● Around 10+ years' experience as Security and Network Administration
● Deployed New Palo Alto Firewalls using Vwire and Layer 3 modes.
● Experience with Palo Alto, Checkpoint, Cisco ASA, Juniper SRX, FWSM, SSL VPN (SA VPN) firewalls.
● Worked on firewall administration cleaning rules, Change port rules to application rules and Tags.
● Worked on Network Segmentation moving firewalls from one place to other place and protect all networks and move behind the firewall.
● Worked on firewall migrations. Migrating Cisco ASA firewalls to Palo Alto firewalls using Palo Alto expedition tool.
● Worked on tools like remedy and Infoblox to maintain the networks and assets.
● Worked on Network Security policy management and Firewall management and Network Audits using Tufin.
● Worked on Dynamic updates and Software updates for Palo Alto Firewalls from 8.0.0 to 8.0.14.
● Configured High availability on the firewalls and test the failure conditions and recorded.
● Participated in design and draw current and proposed network design implementations using Visio's.
● Monitored and troubleshoot firewall logs using Qradar and verify the traffic in Palo Alto Firewalls.
● Work involves scheduling firewall policy provisioning and working with users to identify connectivity related issues and troubleshoot using palo Alto CLI.
● Provided support and troubleshoot for Low, Medium and High NERC-CIP classified firewalls, which Includes various Cisco ASA firewalls and Palo-Alto firewalls.
● Used DIGI's in some deployments.
● Experience with Bluecoat Proxy, F5 Load balancer LTM and GTM.
● Proven analytical, decision making, and problem-solving abilities.
● Work with geographically distributed teams. Skilled to formulate enterprise frameworks, strategies roadmaps, re-engineering process and cross functional integration.
● Ability to handle multiple projects along with supporting Business as Usual activity.
● Hands on experience in planning, designing, implementing and managing Microsoft Technologies - MS-SCOM 2007R2, MS-Hyper-Virtualization & SCVMM, Terminal Web Server & Terminal Gateway Server, IIS Server, ISA Server, MS-Clustering.
● Have good skills in configuring and monitoring NLB load balancer.
● Extensive Experience in configuring, managing of Web Servers and SQL Servers in NLB and Clustered Environments.
● Experience in supporting multiple Internal/External websites on IIS 5.0/6.0/7.0/8.0/8.5/10.0 on multiple server environments using various techniques (like multiple VIPs, ports and host headers).
● Risk Management analysis, Weekly Status calls, interacting with Management to provide weekly support.
● Good Experience in writing power shell scripts.
Cisco PIX, ASA, FWSMs, Cisco VPN Concentrator, Fortigate, Nokia Checkpoint Firewall, Nortel Contivities, Juniper NetScreen Firewall, Palo-Alto Firewall
Packetshaper, Solar Winds, HPOV, Wireshark, InfiniStream Sniffer, Ethereal, VitalNet, CiscoWorks, NetQoS, SOCKS, ASPEN, STRM, Spectrum, e-Health, Palo-Alto Panorama
RIP, EIGRP, OSPF, BGP, MPLS
Site-to-Site & Client-Server IPSec VPN, GRE Tunnel, SSL VPN, MPLS over Ethernet, DMVPN, MS-SCOM 2007 R2, MS Hyper-Virtualization, IIS, MS-ISA, MS-Clustering, DNS, SMTP
Cisco Routers, Switches, Wireless Aironet Router, Motorola Routers, Atrica L2/L3 Switches, IBM Blade Center Switches, Cisco Load Balancers (ACE, CSS, CSM), Lucent Access Point, Multitech Audio Box, Safeline Encryptor, Proliant Server, HP Blade Server
● Working as Network Security Engineer on Network Infrastructure delivery team focused on network security infrastructure including Palo Alto, Check Point and Cisco ASA firewalls, LTMs, GTMs and Cloud infrastructure based on AWS.
● Design and Maintain Network security policies and B2B VPN tunnels for IAM infrastructure over Checkpoint, Palo Alto and Cisco ASA infrastructure implemented across multiple security control domains.
● Firewall Policy provisioning on PAN devices using PANORAMA MGMT platform.
● Troubleshoot security policy, High Availability, Global Protect on PAN devices.
● Configuring Palo Alto Firewalls with multiple zones based on traffic segregation requirements.
● Configuring and support different types of NAT on PAN devices. Source/Destination based NAT
● Understanding of Management Plane and Data Plane on Palo Alto NG Firewalls
● Work with App-ID for application visibility and URL Filtering on Palo Alto devices
● Firewall policy optimization and rule base clean up on PAN devices using Tufin Secure Track
● Perform Upgrade of PAN OS on Palo Alto Firewalls from 7.x to 8.x
● Security Policy configuration and Policy administration on Palo Alto firewalls
● Configure Panorama for Shared Policy and Reporting as well as log collection
● Work with Palo Alto IPS tweaking false positives and update the security profile configurations
● Migration of Check Point policies to Palo Alto Polices.
● Design and Maintain multi domain, cross datacenter, globally load-balanced infrastructure with traffic management and optimization over F5 BigIP LTM and GTM.
● Created iRules on F5 BigIP LTMs for manipulating traffic, custom protocol profiles based on the need of application, custom monitors to for monitoring services on pool members. Created custom SSL profiles for SSL offload and managed certificates and keys on the device.
● Troubleshoot various network and system issues and collaborate with internal customers and outside vendors to resolve complex problems and optimize existing design.
● Ongoing Migration of critical and resource intensive applications with configuration across multiple datacenters to AWS cloud in different Availability Zone for scalability and redundancy and in multiple Regions for Geographic redundancy.
● Design, build and maintain infrastructure on AWS across multiple availability zones and multiple regions.
● On AWS Cloud infrastructure I have Designed and Implemented Security Groups for different applications on different VPCs. Create subnets and assign NACLs. Use Elastic Load Balancer to load balance multiple EC2 instances over multiple Availability Zones with SSL certificates on Certificate Manager for SSL termination.
● Created, Updated and Maintained AWS Routing table of different VPCs based on the requirements.
● Created and maintained NAT Gateways and Peering connections on AWS.
● Performed DNS management over different Hosted Zones on Route 53 service of AWS. Created and updated different record sets of type A and CNAMEs and associated Health check linked with CloudWatch Alarms.
● Created Cloud Formation Templates for automation of application deployment which makes it easy for scalability and rehydration of EC2 instances.
● Work in collaboration with architect to develop and administer disaster recovery plan for on-premise and cloud infrastructure.
● Technical Documentation and Visio Diagrams for all the above technologies for peering training and review.
● All the work done is accomplished with Agile workflow using Kanban on Jira and an accurate ITIL process of Change management using HP Service Manager.
● As part of Network Security Engineering team, I was responsible for Internet and Extranet segment of the hosted environment in the data center for multiple clients and responsibilities include: Installation Configuration and Troubleshooting of Cisco ASA Firewall in the network. The ASA Series include ASA 5585x, 5520x, 5510 and 5505 (remote sites) running 9.0(2) IOS. Also, configuration and management of Checkpoint Security gateways and F5 Big IP LTM.
● Perform Advanced NAT including Policy based Static, Dynamic and Identity NAT as per the requirement between various zones on the firewall
● Document and verify current Firewall rules
● Assist with new firewall design and implementation, including proposed implementation changes and a written project implementation
● Work on decommissioning plan following current change management process
● Convert and implement rules on new firewall following all change management procedures
● Configure stateful Failover of firewalls (Active/Active & Active/Standby) for high availability.
● Troubleshooting of traffic using Packet Capture and analyze using Wire shark
● Simulate traffic through firewall using Packet Tracer and validate it against NAT, Routing and ACL.
● Use Policy based framework for application inspection configuration.
● Configuring IPsec site to site VPN tunnels with endpoints at truck station and regional offices ASA 5510 Headquarter endpoint
● Design, Implementation and support of Checkpoint Security Gateways and manage them through Provider-1 Multi Domain Security MDS.
● Configure CMA's based on the segment (DMZ, Production, PreProd, Dev, 3rd party) etc.
● Build Checkpoint Security Gateway's from Scratch and set up in High Availability.
● Experience building firewalls at the data center and implementing the policies
● Configure Clustering Active/Standby using ClusterXL and troubleshoot sync issues
● Converting Security Gateways to VSX Gateways, creating Gateways and Virtual Systems as well as Virtual Router and Switch
● Configure Checkpoint ClusterXL on VSX, Virtual System distribution across Cluster
● Resource management and allocation on Checkpoint VSX
● Virtual System Load Sharing (VSLS) on Checkpoint VSX
● Firewall Policy Provisioning using Change management procedures.
● Firewall objects (network/services) and policy Optimization and Rule clean up as well as
● Day to Day operational support for user requests being submitted through Service Manager ticketing system.
● Deploying Firewall Policies in a distributed environment with hundreds of Security gateways.
● Working with Client to comply with PCI compliance and remediation as required.
● Experience working with Checkpoint Gaia R77.10, R76, R75.47 and R75
● Perform Security gateway and Smart Center upgrades and ensure the Smart center has the highest package (follow Checkpoint recommendation).
● Configure and tweak Checkpoint IPS Blades for false positives and Alerts
● Configure and troubleshoot Checkpoint software blades such as Identity Awareness.
● Documentation of migration process and MACD on ASDM and CLI.
● Configured and managed F5 Big IP LTM and reverse proxy.
● Following ITIL process of creating, updating and closing change request on BMC remedy.
● Provide clear and unambiguous communication within Incident Management case tools with frequent and timely updates
● Deep knowledge of Wintel platforms, and Networking Infrastructure (Workgroup, Domain, PDC/BDC,, DNS, WINS, DHCP)
● Contribute in quality and productivity improvement projects, providing analysis of information
● Deep and Broad networking knowledge
● Ensure all cases are acted upon conscientiously and in the framework expected according to the SLA
● Exposure to network administration, Microsoft messaging, database and other applications, SAN, back up and storage, batch scripts
● Generate report and review the same with L1/L2 teams, Provide audit support
● Own Root Cause Analysis and Problem Management for corporate Identity Management environment
● Work on service requests of one or more types performed by the team
● Manages work load to complete requests by the due date
● Perform server related regular operational tasks on the infrastructure across the team's managed locations
● Performs regular system maintenance, hardware and software upgrades, physical to virtual migrations and performance tuning
● Establish/manage remote access for users through RDP connections
● Manage network administration and database administration
● Performance and capacity management on VMWare servers
● Involvement with escalations and incident management including post incident reporting
● Active Directory and Group Policy administration, hardware configuration. User Support for VPN, MS Office, applications.
● Provided onsite PC repair, virus- and spyware-remediation, maintenance/rejuvenation, data-recovery, networking and upgrades.
● Led the development and servicing of a diverse customer base across the Sacramento region utilizing Windows 7/Vista/XP skills.
● Maintained a strong consumer client base due to excellent knowledge and service, working mostly on customer referrals.
● Delivered customized MS Windows-based software support and training tailored to meet individual client needs
● Maintained queue of an average of 5-20 tickets per day, resolved tier 1-2 support issues
● Ensured swift ticket resolution and escalated issues to Tier 3 technician as necessary
● Visited client sites to resolve outstanding help desk tickets as needed
● Prepared and configured new laptops/workstations/thin clients to client specifications as assigned
● Analyzed and diagnosed DNS/DHCP/VPN and other networking issues
● Actively worked with hardware and software vendors to resolve client issues in a timely manner
● Install, upgrade, support and troubleshoot Windows OS, authorized desktop applications, hardware, and peripheral equipment.
● Coordinate and execute preventative maintenance and remedial repairs on computers, laptops, printers, and peripherals.
● Return defective equipment to maintenance inventory, document customer repairs, and maintain and restock parts inventory to maintain spare parts levels.
● Monitor, operate, manage, troubleshoot, and restore service to terminal service clients, PCs, or notebooks with authorized access to network.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Companies Worked For:
Job Titles Held: