SUMMARY

• 7+ years of experience in the planning, design, and implementation of Information Systems and Network Technologies.
• Experienced Checkpoint Firewall, Security, and Network Administrator routing and switching.
• Knowledge in planning, design, implementing and troubleshooting complex networks and advanced technologies.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R70 version, Secure Platform Installation including Gaia, VPN.
• Security policy review and configuration in Palo Alto and Junipers Firewall in US offices and Datacenter.
• Strong hands - on experience in installing, configuring, and troubleshooting of Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500 and 1800 series Routers, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Innovated with the support of Palo Alto for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
• Assist customer team with the design and placement of Palo Alto Networks devices.
• Installation, configuration, and maintenance of Palo Alto, Cisco ASA 5500, Juniper SRX Firewalls.
• Monitor and analyzenetworkthreats throughPaloAltoPanorama; run vulnerability assessment on machines with anomalous behavior, monitor firewall for incoming and outgoing threats.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall and Juniper SSG series.
• Experience in Implementing & managing Symantec Data Loss Prevention.
• Experience in implementing application security solutions
• Advanced knowledge in configuration and installation of IOS security features and IPS.
• Advanced knowledge in Cisco Switches and Routers Configurations. Configuring for Load balancing the traffic between multiple IPS / WAF devices
• Experience with upgrading SUP1 to SUP2 on Cisco Nexus 7000 Series. Experience working with Nexus 7010, 5020, 2148, 2248 devices.
• Worked with severalnetworkengineers for the understanding of Juniper SRX firewalls along with the changeover toPaloAlto(5060s) needs.
• A hands-on role, which involves installation, management, and support of globally developed extremely complex, highly available Palo Alto and Cisco ASA firewall infrastructure.
• Responsible for supporting Palo Alto firewalls and Cisco VPN firewalls.
• Configuration rules and maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Keeping track of the customer network at NOC 24x7, Prepare forecasts of network traffic and capacity, and recommend modifications to the network configurations which reduce costs or improve quality of service
• Troubleshooting the issues that were raised while upgrading the F5 LTM's from 10.2.3 to 11.3.
• Working with Juniper JUNOS on M and MX series routers.
• Successfully installed Palo Alto PA-3060 firewall to protect data centers.
• Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
• Configuring, Administering and troubleshooting the Checkpoint and ASA firewall.
• Hands-on experience on Checkpoint Firewall R77, Palo Alto and Cisco ASA 5520 firewalls.
• Extensive experience in configuring Layer3 routing and layer2/3 switching of Juniper & Cisco based J2320, MX, EX, 2950, 2960, 3600, 3750, 4500, 6500, 1700, 1800, 2600 and 3700 series routers & Switches.
• Provided application level redundancy and availability by deploying F5 load balancers LTM
• Configured IP addresses and subnet masks of workstations.
• Advanced Knowledge on PCI-DSS - Build and maintain a secure network, Configure system security parameters & Protect cardholder data at rest, Protect sensitive data in transit, Implement tools to protect against malicious software and viruses, Develop and maintain secure applications. PCI DSS aligns AIS,SDP,DISC,DSOP

TECHNICAL SKILLS

Firewall: Palo Alto PA 500/2k/3k/5k, Checkpoint R65/R70/R75/R77/Firewall-1, Cisco ASA Checkpoint NGX R65/R70/R75/R77 Installation, Juniper SRX firewall, mgmt. & dashboard Command line configuration splat, Rules based policy, Nat rules, IPS and IDS external authentication, multicast, VoIP, Smart view, monitoring, backup & recovery & Cisco ASA

Connectivity & Hardware: Cisco Routers 2900, Cisco Switches SRW 300, 1900, 2900, 3700, 4500, Cisco ASA 5500, Cisco WLC 2500, Cyberoam UTM Devices, SonicWALL UTM Devices, HP Procurve Switches, 3COM Switches, HP MSM720

Routing Protocols: RIP, RIPv2, OSPF, IGRP,EIGRP, BGP, iBGP,Static Routing

Switching Technologies: VLAN, VTP, HSRP, VRRP, GLBP, Stacking, STP, Port-fast

Network Technologies: CDP, Access Control List (ACL), Network Address Translation (NAT), Port Address Translation (PAT)

Security Technologies: IPS/IDS, Firewall, VPN, Tunneling, ASA, Palo Alto Firewall, IPSEC, GRE over IPsec, DMZ, Load Balancer F5 LTM/GTM

Wireless Technologies: 802.11 a/b/g/n, WLAN, WAP, AP, SSID

Routers: Cisco routers (7600, 9000), Juniper Routers like, M320 and MX480, MX960, J4350, J6350

Compliance management Security: Risk Analysis and Audit, PCI DSS, HIPAA, FISMA, SOX, Dodd-Frank, Can Spam

Wireless Technologies: 802.11 a/b/g/n, WLAN, WAP, AP, SSID.

Monitoring Tools: Wireshark, SolarWinds, SNMP,Syslog,Nagios, OpManager Wireless LAN SonicWALL Firewall, Checkpoint Firewall Link Aggregation Groups (LAG).

Applications: MS SQL Server 2005, MS ISA Server 2006, MS Office XP/ 2003/2007/2010 Citrix MPS, Counterpoint, MicroBiz, ManageEngineServiceDesk Plus, CommunigatePromail Server, Microsoft Exchange, NetMail, SolarWinds NPM

PROFESSIONAL EXPERIENCE

Confidential, NJ

Firewalls/Security Engineer

Responsibilities:

• Responsible for setting up the infrastructure environment with the majority of Cisco & Palo Alto appliances apart from various other equipment.
• Experience with Firewall Administration, Rule Analysis, Rule Modification.
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Implementing and troubleshooting Firewall rules in Palo Alto Pa-5000 series using Panorama, Checkpoint VSX, R75.40, R76 and R77.20 as per Business Requirements.
• Implementing and troubleshooting firewall rules in Checkpoint R75.40and R77 Gaia as per the business requirements.
• Created and maintained network maps for the Network Operation Center (NOC) using VISIO
• Deployment of OSPF dynamic routing NOC engineering network routers, previously running RIP and Static routes.
• Providing WAF services to provide application-level security by adding WAF services.
• Experience converting Cat OS to Cisco IOS on the Cisco 6500 switches.
• Design and administer multi-domain Active Directory environments.
• Communicate effectively throughout the incident management process to ensure that all communications are timely and accurate.
• Creating user accounts, administrators, defining user groups and authentication in Provider-1/MDM/MDS.
• Experience working on Juniper based Mx series router, SRX 220 firewall.
• Creating a DR environment for firewall devices in the networking.
• Oversee and manage desktop deployment and perform maintenance in traditional and virtual environments; ensure top tier support in administration, monitoring and troubleshooting of Exchange 2003 and greater, Windows 2003/2008 and Active Directory.
• Configuring VLANs, Self IP's& Routes on F5 load balancers.
• Providing technical security proposals, security presentation, installing and configuring Checkpoint and Palo Alto firewalls, VPN networks and redesigning customer security architectures.
• Designing, Implementing and Troubleshooting Cisco 3750, 3550, 3560, 2924, 6509-V-E, 6513, 6504, 6503, 6506, 6500 series switches, GSR, ASR routers with Cisco IOS and IOS-XR
• SSL offloading on F5 LTM's worked on both the server SSL profiles and client SSL profiles.
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Nexus 7k, 5k, and Catalyst 6500 switches.
• Responsible for IMS (Incident Management System), an application for reporting issues.
• Used F-5Load balancers to increase capacity (concurrent users) and reliability of applications.
• Deliver best practices guidance for managing Palo Alto Networks firewalls.
• Installation, configuring of checkpoints firewall and updating checkpoints software.
• Configuring and designing VPN rules for Net Screen VPN Box and Checkpoints Firewall.
• Working with Checkpoint Support for resolving escalated issues.
• Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.
• Enabled STP attack mitigation (BPDU Guard, Root Guard), using MD5 authentication for VTP, disabling all unused ports and putting them in unused VLAN and ensuring DHCP attack prevention where needed.
• Experience with deployment of Fibre Channel over Ethernet (FCoE) between the Data Centers using Nexus 5548P Switch.
• Installing of NOC Network Operation Center monitoring server to establish a 99.9 uptime standard.
• Application (Layer 7) Firewall. Configuring RIP, OSPF and Static routing on Juniper M and MX series Routers.
• Extensively working with Authorization Information System to research current authorizations and debug authorization problems based on the incident in the HPSC Ticketing Tool.
• Developed and executed datacenter migration plan for all managed security services such as firewalls, IDS, VPNs and authentication servers with no impact on production environments.
• Data center consolidation and migration of network and applications by migrating the F5 LTM.
• Implemented F5 GTM configurations with adherence to company global IT and InfoSec standards and industry best practices.
• Managing user accounts using Active Directory.
• Migrated Distribution switches from cisco 6509 to Nexus 7010
• Responsible for Change Implementation, Incident Management, and Problem Management
• Reviewing & creating the FW rules and monitoring the logs as per the security standards in Checkpoint and Net screen Firewalls.
• Execute the Incident Management process tasks in adherence with global and local requirements
• Configured Telnet client and server, SSH client and server on a network, Generated cryptographic RSA key in place of plain text authentication for SSH access.

Confidential, Minneapolis, MN

Network Security Engineer

Responsibilities:

• Responsible for troubleshooting issues, configuring new rules, and also assisting with any technical design issues that arise during this time.
• Responsible for troubleshooting network, VPN and firewall problems, specifically Checkpoint GAIA and Cisco ASA.
• Design and configuring of OSPF, BGP on Juniper Routers (MX960, MX480) and SRX Firewalls(SRX240, SRX550)
• Implement security policies using ACL, IPSEC, SSL, VPN on ASA … AAA, ACS ISE/Dot1x.
• Worked on Cisco Routers, Switches, Juniper SRX/SSG Firewall, NSM, SPACE, Checkpoint NOKIA Firewalls, NAT and ACL's.
• Creating VPLS connection between H and NE40's depend on customer services such as (Internet, VoIP, L2vpn, L3vpn, Ibgp and Ebgp)
• Implementation of Cisco ACS server & integration with RSA for two-factor authentication
• HP Open View Service Center (HPSC) ticketing system
• Worked on Disaster Recovery (DR) test plan and build an IPSEC tunnel site to site.
• Advanced knowledge, design, installation, configuration, maintenance and administration of Checkpoint Firewall R55 up to R77.
• Configured layer 2 and layer 3 Switch port, L3 router interface, VLAN interface, VRRP on cisco and juniper devices.
• Rollout of RSA 6.0 Ace Server and Client for Windows Logon & VPN Authentication
• Deployment of WAF (F5 ASM) policies, including conducting learning phase and managing the transition to blocking; web application reconnaissance and penetration testing; deployment of customized protections to mitigate the specific threat.
• Worked as a member of and involved in troubleshooting LAN/WAN issues
• Worked with a dynamic team for the largest Managed Security Service Provider in the US market Architect, deploy, and maintain network security technologies on hundreds of firewalls, especially Cisco PIX/ASA firewalls
• Configured EBGP load balancing and ensured the stability of BGP peering interfaces.
• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server running on Secure Platform.
• Involved in providing higher technical support to NOC and other operation teams regards to IP/MPLS infrastructure.
• Real-time monitoring and network management using Cisco Works LMS.
• Migration of applications from Cisco ACE to F5 LTM
• Involve in WAF F5 technology maintenance and network design.
• Installation & Configuration of Windows 2000 with Active Directory.
• Configuring and troubleshooting site to site tunnel VPN on Cisco ASA Firewall.
• Configuration of all kind of NAT setup on Cisco ASA/Checkpoint firewalls.
• Worked on the migration project of Juniper SSG to Juniper SRX firewalls.
• Installation, configuration, maintenance & troubleshooting of Cisco ASA 5500 and Cisco PIX Firewall 500.
• Configuration 7609, 7606 with OSPF and 6505, 4500, 3550 switches with various VLAN.

Confidential, Union, NJ

Network/Security Engineer

Responsibilities:

• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
• Configured and installed new Branch network systems. Resolved network issues, ran test scripts and prepared network documentation.
• Deployment of enterprise firewalls (Cisco ASA, Check Point) in production environments.
• Configuring Firewalls such as Cisco ASA and Checkpoint Firewall.
• Configured policies on checkpoint Firewall and involved in resolving production issues.
• Installation & configuration of Cisco VPN concentrator 3060 for VPN tunnel with Cisco VPN hardware & software client and PIX firewall.
• Configured, upgraded, and troubleshoot Cisco, Sourcefire, and Checkpoint firewalls and IPS sensors for various customers and oversaw configuration backups and signature pack deployment.
• Planning and implementation of IP addressing scheme using Subnetting and VLSM.
• Contributed in Configuring VLANs on multiple catalyst switches performed troubleshooting on TCP/IP network problems, Administered Frame-Relay and networks and also assisted in configuring ACL & NAT through CLI.
• Modified OSPF costs of the links to divert traffic to reduce the delay and bandwidth consumption across the links.
• Performed migration from Cisco catalyst switches to Nexus switches.
• Configuring access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration.
• Responsibilities also include technical documentation of all upgrades done
• Attending meetings and technical discussions related to the current project.

Confidential

Network Engineer

Responsibilities:

• Having Data Center Design Experience, installing and Configuring Network Devices in a Data Center including patching the cables in the Patch Panel.
• Design and implemented network infrastructure and configured the entire network Infrastructure devices including Network Printers and Register.
• Hands-on experience in the network management of circuits using TDM and Frame Relay network, performing, configuration and provisioning management, fault management and performance monitoring.
• Deployed Wireless network in the wide cooperate area and using Active directory for the users access management and Cisco ACS
• Experience working with Cisco IOS-XR on the ASR9000 devices for MPLS deployments.
• Experience with migrating from OSPF to BGP WAN Routing protocol.
• Implemented Site-to-Site VPNs over the internet utilizing 3DES, AES/AES-256 with PIX Firewalls.
• Network Redesign for Small Office/Campus Locations. This includes changes to both the voice and data environment.
• Installation and Configuration of Cisco Catalyst switch 6500, 3750 & 3550 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy It also includes the configuration of the port channel between core switches and server distribution switches.
• Experience with setting up MPLS Layer 3 VPN cloud in the data center and also working with BGP WAN towards the customer.
• Monitoring customer network (Internet, VoIP, L2vpn, L3vpn, IBGP and EBGP).
• Giving support and configuring Cisco Routers such as 800, 2801, 2850, 2950
• Support featuring 20+ Cisco backbone GSR 12000, 100+ Cisco 7500, 3660 and 2600 series routers and Cisco's multilayer 6500 and 5000 series switches at the Data Center core and Enterasys switching and hubs at premise LAN locations.
• Experience with moving data center from one location to another location, from 6500 based data center to Nexus-based data center.
• Experience in communicating with different customers, IT teams in gathering the details for the project.
• Configuration 7609, 7606 with OSPF and catalyst 6505, 4500, 3550 switches with various VLAN.
• Performed Migration of RIP V2 to OSPF, BGP routing protocols
• Create and test Cisco router and switching operations using OSPF routing protocol, ASA and MPLS switching for stable VPNs.
• Installing new equipment to RADIUS and worked with MPLS-VPN and TACACS configurations.
• Installing and maintaining local as well as network printers.
• Validating existing infrastructure and suggesting new network designs.
• Redesign of Internet connectivity infrastructure for meeting bandwidth requirements.
• Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
• Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.
• Configuration and troubleshooting of Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
• Experience in WAN technologies like T1/T3, DS3, STM1 and STM4 circuit types.
• Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management, and operations support as required.
• Troubleshoot and fix any backup and monitoring systems related issues in conjunction with Systems team and external vendors.