SUMMARY

• Over 7+ years of experience in the design, implementation and support of LAN/WAN networks
• Experience in routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
• Planning, Designing & implementing various solutions in distributed environment using Checkpoint, Cisco PIX & ASA, and Cisco Routers.
• Working experience of firewalls Cisco PIX and Cisco ASA Appliance.
• Advanced knowledge in design, installation, configuration, maintenance and administration of CheckPoint Firewall R55 up to R77.20 version, VPN.
• Advanced knowledge in Design, Installation and configuration of CheckPoint Provider - 1 Environment.
• Implemented Checkpoint Clusters with Nokia IPSO and GAIA OS using VRRP,CLUSTERXL.
• Experience in Implementing Cisco Secure Access Control Server (ACS 3.0 & 4.0) for TACACS+/ RADIUS
• Experience in implementing and designing new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X
• Experience in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols
• Advanced knowledge in configuration and installation of IOS security features and IPS.
• Experience in configuring and implementing F5 Load balancing, proxy servers and Authorization, Authentication & Accounting (Radius, TACACS+).
• Working experience on upgrading Hotfixes on F5 LTM and GTM boxes from TMOS version 10.x to 11.x
• Design and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls.
• Configuring RIP, OSPF and Static routing on JuniperM and MX series Routers.
• Working knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls.
• Worked on the JunOS 11.x and 12.x versions.
• Advanced knowledge in design, installation and configuration of Juniper Netscreen Firewall ISG 1000/2000, SSG series and NSM Administration.
• Expert in implementing TCP/IP addressing scheme, LAN/WAN Protocols and IP Services to meet network requirements in Enterprise and Data Center Network.
• Experience in Network Management Tools and sniffers like SNMP, HP-Open view, Wireshark and Cisco works to support 24 x 7 Network Operation Center.
• Experience in physical cabling, IP addressing and subnetting with VLSM, configuring and supporting TCP/IP, DNS, installing and configuring proxies.
• In-depth knowledge and hands-on experience on IP Addressing, Sub netting, VLSM and ARP, reverse & proxy ARP and Ping Concepts.
• Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, & 2800 and switches 6500, 4500, 3750, 2900 and 3500XL series.
• Expert in Configuring, implementing and troubleshooting the Routing Protocols OSPF, EIGRP, RIP, BGP and switched L2 networks VLANs, Trunking, VTP, STP, PVST, RSTP, HSRP, VRRP, and Port Security.
• Excellent experience in Design, Configuration, Troubleshooting and Support of Security environment with VPN, Firewalls, NAT, Proxy, IPSec, DMZ Solution, IPSEC, Public Key Interchange (PKI) & SSL.
• Spanning-Tree Protocol and VTP tuning, design and upgrades for large and small customers.
• Upgrading the Firewall Versions to the Latest versions / IOS & applying Hot-fixes.
• Patching the firewalls to prevent from the upcoming security threats.
• Good knowledge of CISCO NEXUS data center infrastructure with 5000 and 7000 series switches includes (5548, 7010) including CISCO NEXUS Fabric Extender.
• Managing and monitoring Access lists and monitoring firewall.
• Knowledge of Secure Platform (SPLAT), Raid and SNMP
• Network Monitoring and management tools like Solar winds, Cisco Network Assistant, HP open view and Nagios.
• High level skill on developing IT strategies, policies and procedures consistent as per businesses requirements.
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools.
• Experience in Change Management Process, Communication, Escalations. Working with Problem Management team on trouble tickets escalated from Incident Management.

TECHNICAL SKILLS

Protocols: RIP, RIP V2, EIGRP, OSPF, IS-IS, IGRP, HSRP, VRRP, GLBP, LACP, PAGP, DNS, SMTP, SNMP, FTP, TFTP, LPD/TDP, WLAN, 802.11/802.11 e, WEP, POP3 LADP,TNS.

LAN Technologies: Workgroup, Domain, HSRP, DHCP, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Technologies: Leased Line, Frame Relay, ISDN, PPP, HDLC, ATM, SONET, Metro Ethernet.

Network Products: CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Router 3600, 3800, 7200, 12010. CISCO Switches 1900, 2950, 2960. CISCO Campus Switches 3550XL, 4984 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507.

Security & VPN: PIX 500 Firewall, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, Fortigate, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Check point, sonicwall, RSA SecureID, SRX,SSG series firewalls.

Authentication: RADIUS, TACACS+, Digital certificates

Monitoring Tools: Wireshark, Nmap, Nessus, OpManager, PRTG Packet Sniffer

Servers: Domain servers, DNS servers, WINS servers, Mail servers, Proxy Servers, Print Servers, Application servers, FTP servers, Avocent Console server.

Operating Systems: Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 server, Windows XP/7, LINUX, Solaris, Red Hat, Active Directory, UNIX,junos.

Scripting Language: HTML, Java Script, CSS

PROFESSIONAL EXPERIENCE

Confidential, Indianapolis, IN

Sr. Network Security Engineer

Responsibilities:

• Design and implement campus switch network with Cisco Layer 3 switches (3750, 4500, 6500 & Nexus 7000, 5000, 2000 series) in multi VLANs environment and inter-VLAN routing, HSRP, 802.1q trunk, ether channel
• Design, Build, and Implement various solutions on Check Point Firewalls, Cisco ASA
• Design, Implement & troubleshooting of Juniper switches, routers and Firewalls
• Design, and configuring of OSPF, BGP on Juniper Routers and SRX Firewalls
• Worked with Checkpoint FW1 NG, PIX, and Netscreen firewalls.
• Upgrade checkpoint from old platforms to new platforms R62 to R75.45
• Worked on migrating to R75.20 on IP560 Nokia boxes.
• Worked on various platforms of Checkpoint - Nokia, Checkpoint (SPLAT).
• Fully versed in the syntax of security platforms, and day to day rule verification
• Continuous monitoring of CPU utilization, link utilization, connection table utilization.
• Remediation of firewall rules from checkpoint firewalls to Cisco ASA firewalls and their implementation.
• Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation.
• Technical engineering activities include, but are not limited to, the design, installation, configuration of various LAN/WAN devices such as routers, ASA firewalls, and security devices.
• Worked on ASA 5500-x platform configuring the web, ssl, anyconnect VPN’s.
• Configuring failover and working on ssl-vpn when in active/standby failover on ASA.
• Worked on the Cisco devices 6509, 6513, 7200, 2811, 5500 and worked on all linecards and port configuration for the VLAN
• Push the firewall rules on various versions of Nokia boxes and cross beam from Provider -1 NGX CMAs.
• Responsible for managing the TFTP logs for the VPN and firewall services and troubleshoot the VPN tunnel issues like SA, RSA, ISAKMP encryption and cleared/refresh VPN tunnel issues.
• Commissioning & de-commissioning with Cisco 7500, 7200, 6500 with SUP 720 module, 3550, 2950 switches for the Data Center migration & operations.
• Performed switching technology administration including VLANs, inter-VLAN routing,Trunking, STP, RSTP, port aggregation & link negotiation.
• Configuration of Access List ACL (Std, Ext, Named) to allow users all over the company to access different applications and blocking others.
• Working on Cisco 6509 and 4507 series switches for LAN requirements that include managing VLANs, Port Security and troubleshooting LAN issues.
• Worked on Nexus 7009. Creating Vlans and Vlan Interfaces.
• Created access-lists and access-groups for Vlan Interfaces on nexus 7009.
• Configuration of VPC, VDC, inter-VLAN Routing, AAA Security on Nexus 7000.
• Used Cisco-Works/solar winds for the tracing of IP address, mac-addresss, ports, servers attached to the various switches.

Confidential, NYC, NY

Network Security Engineer

Responsibilities:

• Worked with Checkpoint FW1 NG, ASA, and Netscreen firewalls.
• Configuration and Installation of Firewall Service Module in 6500 switches.
• Managing and implementation of PORs (port open requests) based on the requirements of various departments and business lines.
• Work with SDC security team to resolve technical problems.
• Worked on Solsoft Policy Server for shared services to push the rules.
• Handled deployment and management Checkpoint GAIA, R75, R71, R65 and Cisco ASA 5500 series.
• Designing, installing and configuring Checkpoint firewalls - NGX R65 in active/active mode.
• Installing and configuring TACACS/RADIUS
• Creating IPSEC, GRE tunnels, Frame-relay in Cisco routers.
• Installing & configuring firewalls - Checkpoint NG & NGX, Cisco ASA, Netscreen, ISA, and iptables.
• Rule base verification and migration on Checkpoint firewalls.
• Implement the firewall rules using Netscreen manager (NSM).
• Worked on ASA routed mode and transparent mode
• Worked on Configuration and troubleshooting of VLANs, STP, VTP, UDLD, Trunking, DNS, DHCP, Ether Channels, Access Lists, NAT, PAT, MPLS and static routing.
• Worked on configuring and troubleshooting Nodes, Pools, Profiles, Virtual Servers, SSL Certificates, iRules, and SNATs on the F5 Big IPs using the Web GUI and CLI.
• Configuring and troubleshooting Access-lists, Service Policies, and NAT rules.
• Measure the application performances across the MPLS cloud through various routing and switching methods.
• Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
• Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign certificates. Also, renewing certificates to ensure the security of websites.
• Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
• Engaged in various migration projects like migrating V 10.x load balancers to V 11.x.
• Configured VLANs with 802.1q tagging. Configured Trunk groups, ether channels, and Spanning tree creating Access/distribution and core layer switching architecture.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers and Support Cisco Nexus (7000, 5000, 2000 series) Switches.
• Commissioning & de-commissioning with Cisco 7500, 7200, 6500switches for the Data Centre migration & operations.
• Wrote and maintained corporate virus, firewall, and security policies for multi-site company network connected via VPN running Checkpoint firewall 1 NG.
• Creating Network uptime report and sending to the management as per weekly schedule.

Confidential, NYC, NY

Network Security Engineer

Responsibilities:

• Migrated Firewall infrastructure from Check Point R65 to Netscreen ISG2000.
• Configured Policies In Juniper Netscreen 500/SRX 650 to allow customer traffic
• Configured and implemented MPLS, MP-BGP and Multicasting networks.
• Configured Routing protocols EIGRP, static routes and LAN Protocols VLANs, VTP, STP, VRRP, HSRP.
• Configuring and troubleshooting Juniper Netscreen Firewalls using NSM.
• Lab Implementation of multiple security contexts in ASA firewalls and Checkpoints configures redundancy (Active-Active failover and active-standby failover) among them.
• Configuring IPSEC VPN on SRX series firewalls. Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210.
• Configured STP for switching loop prevention, and VLANs for data and voice along with configuring port security for users connecting to the switches.
• Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card(module) for the Nexus 5000
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place.
• Managed PIX/ASA andFWSM3.X using both Cisco Adaptive Security Device Manager (ASDM), Cisco Security Manager (CSM) and CLI.
• Network Operations and support by providing Tier-2 and Tier-3 support to WAN and LAN related issues including HSRP, VLANs, VTP, STP, RSTP, TRUNKING, SPAN and RSPAN, EIGRP, RIP, OSPF, BGP.
• Configure and support NATs, access-lists, and routing on Cisco routers (1700, 2600, 2800, 7200 series), Cisco Nexus (7000, 5000, 2000 series) Switches, Cisco Catalyst (2960, 3560, 3750 and 6500 series) Switches, Cisco ASA/PIX firewalls.
• Setup, configuration, troubleshooting and testing of IPSEC site-to-site VPNs and SSL VPN on Cisco ASAs, and Checkpoint
• Stacked, configured 2960 series switches and connected with Nexus 7000 series switches creating Vpc, spanning tree, Trunk and redundancy for failover.
• Design, configured and implemented centralized Syslog server on both production and corporate network and enable SNMP traps for monitoring traffic and check the health of servers and network devices.
• Supported core network consisting of Cisco 7200 series routers running multi area OSPF. Implemented stub/Totally stub areas as per requirements.
• Configured Access lists on the boundaries of the network either inbound or outbound and providing network support consisting of VPN and point-to point site.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades, patches, fixes and all around technical support.
• Performed Structured Cabling, Dressing and Labeling.
• Develop, plan and maintain documentation necessary for operation in support of LAN to WAN connectivity.

Confidential, Jersey city, NJ

Network Engineer

Responsibilities:

• Filtration (using distribute list, route map, prefix list, access list).
• Implementation of HSRP, DHCP, DNS, FTP, TFTP, MRTG
• Trouble shooting LAN issues, and performing changes on Switches, Routers and Netscreen firewalls.
• Manage the Netscreen SSG550 and ISG1000 and 2000 firewalls with the NSM.
• Design the firewalls changes using various NAT types in Netscreen firewalls like, MIP, VIP etc.
• Setup the IPSec VPNs with the third party clients to allow the the access to data feeds in the network.
• Debug the IPSec VPN tunnel issues and identify the potential problem and fix them.
• Configured L3 protocols (IP, BGP, OSPF, EIGRP, IGRP, RIP, ISIS), redistribution, summarization
• Co-Ordinate with the vendors/carriers for any WAN related issues.
• Monitoring and keeping track of the Network traffic analysis through the routers using MRTG.
• Traffic prioritization and shaping done with BGP attributes (Local preference and MED).
• Implemented HSRP between Core switches and backbone router.
• Monitoring and keeping track of the Network traffic analysis through the routers using MRTG.
• Maintained good Customer Relation Skills & Troubleshooting skills in a production based environment.
• Involved in group & individual presentations to corporate clients about the company’s internet based products like leased lines and modular routers.
• Documenting and Log analyzing the Cisco ASA 5500 series firewall
• Provided testing for network connectivity before and after install/upgrade
• Switching related tasks included implementing VLANS and configuring trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external.
• Understand the network architecture thoroughly and suggest the possible design changes in the network.
• Implement the critical changes over the weekend to mitigate the high risk.
• Participate in the peer review calls to review the changes of the other engineers.
• Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification and administration.
• Dealt with applying crypto maps and security keys for the branches, ISAKMP(Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys to branches in internet cloud environment.
• Using CA(Certificate authority server) developed RSA keys for secured communication with encryption algorithm (DES) and authentication method (RSA)
• Configuring F5 load balancers to provide various load balancing solutions for various web and applications and Apps.
• Configuring Netscreen 204 providing additional security to the inside interface of Cisco ASA for the Transport database servers.
• Configuring a one-to-one Static NAT for F5 load balancer in ASA.
• Opening specific ports for LDAP and database access.

Confidential

Network Engineer

Responsibilities:

• Installation and configuration of Cisco Routers (7513, 7200, 3600.3400, 2600, 1700, 800).
• Installation and configuration of Cisco Switches (6500, 4500, 3700, 3500, 2900).
• Creating VLANS and Inter-VLAN routing with Multi Layer Switching (MLS).
• Installation and configuration of Pix firewall (515 E, 525 Series).
• Configured of Site-to-Site and Site-to-Remote (Using Cisco routers to Cisco routers, Pix Firewall to Pix Firewall, Cisco router to Pix firewall, Pix firewall to Wild card client and Cisco router to Wild card client.
• Cisco IOS and Cat OS up gradation and backups TFTP and FTP protocols.
• Designed and Implemented Enterprise Networks for various clients.
• Monitoring Network infrastructure using SNMP tool Solar winds.
• Network Packet Analyzer tools using Ethereal.
• Window systems configuration and maintenance.
• Systems protection with Anti-virus software’s and Personal Firewalls (McAfee, Norton, Trend Micro, Sygate, etc.,).
• Preparing the technical documentation (Equipment Selection, design, configurations and production check-outs) using Microsoft VISIO/Microsoft Office.
• Implementing and change management whenever necessary as per the company policies.
• Co-ordinating with vendors in ordering new products.
• Leading the team of 6 tech support engineers on job.

Confidential

Network Associate

Responsibilities:

• Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
• Worked on HSRP for hop redundancy and load balancing.
• Configured the Cisco router as IP Firewall and for NATing Configured RSTP, MST and used VTP with 802.1q trunk encapsulation.
• Provided port binding, port security and router redundancy through HSRP.
• Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
• Provided testing for network connectivity before and after install/upgrade
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
• Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external.