability and health on Cisco,Bluecoat, Riverbed and F5
• Network AnalystSME, Mentor. Responsible for program management and analysis of petabytes sized network data sets utilized for operational and strategic decision-making
• Managing Cisco ASA 5585, 5555, 5545 series, upgrade and maintain security policies
• Responsible for installation, configuration of Palo Alto using Panorama
• Perform networking solution at data center forBluecoatProxies.
• Performing migration from old network to a new network of millions of users.
• Provide on call support with network operations teams resolving incidents
• Deployed Paloalto-7000 series device to the production environment, managed them via Panorama.
• Worked on the migration of ASA firewalls to Palo Alto firewalls, in cloud environments.
• Performed code upgrades on the ASA 5585, 5555 series
• Worked on Splunk to gather generated logs for the firewalls, to maintain application flow on firewalls
• Trouble shooting Layer 3 issues, also assist layer 2 team with the troubleshooting issues with BGP, OSPF.
• Creating NATs as per user’s requirement to getting access for different servers like internal firewalls, DMZ firewalls.
• Monitoring and TroubleshootingISE
• Planning, Designing and assisting in deploying enterprise wide Network Security for Palo Alto NGFW,
• Cisco core 9600 and Cisco ISE.
• Created design and implementation of Cisco DNAC managed networks utilizing industry best practices and Cisco hardware, overseeing new and existing equipment as well as hardware and software upgrades
• Internet firewalls and also worked on Splunk for troubleshooting.
• Migrate management, host and transit interfaces of the firewalls to new IP, without affecting data traffic.
• Migrate NAT rules with counter NATs as per the new IP request
• Participate daily scrum meetings, maintain project flow to meet deadlines.
• Migrate and configure Juniper firewalls to Palo Alto using Panorama
• Setup Global Protect VPN in the production environment, test and maintain VPN firewalls
• Create and run the automation script to push configuration into the firewalls
• Maintain definitions in bluecoat proxies, with Splunk integration.
• Creating Perform and fulfil service now request for Port service, create policies and migrate rules to new subnet
• Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
• Worked with applications transport protocols SSL, IPSEC, DNS, NTP, SSH, LDAP, RADUS, TACACS+ and AAA on ASA Firewalls

Confidential, Richmond, VA

Network Security Engineer

Responsibilities:

• Device managing - Palo Alto firewalls (5000, 2000, 500 series) with centralized manage server panorama. Checkpoint (R65), ASA 5520, VPN, Bluecoat proxy, ISA server, Certificate authority, Proventia IBM IPS with Site protector, tipping point with SMS, PIX-535, MacAfee vulnerability manager.
• Involved in Migration of Check point to Palo Alto firewalls.
• Installed, operated and supported Mcfee Epo, CA-Etrust console, Symantec Endpoint Protection Manager Console, SOPHOS, TrendMicro. Antispam Brightmail, Symantec Mail Security, Cisco Ironport.
• Migrating Bluecoat proxy with Palo Alto captive portal solution.
• Design, Deploy, and ConfigureCiscoISE(Identity Services Engine) in multiple environments.
• Replaced different locations Cisco IOS hardware as well as physical firewall hardware structure with Meraki MX firewalls and MS switches solutions.
• Created design and implementation of Cisco DNAC managed networks utilizing industry best practices and Cisco hardware, overseeing new and existing equipment as well as hardware and software upgrades.
• Worked with Websense ACE to safeguard network resources, define rules for custom filters and provide real time security updates
• Responsible for installation, troubleshooting of firewalls (Cisco firewalls,ImpervaWeb app Firewalls, Checkpoint firewalls and Juniper firewalls,) and related software, and LAN/WAN protocols
• Implementing and troubleshooting Blue Coat Proxy SG-x appliances.
• ManagingBluecoatproxy devices and IDS, IPS devices. Migration of forward proxies to the centralized Director product, configuring the reverse proxy for the content analysis system (CAS) for newer application.
• Responsible for designing, implementing, upgrading, and troubleshooting Blue Coat Proxy SG-x appliances.
• Deploy and manage Forcepoint firewalls, CISCO ASA 5500 and Palo Alto
• Manage Forcepoint SMC (156 firewalls)
• Deployed a highly available Cisco infrastructure based on Cisco DNAC, Cisco ISE, switches, routers, and access points.
• Responsible for the implementation, documentation, and day-to-day support of theImpervaDatabase Firewall.
• Up gradation of Proventia IBM IPS firmware and Palo Alto firewalls.
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto
• Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature.
• Hands on experience working with products like Checkpoint R77 Gaia and Palo Alto Enforcement Points and P1, TACACS+, F5 LTM and GTM, Crossbeam, SPLAT, Infoblox, SGW, ACME Packets, A10, Cacti, BluecoatProxy SG and packet sniffers.
• Experience with Websense filtering service for selectively filtering unwanted internet requests traffic
• Worked on checkpoint firewall SMART Event Intro module for generating monthly IPS reports
• Experience on working with SIEM tool LogRhythm on adding the newly build windows and Linux log servers and creating policies for different alerts
• Deployment of Palo Alto 5000 series firewall and checkpoint 12000 series firewall
• Worked on Python scripting for generation the firewall security policy through web visualization tool in checkpoint firewall
• Conducts and assists with vulnerability scanning, penetration testing, application security testing, risk assessment and risk consultation with other teams and business units.
• Building configurations for Juniper MX 2010 and MX 2020 routers with features like port security, VLANS, VTP, PVST+.
• Upgrade theCiscoISEnodes to release versions required by the phase of the project and add nodes to theCiscoISEdeployment.
• Configuration of Juniper SRX series firewalls for outbound traffic via blue coat proxy server.
• Implemented inter-VLAN routing (on Juniper EX 3300 and EX 3400 switches) among the VLANs to allow communication on larger internetworks.
• Monitor and investigate security incidents and alerts with ArcSight, FireEye, Palo Alto,Sourcefireand McAfee EPO.
• Modify and implement ACL changes on Client routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS.
• Written firewall rules in support of application migration from F5 to A10 load balancer
• Implemented extended ACLs on Juniper SRX and 3750 to allow communication between the required networks, and to restrict other communications.
• Implemented various routing protocols such as RIP, EIGRP, and OSPF on Juniper MX routers; also taking care of issues such as discontinuous networks.
• Analyzing the vulnerability alerts triggered in Arc sight and tune the polices in IPS and firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Palo Alto design and installation for Application and URL filtering
• Configured and troubleshot Palo Alto firewall using CLI.
• Assisting end user operations staff with technical support for Fortinet products
• Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols
• Monitor and runCiscoISEreports/audits and work with security team to locked down or allow unknown devices that are found on the network.
• Scanning the servers and hosts using MacAfee found stone manager and analyze the vulnerabilities.
• VPN creation (Site to site, SSl, RA VPN) and troubleshooting.
• Managing PKI servers
• Cyber Security assessment using traffic analysis tools (i.e., WireShark, TCPDump, etc.)
• ISA server manages.
• Ability to configure and monitor security tools such as security information and event management (SIEM).
• Migration of PIX to ASA firewalls.
• Preparing monthly SLA report and availability reports.

Confidential, Nashville, TN

Network Engineer

Responsibilities:

• Responsible to Install, Configure, Manage & Monitor Network and Security Infrastructure.
• Managed the network architecture consisting of Cisco 3750 stackable and 2960 switches in Core, distribution and access layers.
• Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote.
• Experience in working with checkpoint, Palo Alto Next-generation firewall, Cisco ASA and Panorama M-100.
• Worked on SIEM tool LogRhythm for reporting and data aggregation
• Experience on working with IPsec VPN, IDS/IPS, DLP, Application and URL filtering on checkpoint firewall module
• Experience on working with IPsec VPN, Security profiles and SSL decryption on Palo Alto firewall
• Expertise in Installation, configuration, maintenance and troubleshooting of Windows Servers, Hyper-V Virtual Machines and Microsoft Azure instances.
• Conducted periodic reviews of Checkpoint firewall policies rule base for rules consolidation and cleanup in coordination with stakeholders using Fireman tool.
• Maintained & monitored Cisco 2500 and 2600 series router.
• Configured port level security on Switches.
• Implemented routing protocols like RIP, EIGRP and OSPF.
• Proficient andSMElevel operator of Fortinet Products to include Forti Manager, Forti Converter, Fortinet, and the FortiGate Firewalls
• Implemented Router Redundancy Protocols GLBP and HSRP.
• Successfully deployed intent - based networking platform (DNAC) one week ahead of project milestone for testing. As a subject matter expert, applied expertise in routing/switching and was a key component in project completion, leading in teh design and deployment of core network infrastructure wif minimal complications. Project resulted in significant cost reductions for teh business unit in Q3-2020.
• Implemented VLAN’s on layer 2 and layer 3 Switches.
• Implemented an efficient IP addressing scheme for organizations using VLSM and CIDR.
• Responsible for carrying out Network and IOS image upgrade.
• Well versed with Cisco's IOS operating systems, backup and retrieval of IOS and routing configuration.
• Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Center
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Exposure to wild fire feature of Palo Alto
• Implementing vulnerability management Protocols in BCP (Business Continuity Process).
• Worked with Symantec Data loss prevention, DLP, monitoring and managing
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst 6500/RV320/2960/catalyst, 6880/ /12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540.
• Configured Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Worked on DNS server for maintaining database servers and IP addressing.
• Good in representing network layouts and designs with Microsoft VISIO.
• Ensuring the quality of implementation is as per the client and industry standard.
• Adhering to the client schedules and milestones.
• Responsible for the up-to-date Network health (wired and wireless) including Security, Performance and Reliability.
• Full responsibility for the implementation of LAN/WAN and support of IP routing.
• Performed key role in trouble-shooting hardware, software and network problems to maximize the network performance.
• Responsible for designing and implementation of VLAN, Spanning Tree Implementation and support using PVST, R-PVST, Trunking and port channels creation.
• Worked on configuration of Virtual standard and distributed switches in Esxi host which helps in reduction of infrastructural cost.
• Also worked as an Instructor at NIIT for teaching OSI, IP addressing and implication of routing protocols.
• Worked on network-based IT systems such as Racking, Stacking and Cabling.