Engineer Security

SAMPATH GOKEDA

Phone: +1-510-***-****

Email: *************@*****.***

Professional Summary:

IT Professional with 6+ years of experience in configuring and troubleshooting firewalls, routers, switches.

Extensive work experience on Palo Alto (3020,3060,5050 series), Checkpoint R65, Cisco ASA (5550series), Juniper (SRX220, and SRX550).

Extensive experience in migration from Cisco ASA to Palo Alto firewalls.

Experience on configuring High Availability for Active/Passive and Active/Active on Palo Alto firewalls.

Experience in managing large scale firewall deployments using centralized management system Panorama.

Strong knowledge in using App ID, URL filtering, Threat Prevention, Data Filtering, Log forwarding profiles.

Exposure to Wild Fire feature of Palo Alto for detecting suspicious malware.

Maintaining Palo Alto firewalls by composing Security Policies and reviewing them by monitoring logs on firewalls.

Extensive knowledge on KILL CHAIN and various mitigation techniques for protecting the network over DDoS and ZERO-DAY ATTACK.

Configuring, Monitoring and Troubleshooting Cisco ASA 5550 security appliance, by implementing ACL & CTP, Clustering with address object groups and configuring VLANs, Routing, NATing on the firewalls as per the architecture.

Experience in configuring and maintaining firewall security policies including NAT, VPN, ACL, IDS/IPS.

Worked on Load Balancer F5 LTM, GTM for load balancing critical corporate applications.

Expert in configuring tunnels including GRE, VPN like IPsec and DMVPN on firewalls.

Black listing and white listing of URL on Bluecoat Proxy servers

Strong experience in configuration of authentication servers like TACACS+, LDAP, and RADIUS and its integration with Firewalls.

Expertise in configuration and troubleshooting routing protocols such as OSPF, EIGRP, IBGP, EBGP and Static.

Configured route redistributions between OSPF and EIGRP over a multi-area OSPF network.

Hands-on experience configuring and troubleshooting the Route Filtering methods by implementing Access lists, Distribution Lists, and Route maps.

Worked on configuring gateway redundancy protocols such as VRRP, GLBP and HSRP.

Extensive experience with configuration of dynamic routing protocols on routers like Cisco 7200, 3600, 2800 and Juniper MX series.

Extensive experience with Cisco catalyst 6500, 3500, 2900 series switches, Juniper EX and Nexus 7010, 5020 and 2248 devices

Expertise in implementing and troubleshooting layer 2 switching and security features such as VLAN trucking (802.1Q, ISL), VTP, Ether channel (LACP, PAGP) and Port security, Rough DHCP Attack, Dynamic ARP inspection, STP, RSTP, MST, BPDU Filters.

Hands on knowledge on IP address Management, DNS and DHCP using Inflobox.

In depth knowledge with Network Management and Monitoring tools such as SolarWinds, Splunk, Qradar.

Strong knowledge on Sniffing tools like Wireshark and Tcpdump.

Experience with 802.11x wireless technology like creation of SSID, WAP, WPA and WPA2.

Efficient at use of Microsoft VISIO/Office as technical document and presentation tools.

Expert level of knowledge about TCP/IP and OSI models.

Hands on with Upgrading Cisco OS, Jun OS using TFTP server.

TECHNICAL SKILLS:

LAN Technologies

Faster Ethernet, Ethernet Gigabit Ethernet, VTP, STP, 802.1Q Trucking, PAGP, Ether Channel, HSRP DNS, Static, VLAN

WAN Technologies

Frame Relay, ISDN, PPP, ATM, MPLS, SSL, VPN, IPsec-VPN.

Routing Protocols

OSPF, EIGRP, IBGP, EBGP Route redistribution, Route filtering, Summarization, Static route, OSPF, BGPv4,

Switching Technologies

VLANs, Inter VLAN routing and Port Channels, VTP, IEEE 802.1q, MPLS, Spanning Tree Protocols like PVST+, RSTP+, Multi-Layer Switching, Port security. ISL and dot1q.

Network Security Technologies

Cisco ASA 5550 and 5540 Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 220, 3K,5K Check points 65, Access Control Lists, VPN, IPsec, IDS, and IPS.

Firewalls

Palo Alto, Checkpoint, Cisco ASA, Juniper

Network Management

Wireshark, SNMP, SolarWinds, Tufin, FIREMON, Splunk, SYSLOG, TFTP NTP, DHCP, TFTP.

Load Balancers

F5 Networks (Big-IP) LTM 8800, Cisco ACE 4710.

Redundancy Protocols

HSRP, VRRP, GLBP

VPN Technologies

GRE Tunneling, Remote Access VPN, Site-to-Site VPN, ACL- Access Control List, IPS/IDS, NAT, PAT.

AAA Architecture

TACACS+, RADIUS, Cisco ACS

Operating Systems

Windows (98, ME, 2000, XP, Vista, Windows 7, 8.1), Linux.

Work Experience:

Huawei technologies

Santa Clara, CA July 16- Present

Sr. Network Security Engineer

Responsibilities:

Worked on installation, configuration, administration, monitoring security polices in Palo Alto 3k and 5k.

Experience on working with Palo Alto Next Generation firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS/IDS, Log Management.

Worked on migration of Cisco ASA to Palo Alto using the Palo Alto Migration tool.

Worked with centralized management of Palo Alto firewalls using Panorama, performing changes to policies to block/allow the traffic on the firewall.

Implemented many number of security policy and NAT policy rules on Palo Alto, created zones implemented Palo Alto firewall interface

Creating a new-shared address objects and shared address object groups on Panorama.

Creation, modification and overhaul of applications, application groups, services and service groups on Palo alto firewall.

Implemented Active/passive and Active/Active High Availability on Palo Alto firewall.

Used network monitoring tools such as QRadar to ensure network connectivity to asses and pinpoint net-working issues causing service disruption.

Configured IDS/IPS, Threat Preventions mechanism for detection of malware on Palo Alto

Configured HA Active/Standby failover on F5 BIG-IP LTM.

Basic and advance F5 load balancer configurations, including migrating configurations from Cisco ACE to F5 and general troubleshooting of the F5 load balancers.

Auditing security policies and optimizing them by using audit tools like TUFIN.

Managed all the devices on the networks belonging to different vendors by using TUFIN tool.

Collapsing the existing firewall rules and fine-tuning the firewall policies for better performance.

Configured syslog on Palo Alto firewall and moved the logs to Splunk and reviewed it.

Configured and maintained IPSEC and SSL VPN's on Palo Alto firewalls.

Migrating URL filtering policies from Bluecoat to Palo Alto.

Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA.

Configured and implemented dynamic routing protocols, ACL and Object Groups on Cisco ASA Firewall.

Performing packet captures using TCPDUMP, FW monitor, Snoop, Wireshark and other network monitoring tools.

Experience with setting up MPLS layer 3 VPN cloud in data center and working with BGP WAN towards customers.

Configured Routing protocols such as BGP, OSPF, EIGRP, static routing and policy based routing.

Experience in implementing Router redundancy configurations such as (HSRP, VRRP and GLBP).

Creating PVLANs and preventing VLAN hopping attacks and mitigating spoofing with snooping and IP source guard.

Configured BPDU Guard, port-fast, uplink fast and other spanning tree features.

Maintaining Core Switches, creating VLANs and configuring VTP.

Experience in configuring Nexus device 7017, 5020,2248, cisco device 7609,7606 with OSPF and Catalyst 6505,4500,3550 switches with various VLAN.

Experience in coordinating with network engineers and IT-sec in order to gather the necessary information and communicating that with the IT-Sec team regarding unauthorized changes.

Logikos Inc May 15-June 16

Fort Wayne, Indiana.

Sr. Network Security Engineer

Responsibilities:

Configured and Maintained rules on Palo Alto Firewalls (PA-220, PA3060) & Analysis of firewall logs using various tools.

Implemented various security profiles on Palo Alto using Application, URL filtering, Threat Prevention and Data Filtering.

Configuring VLANs/routing/NATing with the firewalls as per the design.

Software Upgrade for Palo Alto Devices and Integrating of Active Directory/LDAP with Palo Alto Next Generation firewalls.

Auditing security policies and optimizing them by using audit tools like FIREMON.

Created and resolved Palo Alto Firewall Rules, Routing, pushed Policy.

Regularly performed firewall audits around Checkpoint firewall solutions.

Responsible for controlling the Network and security device login by using the Cisco ACS server with RADIUS and TACACS+.

Managed Checkpoint firewalls from the command line interface and monitored the traffic using Smart Dashboard.

Experience in migrating Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN experience.

Configuring access-list on Cisco ASA Firewall.

Exposure in deploying security to VPN solution like IPsec (site-site and Client-site) and in contriving SSL-VPN over multiple vendors.

Configured and Managed Cisco IDS/IPS, Cisco secure Intrusion Prevention System (IPS/IDS)

Proficiency in configuration of IPsec VPN and design connection, IPsec tunnel configuration, encryption and integrity of data on Palo Alto and Checkpoint firewall.

Monitoring network for optimum traffic distribution and load balancing using Solar winds

Configure Access List ACL (Std, Ext, Named) to allow users all over the company to access different applications, Internet and compliance to the security policy and standards.

Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution.

Optimized performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.

Managing various activities in setting up Data Centers & Disaster recovery centers.

Configured switches with Port security and 802.1x for enhancing customer security.

WAN infrastructure running OSPF as a core routing protocol.

Deployed switches in high availability configuration with HSRP.

Design and configuring of OSPF, BGP on Juniper router.

Experience in creating engineering configuration, Security Standards, documenting processes and Network documenting using Microsoft Visio.

Highly skilled in TCP/IP tool like TELNET for remote login to the router and SSH for secure login.

Yext Oct 14-Mar 15

New York city NY

Network Security Engineer

Responsibilities:

Working on day to day firewall management activities like troubleshooting, tickets and reviewing firewall polices.

Configured ASA 5540-X Series firewalls to provide highly secure and high-performance connectivity between the site locations.

Administering multiple firewall of Juniper SRX in a managed distributed environment. Fulfilling routine change requests of Juniper OS firewall and resolving trouble tickets, maintain and monitoring firewalls.

Configuring VPN, clustering and ISP redundancy in Juniper firewall.

Responsible for Checkpoint and Juniper firewall administration across global networks.

Hands on Experience on various advanced blades on the checkpoint including IPS, ANTI-VIRUS, ANTI-BOT and Threat Emulation (Sand box environment) and tweak false positives.

Migrated Firewall infrastructure from Checkpoint R65 to Juniper.

Implement the firewall rules using Juniper manager.

Design the firewalls changes using various NAT types in Juniper firewalls like, MIP, VIP etc.

Configured IPSec site-to-site VPN connection between Cisco VPN 3000 Concentrator and Cisco 3800 Router/ Microsoft VPN Server to access certain limited network resources from customer locations.

Defining IKE and IPSEC profiles for IPSEC tunnels with business partners.

Troubleshoot traffic passing managed firewalls via logs and packet captures.

Implement Cisco Secure Access Control Server (ACS) for TACACS+.

GRE tunneling & Site-to Site VPN configuration between other two sites in USA.

Managed multiple security policies to protect the Enterprise's network - Vulnerability Scanners, Malware Detection, Intrusion Detection; Host based Firewalls, SIEM, Web Application Firewall.

Implementation and configuration of F5 Big-IP LTM-6400 load balancers

Design and configuring of routing protocols like OSPF, BGP on Juniper router and SRX firewalls

Implemented, configured BGP routing, redistribution OSPF routes to BGP (OSPF in local routing).

Strong knowledge on route filtering methods such as ACL, Distribution lists, policy maps and Route maps.

Implementation & trouble shooting of complex WAN, LAN, VLANS, private VLANS, high availability solutions like HSRP, VRRP, ether channels.

Working experience with Cisco nexus 7706, nexus 9300, 9372.

Layer 2 switching technology architecture, implementation and operations including L2 and L3 switching and related functionality. This includes the use of VLANS, STP, VTP and their functions as they relate to networking infrastructure requirements including internal and external treatment, configuration and security.

Extensively used TCP/IP tool like TELNET for remote login to the routers and SSH for secure login.

CGI June 13- July 14

Bangalore, INDIA.

Network Engineer

Responsibilities:

Designed and deployed networks using dynamic routing protocol (EIGRP, OSPF and BGP)

Responsible for virus detection and spy ware removal

Conducted and implement Network and software installations and upgrades.

Worked on Spanning-tree outage, OSPF / BGP routing problems, B2B DMZ issues.

Working knowledge of frame relay, MPLS services, OSPF, BGP and EIGRP routing protocols, NATing, sub-netting, also including DNS, WINS, LDAP, DHCP, HTTP, HTML, HTTPS, TCP/IP, UDP, SNMP, OSPF, RIP, IPSEC, PPTP, VLAN, STP (Spanning tree Protocol), RTSP & Multicasting protocols.

Worked on a broad range of topics such as routing and switching, dedicated voice access, planning and implementation, large-scale high-visibility outages, change management coordination, proactive monitoring and maintenance, disaster recovery exercises, and core network repairs.

Supporting EIGRP and BGP based PwC network by resolving level 2 &3 problems of internal teams & external customers of all locations.

Configuring STP for switching loop prevention and VLANs for data and voice along with Configuring port security for users connecting to the switches.

Created VLAN and Inter-VLAN routing with Multilayer Switching.

Working on Network design and support, implementation related internal projects for establishing connectivity between the various field offices and data centers.

Responsible for turning up BGP peering and customer sessions, as well as debugging BGP routing problems.

Performed the ACL request changes for various clients by collecting source and destination information from them.

Configured EIGRP and OSPF as interior gateway protocols with route filtering and route redistribution.

Track IT Solutions Oct 11-May 13

Hyderabad, INDIA.

Jr. Network Engineer

Responsibilities:

Experience in Cisco 7200, 7600 routers, Cisco 2800 3700 series switches: Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).

Performed troubleshooting, while maintaining trouble ticket tracking, following internal/external escalation procedures and customer notifications. Configured Cisco Routers for OSPF, IGRPRIPv2, EIGRP, Static and default route.

Performed scheduled Virus checks and updates on all servers and desktops.

Configuring routers and send it to Technical Consultants for new site activations and gives online support at the time of activation.

VTP and Trucking protocols (802.1q and ISL) on 3560, 3750 and 4500 series Cisco Catalyst switches.

Configured policy based routing for BGP for complex network systems

Configured EIGRP on 2600, 2900 and 3600 series Cisco routers.

Supporting Development team for the access to corporate network and outside world. Providing access to specific IP, Port filter and port access.

Switching (Ethernet) related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel between switches.

Worked on installation, maintenance, and troubleshooting of LAN/WAN (ISDN, Frame relay, NAT, DHCP, TCP/IP).

Implemented SNMP on Cisco routes to allow for network management. Completed the installation and configuration of T1, T3 & OC3 circuits.

Troubleshoot TCP/IP problems, troubleshoot connectivity issues

Contact this candidate