SUMMARY:

• 7+ Yearsof extensive hands on experience in Network and Security engineering and Network Infrastructure.
• Strong understanding and experience of Firewall on various platforms.
• Configuration, troubleshooting Checkpoint Firewall using R77.
• Extensive experience in Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next - Generation Firewalls R65, R70 & GAIA R77.30, Palo Alto Next-Generation firewalls, Bluecoat proxies and Confidential ASA/PIX.
• Advanced knowledge in Confidential ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS, security risk analysis, attack mitigation & penetration tests based on LPT methodology.
• Experienced with Confidential routers and switches, and a good understanding of IP sub netting and routing such OSPF and BGP. Knowledge of Server Maintenance, including establishing Security Protocols,Configuring Network, and Troubleshooting Problems.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
• Responsible for installation, troubleshooting of Checkpoint firewall and LAN/WAN protocols.
• Identify the firewall rules for the given IP/network using Tufin Analysis.
• Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices using IKE pre-shared keys, 3DES and MD5.
• Designing and deploying EIGRP, OSPF, BGP, MPLS-VPN protocols and routing technologies for connecting data centre to remote locations.
• Configuration of Interior Gateway protocol (IGP's like RIP, EIGRP, OSPF) and Exterior Gateway Protocol (BGP).
• Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
• Implementation and configuration of GLBP/HSRP on multilayer switches for first-hop redundancy.
• Worked on F5 BIG-IP LTM 8900, iRules, configured profiles, provided and ensured high availability.
• Worked on F5 and CSM load balancers deploying many load balancing techniques with multiple components for efficient performance.
• Exceptional ability to grasp and master new technologies quickly and easily.

TECHNICAL SKILLS:

Confidential Routers: Confidential GSR 12416, 12418, Confidential 2921, Confidential 3640, 3600.Redundancy and management HSRP, RPR, NSF/NSR.

Network Configuration: Advanced switch/router configuration ( Confidential IOS access list, Route redistribution/propagation).

Routing Protocols: IGRP, EIGRP, OSPF, BGPv4, MP-BGP.

WAN Protocols: HDLC, PPP, MLPPP, WAN optimization.

Load Balancer: Confidential CSS, F5 Networks, Security with Checkpoint and ASA’s

Packet Switched WAN: ATM, FRAME RELAY, MPLS, VPNs

Security Technologies: Confidential ASA Firewalls, IPSEC & SSL VPNs, IPS/IDS, DMZ

Setup, CBAC, Confidential NAC, ACL, IOS Firewall features, IOS Setup.:

Physical interfaces: Fast Ethernet, Gigabit Ethernet, Serial, HSSI.

Layer 2 technology: VLAN, VTP, VMPS, ISL, dot1q, DTP, Spanning-tree, PVST

Layer 3 Switching: CEF, MLS, Ether Channel.

Switches: Catalyst 6500, MSFC, MSFC2, 7600, 3700, 3500.

PROFESSIONAL EXPERIENCE:

Confidential

Firewalls Engineer

Responsibilities:

• Responsible for support of network security and network devices such as a routers, and wireless access points.
• Researched, designed, and replaced aging Confidential ASA firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
• Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Confidential ASA 5540 and Palo Alto firewalls for the client environment.
• Implementation and Design worked on upgrading the PAN-OS and Port open Requests on the Palo Alto devices.
• Software Upgrade for Palo Alto Devices and Integrating of Active Directory/LDAP with Palo Alto Next Generation Firewalls.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
• Responsible for installation, troubleshooting of Checkpoint firewall and LAN/WAN protocols
• Managed McAfee ePO, including configuration, maintenance and troubleshooting.
• Responsible for managing Network & Security Engineering implementation
• Firewall Policy administration and work with user requests submitted by users
• Worked on software blades of checkpoint firewall
• Prepared technical documentation of configurations, processes, procedures, systems and locations
• Working with different teams to gather info for the new request and troubleshoot for any connectivity issues by capturing traffic using TCPDUMP and smart view tracker.
• ManagingF5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
• Worked on F5 GTM Load balancer, IDS/IPS, Bluecoat proxy servers and Administrating.
• Configured with F5 Load balancers in Failover for Load balancing and SSL handling
• Configured F5 BigIP to provide Load Balancing for server farm.

Confidential - Richardson, Texas

Network Security Engineer

Responsibilities:

• Complete renaming of all firewall objects and rules.
• Review and optimize firewall rules using Secure Track TuFin tool and firewall audit reports
• Daily responsibilities included design, implementation, support and administration of multiple security products running CheckPoint Provider-1 and VSX, SourceFire, and ISS Realsecure
• Provide best practice security consulting for multiple compliance initiatives, with a focus on highly resilient solutions
• Primary responsibility for the Core Security of the Network. Managing the entire Network Security Products deployed in the network such as Checkpoint (GAIA R 75.40/77.20 ), Confidential ASA (5510/5520/5550 )
• ManagingF5 BigIP Load balancers, Blue Coat Proxies and Riverbed WAN Optimizers
• Worked on F5 GTM Load balancer, IDS/IPS, Bluecoat proxy servers and Administrating.
• Configured with F5 Load balancers in Failover for Load balancing and SSL handling
• Configured F5 BigIP to provide Load Balancing for server farm.
• Implemented and managed SSL VPN using Radius server ( Confidential any connect) on ASA 5550.
• Experience working with Confidential 3750, 4948, 2811, 2600, 7200, 6500, 12000, 10000 series switches and routers.
• F5 BIG-IP GTM/LTM, Bluecoat (Proxy SG and CAS), Riverbed Steelhead CX/EX/CMC
• Responsible for Checkpoint and Checkpoint Firewall administration across global networks.
• Implemented ADCF5LTM and GTM hardware platforms design and deployment implementation guidelines, DMZ Network infrastructure policies, LTM Inbound SNAT configurations and outbound NAT server to IP mapping processes.
• Managed Confidential 5500 Series controller. Deployed APs as necessary. Configured Confidential 1242 wireless bridges with line-of-site antennas.
• Configured/ administered/ deployed several Confidential 6500 series switches.
• Implemented and administered Web Sense Web Security Gateway for web content filtering and DLP.

Confidential - Wayne, PA

Network and Security Engineer

Responsibilities:

• Remediation of firewall rules from Confidential ASA to checkpoint firewalls and their implementation.
• Adding and modifying the servers and infrastructure to the existing DMZ environments based on the requirements of various application platforms.
• Managed corporate Checkpoint Firewall management and operation and implementing security rules and mitigating network attacks.
• Responsible for Confidential ASA firewall administration across our global networks.
• Implementing and troubleshooting (on-call) IPsec VPNs for various business lines and making sure everything is in place.
• Worked on Bluecoat proxy to optimize WAN performance by analysing and scanning malwares to protect the Infrastructure.
• Configure Access policy manager (APM) to provide support for AAA servers and configure as required.
• Troubleshooting and documenting the L2 connectivity issues.
• Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment on Checkpoint R70, R75 and ASA 5520, 5540 firewalls.
• Installed redundant BigIP F5 LTM and GTM load balancers to provide uninterrupted service to customers.
• Experience in Installing and configure theVMwareNSX appliances for a setup includingVMware vSphere,VMwareNSX and openstack.
• Advise on projects needed to enhance performance of the network as well as the research, analysis, design, planning, and implementation of these enhancement projects.
• Apply project management skills to complete assigned projects within the project timeline.
• Plan and document the network inventory and maintenance procedure along with lifecycle management of these devices.
• Develop and assist in projects for replacement and upgrade of devices which are EOL.
• Emulate Production Network in Lab to test the network recommendations and document the result for further analysis. Document the procedure to perform the upgrade/replacement of devices.
• Work with Data Center Operations to perform the replacements in scheduled maintenance windows.

Confidential

Network Admin

Responsibilities:

• Installed and tested Confidential router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Involved in configuring and implementing of Composite Network models consists of Confidential 3750, 2620 and, 1900 series routers and Confidential 2950, 3500 Series switches.
• Implemented various Switch Port Security features as per the company's policy.
• Installed and tested Confidential router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
• Managed the IP address space using subnets and variable length subnet masks (VLSM)
• Provided technical support on hardware and software related issues to remote production sites.
• Involved in effective communication with vendors, peers and clients in resolution of problems, equipment.
• Performed the tasks of developing and maintaining procedures for backup and recovery, virus scanning and access control.
• Figure and manage printers, copiers, and other miscellaneous network equipment.
• Worked on Riverbed devices for WAN bandwidth Optimization in the data centers for the sensitive marked data applications
• Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.
• Defined and tracked project progression via MS Project 2003
• Implementation and Troubleshooting, DMZ Implementation and Troubleshooting.
• Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation.
• Involved in all technical aspects of LAN and WAN projects including, short and long term planning, implementation, project management and operations support as required
• Configuration of rule base for traffic management and overlapping encryption