SUMMARY

• Around 8+ years of experience in the Networking Domain with extensive emphasis on Network Security Deployment, Configuration, Troubleshooting and migration.
• Expert Knowledge in industry standard TCP/IP and OSI model.
• Implemented industry standard Routing Protocols like EIGRP, OSPF, BGP, Static, Default Routing.
• Proficient knowledge in implementation of Next Generation Encryption (NGE) & Legacy Algorithms such as 3DES, SHA - 256, SHA-512, HMAC-MD5, HMAC-SHA-256, ECDH/ECDSA-384.
• Thorough knowledge in the working and configuration of IPsec, SSL/TLS, VPN V4, VPN tunneling.
• Familiarity with Internet and its working (DNS, Forward and Reverse Proxy, Security, IP routing, TCP, UDP, SSDP, HTTP, HTTPS, VPN, SMTP, POP).
• Thorough understanding of DDOS attack, Kill chain process and countermeasure techniques like DDOS mitigation.
• Maintenance of Multi-site network operations and software applications, operating systems and maintenance of Public and Private Endpoints.
• Worked with Cisco ISE (Identity Service Engine) for wireless appliances.
• Supervising the administration of systems and servers relatednetworkto ensure availability of services to authorized users via ACL.
• Detailed and extensive knowledge in NAT, PAT and configuration.
• Worked on network authentication services like AAA, TACACS+, and RADIUS.
• Experience in Next-gen firewall Palo Alto PA-500,3000, 5000, 7000 series.
• Detailed knowledge of Palo Alto PAN-OS and experience in feature like Panorama, Wildfire, URL filtering, Zone creation, Intrusion Detection System (IDS), DNS sinkhole, Zero-day attack protection, Advanced Endpoint protection and SaaS Security.
• Experience with web application firewalls (WAF) and strong knowledge of web application security, web-related protocols (HTTP, HTTP/2, SSL, WebSockets, etc.)
• Designed and configured Cisco NX-OS device like Nexus 5000, 7000 series.
• Expertise in multiple firewalls Administration, Policy & Rule based Analysis and Modification, Network & Information security practices.
• Excellence in stateful inspection, Global Rule Base, Address Spoofing in Palo Alto, Check Point Firewall specifically in SPLAT, VPN technologies.
• Maintenance of Bluecoat proxy manager.
• Hands on experience in designing and deploying various network security, High Availability products like Cisco ASA Firepower, Palo Alto firewalls.
• Experienced in network troubleshootingand ticket resolving.
• Familiar with RAM, ROM, NVRAM, Flash memory working in the Core Switches & Servers.

PROFESSIONAL EXPERIENCE

Cyber Security Engineer

Confidential, Illinois

Responsibilities:

• Work with various risk and information security teams in presenting recommendations for improvement to technology subject matter experts and management.
• Deployed, implemented and managed Web Application Firewall to block intrusion attempts before they interact with back-end web application.
• Onboarding new websites onto WAF.
• Imperva DAM (Database Activity Monitoring) - Performed daily operational real-time monitoring, analysis and resolution of database related (MSSQL, Oracle) security events.
• Created and implemented the complete Real-time Monitoring and Incident Response processes as to how to handle Alerts.
• Created a tuning process for the team to document any policy changes/exceptions to be made on the Imperva WAF Dashboard.
• Imperva WAF (Web Application Firewall) - Work in conjunction with vulnerability management team to take dynamic scans they produce to upload to the Imperva WAF for immediate protection from web application attacks.
• Analyze and Review the SecureSphere console daily and deal with the identified application events review and tune the Web application firewall rules for each of the applications being protected.

Network Security Engineer

Confidential, New Jersey

Responsibilities:

• Deployed, implemented and managed Web Application Firewall to block intrusion attempts before they interact with back-end web application.
• Onboarding new websites onto WAF.
• Imperva DAM (Database Activity Monitoring) - Performed daily operational real-time monitoring, analysis and resolution of database related (MSSQL, Oracle) security events.
• Created and implemented the complete Real-time Monitoring and Incident Response processes as to how to handle Alerts.
• Created a tuning process for the team to document any policy changes/exceptions to be made on the Imperva WAF Dashboard.
• Imperva WAF (Web Application Firewall) - Work in conjunction with vulnerability management team to take dynamic scans they produce to upload to the Imperva WAF for immediate protection from web application attacks.
• Analyze and Review the SecureSphere console daily and deal with the identified application events review and tune the Web application firewall rules for each of the applications being protected.

Network Security Engineer

Confidential, Fremont, CA

Responsibilities:

• Involving in critical customer escalations and identifying necessary steps for effective case resolution.
• Handling high priority cases (P1/P2) created by Critical, Premium partners & customers in Confidential .
• Creating Application specific rules set for the traffic with custom security profiling and User-ID enforcement.
• Centralized Management and log collection of PAN Firewalls using Panorama-VM appliance.
• Performing semiannual firewall ruleset review and auditing.
• Investigating and performing sandbox analysis for APT and new zero-day threats.
• Migrating the service-based rules to Application specific policies on the PAN firewall.
• Creating SNAT, DNAT, App override, Captive portal policies & configuration on the PAN firewalls.
• Enforcing better security posture by leveraging Security profiles like vulnerability protection, Anti-virus, Anti-Spyware, URL filtering, Wildfire-analysis.
• Working on Next-gen firewall Palo Alto PA-500,3000, 5000, 7000 series.
• Upgradation of Firewalls from PAN OS 7.1.25 to 8.1.9 and from 8.1.9 to 8.1.18.
• Upgrade and patch management of Firewalls like Palo-alto.
• Troubleshooting issues related to PAN firewall, Panorama appliance and tune the firewall policies to prevent attacks.
• Clean up of unused and shadowing rules at multiple branch and Colo sites.
• Implemented Zone-based policies and implemented Zone-protection and DoS - Protection.
• Integrating the Palo Alto firewalls with Wildfire cloud inspection engine to protect against zero-day, APT and Malware threats.
• Configure IPSEC and SSL VPN with Pulse Secure, Palo-alto.
• Providing constant Network & Threat activity reports for Internet Gateway Palo Alto firewalls.
• Configuring Custom URL categories, custom Applications and services for different use cases.
• Using packet-capture (PCAP) to analyze network packet traces and troubleshoot using Wireshark.
• Analyze endpoint application data in real time to identify potential threats, rogue systems, vulnerabilities, unauthorized devices and/or system changes, and data loss prevention. Report cyber incidents to SOC incident responders.
• Work on SolarWinds Monitoring tool to get clear picture over traffic logs while troubleshooting.
• Prepared method of procedures as a detailed template-based plan including implementation, testing and back out procedures for all network implementations, upgrades, and modifications, based on the changes requested.
• Preparing Migration procedures, assisting with deployment and troubleshooting issues during migration call.
• Raise & Implement Break fix Changes that come from ServiceNow incidents.
• Reviewing changes before they are implemented to avoid any change related issues/ outages and. Make sure that change designs conform to LAM change management guidelines and specified standards by engineering.
• Deploying Cisco - ISE in wired environment to perform Dot1x port-based authentication configure the Posture polices perform Change of Authorization CoA for users connecting to the corporate network.
• Configuring Cisco Catalyst Switches for Dot1x support testing the IOS compatibility with Cisco - ISE

Network Security Engineer

Confidential, San Francisco, CA

Responsibilities:

• Responsible for the bring up of the PA-5220 for Palo Alto for new Data Center site and management of the policies.
• Creating Application specific rules set for the traffic with custom security profiling and User-ID enforcement.
• Centralized Management and log collection of PAN Firewalls using Panorama-VM appliance.
• Performing semiannual firewall ruleset review and auditing.
• Investigating and performing sandbox analysis for APT and new zero-day threats.
• Migrating the service-based rules to Application specific policies on the PAN firewall.
• Creating SNAT, DNAT, App override, Captive portal policies & configuration on the PAN firewalls.
• Enforcing better security posture by leveraging Security profiles like vulnerability protection, Anti-virus, Anti-Spyware, URL filtering, Wildfire-analysis.
• Upgradation of Firewalls from PAN OS 7.0.16 to 8.0.14.
• Troubleshooting issues related to PAN firewall, Panorama appliance and tune the firewall policies to prevent attacks.
• Clean up of unused and shadowing rules at multiple branch and Colo sites.
• Worked on configuring security profiles such as Anti-virus, Anti-Spyware, Vulnerability, File blocking feature for security tightening.
• Implemented Zone-based policies and implemented Zone-protection and DoS - Protection.
• Integrating the Palo Alto firewalls with Wildfire cloud inspection engine to protect against zero-day, APT and Malware threats.
• Providing constant Network & Threat activity reports for Internet Gateway Palo Alto firewalls.
• Configured Custom URL categories, custom Applications and services for different use cases.
• Used packet-capture (PCAP) to analyst network packet traces and ACC Monitor for more troubleshooting using Wireshark.
• Configured Custom reports for scheduled emails as per the requirement to be reviewed by ther teams.
• Worked on Software upgrades and Content updates.
• Troubleshooting issues over firewall traffic using traffic logs, threat logs, and system logs.
• Whitelisting of SaaS applications according to compliance requirement on Palo Alto firewalls.
• Worked on Splunk Monitoring tool to get clear picture over traffic logs while troubleshooting.
• Endpoint Management & Protection via Cisco AMP & Symantec Endpoint protection tools.
• Management of Barracuda Cloud Control for email protection & security.
• Design and implementation of Twenty F5 ASM to replace Imperva WAF.
• Analyzing and developing policies and solutions to support Imperva WAF security on an enterprise scale.
• Configured and moved all the web application websites behind WAF to safeguard against malware and restrict the access of application from embargoed countries.

Network Infrastructure Engineer

Confidential, MO

Responsibilities:

• Segmentation of existing Data center with multiple zones for East-West Traffic visibility by deploying Palo Alto-5260 series firewalls.
• Creating Application specific rules set for the traffic with custom security profiling and User-ID enforcement.
• Performing SSL decryption of traffic at both Internet Gateway and Data Center PAN firewalls.
• Worked with Palo Alto Mine Meld services to create External Dynamic List feed for Office-365, AWS, and Azure use-cases.
• Experience working with Palo Alto’s centralized management server-Panorama appliance for logging sessions, creating reports and managing multiple firewalls simultaneously.
• Providing log redundancy between the Panorama Confidential -100 series appliances running in Panorama mode.
• Provided assistance and support for the AWS, PaaS infrastructure.
• Responsible for the deployment and management of Palo Alto VM series firewalls in the AWS Cloud for segregating the traffic within the cloud premise.
• Providing support and maintenance for VPC, ELBs, EC2 instances in AWS cloud and security tightening.
• Created new zones for segmenting the DMZ and enforcing strict security profiles to reduce the threat landscape.
• Firewall deployment, rules migrations, firewall administration and migrating existing rule onto Palo Alto Firewalls.
• Firewall policy optimization using Tufin to ensure policy auditing across many dependent firewalls.
• Scheduling application, content, threat, and wildfire updates via Panorama.
• Monitoring the traffic and creating alerts by leveraging Zenoss, Splunk and Panorama Logs.
• Analyzed and developed policies and solutions to support Imperva WAF security to move most of the websites behind WAF to restrict embargo countries to access the web-based applications.
• Enabled https traffic on WAF to allow secured connection.

Network Security Engineer

Confidential, Buffalo, NY

Responsibilities:

• Deployed Inline inspection architecture using Palo Alto Firewall PA-7050, 5060, 3060 series to protect data center.
• Responsible for security profile groups, security policies implementation on Palo Alto VM 300 & 500 series firewalls that secure the cloud environment.
• Centralized management of all Palo Alto Devices and appliances using Palo Alto Panorama Confidential -100 server.
• Implemented stateful inspection on network traffic by creating zone and policy-based rules to mitigate the malicious attacks and threats on network.
• Assisted in the migration of firewall rules set from Legacy Cisco ASA to Palo Alto Firewalls using Palo Alto Migration tool.
• Integrated Splunk with Palo Alto firewalls for monitoring Firewall logs and activities.
• Configuring and maintaining Site-to-Site VPN's, DMZ's, Remote access VPN's, ACL's, Security Zones and TLS/SSL Certificates.
• Troubleshooting network related issues like remote site connectivity, unplanned Datacenter Network Outages due to tests generating heavy traffic, asynchronous routing etc.
• Granting management accesses and setting up user profiles for external VPN clients.
• Provided threat protection with Palo Alto IPS/IDS solutions of Firewalls & open source tools like Snort.
• Creation and maintaining users in the Firewall both via certified base authentication for Remote users and for local users as well.
• Involved in Intrusion Detection, DMZ and encryption, Proxy services, Site to Site IPsec VPN tunnels.
• Configuring Security policies including NAT, PAT, Route-maps, prefix lists and Access Control Lists.

Network Engineer

Confidential

Responsibilities:

• Configuring and implementing of Composite Network infrastructure using Cisco Routers 7600, 7200, 3800 series and Cisco 3500, 5000, 6500 Switches series.
• Configured RIP, OSPF, BGP (IBGP and EBGP) routing protocols in topology and updates using route-map, Administrative Distance (AD) and distribute list for on-demand services.
• Configured OSPF redistribution and authentication with type 3 LSA filtering and to prevent LSA flooding.
• Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tweaking AS-path.
• Implemented Hot Standby Router Protocol (HSRP) in gateway router by tuning parameters like preemption.
• Worked on some Cisco, 4500, 7200 series routers and Juniper routers MX 104, 240, 480 series.
• Implemented various OSPF scenarios on networks consisting of Cisco 7600 routers.
• Configured policy-based routing for BGP for complex network systems.
• Tuned BGP internal and external peers with manipulation of attributes such as metric, origin and local Preference.
• Worked on SFTP, HTTPS, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
• Responsible for day to day management of Cisco Devices, IOS, Traffic management and monitoring.
• Assistance in configuring Juniper 4350, 6350, 2320 routers as well as EX 2200, 4200, 6200 and 8200 switches.
• Responsible for Manual testing, reporting defects and working closely with development in narrowing down issues.
• Responsible to run different kind of Network test. This includes MPLS, BGP, SNMP, andFirewall. Also, worked with testing with traffic generator.
• Site to site VPNs configuration using 3DES, AES/AES-256 encryption.
• Network security including NAT/PAT, ACL, ACA & Palo Alto firewalls.
• Securityauditing of perimeter/ Edge routers, identifying missing ACL's, writing and applying ACL's.

Network Engineer

Confidential

Responsibilities:

• Upgrading the IOS on 1900, 2900, 3500 series Cisco Catalyst switches and 2500, 2600, 3600 series Cisco routers.
• Performing network troubleshooting provided technical support, and router password recovery operations.
• Configuring standard and Extended Access Control list (ACL) and ASA Firewalls.
• Testing various BGP attribute like AS path, Local preference, MED, Weight and replicated customer issues in testing environment lab.
• Performed Ether channel, Inter-VLAN routing, 802.1Q trunk encapsulation on L3 switches.
• Implementing redundancy with HSRP, Ether channel technology (LACP, PAGP) etc.
• Configuring Cisco Catalyst 2900, 2960, 3560, 3750, 4500, 4900, 6500 series.
• Performing network deployment & troubleshooting tasks such as creation and management of VLANs, Port security, Trucking, STP, RPVST+, Inter-VLAN routing and LAN security.
• Working with Cisco catalysts switches that include 3750, 4500 and 6500 in multi VLAN environment for the organization.
• Implemented Routing protocols like EIGRP, OSPF in the L3 switches.
• Implemented redundancy protocols like HSRP, VRRP and GLBP in the default gateway router to avoid no single point failure.
• Vigilance of the network by using packet monitoring tools like SolarWinds, Wireshark.
• Maintenance and configuration of proxy servers for forward and reverse proxy for web.
• Technical and Supervising assistance for L3 and L2 switches for the Inter & Intra network.
• Access Switch configuration and controlling for local users and remote users accessing using SSH.
• Providing 24/7 support for ticket resolving related to Core switches and Access switches.
• Upgrading Cisco IOS, Juno OS in Cisco and Juniper device periodically with stable versions.
• Module’s installation and testing multiple configurations in lab for performance and traffic optimization.