Manager Active Directory
Resume:
Sai Kiran
ac1qtc@r.postjobfree.com 813-***-****
Professional Summary:
8+ years of experience in Network and Security engineering and Network Infrastructure, routing, switching, firewall technologies, system design, implementation, troubleshooting of complex network systems, enterprise network security, wireless design, and data network design, capacity management and network growth.
In-depth Cisco technology experience/knowledge in design, implementation, administration and support.
Strong hands on experience in installing, configuring, and troubleshootingof Cisco 7600, 7200, 3800, 3600, 2800, 2600, 2500, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience
Strong experience in Network security using ASA Firewall, Checkpoint, Palo Alto, Cisco IDS/IPS and IPSEC/SSL VPN, F5 Load Balancer.
Experience with Cisco ISE platform and Cisco FWSM.
Experience in troubleshoot network issues including boundary protection devices, Cisco Nortel/Avaya and Bluecoat Proxy Servers.
Managed successful delivery of massive security response portfolio including Splunk, Cisco ISE.
Manage, operate, and analyze data from corporate security systems including Sourcefire IDS
Expertise in network protocols, Firewalls and Communication Network design.
Migrated and implemented new solutions with Cisco ASA Firewall series 5505, 5510, 5512-X
Configuring Site-Site VPN on Checkpoint Firewall with R77 GAIA.
Managed multiple security devices in order to protect the Enterprise’s network – Vulnerability Scanners, Malware Detection, Intrusion Detection; Host based Firewalls, SIEM, Web Application Firewall
Executed test cases including slight modification of testing scripts during regression testing.
Generated test plans, test cases for new Cisco MGX8850 and BPX hardware/software deployment.
Documented issues found from various test runs.
Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.
Advanced knowledge, design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
Experienced in handling Panorama firewall management tool to administer Palo firewalls.
Checkpoint VPN-1/ Firewall-1, 3D Analysis, GAiA, Standalone & Distributed setup, Security management, Log server, Secure platform (SPLAT), License management.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Palo Alto rules.
Experience in risk analysis, security policy, rules creation and modification of Check Point/Nokia Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40,Cisco ASA, PALO ALTO
Advanced knowledge, design, installation, configuration, maintenance and administration of Juniper SRX Firewall, Juniper EX and Juniper MX devices.
Implemented security policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA(TACACS+ & RADIUS)
Experience in Solarwinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (NetFlow) and IP Address Manager.
Netflow and Application study and configuration using Solarwinds, VMWare and Cisco products.
Co-Designed and deployed multi-DMZ managed infrastructure for deploying and supporting mass managed and unmanaged collocated Internet applications.
Hands on experience with packet sniffer, TCP DUMP and Wireshark for packet monitoring.
Configuring & Managing LAN, WAN, VPN,VLANand Firewall of Juniper MX Routers for End Users
Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, F5 Load Balancers, LTM, GTM, ASM, APM, Bluecoat URL filtering.
Experienced in Deploying Wireless Network Infrastructure and Wireless Survey Best Practices
Basic knowledge of CISCO ACE and F5 Load Balancers.
Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, EIGRP, and BGP.
Knowledge of Python and Linux shell scripting language.
In depth knowledge with network monitoring and performance tools such as SolarWinds and Wireshark .
Knowledge in Documenting and preparing the Process related Operational Manuals.
Finely tuned analytical/critical thinking and debugging skills with excellent verbal and written communication skills.
Highly enthusiastic, creative team player, project analytical, interpersonal and communication skills
Technical Skills
Networking
Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS
Hardware
Dell, HP, CISCO, IBM, SUN, Check Point, SonicWALL, Barracuda Appliances, SOPHOS email appliances
Application Servers
DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010, Microsoft SharePoint 2007/2010
Firewalls
Check Point, ISA 2004/2006/ ASA 5585/5520, FWSM, Palo Alto /Check Point 4200/Nokia IP-560, Cisco PIX 535/525, Bluecoat
Routing/Routers
OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing, Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600
Infrastructure Hardware
IBM, HP, Compaq, Dell desktops\laptops\servers, Cabling, Network printers, IP KVM Switches, Cisco Routers & Switches, 802.11x Wireless gateways, Access Points, Network UPS, Storage Area Network, NAS, iSCSI SAN
Switching
VLAN, VTP, STP, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging
Protocols
TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS
VPN
ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500
Security Tools
Wireshark, MBSA, MS Visio, Apache, VMWare ESXi 3.5, VMware Server, Encase
Environment
Windows, NT, MS-DOS, Linux, Microsoft Windows 2008 R2/2008/2003/2000/2012 NOS family, Microsoft Active directory 2008/2003/2000, VM Ware ESX/ESXi server, Cisco ISO
Professional Experience:
CVS Pharmacy, San Diego, CA Mar 2015 till Present
Network Security Engineer
Responsibilities:
Build and support Site to Site IPsec based VPN Tunnels.
Configure and troubleshoot Bluecoat as forward proxy for all Web URL Filtering.
Site to Site IPsec based VPN Tunnels for all B2B and 3rd party communications.
Support Data Center Migration Project involving physical re-locations.
Cisco ASA Firewall configuration and troubleshooting.
Supported Bluecoat proxies for URL filtering and content filtering.
Firewall Migration from Check Point to NetScreen Firewalls.
Worked heavily on Check Point GAIA R77. Environment consisted of 30+ Check Point firewalls and performed configuration, troubleshooting, and maintenance.
Administration and management of all firewall environments.
Work on Routing and Switching on the third party segment using Cisco based Routers and switches.
Hands on experience with F5 ASM, LTM, APM.
Management of each firewall is done remotely and onsite at client sites.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Site to Site IPsec based VPN Tunnels for all O2O Communications.
Working and commenting on global firewall polices.
PGS PANS to implement the Sun NFS RAID File Server with hot swap and failover capability.
Black listing and White listing of web URL on Blue Coat Proxy servers.
Managed Imperva Database security implementation project.
Provided administration and support on Bluecoat Proxy for content filtering and internet accessto head quarter, remote site offices and VPN client users.
Worked on F5 BIG-IP 11050, 8950 to perform load balancing.
Managed Active directory, DNS and DHCP Servers.
Managed Smart Center Check Point management server (SmartView Tracker).
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (160+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
Managed Check Point Firewalls from the command line using PuTTy sessions. (cpconfig and Sysconfig).
Installed Solarwinds Network Performance Monitor with traffic analysis, application & virtualization management.
Management of the of SolarWinds Orion Suite - Network Performance Monitor, Network Configuration Manager.
F5 Network-GTM, LTM, Enterprise Manager.
Responsible for Organizational Units (OU), Group Policy Objects (GPO), Dynamic DNS.
Providing input on day-to-day security architecture policies and procedures.
Maintain and administer firewalls: Palo Alto, Fortinet, Cisco, and Check Point.
Spearhead the complete spectrum of PCI audits to evaluate network and information security from the perimeter of the network to the infrastructure's internal core.
Installing and setting up Firewall Analyzer product to facilitate consulting on an IDS deployment project, using my Cisco Nexus 7K experience to place IDS devices globally.
Firewall policy administration and support on PIX Firewalls as well as Cisco ASA Firewalls.
Configuration, operation and troubleshooting of BGP, OSPF, EIGRP, RIP, VPN routing protocol in Cisco Routers & L3 Switches.
Installed and configured all UCCE / ICM components such as Routers, Loggers, PGs, HDS, PANS, AW, Webview, MRPG, Dialer (Preview and Predictive) and CTIOS
Performed Network, Active Directory and Security tasks - WINS, DHCP and TCP/IP, DNS, Trust Relationships in Server.
Design and programming of new DMZS portal that includes web site, email and customer provisioning along with online tools for network and local vulnerability assessment.
Migrated hosting to DMZS managed facilities.
Administrated Local VLANs based on department function, and configure ports with static VLAN assignment,
Design a secure DMZ / Firewall to permit high-speed web access, VPN/DUN access,
Design, develop and execute network test solutions for large-scale infrastructure products.
Testing & Implementing Group policies.
Mercedes Montville, NJ (June 2014 – Feb 2015)
Network Security Engineer
Responsibilities:
Manages, maintains and support Checkpoint Firewalls, IPS/IDS, Endpoint Security products, PKI and network security Infrastructure.
Designed and implemented an enterprise wide Intrusion Detection system utilizing IBM/ISS Proventia IPS sensors and IBM/ISS SiteProtector
Used Bluecoat Proxy SG Appliances to effectively secure Web communications and accelerate delivery of business applications.
Ability to configure and monitor security tools such as security information and event management (SIEM).
Extract the logs, Perform real time log analysis using SIEM technologies and Forensics Analysis of logs as per the request.
Configured BlueCoat Proxy SG Web Application Reverse Proxy for securing and accelerate public web applications. Provides Bluecoat Proxy support services to Company's networks worldwide.
Engineered BLS Checkpoint infrastructure which consists of 500+ firewalls running different flavors of hardware and Checkpoint OS such as (R71, R75, R76 and R77).
Configured, installed and maintained checkpoint endpoint security E80.40/E80.50 management and policy servers.
Migration and implementation; new solutions with Palo Alto Next-Generation Firewall series PA-500, PA-3060, PA-5060, PA-7050, PA-7080
Responsible for planning, documenting and implementation of complex Firewall and VPN solutions
Experience on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management etc.
Provide initial fault isolation, proactive maintenance and monitoring of Company’s Network Equipment. Perform monitoring and support of internal network security.
Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments
Installation of Palo Alto (Application and URL filtering, Threat Prevention, Data Filtering)
Exposure to wild fire advance malware detection using IPS feature of Palo Alto
Successfully installed Palo Alto Next-Generation PA-3060, PA-5060, PA-7050, PAs-7080 firewalls to protect Data Center with the use of IPS feature.
Implemented Positive Enforcement Model with the help of Palo Alto Networks
Checkpoint log server upgrade from R71.40 to R75.40 to take advantage of Smart logs.
Firewall management server redesign and consolidation to one management server environment.
Working with Cisco ISE / FWSM.
Implemented DNS for external name resolution
Worked extensively on checkpoint R77.20 on Gaia and SPLAT.
Implemented Imperva Database Security system.
Configuring Site-Site VPN on Checkpoint Firewall with R77 GAIA.
Administered DNS, DHCP and WINS.
Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Palo Alto rules.
Designed ACLs, VLANs, troubleshooting IP addressing issues and taking back up of the configurations on switches and routers
Experience on Palo Alto Advanced Endpoint Protection(TRAPS) and Migration tool 3.0
Added, Removed and Updated custom properties within SolarWinds Orion in line with applicable Configuration Management processes & procedures
Worked on Sourcefire for virus detection and source vulnerability detection.
Configured DNS, DHCP, Active Directory, with strong focus on Domain Controller maintenance.
Bluecoat Administration - Blocking/Unblocking URL's.
Experience with using F5 Load balancer in providing worldwide data and file sharing,
continuous internet connectivity, optimized web performance.
Maintain network test lab with multiple test threads for various ingestion test scenarios.
Monitored and resolved network device issues identified by SolarWinds in a timely manner.
Identified and corrected device communication issues with SolarWinds.
Experience with Using GTM, APM & LTM F5 component to provide 24“7 access to applications
Worked on Sourcefire for application control, malware detection and URL filtering.
Designed 3 layer DMZ security architecture facilitate new software.
Deployed & Supported new DMZ utilizing TRex firewalls, tripwire, snort, portsentry and sentryWatch to provide security and Apache Jakarta Tomcat with mysql and PostgreSQL database for the new application.
Third Party VPN migration from old data center to new data center.
Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
Marathon Oil and Gas, Houston, TX (Jan2013 – May 2014)
Network Security Engineer
Responsibilities:
Provides day to day support for firewall engineering and operations tasks and level 1 & 2 on-call technical support for the Firewall Engineering and Operations team; including assisting peers with issues and escalation.
Handled Incident tickets related to the issues in the Firewall along with the connectivity issues.
Operate and analyze results from enterprise detection systems such as Cisco Sourcefire and Tripwire
Integrated Checkpoint firewall into client’s existing network to provide security for applications
Complex troubleshooting to include network protocol and log analysis, raw data captures, and the correlation of disparate events spanning multiple devices and platforms.
SIEM tuning and log analysis of alerts.
Adding security rules and pushing the security policy on Checkpoint.
Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPSec and SSL encryption.
Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Palo Alto Next-generation firewall working with PANORAMA.
Experience on working with Palo Alto GUI PANORAMA.
Configure Bluecoat proxies using bluecoat director for content and URL filtering.
Configuration of checkpoint firewall according to client topology.
Maintained and managed Domain Name Service (DNS) for AETC Active Directory (AD) enterprise.
Implement URL filtering requests in Bluecoat Proxy SG for website blocklist and whitelist purpose.
Configuring Virtual Chassis for Juniper switches EX-4200, Firewalls SRX-210.
Experience in working with designing, installing and troubleshooting of Palo Alto firewalls and Juniper SRX Firewalls.
DNS servers, providing growth management, zonefile error-checking and distribution, new DNS server installation tools, failover planning, monitoring, and new domain acquisition & configuration.
Configuring Routing Protocols - EIGRP, RIP, OSPF, BGP, and Static& Default.
Experience on designing and troubleshooting of complex BGP and OSPF routing problems.
Configuring VLANs, VTP, Spanning tree, Ether Channel, Inter VLAN Routing and port security.
Installing and configuring Cisco Routers 800, 1800, 1900, 2600, 2800, 3600, 3800, 3900 series.
Configuring IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.
Implementation and management of BlueCoat proxy servers to replace existing ISA Proxy servers layered with Websense content filtering.
Configuration and troubleshooting of Firewalls ASA 5520, ASA 5510, Nokia Check Point VPN 1 NGX R55/R65/R70
Performed upgradation from old platforms to new platforms R65 to R75.45
Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls.
Worked on Migrating from ASA 5540 to ASA 5585.
Configuring and providing management support for Palo Alto using Panorama (M100, M500)
Configuring failover and working on ssl-vpn when in active/standby failover on ASA
Negotiated VPN tunnels using IPSEC encryption standards and also configured and implemented site-to-site VPN, Remote VPN.
ImplementedSolarWinds groups as required for monitoring.
Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs
Configuring rules and Maintaining Palo Alto Firewalls with IPS module & Analysis of firewall logs.
Experience with network based F5 Load balancers with software module Access Policy Manager (APM) & Checkpoint Load Sharing on checkpoint clusters.
Push the firewall rules on various versions of Nokia boxes and cross beam from Provider -1 NGX CMAs.
Worked on implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST.
Write and maintain SolarWinds documentation such as procedures and knowledge articles.
Configuration of IPSEC L2L and SSL VPN connectivity for the projects
Experience in working with designing, installing and troubleshooting of Palo Alto firewalls
Managing of CISCO ASA 5550 Firewall in Active/stand-by mode.
Worked on Palo Alto central management, policy control, Logging & reporting
Migration from Juniper, Cisco ASA, Checkpoint to Palo Alto firewall.
Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), sniffers and malware analysis tools.
Configured and managed CISCO routerand deployed secure Wi-Fi network on LAN and DMZ.
Experience with Cisco ASA firewall to protect DMZ services.
Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
Designed and deployed Sourcefire Network intrusion devices in multiple datacenters
Designed and deployed multi-sensor Sourcefire Intrusion Prevention System covering public shared web hosting.
Working and commenting on global firewall polices
Spartran Technology, India (Jan 2009– Dec 2012)
Network Support Engineer
Responsibilities:
Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco Router, switches) co-coordinating with the system/Network administrator during any major changes and implementation.
Performance monitoring of various applications and web servers to maintain quality of service and network stability.
Maintained core switches, creating VLAN's and configuring VTP.
Maintained complex LAN/WAN networks with several VLANS and provided support for routing protocols and also providing secure sessions over internet using IPsec and SSL encryption.
Troubleshoot and resolved LAN & WAN network environment.
Manage service providers/vendors relationships from a project and technology perspective.
Worked with the basic communication protocols like TCP/IP.
Maintenance of F5 Load balancers.
Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data center environment
Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in core network.
Experience With F5 networks, LTM, Policy, Encryption.
Install Packet Shaper as QOS system to monitor and manage network traffic
Provide initial fault isolation, proactive maintenance and monitoring of Company’s Network Equipment. Perform monitoring and support of internal network security.
Worked with business partners to establish and maintain 70+ VPN connections, primarily Cisco and Checkpoint
Planned, tested and evaluated various equipment's, systems, IOSs and procedures for use within the Network / security infrastructure.
Configured Terminal Services for Remote Administration.
Performed lab testing for network connectivity.
Implementing, configuring, and troubleshooting various routing protocols like RIP, EIGRP, OSPF, and BGP.
Implementation of Wireless access points to newly opened branches and existing branches.
Support customer with the configuration and maintenance of ASA firewall systems
Supported Data Center migration and consolidation project. Configured HSRP and VLAN trucking 802.1Q, VLAN Routing on Catalyst 6500 switches.
Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Cisco ASA, NOKIA Firewalls, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
Experienced in trouble-shooting both connectivity issues and hardware problems on Cisco based networks.
Maintaining & Troubleshooting L2 LAN switches
Troubleshoot connectivity issues involving VLAN's, OSPF, QoS etc.
Support, monitor and manage the IP network.
Configuring RIP, EIGRP protocols and IP sub netting
Implementation & trouble shooting of complex WAN, LAN, VLANS, private VLANS, high availability solutions like HSRP, VRRP, GLBP, ether channels, site- to- site VPN, access control lists, NAT, PAT, routing solutions etc.
Installing, Configuring, Administering and supporting the Windows 2003 Server, Windows 2003 Server, Windows 2000 Server, Windows 2000 Advanced Server, IDS server, SQL Server and Active Directory
Managing Cisco Layer 2, Layer 3 switches & Routers on the network.
Resolving routing and switching related real time performance issues.
Able to write Windows/Unix/Python script to automate administration.
Experience in working with Nexus 7010, 5548, 5020, 2148, 2248 devices.
Implementation of Cisco 3750, 3850 switches and Cisco 3900 and ASR 1000s routers to new sites.
Propose network redesign based on client hardware guidelines, network policies and individual site's unique characteristics.
Configuration & Management of VLANs, 802.1q trunks, VTP, Security policies.
Cisco switches - 2900x, 3500x, 4500x, 6500x for user connectivity with redundant connectivity with Core Switches.
VLAN, STP, Ether Channel, port activation/de-activation, port security, Inter VLAN routing on Switches.
Installing and configuring Cisco Routers 800, 1800, 1900, 2600, 2800, 3600, 3800, 3900 series.
Designed and deployed networks using dynamic routing protocol (EIGRP, OSPF and BGP-4, RIP)
Responsible for virus detection and spy ware removal
Conducted and implement Network and software installations and upgrades.
Worked on Spanning-tree outage, OSPF / BGP routing problems, B2B DMZ issues.
Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting, also including DNS, WINS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols
Contact this candidate