Engineer Security
Resume:
SANCHIT GOEL
ac01t0@r.postjobfree.com
(Employer) Ronnie: 832-***-**** mail: ac01t0@r.postjobfree.com
PROFESSIONAL SUMMARY:
Palo Alto Firewall specialist with good experience with specialization in network administration and network security.
Strong understanding and experience of Firewalls on various platforms including Palo Alto, Cisco ASA and Checkpoint.
Extensive knowledge and experience of TCP/IP protocol suit with practical implementation of switching protocols, routing protocols and LAN/WAN services.
In-depth knowledge of configuring and troubleshooting routing protocols namely, RIP, EIGRP, OSPF and BGP on Cisco routers.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, STP and RSTP.
Experience in configuring Windows Servers (2008 & 2012) and configuring networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
Experience in configuring latest VDC and vPC features on Cisco Nexus 7000 NX-OS.
Installing configuring and troubleshooting Palo Alto Firewalls.
Experience in configuring security policies and next gen features like Application and URL filtering, Threat Prevention, Data Filtering on Palo Alto Firewall.
Good experience with web/content filtering
Advanced Knowledge in IPSEC VPN design connection & protocols, IPSEC tunnel configuration, encryption and integrity protocols.
Experience in migration from Cisco ASA to Palo Alto using PAN migration tool.
Experience with risk-management tools like Gemalto and Verafin.
TECHNICAL SKILLS:
Routers
Cisco 7609, 2600, 2800, 3800, 3640, Cisco 3745, 7200 Series
Switches
Cisco 3500, 5000, 6500 Catalyst Series Cisco 7000, 2000 Nexus Series
Firewalls
Palo Alto PA-3050, PA-5050, Cisco ASA 5500, Checkpoint
Routing Protocols
BGP, OSPF, EIGRP, VRRP, HSRP, GLBP, and RIP
Switching Protocols
STP, RSTP, PVSTP, VTP, ARP, and VLAN
IP Services
DHCP, NAT, VLAN, DNS, FTP, TFTP, LAN/WAN
WAN Technologies
ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS
VPN Technologies
Remote access and site-to-site IPSec VPN, IPv6 transition techniques viz. Manual tunneling, GRE tunneling, 6to4 tunneling, NAT64 and ISATAP
Monitoring Tools
OPNET, GNS3 Simulator, Packet Tracer, WireShark, Solar Winds, What’s Up IP, Nagios and Fluke Networks
Operating Systems
Windows XP, Vista, Windows 7, UNIX, SPLAT (Secure Platform), Linux
North Park Innovations, Ellicottville, NY July 2016 to till date
Sr. Network Security Engineer
Responsibilities:
Responsible for implementing firewall technologies including general configuration, optimization, security policy, rules creation and modification of mainly Palo Alto Firewalls.
Researched, designed, and replaced aging Cisco ASA firewall architecture utilizing the PAN Migration tool with new next generation Palo Alto devices serving as firewalls and URL and application inspection devices.
Successfully installed Palo Alto PA-3050, PA-5050 firewalls to secure zones of network.
Converted Cisco ASA VPN rules over to the Palo Alto solution.
Backup and restore of Palo Alto and Cisco ASA Firewalls policies.
Implemented many security policy rules and NAT policy rules on Palo Alto, created Zones, implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN.
Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Configured next-gen Palo Alto Firewall features viz. Application and URL filtering, Threat Prevention, Data Filtering
Integrated Panorama with Palo Alto Firewalls, managing multiple devices simultaneously.
VPN User access management on Palo Alto Firewalls. Used LDAP for identifying user groups
Responsible for configuration and troubleshooting of Site to Site as well as Remote Access VPN on Palo Alto Firewall.
Exposure to wild fire advance malware detection using IPS feature of Palo Alto Firewalls.
Implemented IPS, DLP and UTM features on the firewall for added security purposes.
Configured syslog on Palo Alto Firewalls and moved the logs to Splunk and reviewed it.
Designed, Implemented and configured Web authentication, SSL Decryption and URL categorization rules using Blue Coat Proxies and SSLV appliance.
Configured content Analysis using Bluecoat CAS appliance and Malware analysis using Blue Coat Malware analysis appliance.
Experience in implementing and configuring F5 Big-IP LTM load balancers.
Configured HA Active/Standby failover on F5 BIG-IP LTM.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Onis Solutions, Bridgewater, NJ Dec. 2015 to June 2016
Network Security Engineer
Responsibilities:
Performed System Security checking against emerging OS and subsystem technology automated tools.
Extensive implementation of dynamic routing and switching protocols on Cisco routers and switches.
Configured Virtual Device Context (VDC) on Cisco Nexus 7000 series switch to logically segment into 4 different virtual switches for easy administration and management.
Deployed AWS and Azure public cloud infrastructure.
Create redundancy and increase bisectional bandwidth by enabling Layer 2 multipathing using vPC feature on Nexus 7000 series device.
Responsible for configuring, administering and troubleshooting the Checkpoint, Palo Alto and ASA firewall.
Configured blocking of IP’s on Checkpoint which are suspicious to network.
Created multiple policies and pushed them in to Checkpoint Firewall (Gateways) and the Checkpoint Management Server with SPLAT operating system.
Configured IPSEC VPN tunnels between Checkpoint and other non-Checkpoint endpoint devices.
Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
Configured NAT policies viz. Static NAT, Dynamic NAT and Dynamic PAT in Cisco ASA Firewall.
Configuration and troubleshooting of Cisco Security Manager (CSM), integrated with ASA devices.
Implementation of Site-to-Site VPNs and DMVPN over the internet using IKE Phase 1 and IKE Phase 2 based on traffic with ASA 5500 series Firewalls.
Designing and implementing DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA 5500 Firewalls.
Configured rules and maintained Palo Alto Firewalls & analyzed of firewall logs using various tools.
Implemented & administered of Zoning Architecture project (Implementation of various zones like Server, Intra & Internet Zone)
Configured SSL Decryption and URL blocking on Palo Alto Firewall.
Coordinated with network operations center for change notifications, alerts & escalation of security incidents.
Experience in Cisco Routing, Switching and Security with strong Cisco hardware/software.
Proficient with network hardware and technologies including routers, switches, firewalls, Ethernet, Fast Ethernet, Gigabit Ethernet.
Configured Cisco 2500, 2600, 3000, 6500, 7500, 7200 Series routers.
Configured Cisco Catalyst 2960, 3750, 4500, 6500 and Nexus 3000, 5000, 6000, 7000 series switches.
Supervised installation and configuration of Cisco 3550 Layer3 Switch.
Upgraded IOS on existing Cisco router from 11.x to 12.1.
Implemented, configured BGP WAN routing, converting local OSPF routes to BGP.
Experienced in configuring protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, HDLC, PAP, CHAP, and SNMP.
Configure Multicasting Protocols like IGMP and CGMP.
Configured VLANs by segregating different departments in the organization and setup inter-VLAN routing.
Worked on FTP, HTTP, DNS, servers in window windows server-client environment with resource allocation to desired virtual LANs of network.
HK Communications, India. Nov 2011 to July 2015
Network Engineer
Responsibilities:
Configured user authentication rules/policies to permit or deny user traffics on role-based access.
Monitored network using network management and support tools like Solar Winds, Netscout, Cisco Works, SNMP Management and Wireshark.
Monitored bandwidth and network activity by analyzing information provided by MRTG to ensure both efficient and effective network operation.
Performed advanced troubleshooting using Packet Tracer and TCP dump on firewalls.
Reviewed firewall rule conflicts, unused rules and misconfigurations and clean up.
Assisted in firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps.
Working knowledge of leveraging F5 devices for web acceleration and caching,
Document network problems and changes working in diverse management environments.
Assisted in setting up of LAN and Wi-Fi Access points around the organization
Installed Windows Server (2008 & 2012) and configured networking capabilities on them like DHCP, DNS and Access Control Lists (ACLs).
Acquired skills to configure maintain and troubleshoot network services.
Hands-on experience in configuring routing protocols viz. RIP, EIGRP and OSPF on Cisco 2700 series routers.
Configuration & Management of VLANs, 802.1q trunks, VTP, Security policies on Cisco 3200 series switches.
Full Command on Cisco IOS Commands and Administration of Cisco IOS 11.x and 12.1 versions
Designed VLAN's and set up both L2 and L3 logical to have it communicate to the Enterprise network.
Utilized packet sniffing tools like Wireshark, TCP Dump and Capsa to monitor and troubleshoot access issues.
Implemented and configured SecuRemote VPN Server for high speed remote access.
Setting up of company’s broadband services for implementing high speed connectivity.
Utilized Firewall log from Palo Alto Firewall to manage and troubleshoot network security issues.
Assisted in upgradation of older 100mbps hubs to HP managed switches in the company
Daily assessment of and preparation of report based on network functionality and handled issues.
Encouraged network redundancy for backup of network devices in case of disaster recovery.
Active participation in handling client issues and maintaining quality of service provided.
Spearheaded meetings & discussions with team members regarding network optimization and performance issues.
Contact this candidate