SUMMARY

• 7+ years of experience in routing, switching, Network design, implementation and troubleshooting of complex network systems.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall, Juniper SRX and Palo Alto.
• Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
• Planning, Designing & implementing various solutions in distributed environment using Cisco PIX & ASA, and Cisco Routers.
• Experience with designing, deploying and troubleshooting LAN, WAN, Frame - Relay, and Ether-channel.
• Worked on F5 Local Traffic managers (LTM), Global traffic manager (GTM) of series 8900, 6400, 6800, 3400, 5100, 3600 and 3DNS migration to GTM.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in Implementing Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77.
• Knowledge of layer-2 network design and protocols including frame-relay, ATM, Ethernet, SONET, and Frame Relay.
• Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls.
• Worked on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505
• Hands on experience with the usage of diagnosis tools like QKVIEW, TCPDUMP, and WIRESHARK for analyzing the real time traffic flow of the packets.
• Worked on T1/E1/T3 technologies and different LAN & WAN technologies.
• Worked on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505
• Security experience in deploying VPN Solutions like IPSec (site-site and client-site) & SSL VPN implemented across multiple vendors
• Expert Level Knowledge about TCP/IP and OSI models.
• Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 3700 series, 6500 series)
• Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800)
• Knowledge on Nexus 7000, Nexus 5000 and Nexus 2000 switches
• Worked with F5 Load balancing, IDS/IPS, Bluecoat proxy servers and Administrating, authentication controls (Radius, TACAACS+).
• Troubleshoot the firewall issue through Log Management tools like QRadar, Solarwinds and RSA Envision.
• Proficient in configuration of routing protocols like RIP, IGRP, EIGRP, OSPF multiple areas and BGP.
• Network security including NAT/PAT, ACL, VPN concentrator.
• Excellent communication and interpersonal skills, interfaces effectively with upper management, subordinates, co-workers & peers.

TECHNICAL SKILLS

Hardware: Cisco Switches (2900, 2924, 2950, 3550, 5500, 6500, 6509, 6513), Cisco routers (2600, 2800, 3640, 3700, 3825, 7200, 7204, 7206), Cisco PIX 500 series, CSU s/DSU s, Catalyst 6500, 7600, 4500, Juniper M320 and T640 routers.

Firewalls and Sniffers: Cisco PIX, FWSM, ASA, Check Point, Juniper, OPNET, WIRESHARK

Protocols: RIP, RIP2, PPP, OSPF, EIGRP, IS-IS, BGP, SNMP, HTTP, FTP, TFTP, HTTP, DHCP, SMTP, ICMP

WAN Protocols and Technologies: HDLC, PPP, ATM, FRAME RELAY, IDSN, Metro Ethernet

LAN Technologies: Ethernet, TCP/IP, CDP, STP, RSTP, VTP, VLAN, Trunks, Ethernet channel, MPLS.

Redundancy Protocols: HSRP, VRRP, GLBP, RPR, RPR+, NSF-SSO.

Servers: Domain servers, DNS servers, WINS servers, Mail Servers, Proxy Servers, Print Servers, Application servers, FTP Servers

Operating Systems: Windows 2000/2003/2008 , windows XP/7, LINUX, Redhat, Kali, UNIX, Macintosh

AntiVirus & Internet Security: MacAfee, Symantec, SourceFire, FireEye

PROFESSIONAL EXPERIENCE:

Confidential, NJ

Sr Network Security Engineer

Responsibilities:

• Monitoring and Managing the Firewalls (Checkpoint Boxes, Nokia, Cisco ASA, Juniper), VPN Devices and Routers a total of over 1900 devices. Troubleshooting the Firewalls, VPN Devices and Routers. Adding rules to firewalls and routers.
• Managing URL Content Filtering on Websense Proxy.
• Adding exemption, editing policy groups on Websense Management Server.
• Adding/removing ARM bypass rules on Websense appliances.
• Providing incident response analysis and support.
• Researching, analyzing and understanding the syslog (LogLogic) reports from security and networking devices such as firewalls, routers, radius, TACACS and Kerberos servers.
• Troubleshooting IPSec, SSL VPN access issues.
• Adding/editing User groups and linked Host groups to the devices in which radius is enabled.
• Assisting in adding User permission to the third party vendors and other Engineers.
• Working along with the Security Incident Response Team in various cases like DDoS mitigation, phishing attempt, black holing IPs and other Security Related issues.
• Hands on experience installing, configuring & administering VMware platforms.
• Responsible for configure, test and implement network, firewall and security solution with appliances such as Cisco, Juniper net screen and Palo Alto Networks application firewalls.
• Experience developing and maintaining comprehensive system test plans.
• Experience in network performance testing
• Write test cases from a variety of documentation types; business requirements, system requirements & design documentation
• Investigating ArcSight SIEM events to determine any true intrusions. Investigate DDoS attacks, Fireeye, Sourcefire, malwares, web sense event that are prone to Comcast Network and NBCUniversal. Connectors are set for the entire IDS/IPS appliance to Arcsight.
• Work with developers to document data flows and troubleshoot connectivity issues.
• Work with developers to document data flows and troubleshoot connectivity issues.
• Implemented SNMP on Cisco routes to allow for network management
• Assigning RSA tokens to Users and troubleshooting whenever required.
• Applying NAT/PAT at the vendor and Comcast side setting up IPSec tunnel. Escalating issues and coordinating with Tier-2 and follow up as required.

Confidential, Phoenix, AZ

Sr. Network Security Engineer.

Responsibilities:

• Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
• Work on Big IP Load balancer LHA requests. Create Nodes, Virtual pool, Virtual server and sticky group etc. SNAT and NAT
• Firewall Policy administration and work with user requests submitted by users. Use HP Service Manager Ticketing System for change and incident management.
• Implemented and configured security policies in Checkpoint R75.40, R77 GAIA a
• Worked on various platforms of Checkpoint like - Nokia, Checkpoint (SPLAT)
• Manage checkpoint Firewalls split through multiple CMA's and administer using provider-1.
• Cisco ASA Firewall configuration and troubleshooting.
• Troubleshooting connectivity issues within the server zones of the Data center (between application servers, database and web servers) as well as user requests and user connectivity issues from various s branch locations, office locations and third party sites to data center.
• Actively use, smart view tracker, and Checkpoint CLI (to security gateways) for troubleshooting.
• Perform advanced troubleshooting using Packet tracer and tcpdump on firewalls.
• Built and support VRRP / Cluster based HA of Checkpoint firewalls.
• Firewall Policy Optimization using third party tool Tufin
• Perform Firewall OS upgrades using CLI, Splat and Voyager GUI.
• Backup and restore of checkpoint Firewall policies.
• Black listing and White listing of web URL on Blue Coat Proxy servers and web security gateway.
• Review Firewall rule conflicts, unused rules and mis-configurations and clean up.
• Checkpoint firewall policy administration and support between various zones.
• Modify and implement ACL changes on store routers and assist the user when there are any issues using Network Authority. Authentication to this is also done through TACACS.
• VPN User access management on check point firewalls. Use LDAP for identifying user groups
• Schedule and participate in weekly meetings with various teams involved in the project to discuss the bottlenecks if any and contribute to design a solution framework. Maintain Configuration, Documentation (Visio's) and Records Management.

Confidential, Atlanta, GA

Network Security Engineer/ Security analyst.

Responsibilities:

• Design, Build, and Implement various solutions on Check Point Firewalls, Blue Coat Proxies, F5 Load balancers and F5 Global Traffic Managers.
• Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
• Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
• Creating Wide IPs with various load balancing methods like, Global Availability, Topology and Round Robin.
• Deployed LTMs and GTMs in DMZ environments with FIPS solutions.
• Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign s. Also, renewing s to ensure the security of websites.
• Engaged in various migration projects like migrating V 9.x load balancers to V 10.x.
• Migrated Firewall infrastructure from Check Point R65 to Netscreen ISG2000.
• Implement the firewall rules using Netscreen manager (NSM).
• Push the firewall rules on various versions of Nokia boxes and cross beam from Provider -1 NGX CMAs.
• Gathering details from customers and providing best security infrastructure solutions with F5 load balancers, Check Point/Netscreen firewalls and Blue Coat proxies
• Created various B2B environments using Blue Coat proxies.
• Commissioning & de-commissioning with Cisco 7500, 7200, 6500 with SUP 720 module, 3550, 2950 switches for the Data Center migration & operations.
• Being part of L3 escalation team, receive the call from L2 team during the On call time.

Confidential, Atlanta, GA

Network and System Engineer

Responsibilities:

• Remediation of firewall rules from Cisco ASA to checkpoint firewalls and their implementation.
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.
• Applied ACLs for Internet access to the servers using Checkpoint firewall performed NAT.
• To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting Checkpoint firewalls, and related network security measures.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Checkpoint Firewalls.
• Implementation of Palo Alto firewalls (URL Filtering, IPS, DPI, VPN)
• Design, implementation and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
• Worked with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistency, redirection of the URL.
• Involved in the configuration and maintenance of IPSec Site-Site VPN.
• Gave support in giving access the User machines and partners exterior to the network using IPSec VPN tunneling and SSL.
• Responsible for simulating network operations with the usage of packet analyzer like Wire shark and use to resolve tickets whenever there is an issue.
• Analyze, plan, test, implement, and trouble shoot systems, wide area network and communications network systems.
• Worked with Network Engineer’s in the installation and configuration of firewalls.

Confidential

Network Security Engineer

Responsibilities:

• Responsible for the configuration, implementation and operation of Cisco 3745 routers, Cisco 6509 and 3560 L2/L3 switches.
• Configured RSTP, MST and used VTP with 802.1q trunk encapsulation. Provided port binding and port security wherever required. Provided router redundancy through HSRP.
• Configured ether channels using PAgP and LACP.
• Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
• Provided testing for network connectivity before and after install/upgrade
• Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external.
• Escalation procedures and customer notifications.
• Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
• Worked on HSRP and GLBP for first hop redundancy and load balancing.
• Configured the Cisco router as IP Firewall and for NAT.
• Prepare, update, and maintain technical and logistical network documentation.
• Responsible for the configuration, implementation and operation of Cisco 3745 routers, Cisco 6509 and 3560 L2/L3 switches.
• Checkpoint Firewall configuration and Maintenance Support of state network firewalls and end-user Virtual Private Network (VPN).
• Evaluate Agency requests for changes to firewall policy to determine technical feasibility and to determine where to deploy the policies in the state's firewall infrastructure.
• Configuration and Installation of Cisco firewalls PIX 501 and ASA 5520.
• HSRP Configuration implemented in Cisco 3560G.
• MPLS configuration in Cisco 3845 for L3 Circuits.
• Create end-user VPN account with appropriate access after appropriate approval has been issued.
• Gather information for specific technologies as to function and deployment configurations.
• Write technical documents describing implemented technologies and architecture.
• Provides consultation to business area management and staff at the highest technical level for all aspects of LAN/WAN design and configuration in multi-server environment.
• Experienced in DLP system, which is designed to detect potential data breach and prevent them by monitoring, detecting and blocking sensitive data while in endpoints, data storage.

Confidential

Network Engineer

Responsibilities:

• Checkpoint Firewall configuration and Maintenance Support of state network firewalls and end-user Virtual Private Network (VPN).
• Evaluate Agency requests for changes to firewall policy to determine technical feasibility and to determine where to deploy the policies in the state's firewall infrastructure.
• Configuration and Installation of Cisco firewalls PIX 501 and ASA 5520.
• Configuration and Installation of Cisco Routers 3845.
• Configuration and Installation of Cisco Switches 3560G and 2960G.
• VLANS, STP configuration in Cisco 2960G
• HSRP Configuration implemented in Cisco 3560G.
• MPLS configuration in Cisco 3845 for L3 Circuits.
• Create end-user VPN account with appropriate access after appropriate approval has been issued.
• Monitor traffic and access logs in order to troubleshoot network access issues.
• Cisco IOS Architecture for Cisco 3845 router, Cisco 3560 and ASA 5520.
• Gather information for specific technologies as to function and deployment configurations.
• Write technical documents describing implemented technologies and architecture.
• Provides consultation to business area management and staff at the highest technical level for all aspects of LAN/WAN design and configuration in multi-server environment.
• VPN Configuration between Site-to-Site and Site-to-Remote.
• Implemented firewall policy changes after the appropriate review and approval process has been completed.
• Monitoring Network infrastructure using Cisco Network Assistant.