SUMMARY

• With more than 7 years of Network Security Engineer with experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.
• Strong hands on experience on Cisco Catalyst (3550, 3750, 6500) series switches, Cisco (2500, 2600, 2800, 3600, 3800, 7200) series Routers, ASA Firewall, Load Balancers using F5 LTM/GTM, Cisco ASDM, Cisco Works, HP Open View, Tufin, Firemon, Algosec, Solar Winds, Sniffer, CheckPoint, Palo Alto Networks Firewall models.
• Experience in layer - 3 Routing and layer-2 Switching. Dealt with Nexus models like 7K, 5K and 2K series.
• Have In-depth knowledge of deploying and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, IP Routing Protocols - (RIP, OSPF, EIGRP & BGP), ACL's, NAT, VLAN, STP, VTP, HSRP & GLBP.
• Ability to work under minimal supervision, adheres to deadlines, and motivated to excel. Strong Knowledge of office365 and Office Tools such as Microsoft Word, PowerPoint, Excel and Visio.
• Experience with Bluecoat URL filtering with whitelisting, blacklisting URL’s and content filtering.
• Experience in risk analysis, security policy, rules creation and modification of Check Point Firewall VPN-1 FW-1 NGX R65, R70 & R75, R77.30, R80.10 and Provider-1/MDM/MDS.
• Involved in the integration of F5 Big-IP load balancers with CheckPoint firewalls for firewall load balancing and was responsible was troubleshooting and maintenance.
• Have very good experience on Cisco ASA 5520, 5540, 5550 and Cisco ASA 5585 with firepower module.
• Experienced in Migration from Checkpoint and Cisco ASA Firewalls to Palo Alto.
• Involved in configuring Juniper SSG-140, SRX-240, and Cisco ASA 5585.
• Daily technical hands-on experience in the configuration, troubleshooting ofJuniperSRXfirewallsas well as experience working directly with the customer in a service/support environment.
• Experience in configuring all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Worked on configuration of Palo Alto firewalls including Security policies, Application & URL filtering, Data filtering, Threat prevention and File blocking.
• In-depth knowledge in designing, implementing, configuring with best practices on NexGen IDS/IPS Firewalls such as Palo Alto wildfire, Cisco Firepower (Sourcefire).
• Handling Break/Fix situations, monitor, configure, policy creation on Checkpoint's Smart Center Server.
• Deployed Site to Site and Client to Site VPNs utilizing Checkpoint Firewall-1/VPN-1 and Cisco ASA.
• Working on network design for new next-generation VPN solution, migration from Checkpoint VPN to Pulse Secure VPN from network prospect.
• Hands on Experience in configuring F5 objects, components and provisioning various modules like LTM & GTM.
• Have experience in Intrusion Detection, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS.

PROFESSIONAL EXPERIENCE

Confidential, Bridgewater, NJ

Network Security Engineer

Responsibilities:

• Perform configuration changes on Checkpoint R77 Gaia and Palo Alto on a large scale environment.
• Proficient in researching traffic patterns to identify false-positives and/or malicious traffic within IDS, IPS, proxy (Bluecoat) and firewalls (CheckPoint, ASA, and Paloalto).
• Converted Checkpoint VPN rules over to the Cisco ASA solution.
• Support Panorama Centralized Management for Palo Alto firewall PA-500, PA-200 and PA-3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Juniper, Cisco IDS/IPS and IPSEC/SSL VPN, Load Balancer.
• Hands on creating security policy, application filters, App-ID, URL filter and threat prevention on Palo Alto.
• Install and maintain Palo Alto firewall configuration to protect secure data as part of PCI and SOX compliance.
• Perform Checkpoint and ASA firewalls design, integration and implementation of networks.
• Experience in using Smart Update, User Identity Management and Authentication in CheckPoint Firewall.
• Responsible for Checkpoint and Cisco ASA firewall administration across our global networks.
• Configure IP-SEC VPN, and SSL-VPN (Mobile Access) on Check Point Gaia based on user traffics that needs to be encrypted using Checkpoint.
• Worked in a large enterprise level data center supporting more than 1500+ network devices.
• Identified and fixed security and network loop holes in datacenter environment
• Design, Build and Implement various solutions on F5 Load balancers and F5 Global Traffic Managers (GTM), Check Point Firewalls, Blue Coat Proxies.
• Upgrading code on Palo Alto firewalls PA5050/3020 to meet company security policy
• Migration and implementation of Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080.
• Utilized application groups, SSL decryption, IPS, antivirus, anti-spyware, URL filtering, NAT, Microsoft VPN, and the Reporting features.
• Working on setup Cisco ASA 5555-X firewall on IPsec VPN, Palo Alto IPsec VPN and Global Protect VPN, and AWS VPN solution.
• Configure all Palo Alto Networks Firewall models and Panorama to manage large scale Firewall deployments
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Performing URL filtering and content filtering by adding URL's in Bluecoat Proxy SG's.
• Install and upgrade Bluecoat proxy SG (900, 810 and SG9000 series) and Proxy AV (510,810 and 1400series) Performing firewall optimization using Tufin by removing unused rule, duplicate objects, fully shadowed rules, and disabled rules.
• Working experience with Load Balancers F5 LTM like 3900, 6900, 4200V over various environments.
• Troubleshooting access control lists, port securities, server vlans, load balancing and Firewall rules. Creating Virtual IPs on F5 BigIP 6800/3400 series appliance for website.
• Installing the F5 TMOS upgrades/downgrades, Hot-fix installations depending on Business need.
• Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN, F5 Load Balancer.
• Experience with Tufin Secure Track for Usage report analysis.
• Experience of technologies including: Nexus switches (2k, 5k and 7k).
• Manage third party connections using Cisco ASA Firewalls via CSM.
• Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint NGX, VSX, Provider-1/MDM/MDS, Cisco ASA other security products.

Confidential, Austin, TX

Network Security Engineer

Responsibilities:

• Implementing security Solutions using PaloAlto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia and Provider-1/MDM.
• Configuration and administration of firewalls, which includes Checkpoint, PaloAlto, and Cisco ASA firewalls.
• Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
• Deploy, configure, and support Aruba wireless controller and AP devices globally, also a direct escalation path for all wireless issues.
• Researched, designed, and replaced Checkpoint firewall architecture with new next generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
• Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and also implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Exposure to wild fire feature of Palo Alto.
• Configuration and Maintenance of Cisco ASA, ASA 5540, ASA 5520, ASA 5510 series firewalls.
• Configure Syslog server in the network for capturing and log's from firewalls.
• Provided tier 3 support for CheckPoint and Cisco ASA Firewalls to support customers, Backup and restore of checkpoint and Cisco ASA Firewall policies.
• Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
• Manage project task to migrate from Cisco ASA firewalls to PaloAlto firewalls.
• Managing and administeringJuniperSRXand CheckpointFirewallsat various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
• Deep understanding of IDS/IPS such as Sourcefire and Foresight.
• Implementing Security Solutions inJuniperSRXand Netscreen SSGfirewallsby using NSM.
• Policy Reviewing, Audit and cleanup of the un-used rule on the firewall using Tufin and Splunk.
• Configuring and troubleshooting Site-to-Site IPSEC VPN tunnels using Cisco ASA 5540 for third party connectivity.
• Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
• Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitoring the availability.
• Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
• Worked with protocols such as Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP and TELNET.
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• Worked on VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
• Provide support to help desk for complex/major network problems. Build the rules for the application access across the IPSEC VPN tunnel
• Monitor Intrusion Detection Systems (IDS) console for active alerts and determine priority of response

Confidential - Oakland, FL

Security Engineer

Responsibilities:

• Configured, troubleshoot, and upgraded Checkpoint Firewalls which included network and/or resource access, software, or hardware problems.
• Maintained High Availability and clustered firewall environments for customers using Check Point High Availability.
• Perform Level 3-4 security implementations, vulnerability assessments and intrusion detection.
• Worked with both Checkpoint GAIA and SPLAT operating system.
• Installed, configured and maintained Checkpoint R75-R77 Gaia/SPLAT.
• Identified and removed security policies that are no longer needed to reduce Checkpoint Firewall policy lookup.
• Configured necessary routing and NAT on the Firewall appliance to communicate with the internet.
• Backup, Restore and Upgrade of Checkpoint Firewall appliance.
• Monitored Checkpoint VPN tunnel activities with Smart View Monitor and troubleshoot VPN issues with CLI.
• Optimize existing policies to improve security and performance. Identify and remove security policies that are not no longer needed to reduce CheckPoint Firewall policy lookup.
• Configure IPSec VPN on CheckPoint Gaia and troubleshoot VPN tunnel connectivity issues
• Troubleshoot and monitor Firewall traffics/issues through command-line using CLI commands, GUI interface and Smart Console (SmartView Tracker, SmartLog and SmartView Monitor).
• Analyze Logs and make necessary network reports using Smart Reporter console application.
• Network monitoring, packet captures and troubleshoot traffic passing through Firewall via logs.
• Respond to emergency outages, disaster recovery and the corporate firewall.
• Interface with vendors and service providers to ensure security is maintained and integrated into all network connectivity activities efficiently and effectively, with minimal downtime.
• Created a lab environment using VMware and Oracle VirtualBox to effectively test policies, software distribution as well as scripts prior to deployment in production
• Configured and managed VPNs, remote access solutions and perimeter security in Cisco ASA and checkpoint firewalls
• Managing Checkpoint (NGX 75) on SPLAT platform, Standalone and HA mode implementation, Hide NAT and Static NAT configuration as per clients requirement.
• Managing Juniper Firewall (SRX) configuration, VPN configuration, configuring Netting, Routing.

Confidential

Network Support Engineer

Responsibilities:

• Level II Network & Security support team on 24x7.
• Configuration and support Cisco based Routers, Switches and firewalls.
• Experience in security consulting, support and/or engineering, security architecture, planning, design and implementation of Cisco security products
• Basic Firewall Access list configurations and support.
• Primarily responsible for proactive, incident and problem management.
• Configuring switch ports for various Vlans in the network.
• Responsible for designing and securing the entire network for the India operations center, including designing of VLAN, inter VLAN routing, firewall with multiple DMZ's on Cisco PIX Firewalls.
• Cisco CSS Load balancing support for various website hosted at the Data center.
• Layer 2 and Layer 3 support using Cisco routers and Switches
• Built IPSec based Site to Site VPN tunnels between various client locations.
• Frame Relay, T1, multilinking T1, Fractional DS3, WAN troubleshooting.
• Debugging abilities at L1, L2, L3, and L4 protocols in an Internet-centric environment. Troubleshooting Active Directory, DNS, and DHCP related issues.
• Assist internal project teams by determining rules that need to be added to the firewalls and identifying the proper routing and addressing for new devices in managed DMZs
• Trouble shooting Network related problems
• Monitor bandwidth utilization, analyze traffic patterns and volume