Pavan Kumar Ciddula
Mobile: 321-***-****
Email: *******.**********@*****.***
********.**@***.***
Summary:
Over 7 years of experience in Design, Development, Implementation, Installation, Migration, Trouble shooting and Maintenance of Network Systems.
Experience in Managing and deploying Cisco PIX, ASA firewalls, Checkpoint, Palo Alto and F5 devices.
Handled LAN environment involving HSRP, VLAN Management with VTP, Trunking and Spanning Tree protocol functionality to check for any loops and mis-configuration.
Experience testing Cisco routers and switches in laboratory scenarios and deploy on site for production.
Proficient in configuration of routing protocols like RIP, IGRP, EIGRP, OSPF multiple areas and BGP.
Experience in Designing and deploying Cisco PIX 506/515E, 525 and ASA Firewall 5505, 5510, 5540, 5500 series.
Experience in configuring Address translation and Access list rules.
SSL VPN, Cisco any connect VPN, Cisco VPN Concentrator for remote access VPN.
Experience in deploying site-to-site VPNs over IPsec and GRE.
Worked on Palo Alto Firewall models like PA2020, PA-2050, PA-3050, PA-3060, PA-4000, PA-5020, PA-5050, PA-7080.
Experienced in creating Anti-Virus, Anti-Spyware, Vulnerability, Data filtering, Wildfire profiles in Palo Alto Firewalls.
Experienced in creating application filtering and zone based rules in Palo Alto Firewalls.
Experience on Checkpoint Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77.
Experience in designing and deploying Checkpoint Provider-1 NGX, Checkpoint Clusters with Nokia IPSO, GAIA OS and configured CMAs.
Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.
Experience and Strong knowledge on Juniper SRX240, SRX220, SRX550 series firewalls and Juniper Netscreens Firewalls like, NS50,SSG 550M, SSG520M, ISG 1000, ISG 200.
Experience in migrating Firewalls from one vendor to other vendor like Netscreen to Checkpoint.
Experience in various tools like AlgoSec, solsoft for role analyzing and rule monitering.
Worked on F5 Local Traffic managers (LTM), Global Traffic Manager (GTM) of series 8900, 6400, 6800, 3400, 5100, 3600 and 3DNS migration to GTM
Proficient in configuring F5 based profiles, monitors, VIP’s, pools, pool members, iRules for virtual IP’s.
Hands on experience dealing F5 LTM/GTM of 5100, 6400, 6800 for a Server and site load balancing environment.
Experience in applying hotfixes to remediate security vulnerabilities or bug fixes.
Hands on experience with QKVIEW in F5 networking tools for analyzing the real time traffic flow of the packets, TCPDUMP, SOLARWINDS, SPLUNK for network monitering and troubleshooting tools.
Expertise in IP subnetting and worked on various designing and allocation various classes of IP address to the domain.
Implementing standard security measures on all the Routers and Switches. Configuring AAA on all network devices with TACACS+ using Cisco ACS.
Extensive experience in Layer 3 routing and Layer 2 switching and dealt with router configurations like 7200, 3800, & 2800 and switches 6500, 4500, 3850,3650, 2900 and 3500XL series
Excellent in documentation and updating client’s network documentation using VISIO.
Excellent customer management/resolution, problem solving, debugging skills and capable of quickly learning, effectively analyzes results and implement and delivering solutions as an individual and as part of a team.
Capable of working independently with minimal multitasking.
Excellent communication skills to interact with team members and support personnel
Experience with ongoing management and supported network infrastructure in a large environment.
PROFESSIONAL CERTIFICATIONS:
●Cisco Certified Network Professional (CCNP).
●Cisco Certified Network Associate (CCNA).
●Checkpoint Certified Security Administrator (CCSA).
●Palo Alto Accredited Configuration Engineer (ACE).
TECHNICAL SKILLS:
Routers: Cisco Routers (ISR) 1800 series -1841, 2600 series -2621,3600 series, 7200 and 7500 series.
Switches: Cisco Switches 1900, 2900 catalyst 2950, 3500 catalyst – 3550, and 4849 series.
Security & VPN: PIX 500 Firewall, ASA 5500-x Firewall, FWSM, CISCO CSM, ACL- Access Control List, IPS/IDS, NAT, PAT, CISCO ACS, Checkpoint, RSA SecureID, SRX,SSG series firewalls.
Palo Alto Next Generation Firewall (NGFW) and VPN.
Load Balancer: Cisco CSS, F5 BIG-IP LTM, GTM, ASM.
Routing: OSPF, EIGRP, BGP, RIP-2, Static Routing, Route Filtering and Redistribution, Summarization.
Switching: VLAN, VTP, STP, Inter VLAN routing & Multi-Layer Switching, Multicast Operations, Layer 3 Switches, Ether channels, HSRP, VRRP.
LAN: Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, CDDI, Token Ring, ATM LAN Emulation.
WAN: Leased lines PPP/HDLC, Channelized links (E1/T1/E3/T3), Frame Relay, ISDN, and Load Balancing.
PROFESSIONAL EXPERIENCE:
3M Co, Maplewood, Minnesota April2017-Present
Role: Network Security Engineer
Roles & Responsibilities:
Design, Implement and troubleshoot of Checkpoint UTM’s in multiple 3M sites.
Hardware refresh and Patching.
Implementing Network Access Control (NAC) for wired and wireless networks in each location based on 3M standards.
Building and dashboarding Check Point UTMs - Firewall, Anti-Virus, Anti-Bot, IDS/IPS, Advanced Routing (OSPF), Identity Awareness, and Application Control.
Code Upgrades from 75.46 to 77.20/77.30, 77.10 to 77.30 and from 77.20 to 77.30.
Built and deployed New Checkpoint GAIA gateways (2200, 3200, 4200, 4600, 4800, 5600, 12600), and GAIA Embedded (1100, 1400).
Policy design and implementation for NAC.
Submitting DNS, RADIUS and DHCP request and work with appropriate teams if necessary to troubleshoot and ensure proper functionality of submitted tickets.
Implementation of HA environment using ClusterXL.
Licensing of checkpoint UTM’S on User center.
Implemented the numerous firewall local and global rules on the Checkpoint with both Hide Nat and Static NAT.
Implemented NAC interfaces and OSPF routing on UTM’s.
Upgrading Checkpoint UTM’s with zero down time.
Worked on rule base verification, cleanup of redundant rules, deploying Global and Local rules on UTM’s for optimal firewall performance.
Creating new gateway clusters under multiple CMA’s in Provider-1, handled Migration of Firewall objects from one CMA to another CMA and ensuring it’s running in active/standby mode.
Submitting firewall change request and obtain DCAB and TCAB approvals to push the firewalls changes while maintaining security standards.
Applying and updating Hot Fixes from take 180 to 198/286, from 198 to 286 on UTM’s.
Configured policy based routing for specific traffic, route filtering with route maps and route redistribution.
Testing and monitoring the version upgrades, Hot Fixes and patches in lab UTM’s and ensuring the behavior of Firewall and Implement it in production environment.
Maintaining Firewall Inventory record and updating new devices in 3M custom portal ITSM (HP manager tool) to keep track of devices in the network.
Implement network security, firmware upgrades, and LAN refreshes as per 3M requirement.
Perform peer reviews for documentation and Implementation plans.
Involved in finalizing the design for Corporate Wireless Network Access for NAC solution.
Provided helpdesk training and facilitated the handover of NAC Project to the managed services provider.
Undergone Agile training to overcome problems and rearrange priorities as business needs arise.
Wells Fargo, Winston-Salem, North Carolina Nov2015-March2017
Role: Network Security Engineer
Roles & Responsibilities:
Firewall engineer managing policies in Checkpoint and Cisco firewalls, independently holding the responsibility of deployment process at enterprise level for compliance assessment across the board.
Extensively worked with Cisco PIX & ASA (5500/5510/5540/5580) Series Firewalls, Check Point R75.30 & R77.10 versions.
Worked with Production and Non-Production firewalls, supporting change controls happening after the Critical Online Window and establishing all the changes during the change window.
Handling rule base verification of existing rules using tools related to Wells Fargo Line Of Business
Implemented the concept of Virtual firewalls (Contexts) in ASA and migrated configuration to new context firewalls.
Administrated Firewall security policy, monitoring, and logging functions using proper change management process
Maintained the security standards across the security devices as per the security policies.
Extensively worked on Cisco Security Manager to deploy the ACL’s, NAT rules and adding new routes on Cisco PIX/ASA Firewalls.
Updated global policies by creating new global object groups new subnets and also maintained infrastructure changes to firewalls.
Cisco ASA, PIX phase out to Palo Alto, Check Point replacements.
Worked extensively on Data Center Palo Alto firewalls.
Engaged in Palo Alto Rule changes PA-2000/PA-4000, templates, object creation, planning, configuration changes, OS upgrades, troubleshooting.
Involved in migrating Global policies in Palo Alto Firewalls like PA-3060 and PA-7080 in Lab environment.
Worked on Palo Alto firewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone based integration, and analyzing syslog’s, and utilizing wild fire feature in Panorama 7.1.
Worked on the migration of policies and rules from interface based to Zone based i.e., from Cisco to Palo Alto Firewalls.
Experienced in managing Palo Alto firewalls rules, black list white list, URL database and content filters.
Managed Checkpoint R65, R71 and R75 Provider-1 on Multiple CMAs updates, configurations, OS upgrades and CLI troubleshooting, rule re-ordering and optimizations.
Worked on Policy changes in Smart Dash board for creating ACL’s, NAT rules, new objects, groups, networks and ports and also Installing rules according to change window.
Expertise in using Smart Log and Smart View Tracker in checking the real time traffic flow and also to make use other Smart Console tools during troubleshooting.
Directly worked with customer side application team to identify the right ports on the application and to obtain security board approvals to open the respective secured ports on the firewalls.
Worked on FireMon Security Manager 7.3.10.3 for administration of device analysis, reports and compliance of firewalls, routers and traffic behaviour based on the usage of existing, expired and hidden rules and objects.
Analyzing the logs on weekly and monthly basis generated by the appropriate devices which are subjected to monitor by FireMon Security Manager
Worked on LogLogic 5.5.1 Application to pull out the Cisco Firewall real time logs in trouble shooting sessions based up on the usage of objects, servers, protocols and ports.
Worked on Splunk 6.3.1 and 6.4.4 Applications which went replaced LogLogic, Implemented in Phase-II of Project line.
Configured systems log on the Palo Alto firewall and moved the logs to Splunk.
Involved in configuring and implementing rules on SideWinder Firewalls in Transparent mode, which made used by minimal applications to meet certain application requirements.
Critical applications made use of MacAfee Transparent Firewalls to maintain their confidentiality and Integrity of Bank.
Worked with direct customer based on the tickets raised and the change request made by Line of Business.
Maintained good Customer Relation Skills & Troubleshooting skills in a production based environment.
Supported National and International firewall Production deployments irrespective of time.
XDIN technology, Greensboro, North Carolina. Jan2014-Oct2015
Role: Sr. Network Security Engineer
Roles & Responsibilities:
Plan Design and assist in deploying enterprise wide Network Security and High Availability Solutions for ASA.
Extensively worked on Cisco Firewalls, Cisco PIX (506E/515E/525) & ASA (5500/5510/5540) Series.
Analyzing firewall change requests and integrating changes into existing firewall policies while maintaining security standards.
Adding policies on Palo Alto networks like PA-2020 for URL and data filtering for specific user groups.
Performed administration on Palo Alto NGFW and also creating policies, users, VPN connections etc.
Worked with Palo Alto firewalls PA 3050/5020/5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
Migrated and configured Cisco ASA 5505, 5510 to Palo Alto PA-2020, PA-2050.
Monitored threats and traffic on Palo Alto NGFW.
Updated Palo Alto NGFW PAN-OS, Threat databases and filters as required.
Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls with MS Visio.
Worked with Checkpoint Provider – Version R65, R71, Nortel and Juniper on Nokia blades, and CISCO Security Appliances.
Performed PCI/SOX audits on firewall rule bases with compliance team.
Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation.
Conducted post attack analysis on system logs/images to determine intruder point of entry and other indicators used in the development of IDS/IPS signatures against threats.
Responsible for the configuration, deployment, and monitoring of commercial/open-source DoD network-based IDS/IPS in the collection, initial review, prioritization, and distribution of associated events and information for analysis or incident response.
Developed numerous IDS/IPS signatures to help protect the network and respond quickly to network attacks with an emphasis on the Advanced Persistent Threat.
Deployed AlgoSec Firewall analyzer and management for reporting /verification of rules and pushing rules from a centralized management.
Configured Site-Site VPN on Palo Alto, Checkpoint, Cisco ASA.
Troubleshoot network access problems, Strong TCP/IP understanding, Debugging Checkpoint Firewall and Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists and Route Maps
Deployed BIG IP Enterprise manager to cluster all the F5 LTM, GTM, devices for easier management and common configurations
Worked on applying hotfixes and security vulnerabilities for F5 version 11.x.
Involved in migration of F5 Local traffic managers of LTM 5100 series to LTM 6800 series.
Created complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
Perform SSL Offloading on LTMs and web accelerators with 2048-bits VeriSign certificates. Also, renewing certificates to ensure the security of websites.
Creating VIP’s, Pools and Persistence profiles on F5 LTMs version 10.x and 11.x.
Worked on various router platforms such as Cisco 17XX, 18XX, 26XX, 28XX, 37XX, 38XX, 39XX, 72XX & 76XX series.
Configuration of Vlan’s, VTP’s, enabling trunks between switches.
Worked on extension of VLAN from one network segment to other segment between different vendor switches (Cisco, Juniper).
Deployed and managed Checkpoint GAIA, R65, R71, R75 and migrated to Checkpoint Provider 1 platform.
Monitoring the HA state constantly using the smart dashboard and cphaprob state command.
Configured Cisco Nexus switches 7000, 5000, 2000 series for ESF (Enterprise Server Farm) Environment.
Testing and validating new solutions in lab before deploying them to customers.
Provide on-call support on a bi-weekly rotation
Documenting the changes on the network infrastructure management.
hCentive,Inc, Lakewood,Colorado. Aug2013-Dec2013
Role: Network Security Engineer.
Roles & Responsibilities:
Worked in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design.
Worked on ASA and ASDM configuring the ACL’s and monitoring.
Redesigned the Cisco ASA firewall application inspection policies to ensure use of Layer 7 deep protocol inspection and validation in addition to Layer 2 – Layer 4 firewall rules.
Administrating Palo Altos, Adding and Modifying rules and policies in Palo Alto networks.
Implemented many number of security policy rules and NAT policy rules on Palo Alto, created Zones, Implemented Palo Alto Firewall interface and VLAN.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
Exposure to wild fire feature of Palo Alto.
Configured packet capturing and SSL decryption on Palo Alto.
Integrated Cisco Security Manager with Cisco ACS Server 4.1.
Created AAA configuration template for Cisco ASA firewalls.
Configured RADIUS or TACACS+ authentication on Cisco ASA firewalls Configured ASA NAT with for outbound PAT or static NAT.
Monitoring the health of the devices and availability using solarwinds.
Multipoint VPN: IPSec, IKEv2, DES, 3DES, AES (-128, -192, -256), Pre-Shared Key, X.509v3 Certificate, MD5, SHA-1, NAT-T, firewall rules for each VPN connection, configuration assistance via web interface.
Worked on Checkpoint Firewall version R75 on daily operations such as access through the firewall, rule verification and cleanup of redundant rules.
Drafting and installation of Checkpoint Firewall rules and policies.
Handled deployment and management Checkpoint Firewall versions like GAIA, R60, R65, R70, R71, R75.
Involved in troubleshooting of DNS, DHCP and other IP conflict problems.
Worked on F5 LTM series 6400, 8800, 8900 and GTM 8900 series for the corporate applications.
Configure and troubleshoot F5 OS version 9.x, 10.x and 11.x.
Performed Software Upgrade on Cisco Nexus switches 7000, 5000, 3000 series
Configured Cisco Nexus switches 7000, 5000, 2000 series, Cisco Catalyst switches (6500, 2950, 3750) and routers (2800, 2600) in the network.
Worked on implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP and MST.
Worked in Implementation of HSRP, VRRP for Default Gateway Redundancy.
Worked on Juniper J series j230, M 320 routers and EX 3200 series switch.
Worked with Nexus 7010, 7018, 5020, 2148, 2248 devices.
Redberry Technologies, India Oct2012-July2013
Role: Senior Network Engineer.
Roles & Responsibilities:
Troubleshot Cisco hardware: Inspected devices, Read device LEDs, loose connections, interior IOS upgrade, switch port configuration, port monitoring, watch over Flooding Control/Network port.
Identifying technical problems and debugged hardware and software related to LANs/ WANs.
Switching related tasks included implementing VLANS, VTP and configuring ISL trunk on Fast - Ethernet channel between switches
Strategies include operating systems, virus protection, mail systems and Internet services.
Upgrades and backups of Cisco router configuration files to a TFTP server.
Troubleshooting of all kind of problem related to Access-Network in fiber rings & Installing FMS.
Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
Configured Cisco Routers 2600 series using RIP, OSPF, and EIGRP.
Traffic prioritization and shaping done with BGP attributes (Local preference and MED).
Implemented HSRP between Core switches and backbone routers.
Monitoring the Network condition using SNMP protocol about the WAN connection, Switch status, printer server, and controlling projectors and other equipment remotely.
Worked with service providers for resolving post migration issues.
Configured and troubleshooting Default-route, Implemented VLAN and Inter-vlan, DHCP server, NAT, PAT in a small network environment.
Installation, Configuration and Administration of Windows 2003 Server and windows XP Professional.
Zen technologies, India Aug2011-Sep2012
Role: Network Engineer
Roles & Responsibilities:
Maintaining the Network Infrastructure, Installation, migration and configuration of routers and switches for clients.
Provide alternative means from dial-up connection to bring down the damage or loss that occurs for the client.
Systems Integration in Wide Area Network using Cisco Routers, Switches, and access servers over E1 leased Lines and ISDN.
Auditing and updating DNS entries for all servers, and also updating server inventory database.
Worked on Cisco 2300, 2800, 2900 series Routers and Cisco 1600, 2900, 3000, 4000 series switch.
Restricts access to network using ACL.
Deployed Cisco Wireless Controller Cisco 5760, 5500 series.
Worked with switches to map IP addresses with MAC addresses and updating all switching host information.
Routing Protocols (RIP, RIP V2, IGRP, EIGRP, OSPF), Virtual LANs, LAN, WAN and Ethernet.
Frame Relay, ISDN, PPP, HDLC, Network Troubleshooting using CLI Show commands, PING, Trace route, telnet.
Interacted with internal clients to resolve basic help desk connectivity issues.
Worked with switches to map IP addresses with MAC addresses and updating all switching host information.
Installation of Windows 2000/2003 servers on HP ML 350 and Dell Power edge servers.
Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
Experience in Cisco switches and routers like Physical cabling, IP addressing, Wide Area Network configurations.
Provided comprehensive desktop and network support, resolving technical issues.
EDUCATIONAL QUALIFICATIONS:
Bachelor of technology (Electronics and Communications), Jawaharlal Nehru Technological University, India.
Master of science (Computer Engineering), Florida Institute of Technology, USA.