SUMMARY

• 7+ years of experience in Networking, widely in Network Security Products and Firewalls (Checkpoint, Palo Alto and Cisco ASA)
• Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
• Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point R65, R70 & R77, Palo Alto and Cisco ASA.
• Configure all Palo Alto Networks Firewall models (PA - 2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Knowledge on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M, ISG 1000, ISG 200 and Cisco PIX 535, 520, 515, ASA -5500 and 5505.
• Knowledge in IPsec, Juniper SA Remote Access VPN and Juniper SA SSL VPN in a dual-factor integration.
• Configuring site to site and clients to site VPN tunnels through multiple Cisco VPN concentrators and Checkpoint firewalls, and maintaining access policies for remote users.
• Experience insecuritysolutions with products from Cisco (routers, switches, ACS); Juniper (Firewall); PaloAlto Networks(PanOS); NetApp (SAN &Snap Manager); Symantec (SEP & SEPM); McAfee (all products); Web Sense
• Configuration and maintenance of Checkpoint NGX R61, R65, R70, R75.
• Knowledge in Juniper M Series & Juniper MX Series.
• Worked on Network & Security Manager (NSM), Juniper Space and, STRM, Juniper UAC, Juniper Pulse.
• Configuring, Administering and troubleshooting the Checkpoint and ASA firewall.
• Monitoring and troubleshooting traffic through Smart View Tracker.
• Advance knowledge of routing and switching protocols to include security policy setup, threat protection (IDS/IPS)
• Experience in F5 Load Balancing
• Configured IP addresses and subnet masks of workstations.
• Responsible for the network equipment maintenance and deployed upgrades to customers LANs, WANs and wireless networks.
• Knowledge of Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Providing support and troubleshooting the network Problem for the client.

TECHNICAL SKILLS

Cisco Routers: 2600, 2900, 3600, 3800, 7200 and 7600

Cisco L2 & L3 Switches: 2900, 3560, 3750, 4500, 4900, 6500, Nexus 5K/7K

LAN Technologies: Ethernet, Fast Ethernet, and Gigabit Ethernet, SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.

WAN Technologies: Frame Relay, PPP, HDLC, (E1/T1/E3T3), DS3, OC192.

Network Security: Cisco ASA, ACL, IPSEC, Juniper SRX.

OS products/Services: DNS, DHCP, Windows (2000/2003/2008 , XP), UNIX, LINUX.

Routing Protocols: RIP v1/v2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.

Gateway Load Balancing: HSRP, VRRP, GLBP

Various Features / Services: IOS and Features, IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, TFTP and FTP.

Network Management Tools: Wireshark, Netflow Analyzer, Cisco Works, Ethereal, SNMP, HP open view, Ethereal.

Security Server Protocols: TACACS+, RADIUS

Facilities: DS0, DS1, DS3, OCX, T1/T3

Load Balancers: Cisco CSM, F5 Networks (Big-IP) LTM 8900, Cisco ACE 4710.

Firewall & Security: Checkpoint, Cisco ASA, Palo Alto, ASA 5505 Firewall, Juniper Net Screen firewall

PROFESSIONAL EXPERIENCE

Confidential - Minneapolis, MN

Sr. Firewall Engineer

Responsibilities:

• Convert Checkpoint VPN rules over to the Cisco ASA solution. Migrated and upgraded Checkpoint Firewall.
• Worked with Checkpoint Firewall policy provisioning.
• Configuring site to site and clients to site VPN tunnels through multiple Cisco VPN concentrators and Checkpoint firewalls, and maintaining access policies for remote users.
• Worked on S2S VPNs Implementations, Providing support for Checkpoint R77 .40 with GAiA and SPLAT.
• Configure network hardware (Cisco routers, switches, VPN gateways, firewall, IDS/IPS, etc.), software, and links (IP VPN, Internet, etc.).
• Experience in network testing tools such as SolarWinds, Wireshark and netflow.
• Configured Routing protocols such as RIP, OSPF, EIGRP, static routing and policy based routing.
• Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
• Responsible for Design and Implement Security, Network and Monitoring System Infrastructure utilizing Fortinet Technology for customers.
• Performed network engineering, design, planning LTM & GTM load balancing implementation and scheduling infrastructure related tasks by coordinating with other teams
• Worked with Symantec tools like DLP, DCS and Endpoint Protection.
• Using Smart Update, User Management and Authentication in Checkpoint Firewall.
• Worked on configuring, managing and supporting Checkpoint Gateways.
• Designing and Setting-Up the SPLUNK Architecture in the organization and Writing SPLUNK Queries.
• Regularly performed firewall audits around Checkpoint Firewall-1 solutions.
• Checking the connection establishment status, also the failover status and the VPN Phase 1 and Phase 2 issues.
• Experience in Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL/VPN.
• Upgrading and downgrading OS on Cisco firewalls, Cisco Routers, Cisco Switches, F5 LTM and F5 GTM

Environment: CenturyLink Internet Service Provider Network with Cisco hardware platforms of ASR9K, CRS-1, c7600, c7500, c7200, c3750 etc. Routing Protocols of ISIS, OSPF, BGP, MPLS, F5 Load Balancing, Nexus, Switching Protocols (VTP, STP, GLBP, and HSRP).

Confidential, NC

Network Security Engineer

Responsibilities:

• Design, Implementation, and support of Checkpoint Security Gateways and manage them through Provider-1/MDS.
• Drafted and installed Checkpoint Firewall rules and policies.
• Configure CMA’s based on the segment (Non-prod / Prod / QV/ Extranet / VPN) etc.
• Build Checkpoint Security Gateway from Scratch and set up in High Availability.
• Work with Cisco AnyConnect as a SSL VPN solution for remote users with data encryption.
• Experience building firewalls, mainframes, and UNIX based platforms Confidential the data center and implementing the initial policies, configuring NAT, Routing etc.
• Creating Virtual Servers, Nodes and Pools on BIG-IP F5 in LTM module.
• Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability
• Knowledge in implementing and configuring F5 Big-IP LTM-6400 load balancers
• Configure Clustering Active/Standby using ClusterXL and troubleshoot any sync issues
• Firewall Policy Provisioning using Change management procedures. (ITIL based approach)
• Export Firewall configurations including objects and policies using checkpoint web visualization tool
• Day to Day operational support for user requests being submitted through Service Manager ticketing system.
• Deploying Firewall Policies in a distributed environment with hundreds of Security gateways.
• Experience working with Checkpoint Gaia R77.10, R76, R75.47 and R75 and Checkpoint Hardware
• Experience working with Palo Alto firewalls managed through Panorama management platform.
• Perform Security gateway and Smart Center upgrades and ensure the Smart center has the highest package (follow Checkpoint recommendation).
• Configure and tweak Checkpoint IPS Blades for false positives, alerts and threat analysis.
• Configure and troubleshoot Checkpoint software blades such as Identity Awareness
• Installation and configuration of Cisco ASA Firewalls including X series 5585X running 9.1 IOS.
• Configure High Availability using Active/Standby mode with stateful replication.
• Configure Active-Active failover in Multiple Context Mode ASA
• Implementation experience on IPsec Site to site and Remote access VPN (ANYCONNECT) on ASA.
• Firewall Policy provisioning on ASA using Cisco Security Manager CSM 4.x
• Packet tracing to validate if firewall will allow the access, has NAT and routing rule in place.
• Packet Capturing on ASA and exporting it to Wireshark.
• Configure and support Intrusion Detection System/IPS using Cisco AIP/SSM Modules as well as IDSM Modules on Cisco Switches and Firewalls.
• Monitoring customer network for malicious activity, review, validate and address severity alerts from customer managed object.
• Experience working with multiple projects simultaneously.

Environment: Cisco routers (7200,3900,2900) and Cisco switches (6500, 3700, 3500), Nexus (7K, 5K & 2K), EIGRP, Switching protocols (VTP, STP, GLBP, HSRP), Cisco PIX (525, 535), F5 Big-IP, ASA(5505, 5510) firewall

Confidential - Middletown, NJ

Security Engineer

Responsibilities:

• Network Designing, Deployment, Configuring, Testing and Troubleshooting for Data Center and ISP. Security Systems Software Development; Designed, developed, and deployed custom data collection, monitoring, and configuration validation software for critical security and network infrastructure.
• Replacement of Juniper SRX 5800 Firewalls with Checkpoint Firewalls
• Complete rename of all firewall objects and rules and upgrade of Checkpoint firewalls.
• Responsibilities included design, implementation, support and administration of multiple security products Checkpoint Provider-1 and VSX.
• Responsible for managing the security tools such as Checkpoint Firewall, RSA Security
• Designing and establishment of the VPN environment for partner connectivity.
• Design and creation of firewall diagram using MS-Visio.
• Decommission and migration of the partner VPN tunnels to the new environment.
• Troubleshooting of network connectivity and established firewall rules.
• Migration of firewall rules from CISCO ASA to Checkpoint.
• Automate the process of vulnerability management and policy compliance across the enterprise, providing network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk.
• Install and maintain security infrastructure, including Firewall, IDS/IPS, log management, and Security Information Event Management tools.
• Perform operating system, network and application vulnerability assessments to identify security exposures in the environment.
• Configuring rules and maintaining Palo Alto Firewalls & Analysis of firewall logs.
• Document and perform system upgrades, regular product updates, emergency patch applications, and define monitoring requirements.

Environment: Cisco routers (7200,3900,2900) and Cisco switches (6500, 3700, 3500), Nexus (7K, 5K & 2K), Routing Protocols (EIGRP, OSPF, BGP),Switching protocols(VTP,STP,GLBP,HSRP), Cisco PIX(525, 535), ASA(5505, 5510) firewall

Confidential - Warren, NJ

Network Data Engineer

Responsibilities:

• Installation and Configuration of Cisco Catalyst switches 6500, 4500, and 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
• Working with MPLS Designs from the PE to CE. Experience with designing and deployment of MPLS Traffic Engineering.
• Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
• Design and deployment of MPLS QOS, MPLS Multicasting per company standards.
• Installed and configured four PIX 525 and two ASA 5520 in customer locations. In addition to that, two PIX firewall configured for the Guest access.
• Managing health check of Network devices this is involves upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configuration.
• Installation, Configuration and Administration of ADS, DNS, DHCP and Web Proxy (ISA) server.
• Router/ Microsoft VPN Server in order to access certain limited network resources from customer locations.
• Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 6500 series and 2800 series router.
• Created engineering configuration, Security Standards, documenting processes and Network documentation using Microsoft Visio.
• Document and followed the change process as per IT policy, it also includes the configuration of port channel between core switches and server distribution switches. Experience working with Network management software NSM.
• Configuration and extension of VLAN from one network segment to other network segment between different vendor switches (Cisco, Juniper).
• Taking Regular backups & testing the backups by restoring in test lab frequently.
• Upgrade Cisco Routers, Switches and Firewall (PIX) IOS using TFTP.
• Manage Cisco Routers and troubleshoot layer1, layer2 and layer3 technologies for customer escalations.
• Configuring RIP, OSPF and Static routing on JuniperM and MX series Routers.
• Configuring VLAN, Spanning tree, VSTP, SNMP on EX series switches.
• Experience with deploying Fabric Path using Nexus 7000 Devices.
• Experience with configuring OTV between the data centers as a layer 2 extension.
• Experience with configuring FCOE using Cisco Nexus 5548.
• Weekly based rotational call support to customer.

Environment: Cisco Routers series (2800, 3800, 7200) and switch series (2800, 3750, 3550, 4509E, 6509E), NX-OS 7k, 5k & 2k, Cisco PIX (525, 535), ASA (5520) firewall, Routing Protocols (EIGRP, OSPF, BGP), Switching protocols (VTP, STP), Site to Site VPN, Remote Access VPN, Cisco VPN 3000 Concentrator, Cisco ACS 4.x