SUMMARY

• 7.3 years of experience in Routing, Switching and Firewall Security, including hands - on experience in providing network support, installation and analysis for a broad range of LAN / WAN/MAN communication systems.
• Experience in working with IPSEC Site to Site, Remote VPN using different encryption methods.
• Configured and managed Nexus 2k fabric extender, 5K and 7K switch network at the client’s location.
• Experienced working on network monitoring and analysis tools like, SOLAR WINDS, CISCO works and RIVERBED and Wireshark.
• Experienced in Troubleshooting for connectivity and hardware problems on Cisco Networks.
• Extensive knowledge in implementing and configuring F5 Big-IP LTM-3900, and 6900 Load balancers.
• Experience working on network topologies and configurations, TCP/IP, UDP, Frame Relay, Token ring, ATM, bridges, routers, hubs and Switches.
• Performed security operations on ASA firewalls.
• Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA-5050 and the PA-5260)
• Experience in working on FortiGate Firewalls.
• Performed deep packet analysis to troubleshoot application issues using tools like Wire-shark.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Experience in L2/L3 protocols like VLANS, STP, VTP, MPLS and Trunking protocols.
• Well Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP, and SNMP. Configured RIP, EIGRP, OSPF.
• Navigated through Algosec and Palo Alto, Checkpoint to find risky ports and unused firewall rules to help with firewall audit.
• Configuration, troubleshooting and upgrading PAN OS on Palo Alto-5000 series firewalls.
• Experience in installing and configuring DNS, DHCP server.
• Configuration NAT, Static route and Firewall rules on Fortinet and Checkpoint firewalls.
• Configuration, troubleshooting and upgrading fire ware on FortiGate firewalls, Forti Manager 1000D and Forti Analyzer 1000D.
• Experienced with various dynamic and static network protocols RIP, OSPF, EIGRP, HSRP, VRRP, BGP, VLAN, Spanning Tree, Frame-relay, MPLS, and IPsec VPN.
• Worked in OSI model, TCP/IP, UDP, IP addressing and Sub netting.
• Responsible for service request tickets generated by the helpdesk in all phase such as troubleshooting, maintenance, upgrades, patches and fixes with all around technical support.
• Extensive knowledge in different networking protocols DHCP, DNS, FTP, VOIP (SIP, H.323, MGCP), Quality of Service (QOS).
• Experience with F5 load balancers upgrades - LTM, GTM series like i11800, 6800.
• Sound knowledge of python for writing scripts for interface creation on network devices, show commands for pre/post checks.
• Handling day to day operational tasks on Cisco ACI for eg: addition of Vlans, turning off LACP for port-channels etc.
• Reproduce the issue when there is a need and support issue investigation and retest failed cases which has been fixed.

TECHNICAL SKILLS

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, Fiber, Firewalls/IPS/IDS, AWS

Hardware: Dell, HP, CISCO, IBM, SUN, Checkpoint, SonicWall, FortiGate, PaloAlto.

Application Servers: DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange, Microsoft SharePoint

Firewalls: Check Point R75, R80, ISA 2004/2006/ ASA 5585/5520/5500 , FWSM, Checkpoint 4200/Nokia IP-560, FortiGate Firewalls, Palo Alto Firewalls.

Routing/Routers: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Static Routing, Cisco Routers ASR

Infrastructure Hardware: IBM, HP, Cabling, Network printers, IP KVM Switches, Cisco Routers Switches, 802.11x Wireless gateways, Access Points

Switching: VLAN, VTP, STP, Inter VLAN routing Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels

Protocols: TCP/IP, L2TP, PPTP, IPSEC, UDP, DHCP, DNS

VPN: Cisco Any Connect, BIG IP F5 VPN.

Security Tools: Wireshark, MS Visio, VMWare, Blackbox Testing, Whitebox Testing

Operating Systems: Windows, Linux, Microsoft Windows

PROFESSIONAL EXPERIENCE

Confidential, Boston, MA

Network Security Engineer

Responsibilities:

• Worked on Multi-vendor platform with Cisco ASA, Fortinet and Palo Alto Firewalls requesting net flow security compliance coding, and pushing firewall rules after approval and troubleshooting incidents as required.
• Configure and maintain security policies on Fortinet firewall and Forti Manager and Forti Analyzer.
• Implement URL filtering requests in Bluecoat Proxy SG for website blacklist and whitelist purpose.
• Adding users to Various AD groups on Symantec Proxy SG as per Barclays Request Ticket.
• Troubleshooting and resolving network related issues in the shortest possible time.
• Installation of Palo Alto (Application and URL filtering, Threat Prevention and Data Filtering).
• Performed code upgrades to the Palo Alto firewall from Panorama.
• Configured and implemented various features on Palo Alto including app-id, User-id, Security profiles and Custom URL categories.
• Interacting with the customer, understand the requirements and communicate with the off-shoreteam.
• Installation and configuration of Cisco routers and switches.
• Monitoring performance and ensure system availability and reliability using Network Management System SolarWinds.
• Involved in design and configuring Overlay Transport Virtualization(OTV) on Cisco NX-OS devices like Nexus 7000.
• Working on tickets to resolve day to day issues related to Networking Technologies, Wireless LAN and F5 devices.
• Implemented, Tested and troubleshoot Juniper Firewall to establish VPN network to Datacenter and wireless for local network.
• Automated network implementations and tasks and designed monitoring tools using Python scripting.
• Automated administration using PowerShell, Perl &Python scripting.
• Worked on Cisco FTD ( Firepower Threat Device), FMC ( Firepower Management Console), ISE.
• Worked on network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
• Responsible for configuration and troubleshooting issues related to F5 GTM/LTM devices.
• Configuration and troubleshooting F5 LTM and providing level 2 and level 3 support for the customers.
• Responsible for Cisco ASA firewall administration across our global networks.
• Deploy and manage with secuirty and network management tools like Aruba Clearpass Policy Manager and Aruba Airwave.
• Using the Level of experiences in Solar Winds monitoring tools and Service Now Ticketing system.
• Monitoring and Troubleshooting traffic on Palo Alto-5000 series firewalls.
• Creating and modifying rules and objects on Palo Alto-5020 Firewall.
• Experience on working with IPSEC VPN, Security Profiles and SSL decryption on Palo Alto firewall.
• Provides updates and upgrades to the Palo Alto Firewall and Panorama devices.
• Working on customer service requests for new changes and implementation plans.
• Deliver timely changes, migrations, and implementations on a customer network and to create and maintain an outstanding customer experience.
• Responsible for installation, troubleshooting of Checkpoint firewall and LAN/WAN protocols Implementing firewall rules and configuring Palo Alto, fortinet Network Firewall.
• Updated Fortinet firewall configurations, programmed switch ports and cameras, and maintained asset information.
• Implementing VPC, Fabricpath and Ethernet technologies on Nexus switches.
• Managed firewall using fortigate to allow or block IPs, created policies added different interfaces and VLANs.
• Integrated Palo Alto next-gen firewalls with overlay VMware NSX SDN network
• Worked with Host Master for shared web hosting and managed Web Application firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.
• Monitoring and Troubleshooting the Meraki AP and Meraki Switches through Meraki Port al, Checking the configuration through Solarwinds, checking device utilization through Vital suite, and updating the tickets on ticketing tool Remedy.
• Implemented AWS networking services Amazon VPC for the Private/Public Cloud, EC2 instances, IAM, and S3.
• Manage Network Management Tools SolarWinds, Cisco Prime Infrastructure, Loglogic, Splunk, Cisco Identity Security Engine, etc.
• Performed configuration, deployment and support of cloud services including Amazon Web Services (AWS) and deploy monitoring, metrics, and logging systems on AWS
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
• Use the data from Cisco ISE to trace out security violations in events of ransomware attacks.
• Configured OSPF/BGP on the existing Nexus/IOS switch and Cisco ASA to integrate SDWAN solution with current network infrastructure to ensure a seamless cutover.
• Participated in planning and implementation of Confidential s and SD- WAN solutions in direct support of targeted objectives.
• Ensured correct procedures are followed and changes are accurately recorded scheduled and controlled.
• Involved in testing and production support of cisco ACI Data center in network centric mode.
• Worked on Great exposure to SDN and Network virtualization technologies like Cisco ACI.
• Provided Hardware/Software support for entire EX series/QFX/QFabric series of switching platforms.
• Configured trunk and access ports and implemented granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than with previous generation of switches.
• Configuration and deploying WSA including proxies, custom URL filtering.
• Worked on virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.
• Configuration and troubleshooting of issues based on BGP, OSPF, HSRP, STP, VTP and VLAN.
• Configuring VLAN, trunking and Ether Channel on Cisco switches, Routers.
• Configuring Router with Sub-interfaces to allow tagged VLAN Traffic.

Confidential, Cambridge, MA

Network Security Engineer

Responsibilities:

• Implement IPSEC VPNs and SSL VPNs through IKE and PKI on Palo Alto Firewalls for site-to-site VPN connectivity.
• Deployed Active/Standby modes of High Availability (HA) with sessions and configuration synchronizations on multiple Palo Alto Firewall pairs.
• Configured Firewall policies on Cisco ASA 5500 series firewall and configured remote access IPSEC VPN on Cisco ASA 5500 series.
• Imperva WAF (Web Application Firewall) - Work in conjunction with vulnerability management team to take dynamic scans they produce to upload to the Imperva WAF for immediate protection from web application attacks.
• Navigated through Algosec and Palo Alto, Checkpoint to find risky ports and unused firewall rules to help with firewall audit
• Implementation, maintenance and monitoring of IDS/IPS, WAF, antivirus and Syslog Servers.
• Defining network policies and procedures and establishing connections and firewalls.
• Upgrading code on Palo alto firewalls PA to meet company security policy
• Involved in configuring Palo Alto PA 7020 firewall from the scratch.
• Managed multiple Palo Alto Firewalls centrally through the Palo Alto Panorama M-500.
• Utilized application groups, SSL decryption, IPS, antivirus, anti-spyware, URL filtering, NAT, VPN, and the Reporting features of Palo Alto.
• Responsible for building the automated tools using Python and testing them.
• Automating Network Provisioning and Configuration Task Using Python Script on Network Devices for Multiple Vendors
• Implemented Firewall Security in compliance with PCI on Cisco ASA, FWSM, Palo Alto and Fortigate
• Collaborate with Design teams and peers for Creation of Test Plans, Test Cases, Test Reports utilized by Service Deliver and Service Assurance Teams, as well as the Product Management\Marketing teams, as appropriate. Ensure end to end capability to deliver smart and scalable services on a service provider network.
• Using JIRA for creation of tickets and updating time to time to keep everyone informed of the tasks being performed.
• Maintaining the ISP backhaul links and coordinating for fault with international ISP teams. (OPTUS, NTT, NextGen and etc)
• Implemented Cisco FirePower and integrate FirePOWER with unsupported up and down stream switches so deep understanding of network concepts were required to driver project success
• Executed changes on various firewall proxies and scripts over entire network infrastructure using Service Now ticketing tool.
• Configuring, maintaining and troubleshooting with Fortinet firewall and security
• Configured and troubleshoot Network security including NAT/PAT, ACL, IPSEC, site-to-site and remote VPNs in ASA/Palo Alto/ Fortinet Firewalls.
• Involvement in configuring solarwind tools for regular activities as well for proactive monitoring of specific routers to record behavioral statistics.
• Configures and troubleshoots Cisco Nexus 7K and 9K features, such as VPC, OTV, and VXLAN.
• Performed Troubleshooting and monitored routing protocols such RIP, OSPF, EIGRP & BGP.
• Participate in an on-call schedule. Be available during the on-call shift 24x7 in case issue occurs.
• Investigate and help resolve issues on RL network and IT estates using agreed troubleshooting methodologies.
• Whitelisting, Blacklisting, creating filter policies and Troubleshooting Force Point Proxy related Tickets.
• Uninstalling old Version of ForcePoint Agent and Installing Latest version of ForcePoint Agent on user machines.
• Assisted in migration of traditional Data Center infrastructure having Nexus 5k, 7k to Cisco ACI.
• Involved in SD- WAN project for successful evaluation of POC to proceed with production implementation.
• Troubleshooting includes network protocol, log analysis and raw data captures.
• Work collaboratively across various business units to implement new technology, support existing, and at times do Firewall changes after normal business hours.
• Work with various Ralph Lauren application teams to troubleshoot to resolve the issues.
• Create Firewall rules on Cisco ASA and Palo Alto Firewalls as per application Team’s requirement.
• Implemented site to site VPN changes in Cisco ASDM as per RL application Team requirement.
• Analyzing firewall change requests and integrating changes into existing firewall policies while maintaining security standards.
• Responsible in troubleshooting on Cisco ISE added new devices on network-based policies on ISE.
• Performed automation operations using VMware NSX and Python scripting.
• Deployed Cisco WSA proxies and installed base policies using WCCP in multi-context ASA firewall environment
• Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.
• Develop Engineering Documentations to record F5 environment and change processes LTM/GTM/iRules.
• Worked on extensively on troubleshooting multiple issues and driving Incident calls to resolution by doing packet and wireshark capture techniques and performing other troubleshooting scenarios.
• Blocking malicious URLs and IP’s on Force Point and perimeter firewalls.
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Implemented firewall rules on Palo Alto firewall and Panorama management systems.
• Responsible for operating and maintaining Symantec Endpoint Security Manager
• Designed AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates.
• Implemented automated local user provisioning instances created in AWS cloud.
• Analyze new features to the product based on functional and design specifications, soliciting guidance from senior members of the team and recommending appropriate test strategies.
• Analyzing complex local and wide area data network infrastructure and/or customer network environment, including planning, designing, evaluating, selecting service elements and protocol suites and configuring dedicate network devices or multi-service platforms to achieve or validate desired results.

Confidential, Menlo Park, CA

Network Firewall Engineer

Responsibilities:

• Designing and implementing new network solutions and/or improving the efficiency of current networks
• Performing troubleshooting on slow network connectivity issues, routing issues involves OSPF, BGP, black box and identifying the root cause of the issues.
• Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
• Documented the implementation of FortiGate, FortiAuthenticator and Nexus switches.
• Worked with Palo Alto PANOS 8.0.20 and Forti-Gate Firewall 1500D v5.4 policy provisioning experience with Firewall Administration, Rule Analysis, Rule Modification and upgraded FortiGate firmware
• Worked on Bridge Domains, VXLANs, VTEPS, VNID. configuration of routing using BGP among multiple Leaf to spine switches.
• Support of firewall technologies includes Fortinet firewalls
• Worked on physical and virtual networks to provide functionality on additional layers on VMware NSX.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Troubleshoot and Worked with Security issues related to Palo Alto firewalls
• Checkpoint Configurations including R80.10, VSX, R77 and previous version of checkpoint firewall OS.
• Perform configuration changes on Checkpoint R77 Gaia, R80.10 and Palo Alto on a large-scale environment.
• Implemented load balancing solutions on F5 local Traffic Manager.
• Built out and manage the Windows/VMware Virtual and Cloud Infrastructures and integrate them with Cisco ACI.
• Working with team in developing and maintaining WSA application.
• Implementing Python scripts for pre and post checks and in configuring the devices involved in the events.
• Configuring & managing Security Devices that includes Juniper (NetScreen) Firewalls, F5 BigIP Load balancers, Blue Coat Proxies and Plug Proxies.
• Provision DNS services using Infoblox for DNS, DHCP and IP address management IPAM, ARECORD, MXRECORD, DMARC, Text Record and Domain creation.
• Managed and configured Citrix Web application Firewalls (WAF) and performed day to day operations.
• Implement URL filtering requests in Bluecoat Proxy SG for website blacklist and whitelist purpose.
• Adding users to Various AD groups on Symantec Proxy SG as per Barclays Request Ticket.
• Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short- and long-term planning, implementation, project management and operations support as required.
• Ensure all network devices (Router, Switch, Firewall, Load Balancer, Proxies) are running healthy which include upgrading to latest version, patch update, upgrade (DMVPN, HTTPS etc.).
• Configure Cisco ISE node with the Monitoring persona functions as the log collector and stores log messages from all the Administration and Policy Service nodes in a network.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches.
• Deployed new computing infrastructure systems within AWS infrastructure.
• Design and Implementation of 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server.
• Utilize tools such as SevOne, Spectrum Network Alert Monitoring tool and Splunk for improved network support
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.

Confidential

Network Admin/ Junior Network Engineer

Responsibilities:

• Provide support for 2Tier firewall support, which includes various Checkpoint R80 Gaia, Confidential ASA firewalls and Palo Alto firewalls.
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems
• Implementing, configuring, and troubleshooting various routing protocols like EIGRP, OSPF, and BGP etc.
• Performing network monitoring, providing analysis using various tools like Wireshark, SolarWinds etc.
• Cisco ASA/Checkpoint Firewall troubleshooting and policy change requests for new IP segments that either come online or that may have been altered during various planned network changes on the network.
• Responsible for Cisco ASA 5500 firewall administration, Rule Analysis, Rule Modification.
• Designed, Installed and configured Aruba Wireless network in an HA environment using AGN 125 access points with 802.1X authentication.
• Upgraded and updated Cisco IOS and SD- WAN device OS.
• Installed, configured and maintained Checkpoint R75, R77 and R80 Gaia/SPLAT.
• Maintain high level Run manuals and SOP's on each project implemented including Aruba wireless, Cisco switches, and firewall solution.
• Deployed BIG-IP F5LTM Load Balancers for load balancing and traffic management of business application.
• Perform network analysis using various tools like Wireshark and Solar winds.
• High-level understanding of multi-tiered application traffic flow, server load balancing and global load balancing.
• Configuring, implementing and troubleshooting VLAN’s, VTP, STP, Trunking, Ether channels.
• Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of inter-VLAN routing.
• Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN
• Configuration and Integration of Cisco Identity Services Engine (ISE) 1.2
• Deploying ISE Wired and Wireless Authentication, Authorization and Accounting.
• Configuring firewalls for site-to-site tunnels, any-connect VPN, zoning.
• Managed Cisco firewallsfrom both the Command line and ASDM.