SUMMARY

• CCNA, CCSA and Palo Alto AEC Certified professional; with expertise 8+ years of experience with networking installations, Configurations testing, troubleshooting, implementing, optimizing, maintaining enterprise data network and service provider systems.
• Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network designs that enables business functionality.
• Hands - on experience, specializing in Cisco Environment in Data Center, systems, network and user administration, LAN / WAN and Security.
• Administration, engineering, and support for various technologies including proficiency in LAN/WAN, routing, switching, security, application load balancing, and wireless.
• Experienced in installation, configuration, design and ongoing maintenance of Cisco, Aruba router and switches.
• Experience in enterprise class storage network configuration include HDS VSP USPV/USP, AMS2500, HP XP24K's, EVA's, EMC Vmax, Symmetrix and Clariion SAN connectivity- Cisco MDS, McData and Brocade 4700/DS-16B2 Fibre channel switches.
• Worked on Cisco Catalyst Switches 6500/4500/3500 series,
• Expert in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4, MPLS.
• Experienced in DHCP, DNS, SMTP,FTP, HTTPS and web security architecture.
• Juniper, Check Point Cisco ASA, Cisco PIX and Palo Alto Firewalls Administration
• Knowledge of Checkpoint VSX, including virtual systems, routers and switches
• Experience in Network LAN/WAN deployment,
• Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations.
• Cisco ASA Firewalls, Palo Alto Networks Firewalls.
• Installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configuring, Administering and troubleshooting the Palo Alto firewall.
• Troubleshooting complex network using variety of packet analysis tools like Wireshark, Riverbed
• Efficient at use of Microsoft VISIO/Office as technical documentation and presentation tools
• Involved in troubleshooting network traffic and its diagnosis using ping, traceroute and tools like Wireshark, Solar Winds, Sniffer Capture, TCPdump, and Linux operating system servers.
• Configure Palo Alto Networks Firewall models like PA-2k, PA-3k, PA-5k etc.
• Experience with installing copper/fiber cables in industry.
• Solid understanding of networking concepts & security technologies with responsive, organized and excellent problem-solving abilities.
• Design and setup firewalls with in Active-Active modes and Active-Passive modes.
• Setup External DMZ on Firewalls for placing the Internet facing servers and VPN concentrators.
• Strong knowledge of TACACS+, RADIUS implementation in Access Control Network.
• Experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500, 2901 and Cisco 2600, 2800, 3600, 3800, 7200, 7600 series routers, Load Balancers& Cisco Firewalls.
• Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel and wireless networks.)
• Troubleshoot firewall configurations remotely supporting all managed firewall solutions.
• Configured IP addresses and subnet masks of workstations
• Provide cisco VoIP services to students. Support cisco CCM, Unityday today support. Provide support for call centers connected to the Cisco UCCX call center, IVRs, and call recordings
• Understand different types of NAT on Cisco ASA firewalls and apply them.
• Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers, SharePoint, File and Print and FTP/SFTP servers.
• Extensive experience in Windows 2008 R2/2008/2003 Wintel Servers at single or multi domain platforms.
• A web application (Django) created for a customer to automate scan requests of AWS servers to Truvantis.
• Worked on writing playbooks for new products in organization such as Illumio (Rule sets, PCE, VEN agents, workloads, lables, payloads etc), PaloAlto and CISCO ACI networks.
• Extensive experience of working in Privileged Access Management as a Technical Analyst/SME
• Vast experience working with configuring and maintaining security firewalls like ASA, Checkpoint, Palo Alto, Blue coat and expertise in VPN’s, SSL etc.
• Monitor areas of the enterprise network undergoing segmentation
• A highly organized individual who adopts a systematic approach to problem solving, effectively analyzes results and implements solutions.
• Highly motivated with the ability to work independently or as an integral part of a team and committed to highest levels of professional.

TECHNICAL SKILLS

Cisco Platforms: Nexus 7K, 5K, 2K & 1K, Cisco routers (7600, 7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900 series) 2901, Aruba

Juniper Platforms: SRX, MX, EX Series

Routers and Switches Networking Concepts: Access Lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPsec, VLAN, VPN, WEP, WAP, MPLS, and VoIP, Bluetooth, Wi -Fi

Firewall: ASA Firewall (5505/5510), Checkpoint, Cisco ASA, Network Tools, Solar Winds, SNMP, Cisco Works, Wireshark, Palo Alto.

Load Balancers: Cisco CSM, F5 Networks (Big-IP)

WAN Technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port-Channel, VLANS, VTP, STP, RSTP, 802.1Q

Security Protocols: IKE, IPSEC, SSL-VPN, GRE, MGRE, DMVPN

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA

Languages: Perl, C, C++, SQL, HTML/DHTML

Operating System: Windows 7/XP, MAC OS X, Windows Server 2008/2003, Linux, UNIX

Documentation: MS Office, MS Visio

PROFESSIONAL EXPERIENCE

Confidential, NY

Sr. Network Security Engineer

Responsibilities:

• Prepare equipment orders based on templates. Develop detailed template-based plans including: implementation, testing and back out procedures for allnetwork implementations, upgrades and modifications.
• Day to day activities involves the provisioning of the firewall policies, managing and administering the Juniper SRX and Checkpoint Firewalls at various zones globally.
• Configuring and managing Cisco ASA Firewalls (5585, 5550, and 5540) and use command line CLI, Cisco CSM, ASDM for day-to-day administration.
• Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800
• Configuring IP, RIP, EIGRP, OSPF and BGP in routers.
• Workingwith High performance data centre switch like nexus 7000 series
• Hands on experience with Nexus 7010,7018, 5020, 2148, 2248 devices
• Migration of existing IPSEC VPN tunnels and Firewall rules from one Data Centre to another Data Centre, due to decom of existing Data Centre, which involved working with Partner Companies
• Responsible for Updating Access-list, prefix-list to 2500 Retail Routers across the country. Experience with LAN protocols like STP, RSTP, MST, VTP, VLAN and Port Channel Protocols like LACP, PAGP.
• Network Redesign for Company Campus Locations and Moving from 6500 based Data Centre to Nexus based Data Centre.
• Configuring and troubleshooting perimeter security devices such as Checkpoint R77 Gaia, Secure Platform, Palo Alto and ASA Firewalls.
• Remote implementation of Palo Alto firewalls PA-820 and PA 500 firewalls
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Hands On experience in push Policy from Panorama 8.0 to Firewall in Palo Alto.
• Knowledge about wild fire feature of Palo Alto
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Experienced with Palo Alto panorama (6.0,7.0, 8.0) to centrally manage the process of configuring device, deploying security policies.
• Implement, troubleshoot, and support Blue Coat Proxy configurations.
• Bluecoat proxy administration - Blocking/Unblocking URL's.
• Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.
• Black listing and White listing of web URL on Bluecoat Proxy server
• Analyzed and recommended improvements to all new systems and ITIL processes.
• Developed and documented various ITIL standards.
• Troubleshoot network access problems, Strong TCP/IP understanding, Debugging Check Point Firewall and Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps.
• Monitored performance and analyzed network irregularities using tools such as Riverbed and HP iMC
• Responsible for layer 2 securities which was implemented using a dedicated VLAN ID for all trunk ports, setting the user ports to non-trucking, deployed port security when possible for user ports
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN.
• Implemented DMVPNs over the internet utilizing 3DES, AES/AES-256 with ASA Firewalls.
• Responsible for cabling the switches, assigning IPs, port turn up and also troubleshooting the connection.
• Help with application security incident response Worked on migration from F5 LTM to GTM
• Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
• Provide front end on-call network support 24x7x365 for all network infrastructures in the co-operation

Environment: Cisco 2901, Cisco routers (7200, 3800, 2800) and Cisco switches (6500, 3700, 4900, 2900), Nexus (7K, 5K & 2K) Routing Protocols (EIGRP, OSPF, BGP), Checkpoint, F5 load balancing

Confidential, PA

Network Security Engineer

Responsibilities:

• Daily technical hands on experience in the configuration, troubleshooting of Juniper SRX firewalls as well as experience working directly with customer in a service/support environment.
• Day-to-Day work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using both Smart Utilities and CLI.
• Solved problems on case-by-case basis with deep understanding of networking/firewall concepts, particularly with Fortinet devices.
• Assisted with migrations from CISCO to Fortinet Security platform..
• Worked on Blue Coat Proxy SG to safeguard web applications in extremely untrusted environments such as guest Wi-Fi zones.
• Performing URL filtering and content filtering by adding URL’s in Bluecoat Proxy SG’s.
• Managing & administering Cisco WSA.
• Maintained DNS resolution policy, processed PKI certificate requests, blocked malicious websites using Websense, and maintained pattern based SPAM filters on Symantec Brightmail Gateways.
• Active/Standby and Active/Active HA configuration on Cisco ASA Firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for stateful replication of traffic between active and standby member.
• Managing and administering Juniper SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Deep understanding of IDS/IPS such as Sourcefire and Foresight.
• Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Planning Deployment/Installation Efforts, Supporting Hosted Email Security Group in STBU Cisco
• Automated scripting/execution & allocation of models for Hosted Email Security Systems.
• Network expertise with test execution on cisco network topologies, troubleshooting issues/utilizing Cisco, Citrix, Ironport, Dell Network Security/ Technologies.
• Application Performance Management/Analysis Hosted Email/Web Security, Quality Assurance, tools, Support for Hosted E-mail Security solutions in Cloud.
• Planned/Build and installed the Private Ethernet Network Interface between the NetAPP Filers and HP's C-Class servers using CISCO 3750 Ethernet Switches
• Good experience in Implementing Open Replicator migrations to migrate data from EMC VMAX frames to HDS Systems.
• Installing and configuring barematel servers using infoblox, Foreman, Katello, chef and bitbucket.
• Creating, cloning Linux Virtual Machines, templates using Hyper -v and migrating servers between Hyper-v hosts
• Worked with Database administrators to tune kernel for Oracle installations.
• Juniper Firewall Policy management using NSM and Screen OS CLI.
• Working on the network team to re-route BGP routes during maintenance and FW upgrades.
• Running vulnerability scan reports using Nessus tool.
• Cisco ASA security appliances including Sourcefire, Fire POWER services and Fire Sight Management Console.
• Configure B2B VPN with various business partners and 3rd parties and troubleshoot VPN Phase 1 and Phase 2 connectivity issues including crypto map, encryption domain, PSK etc.
• Provided administration and support on Bluecoat Proxy for content filtering and internet access to primary, remote site offices and VPN client users
• Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response.

Environment: Cisco ASA 5580/5540/5520 , Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco Sourcefire, Fortinet, Splunk, Bluecoat Proxy servers, IDS/IPS. SIEM and Monitoring, Linux and Unix.

Confidential, Weehawken, NJ

Network Security Engineer

Responsibilities:

• Maintain overall client platform stability, security, and supportability to ensure that the customer’s firewalls are running properly.
• Provide a technical oversight and guidance to the delivery teams to ensure components fit into overall technical architecture.
• Checkpoint/ASA Firewall Management, including DMZ and Network Segmentation.
• Provide technical mentoring to peers and to partner organizations.
• Resolve network security problems that involves Intrusion Detection, Firewalls, DMZ, Load Balancing, Routers, VPNs, and common network level vulnerabilities.
• Configure Cisco routers, switches, and wireless access points
• Configure and install Cisco and Aruba equipment.
• Securing the Data Center traffic behind the firewalls using Instant IPsec in Illumio.
• Enforcing adaptive security among application as per compliance using Illumio policies.
• Analyzing the flow of traffic for an application and enforcing the required policies using Illumio templates.
• Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for Posture Compliance Policies and Rules for Checking the devices coming onto Network Remediation Process, Access and Controls, and Segmenting the Global Networks for NAC Solutions for both Cisco and Forescout NAC Appliances.
• Installed and Configured a Cisco secure ACS server for AAA authentication (RADIUS)
• Monitored and troubleshot network outages, LAN & WAN issues.
• Organize and update network documentation.
• Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
• Configuring/Managing Intrusion Prevention System (IPS): Cisco lPS / Fortinet & Checkpoint UTM.
• Firewall policy provisioning on Fortinet FortiGate appliances using FortiManager.
• Adding Websites to blocked list on the bluecoat proxies based upon business requirements.
• Support Blue Coat Proxy in explicit mode for users trying to access Internet from Corp Network
• Provided L2 & L3 network support
• VPN setup and administration, this includes Portal, B2B, and Any Connect
• Maintain and upgrade Cisco Security Manager and Cisco Prime NCS
• Configuration and Implementation of Wireless Controllers and Access Points
• Responsible for day to day Support and Enhancement of Network Infrastructure.
• Review scan findings with clients and provide technical and business recommendations for addressing vulnerabilities.
• Netback up tuning to increase performance and catalog backup using Vault daily and send media offsite for disaster discovery

Environment: CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols, CISCO ASA, DHCP, DNS, Spanning tree, Nimsoft, Fortinet, Illumio.

Confidential, Irving, TX

Network Security Engineer

Responsibilities:

• Configured Cisco Routers for OSPF, IGRP, RIPv2, EIGRP, Static and default route.
• Worked on HSRP for hop redundancy and load balancing.
• Configured the Cisco router as IP Firewall and for NATing Configured RSTP, MST and used VTP with 802.1q trunk encapsulation.
• Provided port binding, port security and router redundancy through HSRP.
• Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers.
• Provided testing for network connectivity before and after install/upgrade
• Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
• Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of port channel between core switches and server distribution switches
• Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations
• Perform software installation, upgrades/patches, troubleshooting, and maintenance on UNIX/Linux servers.
• Responsible for capacity planning, including allocating storage, providing hardware and software redundancy, and planning future expansion requirements.
• Participate in root-cause analysis of recurring issues, system backup, and security setup.
• Involved in the redistribution into OSPF on the core ASA firewall.
• Experience on HSRP for load balancing.
• Configuring, Installing and troubleshooting on Check Point Devices.
• Good knowledge on Intrusion Detection and Intrusion Prevention System.
• Experience in installing, configuring and implementing the RAID technologies using various tools like LVM, VxVM and Solaris volume manager.
• Experience in Creation and managing user accounts, security, rights, disk space and process monitoring in Solaris and Redhat Linux. Implementing Security Solutions in Juniper SRX and NetScreen SSG firewalls by using NSM.
• Knowledge on multiplex techniques such as DWDM.
• Troubleshoot and Worked with Security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS and Juniper Netscreen firewalls.
• Experience with Synchronous Optical Networking (SONET) over optical fibre.
• Experience in Cisco switches and routers: Physical cabling, IP addressing, Wide Area Network configurations.
• Responsible for Internal and external accounts and, managing LAN/WAN and checking for Security
• Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation
• Routing protocols OSPF, RIP & BGP
• Implementation of name resolution using WINS & DNS in TCP/IP environment
• Configured FTP server for inside/outside users & vendors

Environment: Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP, Vulnerability Assessment tools like Nessus, Red Hat, Solaris, Juniper VPN’s, SSL, Linux and Unix.

Confidential, Cleveland, Ohio

Network Engineer

Responsibilities:

• Network Administrator responsible for the full Planning, designing, installation and administration of the Corporate WAN (wide area network).
• Configuration, Management, Troubleshooting of Network devices (Routers, Switches, Firewalls, Servers, etc.).
• Design, configuration and operational support of Nexus 7k,5k,2k, 6509, 4609, 7609, 7201, 184, 2811, 2911, 2926, 2960, 3560, 4948 Series Nexus Routers and Nexus Switches.
• Experience in migration of Frame-relay based branches to MPLS based technology using multilayer stackable switch like 6500 series and 2800 series router.
• Hands on experience with Virtual Switching System (VSS) in combination of catalyst 6500 series switches.
• Configuration and Administration of Cisco and Juniper Routers and Switches.
• Worked with design and troubleshooting voice communications and multimedia sessions over Internet Protocol networks.
• Maintain Web servers, file servers, firewalls, and directory services, and set up user accounts.
• Oversaw tuning and performance monitoring for UNIX/Linux workstations, servers, and peripherals.
• Implemented and documented systems for high-volume production environment.
• Monitored, troubleshot, and resolved issues involving operating systems.
• Involved in migrating Cisco ACE load balancers to F5 load balancers.
• Upgrading and investigating Cisco IOS to the Cisco router and switches.
• Configure and investigate Juniper EX arrangement routers and switches.
• Configuring Site to Site to VPN integration.
• Implementation of HSRP, IPSec, Static Route, IPSEC over GRE, Dynamic directing, DHCP, DNS, FTP, TFTP, RAS.
• Primary obligation is to plan and send different system security & High Availability items like Checkpoint NGX, Provider-I, Cisco ASA other security items.
• Involved in Implementing, arranging and get ready calamity recuperation.
• Experienced in Cisco prime infrastructure.
• Configured Cisco Catalyst Switch 3560.

Environment: Juniper firewalls 5GT, 208, SSG 5, 140, 550, 550M, NSM, IDS/IPS 6500/3750/ /2950 switches, Juniper (M320, T640), Cisco 7200/3845/3600/2800 routers, TACACS, EIGRP, RIP, OSPF, BGP, VPN, MPLS, Ether Channels, Cisco Catalyst Switches, Cisco Prime Unix/Linux Servers.

Confidential

Network Engineer

Responsibilities:

• Worked on Cisco routers 7200, 3800, 2800 and Cisco switches 4900, 2900
• Key contributions include troubleshooting of complex LAN/WAN infrastructure that include
• Configured Firewall logging, DMZs & related security policies & monitoring
• Creating Private VLANs & preventing VLAN hopping attacks & mitigating spoofing with snooping & IP source guard
• Installed and configured Cisco PIX 535 series firewall and configured remote access IPSEC VPN on Cisco PIX Firewall
• Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast
• Configuration and Administration of Cisco and Juniper Routers and Switches.
• Configuring RIP, OSPF, EIGRP BGP, MPLS, QOS, ATM and Frame Relay.
• Configuring VLANs and implementing inter VLAN routing.
• Upgrading and troubleshooting Cisco IOS to the Cisco Switches and routers.
• Configure and troubleshoot Juniper EX series switches and routers.
• Configuring Site to Site to VPN connectivity.
• Configuring and troubleshooting Dell, HP, servers in Data Center.
• Implementation of HSRP, IPsec, Static Route, IPSEC over GRE, Dynamic routing, DHCP, DNS, FTP, TFTP
• Involved in configuring Cisco Net flow for network performance and monitoring.
• Involved in configuration of Cisco 6500 switches
• Upgrade firewalls in accordance with change management procedures.
• Gather information for specific technologies as to function and deployment configurations.
• Write technical documents describing implemented technologies and architecture.

Environment: Cisco ASA, IPsec VPN, LAN, WAN, Routing protocols, Juniper Switches and Routers, Cisco Routers and Switches.