Nikhil

Phone: 770-***-****

ac166w@r.postjobfree.com mailto:ac166w@r.postjobfree.com

CAREER SUMMARY

Over 7 Years’ of experience as Senior Security and Network Administrator.

Proficient in configuring industry leading security appliances including Cisco ASA, Checkpoint appliances running GAIA, Palo Alto as well as F5 load balancers.

Experience in Planning, implementing and design of Corporate Firewalls architecture in distributed environment consisting of Cisco ASA, Checkpoint, Palo Alto and F5 load balancers.

Skilled in building redundant networks such as failover configurations such as active/standby and active/active on cisco ASA firewalls, Management High availability, ClusterXL, VRRP for checkpoint appliances and HA configuration such as active/passive and active/active on Palo Alto.

Proficient in vendor specific migrations such as Checkpoint to Palo Alto, Cisco ASA to Palo Alto, Checkpoint to Cisco ASA.

Build and support B2B VPN tunnels with Business partners and troubleshooting ISAKMP and IPSec phases.

Experience working with VPN technologies, Forward Proxy Technologies and features such as App-ID, User-ID, URL Filtering, Threat Prevention using Palo Alto devices.

Experience with management platforms such as Panorama for Palo Alto appliances and Smart center, MDS for Checkpoint Platforms as well as Forti-Manager for Fortinet platform appliances.

Experience working with Cisco Nexus Switches, Catalyst Switches and IOS Routers.

Experience in implementing and supporting Forward/Reverse Web Proxy using Bluecoat proxy.

Experience in implementing and support of IDS/IPS from Checkpoint, Cisco, and Source fire.

Generate a wide variety of reports on firewall and IDS activity notifying the end customer concerning suspicious traffic.

Proficient in migrating the applications from the legacy f5s to the Viprions.

Experience Configuring SNAT, SNAT auto map on Big IP appliances and Configuring cookie persistence for the web traffic on LTM modules.

Experience Troubleshooting the application Connectivity issues using cURL commands of f5s.

Engineered traffic management solutions, including designing, low level engineering for F5 LTM, GTM.

Implementation, configuration, and support of Big IP 3900, 4000 series and 2400 viprions.

Highly qualified and extensively trained IT professional with Hands-on experience

Proven analytical, decision making, and problem solving abilities

Self motivated with ability to work independently / work together in Team environment

Capable of quickly learning new technologies and adapting to new environments.

CERTIFICATIONS

Cisco Certified Network Associate (CCNA).

Checkpoint Certified Security Administrator (CCSA).

Palo Alto Networks Certified Network Security Engineer 7 (PCNSE7).

EDUCATION

B.Tech - Bachelor of Technology in Electronics and Communication Engineering

M.S – Electrical Engineering.

TECHNICAL PROFICIENCY AND SKILLS

Hardware Platforms:

Checkpoint Gaia R77.X, R76, R75.X, R71 on Checkpoint appliances in large scale deployment managed through MDS/Provider1 environment with multiple CMA’s.

Checkpoint 21000, 13000,12000 and 4000 Series appliances running Gaia R77, R76, R75.47, R75.40.

Check Point IPS Blades as well as IDM and NGTP Blades on checkpoint including URL filtering.

Cisco ASA Firewalls including ASA 5500X series, 5500 series with AIP SSM Modules and Source fire IPS

Cisco Networking Hardware Nexus 7K, 5K, Cisco 7600, 7200, 3600, 2600, 2500 routers and Cisco 6500, 4900, 4500, 3750, 3560, 2900 series switches.

Palo Alto Firewalls PA-5000, PA-4000, PA-3000, PA-500, PA-200, Palo Alto OS: 6.X, 7.X.

Panorama – Palo Alto MGMT platform.

FortiGate 1500D, 1000C Series as well as midrange 800 Series appliances running FortiOS 5.X.

FortiManager FMG-4000E and FortiAnalyzer FAZ-3500E appliances

F5 BIG IP LTM 3600, 3900, 4000 series and Big IP LTM Viprion 2400 series.

F5 BIG-IP LTM version 10.2.4, 11.6.0, 11.6.1, 12

Blue Coat SG series Proxy for Web URL filtering. Big IP LTM for load balancing.

LAN & WAN:

Good Understanding of OSI Layer, TCP/IP, WAN Routing Protocols EIGRP, OSPF, and BGP.

Layer 2 WAN Protocols MPLS, Frame Relay

High Availability configurations including HSRP, VRRP and Spanning Tree Protocols STP, PVST, RSTP, MST.

VTP Configurations including Dot1q Trunk and ISL for different VTP mode switches.

Server Technologies like Windows 2003, 2008, Red Hat Linux, HP-UX, Solaris and Active Directory, DNS, DHCP.

Network Management Protocols including SNMP, SYSLOG.

Security:

Wire Shark / Sniffer capture for packet level analysis.

RSA Two Factor Authentication using RSA ACE Server (both Native and Radius Mode)

Work on Cisco Security Manager CSM Configuration, Event, Health & Performance and Report Manager.

Security Implementations including multiple Zones ( DMZ, Third-party, ASZ etc)

Centralized policy management as well as signature updates through Cisco CSM.

Advanced NAT including Identity, Static, Policy etc.

PROFESSIONAL EXPERIENCE

Client: Information Security Company Mar 2015 - Present

Role: Sr. Network and Security Engineer Atlanta, GA

Installation Configuration and Troubleshooting of Checkpoint Palo Alto and Cisco ASA Firewalls.

Day to Day work involves implementation of firewalls for new clients as well as manages and administer Cisco ASA and CheckPoint Firewalls at various zones including DMZ, Extranet (Various Business Partners and 3rd party) and ASZ supporting different clients environments.

Provide day-to-day operational support for all firewall and VPN platforms including Palo Alto and Checkpoint firewalls.

Push the policies on Checkpoint using Smart Dashboard and work with users to verify connectivity and troubleshoot Firewall related issues using smart view tracker as well as CLI command line.

Perform Firewall and Hardware upgrades including IPSO image upgrades, upgrade security gateways.

Perform Checkpoint cluster pair upgrade with minimal downtime. Configure Management High Availability.

Configure Checkpoint ClusterXL for Security Gateway High Availability in Active/Standby mode.

Building and supporting Site to Site IPSec based VPN Tunnels for all Extranet and 3rd party communications

Proficient in performing root cause analysis, risk identification, and risk mitigation.

Configure Virtual System / Multiple Context and firewall policy provisioning and troubleshooting.

Configure active/active failover configurations using multiple context on cisco ASA firewalls and segregating the traffic between physical appliances.

Build and execute phased approach for migration of ASA Firewall OS from 8.x to 9.0 on ASA 55xx devices.

Working with Forward proxy URL Filtering using Checkpoint URL filtering, Bluecoat ProxySG URL filtering as well as Palo Alto.

Advanced NAT including identity NAT, Static, Policy and Global implementation.

Configure Active-Standby High Availability for stateful failover and replication as well as zero down time maintenance. Backup and Recovery of Firewall Configurations.

Implementation of high availability on Checkpoint security gateways using ClusterXL and Palo Alto firewalls.

Configuring App ID module to identify application and application functions in Palo Alto firewalls.

Configuring Palo Alto Firewalls with multiple zones based on traffic segregation requirements.

Configuring vulnerability protection profiles in Palo Alto firewalls to stop attempts to exploit system flaws.

Configure CSM Cisco Security Manager 4.x to manage all the Cisco ASA Firewalls for Policy Provisioning.

Identify Firewall Ports required for application using CSM as well as CLI logging feature as well as use Packet Tracer to verity Access Policy, NAT and Routing.

Firewall OS upgrades and Maintenance of OS updates as part of addressing Vulnerabilities on Firewalls

Manage and support IDS/IPS including AIP SSM Modules on Cisco ASA Firewalls, IDSM Modules on 6500 Switch, IDS 4200 Series. Firewall OS upgrades as well as Signature updates and event management.

Create firewall audit reports and compliance metrics

Firewall Policy Optimization and access list management using Tufin and syslog using Log Logic tool

Review Firewall rule conflicts and misconfigurations as well as redundant rules using Tufin.

Identify unused rules and schedule change to mark it for permanent deletion at later point of time

Track changes made to firewall access rules and objects using Tufin.

Documentation and draw network diagrams using MS Visio and use SharePoint portal as site repository.

Monitor IDS logs filtering potentially threatening activity from normal network traffic.

Configured Firewall logging, DMZs and related security policies and monitoring.

Client: Data Communication Services Company Jan 2014 – Mar 2015

Role: Firewall Engineer Cleveland, OH

I was part of team managing and supporting infrastructure services at the Data center. My roles and responsibilities include

Responsible for Cisco ASA, Palo Alto and Checkpoint appliances at the client’s data center.

Checkpoint Security gateway new deployment, upgrade and migration on SPLAT and Checkpoint appliances

Firewall policy administration and provisioning through Smart-center SMARTDASHBOARD.

Responsible for Engineering, Design, Implementation, Operations & Maintenance, and support of DMZ and Secure Zones on firewall and VPN infrastructure including Palo Alto and Checkpoint Gaia firewalls.

Firewall Rulebase clean up and Performance Tuning

Work with user requests and translate them into firewall policy changes and schedule them using ticketing system

Work in a Provider-1 environment with multiple CMA’s

Manage Smart-Center High Availability in Active standby mode. Backup and restore of firewall policies

Configure and support Checkpoint Security gateway high availability using Cluster XL, VRRP.

Configured several Cisco ASA firewalls in transparent mode deployments across the network.

Troubleshooting using Smartview trackert, Command line utilities

Creating Vlans and managing Spanning tree for the network and inter vlan routing. Use Dynamic Routing Protocols including OSPF, EIGRP and BGP.

Traffic capture using TCPDUMP and analytics profiles on f5 for further investigating the issue.

Work on F5 Networks LTM and GTM Products configuring VIP, health monitor, configure persistent profile for sticky sessions based on affinity bit. Configure SSL profiles.

Configured Network Vlans, Routes, Interfaces and Trunks on the F5 devices to integrate with Cisco devices.

Configured F5 BiGip to provide Load Balancing for server farm.

Configuring HTTP profiles, HTTP compressions for web acceleration on Big IP LTM’s.

Work with users to verify connectivity and troubleshoot Firewall related connectivity issues.

Use Packet Tracer, packet Capture using sniffer tools and firewall for troubleshooting connectivity and performance issues. Use NAM module on Cisco 6500 Switches for capture of traffic from Switch ports.

Creating and managing RSA ACE Profiles in Native mode as well as Radius Mode.

Work with application users to identify firewall ports and log a change to update the policy.

Configure, administer, and document firewall infrastructure, working with Cisco ASA 5500 Series Firewalls.

Configure CSM (Cisco Security Manager) for all Firewall, IDS/IPS management in the network.

Build and support a layer 2 firewall on Cisco ASA 5520 and also configured migration from layer 2 to layer 3.

Troubleshooting Layer 2 and Layer 3 connectivity issues for clients in NA remotely

BGP configuration and troubleshooting for ISP failover. Configuring and Troubleshooting OSPF as well as Redistributing OSPF and BGP routes.

Bluecoat ProxySG Administration and support

Administer remote bluecoat ProxySG devices using Bluecoat Director

Provide timely troubleshooting measures for all of our customers to ensure a satisfactory resolution is provided, including third parties. Configure, Support, update and install Checkpoint firewalls, Juniper NSM, McAfee IPS and DLP systems.

Configure ProxySG Visual Policy Manager and Content Filtering Services.

Follow ITIL Based Service Delivery and Management including incident, problem, change& configuration

Deployed Syslog server in the network to allow proactive network monitoring.

Configured Primary and Utility networks to route traffic from servers in such a way that it doesn’t impact the production traffic while the servers are being backup.

Maintain and Updating CMDB repository

Client: Information Technology Company June 2010 – May 2013

Role: Network Engineer India

Firewall policy provisioning through Smartcenter / Smartdashboard

The Client has Heavy Checkpoint based Security platform and my role is primarily focused on supporting their Security gateways which includes Policy Provisioning, Rule base clean up and run Compliance reports and remediate.

Handling Firewall Access Requests through ITIL Based Change management system. Scheduling changes and executing these changes during maintenance window (off-hour)

Executing change requests to the firewall rule base. Firewall Policy Optimization and Clean up

Deploying Firewall Policies in a distributed environment with hundreds of Security gateways.

Configure, Support, update and install IPS and DLP systems, Cisco ASA and FortiGate Firewalls

Troubleshooting from Command Line utilities and exporting dumps to Wireshark

Experience building firewalls at the data center and implementing the policies, configuring NAT, Routing etc.

Build Site to Site VPN with 3rd party and ensure proper NAT and Access list is in place.

Troubleshoot complex problems, providing root cause analysis and remediation to mitigate future risk with appropriate technical staff to resolve connectivity issues

validate user change requests and translate them to firewall policy changes

work with users to troubleshoot any connectivity issues between application, database and web tier for access list, NAT and routing (internal, 3rd party and external)issues

Use Smartview tracker for troubleshooting user connectivity through firewall

Use Smartview monitor for monitoring security gateway health.

Backup and recovery for firewall policies through smartcenter.

Upgrade security gateways from NGX R65 to R70 and R71.

Configure Checkpoint Security gateway high availability using Nokia VRRP on IP Appliances

Network Level 2 Support for Corporate office running BPO operations.

Configuring of switch ports with VLANs, routing, access provisioning, Active Directory based user creating responsible for basic Firewall Access list support.

Layer 2 and Layer 3 support using Cisco 3600/2600/2500 routers and 4500/3500/2900 Switches

Debugging abilities at lower levels of OSI layer (Switching, Network and Transport Layer).

Built IPsec based Site to Site VPN tunnels for 3rd party locations.

Work with server technologies including Active Directory, DNS and DHCP

Served as the initial point of contact for clients and responsible for Incident Management.

Delegated ticket to assigned resources and tracked progress using ticketing tools maintaining ITIL process.

Responsible for monitoring networks, client servers & Patni Internal Servers, responding to outages and working closely with Network Operational Center and telecommunication providers to debug & diagnose problems.

Troubleshot desktop level client issues using remote access and on-call support, also responsible for documentation and generating reports.

Contact this candidate