SUMMARY

• 6+ years of professional experience with specialization in Datacenter management. Experience innetworkdesigning, implementation and troubleshooting of complex infrastructure which includes firewalls, routing and switching on enterprisenetworks.
• Expert level Knowledge in configuring and troubleshooting of Palo Alto PA 3020, 5250 Juniper SRX - 550, SRX-220, ASA 55xx, Checkpoint R77 firewalls.
• Experienced in Migration from Checkpoint and Cisco ASA Firewalls to Palo Alto.
• Expertise on centralized management system (Panorama) to manage large scale firewall deployments.
• Exposure to wild fire feature of Palo Alto.
• Worked with CISCO ASA content security and control Security Services Module(CSC-SSM) and Advanced Inspection and Prevention security Service Module(AIP-SSM).
• Expert level knowledge in Palo Alto Network Security Device Configuration of Security Rules, QoS Rules, User ID agents, Packet Capturing and analyzing logs using various tools like NMAP, Solar Winds, Wireshark, and Splunk.
• Experience in Installation, Configuration and maintaining of Check Point Firewall in a Distributed Deployment and High Availability Redundancy Scenario.
• Proficient in implementation of filters using standard and Extended access-lists, Time-based access-lists, Route Maps.
• Managing and setup of Cisco Meraki wireless access points and Mobile Device Management( MDM).
• Configured policies using security profiles such as anti-virus, anti-spyware,URL-filtering etc
• Good knowledge on Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), Security Information and Event Management (SIEM).
• Professionalized knowledge on mitigating various attacks like DOS, DDOS and ZERO DAY ATTACK.
• In-depth understanding in implementing and configuring F5 Big-IP LTM and GTM of Load Balancers.
• Configuring of Virtual Servers, Pools, Nodes and balancing methods SSL offloading, Cert management and Troubleshooting experience on F5.
• Implementation of ether channel modes dynamically with PAgp, LAcp.
• Working Experience on web content filter and gateways like Websense, Bluecoat proxy manager and Reporter.
• Strong knowledge of TACACS+, RADIUS and AAA Authentication servers.
• Hands on experience in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN.
• Experience in configuring routing protocols and deployment of OSPF, EIGRP, BGP and policy based routing over routers from different vendors.
• Expertise in installing, configuring and troubleshooting Juniper Routers (J, M and MX-series), QFX-series Routers/Switches, EX Series Ethernet Switches.
• Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800).
• Actively worked on Switching tasks that includes VTP, ISL/ 802.1q, Ether Channel, Port Security, STP and RSTP.
• Strong hands on experience in installing, configuring and troubleshooting of Cisco 7600, 7200, 3900, 3600, 2900, 2600, 2500 and 1800 series routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Extensive knowledge innetworkdesigning, including Wide Area Networking (WAN), Local Area Networking (LAN), Multiple Protocol Labeling Switching (MPLS), DS3 with Physical Labelling and IP Addressing.
• Implemented redundancy Protocols such as HSRP and VRRP.
• Strong expert level of knowledge in OSI model, TCP/IP, UDP, IP addressing and Sub netting.
• Worked on INFLOBOX for Network Device Monitoring. Setting up Infoblox for local DNS and DHCP Configurations.
• Hands-on experience ofPythonscripting, automation usingPython, string parsing, libraries, API's, regexp and more.
• Extensive knowledge on Cisco IOS, JUNOS and PANOS.
• Hands on Experience in Linux administration and AWS basics.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.

TECHNICAL SKILLS

Networking Concepts: OSI Model, TCP/IP, UDP, IPV4, IPv6, Subnetting, VLSM

Routing Protocols: RIP, IGRP, EIGRP, OSPF, BGP, Static Routing, Route Filtering, Redistribution, Summarization

Gateway Load Balancing: HSRP, VRRP, GLBP

Infrastructure services: DNS, ICMP, SNMP, ARP, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP

Switch Technologies: VLANs, VTP, STP, RSTP,PVST+, DTP, MLPPP, IEEE 802.1q, MPLS, ISL and dot1q, SMTP, VLAN, Inter-VLAN Routing, Light weight access point

WAN Technologies: Frame Relay, PPP, HDLC, (E1/T1/E3T3)

Security: VPN, NAT/ PAT, access-lists, IPSEC, Juniper SRX, TACACS+, RADIUS

Firewall: Cisco PIX, ASA, Juniper Secure Access VPN Appliance, Checkpoint and Palo Alto

Network Management Tools: Wireshark, Net flow Analyzer, Cisco Works, Ethereal, SNMP, and HP open view, OPNET, Tufin, Websense, Blue coat proxy

Load Balancers: Cisco CSM, F5 Networks (Big-IP) LTM 8900

Operating Systems: Microsoft Windows Server 2003/2008/2012 , Windows XP/Vista/7/8, Linux

Other Technologies: VISIO, VMware, Mat Lab, GNS3, Microsoft Word, Excel, SQL

Scripting Languages: C,C++,unix, Linux, JAVA, JAVA servlets,JAVA script,VB scripting

PROFESSIONAL EXPERIENCE

Confidential, Santa Ana, CA

Network Security Engineer

Responsibilities:

• Palo Alto installation, configuration, administration, monitoring and implementing the policies in Palo Alto 3020 and 5250.
• Performed Application Dependency Mapping to migrate to application centric data center, mapping all hosts to application and track all inter dependencies.
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
• Deployed Palo Alto for web filtering and application control.
• Manage Palo Alto Firewalls using Panorama configuring Device Groups and Templates.
• Configured IpSec Vpn and performed updates/password recovery on Palo alto.
• Configured and monitored Firewall logging, DMZ's and related security policies.
• Implementing QoS on PE and CE as per BTs templates and upgrading bandwidth and QoS as per client requirement.Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Active participation in the migration of cisco ASA 5040 to Palo alto.
• Extensive Knowledge on the implementation of Cisco ASA 5500 series and checkpoint R 75 firewalls.
• Experience in Network Management Tools and sniffers like HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
• Configured SITE TO SITE VPN using 3DES, AES/AES-256 on Cisco ASA 5500 series firewall between Headquarters and Branch office.
• Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateway.
• Experience in configuring, deploying and deployment of Cisco Security Manager (CSM) for management of ASA Firewall series
• Implemented the policy rules and DMZ for multiple clients of the state on the Checkpoint firewall.
• Experience in analyzing security logs generated by IDS/IPS, firewalls, networkflow system, anti-virus and other securitylog sources.
• Syn Mitigation, DDoS attacks prevention, Adaptive system testing, ACL's, floods and layer 7 refection attacks .
• Excellently used Splunk to research and monitor incident management and incident resolution issues.
• Analyzed and monitored incident management and resolution issues exploitation Splunk.
• Create, Run, and DebugPythonscripts and apply that knowledge to handling common networking tasks.
• Written iRules using python scripting for managing and redirecting traffic.
• Established the monitor routes on Checkpoint Firewall that allows the F5 LTM to monitor the backend nodes or server.
• Working on the project of F5 LTM, GTM and ASM code upgrade project, doing couple of them every week.
• Automation of Tufin using python scripting.
• Extensive experience on Cisco 2500, 2600, 2800 series routers and 1900, 2900, 3560, 3750 series switches.
• Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for data center access architecture.
• Configuring templates on Cisco prime and deploying them seamlessly over the network and providing reports from Cisco prime.
• Integrate Microsoft active directory (LDAP) into checkpoint for identity awareness and user authentication.
• Configure and manage LDAP User management with Checkpoint Smart Directory.
• Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
• Configured Cisco Routers with EIGRP, OSPF, BGP, Static and default route.
• Configuring VLANs/routing/NATing with the firewalls as per the network design.
• DesigningF5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Installed and Configured the F5 BIG-IP LTM, configure virtual servers and associate them with pools for internal web servers.
• Configured VTP on Core and several access layer switches, implemented Layer2 Etherchannel between various switches and hosts.
• Used solarwinds for monitoring and troubleshooting network devices in different time zones.
• Worked with STP (PVST, RSTP) for switching loop prevention and VLANs for data and voice and also worked on Configuration of port security.
• Switching tasks include VTP, ISL/ 802.1q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, PortSecurity, STP and RSTP.
• Worked on INFLOBOX for Network Device Monitoring. Setting up Infoblox for local DNS and DHCP Configurations.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.
• Traced OSI layers and extracting the packet information at each layer. Worked on Wireshark, TCP/IP, and OSI Layers for packet tracking and Drafted & finalized progressreports, final report.
• Experience in migration of VLANS. Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trunking, deployed port security when possible for user ports
• Assisted in troubleshooting LAN connectivity and hardware issues in the network.
• Worked on remedy ticketing tool for handling different priority level tickets.

Confidential, Austin, TX

Network Security Engineer

Responsibilities:

• Worked with Juniper Net Screen 500/5200 and Juniper SRX 650/3600.
• Migrating from Checkpoint R77 Firewalls to Juniper Firewalls.
• Designed and configured OSPF, BGP on Juniper Routers and SRX Firewalls.
• Creating rules on the checkpoint firewall for a NAT to the VLAN IP and to allow the IPsec traffic.
• Configuration and integration of Cisco Wireless LAN Controllers WLC with ISE for performing Dot1x authentication to Wireless users.
• Installation and configuration of Checkpoint NG R55 & NGX R60.
• Used Jflow for working with feeds and flow feeds.Used Snort and sniffer trace for Monitoring and maintenance LAN/WAN.
• Worked on Cisco ISE in wired, wireless, VPN configurations using device profiling, posturing, PxGrid, ThreatGrid and SGT's.
• Hands on creating Url filter, security policies.
• Modification of internal infrastructure by adding switches for supporting server farms and adding servers to existing DMZ environments for supporting new and already existing application platforms.
• Worked on Big IP F5 Load Balance: setting up, surveillance and configuration of F5 load balancer (using LTM & GTM).
• Setup and maintained checkpoint security policies including NAT/VPN and secure remote access.
• Utilizing Tufin andSplunkfirewall analyzing tool to remediate idle firewall policies that leave thenetworkopen to unnecessary vulnerabilities.
• Experience with network security protocols such as IPSEC tunnels, GRE tunnels,NAT(PAT), ACLs and VPN.
• Managing URL Content Filtering on Websense Proxy.
• Adding exemption, editing policy groups on Websense Management Server.
• Adding/removing ARM bypass rules on Websense appliances.
• Participated in the installation, configuration, post installation, daily operational tasks and configuration and deployment of Cisco Nexus equipment 7010, 5596 and 2248.
• Researched, resolved and documentedSysloggenerated errors as escalated.
• Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
• Upgrading ofnetworkconnectivity occasionally between the branch office and the regional office through multiple link paths and routers running HSRP, EIGRP with unequal cost load balancing to build flexiblenetwork.
• Conversion of Branch WAN links from TDM circuits to MPLS and for converting encryption from IPsec to get VPN. Worked on DHCP for automatically assigning the reusable IP addresses for clients(DHCP).
• Implementation of ACLs and authentication (EIGRP, BGP) to ensure highreliabilityon thenetwork.
• Worked on Junos for configuration, manipulation and monitoring all Junipernetworkdevices.

Confidential

Network Engineer

Responsibilities:

• Experience on a mesh 6500 and 5500 series routers and switches to support the core trading system.
• Involvedin Upgrades and backups of Cisco router configuration files to a TFTP server.
• Implementing and maintaining backup schedules as per the company policy.
• Experience working with High performance data center switch like nexus 7000 series.
• Manage Cisco Routers and troubleshoot layer1, layer2 and layer3 technologies for customer escalations.
• Created engineering configuration, Security Standards, documenting processes andNetwork documentation using Microsoft Visio
• Implemented the concept of Route Redistribution between different routing protocols
• Switching related tasks included implementing VLANS, VTP, STP and configuring on Fast Ethernet.
• Planning and implementation ofSubnetting, VLSM in order to conserve IP address
• Monitored all Cisco equipment's using Cisco Works.
• Monitoring alerts & events in Cisco IPS.
• Monitoring network devices using HP Network Node Manager.
• Performed on-call support for installation and troubleshooting of the configuration issues.
• Researched, resolved and documentedSysloggenerated errors as escalated.
• Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP). Configured Access Lists (Standard, Extended, and Named) to allow users all over the company to access different applications while blocking others.
• Maintenance and troubleshooting of connectivity problems using PING, and traceroute.
• Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation
• Routing protocols OSPF, RIP & BGP

Confidential

Network Engineer

Responsibilities:

• Involved in the configuration & troubleshooting of routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and IP access filter policies
• Creating a priority list of what type of attacks to focus on vs. what can be accomplished and identifying timeline on how to accomplish all the functionality ASM can provide.
• Conducted testing (R&S) validations, reviewednetworkconfiguration, and made recommendations for core infrastructure design of the Nexus enterprise infrastructure.
• Cisco VLAN implementation (Created over 15 VLANS fornetworksegmentation).
• Configured HSRP to provide high availability.
• Agile Project management was implemented using JIRA and Clarity tool used for the Lifecycle Project Management
• Involved in the configuration & troubleshooting of routing protocols such as MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and IP access filter policies.
• Configured and connected to the MPLS the new L2 switches for thenetworkexpansion.
• Implemented monitoring system for multicast traffic in the IPTV backbone and the MPLSNetwork.
• Carried out Cisco/Juniper Metro-access and Pre-Aggregation Routers Testing, validation, selection & successful integration in IP/MPLS Mobile Backhaul greenfieldnetwork
• Work with the data center planning groups, assisting withnetworkcapacity and high availability requirements.
• Configured networkaccess servers and routers forAAASecurity (TACACS+).
• Managing and configuring of Wide Area Networking Protocols likeHDLC, PPP.
• Involved with the Systems team to Install, configure, & maintainAD, DNS, DHCPon Windows Server, and also configured aFTPserver.
• Troubleshooting ofTCP/IPproblems and connectivity issues in multi-protocol Ethernet environment.