SUMMARY

• More than10 years of Networking Experience, with strong analytical skills and a broad knowledge of computer hardware and software.
• Excellent problem - solving skills, with the ability to quickly pinpoint problem areas and resolutionpossibilities.
• Strong leadership skills. This comes in handy when enlisting the support of all team members in aligning with project and organizational goals.
• I have 6-8 years’ technical experience in architecture, network design, software defined networking with exposure to various Palo Alto Firewall environments.
• Responsible for the planning, design, implementation, organization and operation of Palo Alto Firewalls based perimeter security network and network security devices including but not limited to 7000, 5000, 500 series FW’s.
• Responsible for troubleshooting network and firewall problems, specifically Palo Alto, Checkpoint and Cisco ASA’s.
• Adequately monitor the firewall and network system to identify and solve data communication problems and user performance issues.
• Linux Foundation Certified System Administrator (LFCS) desired
• 5+ years of Unix, Storage & IT infrastructure work experience
• Experience with Enterprise Infrastructure systems including Enterprise Redhat Linux, CentOS and Solaris
• Experience in Unix/Linux scripting for process automation
• Experience in administering medium to large scale virtualized environment utilizing VMware
• Experience with SAN and NAS storage in Unix/Linux/Windows Server environment
• Incident response and remediation experience
• Sound working knowledge of network infrastructure and operations, including switching, routing, Ethernet, TCP/IP
• Solid understanding of industry-standards & best practices
• Ability to produce architecture diagrams and requisite documentation
• Strong teamwork and communication skills.
• Technically proficient at installing, configuring, and maintaining UNIX(both in a physical and virtual environment).
• More than 10 years’ experience as a system administrator for the Red Hat Linux operating system.

TECHNICAL SKILLS

Cisco Routers: Cisco Routers 1600, 1700, 2600, 2800, 3600, 7200, andASR 1000 series routers

Big-IP F5 Load Balancers: Big-IP 8800 series; Big-IP 8400 series; Big-IP 6400 series; Big-IP 3400 series; Big-IP 1500 series,Viprion.

Cisco Catalyst Switches: Cisco Catalyst Switch 1900, 2900, 3500, 4000 and 6000 series Cisco Nexus 5000, 7000,9336PQ,9508, FEX and Cisco ACInFortgate 60E,900,800,600, 7000, 3000, 2000

CiscoASA Firewall: Cisco ASA firewall 5000 series ( 5585 )nCheckpoint R75.20, R 76 and R 77

PROFESSIONAL EXPERIENCE

Confidential

Senior Network Engineer

Responsibilities:

• Design and plan new firewall and network security systems to protect the network from internal and external threats.
• Technical lead involve in the design of a brand new datacenter comprising of Cisco Nexus 7010, 5596s,FEXs 2248 with the overlying technologies like fabricpath,OTV VPC.
• Migrated the Confidential WAN from EIGRP to BGP, implemented BGP traffic engineering using route-map, prefix-list, distribute-list and BGP regular expression.
• Technical lead on a tech refresh project to replace end of life Cisco network switches and routers
• Experiencein application delivery controllerF5Big-IPLTM,GTM, ASM, and Enterprise Manager environments.
• Evaluate potential network security products, technical solutions, and capacity requirements to meet business needs.
• Provide specifications and detail schematics for network security architecture of the enterprise.
• Analyze current security device configurations and determine implementation requirements.
• Develop implementation strategies, plans and processes for a nationwide rollout/upgrade of the Palo-Alto, Cisco ASA and Check Point Firewalls.
• Configure interfaces, zones and security policies.
• Configure granular App control concepts.
• Configure URL filtering, anti-virus and vulnerability and spy ware protection.
• Create VPN zones, configure global protect gateway and portal.
• Configure Site-to-Site VPN.
• Configure M-100 to function as a log Collector and Panorama.
• Develop Standard Operating Procedures (SOPs) for administering the firewalls and Endpoint Profiler system
• Configure and maintain Domain Name Server (DNS), Network Time Protocol (NTP), Simple Mail Transfer Protocol (SMTP) servers
• Provide third-level technical support and troubleshooting for critical network security problems
• Develop documentation, including diagrams, standards, specifications and operating procedures.
• Monitor for opportunities to enhance the customer network security performance or reliability.
• Monitor for opportunities to improve the customer service delivery practices.
• Provide third-level support and troubleshooting of network problems. Periodically provide after-hours and weekend support.
• Provide technical design, build and support solutions using F5 products including LTM, APM. The emphasis would be on skills like
• Proactive Metrics and Improvement
• Irule/TCL design and troubleshoot
• Excellent Technical Solution Engineering
• Customer sensitivity and Rapid Response
• Proactive and Clear Communication
• Quality & Process Compliance
• F5 LTM/APM/ASM iRule/TCL Knowledge
• VPN SSL & IPSEC
• Application Delivery Controllers
• Configure and implement WAF on F5-BIG-IP Application Security Manager (ASM), CheckPoint and Cisco WAF environment.
• Configure, implement and troubleshoot WAF to protect the organization against OWASP threats, such as application vulnerabilities, and zero-day attacks.
• Configure CheckPoint WAF (Web application firewall) to protect Web servers from malicious traffic and blocks attempts to compromise the system.
• Use Layer 7 DDoS defenses, advanced detection and mitigation techniques, dynamic learning, virtual patching, and granular attack visibility thwart even the most complex threats before they reach your servers.
• Use F5-BIG-IP Application Security Manager (ASM) to prevent targeted attacks that includecross-site scripting,SQL injection, forceful browsing, cookie poisoningand invalid input.
• Configure F5 BIG-IP Application Security Manager Web application firewall to use both positive and negative security models to identify, isolate and block sophisticated attacks without impacting legitimate application transactions.
• Supporting installed applications and network services(NIS, DNS, LDAP, etc.).
• Experience with implementing, configuring and supporting various Fortigate next-generation Firewall models such as 900,800,600, 7000,5000, 3000 and 2000 series.
• Design, configure and troubleshoot Fortianalyzer, Fortimail, Fortiweb, Forticlient, FortiDDOS, Fortisandbox, Fortisiem, Fortiauthenticator and FortiADC
• Excellent troubleshooting skills and ability to identify root causes of issues and provide solutions in Fortinet environment.
• Experience working in 24 x 7 centers with complex, high transaction, high availability environments.
• Strong interpersonal and presentation skills, both oral and written, with the ability to articulate and educate others about complex technology with business acumen.
• In depth knowledge of external services environments including SSL certificate exchange, remote access solutions, and business to business interconnects.

Confidential

Senior Network Engineer

Responsibilities:

• Designed and deployed Checkpoint firewalls on GAiA and SPLAT platform appliances in an enterprise distributed environment.
• ExperiencedF5systems engineer of large enterpriseF5Big-IPLTM,GTM, ASM, and Enterprise Manager environments.
• Installed and configured Checkpoint SmartCenter server on Linux and Windows platforms.
• Created checkpoint policies and rulesusing smart dashboard, troubleshoot connectivity issues through the smart view tracker application.
• Installed, configured and created policies on Juniper SRX firewalls.
• Configured Juniper SRX firewall in a redundant cluster solution.
• Installed and configured Enterasys 800 D and K-series switches on the network
• Perform code upgrade on the Enterasys switches to the latest version.
• Created trunk and port channel using PAGP and 802.1Q on the Enterasys 800.D and K series switches to connect to the Cisco 6513 Core switches.
• Upgraded Checkpoint software to version R75, analyze rule base on the checkpoint using Solarwinds firewall security manager in order to delete obsolete rules.
• Identified traffic classes within the network and performed QOS techniques for delay sensitive applications such as voice and video.
• Provide real-time (or near real-time) detection and reaction services for information securityincidents and analyze malware incidents to determine direct threat to organization.
• Review data source events from NSM (NetworkSecurityManager) to determine key events for input to content development.
• Experience with network load balancing technologies - Cisco ACE, F5 BigIP, or NetScaler preferred, including deployment, troubleshooting, management, upgrades, round robin, persistence, one armed (SNAT) and two armed configurations. Acquisition and maintenance of public and private certificates to terminate SSL sessions, and knowledge of SSL security and vulnerabilities.
• Implemented ADCF5LTMandGTMhardware platforms design and deployment implementation guidelines, DMZNetworkinfrastructure policies,LTMInbound SNAT configurations and outbound NAT server to IP mapping processes.
• Responsible for supporting the currentF5BIG-IPload balancingplatform; including implementing, configuring, and integratingF5BIG IPGTM,LTM, APM, ASM,iRules, DNS-SEC, IPv6, SSL administration.
• Primary engineer for writing, testing, and implementing customiRulesand health checks for enterprise applications.
• Supported datacenter migration ofF5BIG-IP1500 v9 LTMs to LTM, rewriting TCLiRulesto support new features and syntax.
• Implementation ofF5LTMload balancingfor highly available web clusters, and centralized certificate and redirect management usingiRules
• Provide source monitoring activities, cyber threat analysis and mitigation courses of action, provide the actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending and situational awareness of customer leadership.
• Support the security activities associated with the evaluation and introduction of new security technologies into the customer's enterprise.
• Implement optimal (enterprise coverage, minimal device footprint, minimal network impact) deployments and respective configuration of hardware and software for enterprise security solutions.
• Designing and implementing network security solutions in cloud and on-premise data centers.
• Modification of firewall rules on and Fortigate firewalls.
• Installation of new firewalls, high availability configuration, and monitoring
• Administration of a large internal and external DNS server infrastructure
• Administer and monitor a multi-site security fabric including firewall, IDS/IPS management
• IDS/IPS Engineering: Tune IDS/IPS signatures, change default actions, create and amend policies, configure and monitor high availability
• SIEM: Create SIEM alarms, develop correlation rules, create and modify policies, and monitor events and trends on Fortisiem.
• Provide support for internal and external customers in a large enterprise environment
• Troubleshoot a range of IT security and connectivity issuesManage and troubleshoot virtualized loadbalancers on FortiADC.
• Support other team members in troubleshooting and project efforts
• Manage hardware and software inventories.
• Work with remote teams to install, maintain and troubleshoot security hardware.
• Ensure customers receive top of the line support in a polite and courteous manner
• Keep detailed records of customer interaction and problem resolution in a ticketing system
• Develop standard operating procedure and network topology documentation

Confidential

NETWORK ENGINEER

Responsibilities:

• Assisted in providing network design, implementation and documentation.
• Installed, maintained and administered all network and data communication equipment including terminal server, Cisco routers and switches.
• Upgraded multiple switches and routers with cat OS and IOS software to conform to U.S Department of Commerce standards.
• Assisted in testing and implementing new network services to remote stations
• Opened and tracked trouble ticket through Remedy and serve as a member of the 24/7 team responsible for member connectivity and any network impacting event to the U.S Department of Commerce.

Confidential

Network Engineer

Responsibilities:

• Reviewed and redesigned of current network for internal development and testing teams
• IOS upgrade and router hardening for 2600, 3600, 7200 routers and 6500 series of switches.
• Provided wireless network design and support for clients
• Assisted with establishing global network operations center (GNOC) to proactively monitor the network resulting in better SLA and network performance.