Support Engineer
Resume:
Surya
Austin, TX
***.*********@*****.***
Professional Summary:
Network Engineer focused on Cisco, Nokia IPSO, Checkpoint and Juniper Firewall Products including Installation, day to day administration and support.
9+ Years’ experience with Network and Security Administration.
Implementation of Firewalls including Checkpoint, Cisco ASA, Juniper ISG and SA VPN
Experience with Remote access Juniper SA VPN Platform especially SA 6500, 4500 in Active/Standby Cluster Mode and defining Roles, Realms and Authentication Profiles.
Source fire IPS, AIP-SSM Modules on ASA, Checkpoint IPS Blades etc.
Juniper Netscreen, and Checkpoint.Administration of Netscreen firewalls using NSM (Netscreen Security Manager).
Flexible to work off-hours, weekend schedules and on Call responsibilities.
Eager to learn new technologies and gain experience and capable of quickly learning.
Experience working on Business As Usual requests and work with users on day to day operations.
Education:
Bachelor of Engineering(B.E)-Computer Science
Certifications:
Cisco Certified Network Associate (CCNA)
Checkpoint Certified Security Administrator(CCSA)
ITIL V3 Foundation Certified professional(ITIL)
Technical Skills:
Hardware & OS:
Checkpoint security gateways including 12K Series appliances running GAIA, IP Appliance including 1200, 690, 390 series and Power-1 appliances.
Juniper SA VPN Appliances SA6500, SA 6000, SA 4500 for SSL VPN.
Cisco Intrusion Prevention System IPS including Cisco AIPSSM Modules on ASA 5500 Series appliances and Source fire.
Cisco Networking Hardware 7600, 7200, 3800, 3600, 2800 Series Routers and Cisco 6500, 4900, 4500, 3750, 3560 series switches.
Blue coat SG Proxy for URL Filtering
Juniper IVE OS 7.X, 8.X, Cisco IOS 9.x and 8.x. for Firewalls, Cisco IPS OS 6.X, 7.X Cisco Catalyst OS and IOS 12.x, FWSM 3.X Cisco CSM 4.X.., Cisco Nexus NX-OS 6.X, Checkpoint R65, R70, R71, R75, Gaia Versions R76, R77.10
LAN & WAN:
OSI Layer, TCP/IP, WAN Routing Protocols OSPF and BGP.
High Availability configurations including HSRP, VRRP and Avoiding Loops using Spanning Tree Protocols STP, RSTP, MST. Dot1q Trunk.
Windows & Linux products and features running Windows OS 2003, 2008, 2012 etc
Experience, with DNS, DHCP, NTP, Active Directory Services.
Professional Experience:
Project: KPMG, Austin Oct 2016– Current
Role: Sr. Firewall Engineer
As part of Network Security Engineering team I was responsible for managing Checkpoint Security gateways, Cisco ASA and Juniper SA VPN Appliances.
Manage and support IDS/IPS including AIP SSM Modules on Cisco ASA Firewalls, IDSM Modules on 6500 Switch, IDS 4200 Series. Firewall OS upgrades as well as Signature updates and event management.
Configuring user roles on the SSL VPN based on client groups and support different functionality within the Role and assign to appropriate Realm.
One of my core responsibilities include supporting Remote Access users connecting to Corporate network using Juniper SSL VPN device especially SA VPN Appliance SA6500, SA6000 and support Partners connecting from different WAN links and internet through MPLS and internet to the data centers.
Good knowledge of the operation of Juniper Netscreen SSG-550M, Juniper SRX 650, Juniper SRX 1400, their limitations and deployment scenarios
Migration of IPsec B2B (site to site) VPN tunnels from Check Point running R65 to Cisco ASA 5585x SSP 20 running software version 9.1.2.
Actively configure and use Network Connect in both Split tunnel mode and FULL Tunnel Mode (ESP) as well as use other features such as JSAM for all secure access from remote client PC at various business partner locations towards the Corporate Data Center (Both Primary and backup)
Web URL rewriting with Selective Rewriting, Pass-through Proxy (SAML arch) and Rewrite Filters
Real-time monitoring in Sentinel event management (SIEM) tool.
Configure and support more than 12 Cluster nodes of SA 6500, SA 6000 and SA 4500 devices.
Work with users to identify and troubleshoot connectivity issues and run Policy Tracing, review logs and capture packets on the SA VPN Appliance.
Configuring HA pairs using Active Standby Clustering and configuring VIP address
Build Checkpoint Security Gateway’s from Scratch and set up in High Availability.
Configure and troubleshoot Checkpoint software blades such as Identity Awareness
Experience building firewalls at the data center and implementing the policies
Configure Clustering Active/Standby using ClusterXL and troubleshoot sync issues
Firewall Policy Provisioning using Change management procedures.
Firewall objects (network/services) and policy Optimization and Rule clean up as well as
Day to Day operational support for user requests being submitted through Service Manager ticketing system.
Deploying Firewall Policies in a distributed environment with hundreds of Security gateways.
Working with Client to comply with PCI compliance and remediation as required.
Experience working with Checkpoint Gaia R77.10, R76, R75.47 and R75
Perform Security gateway and Smart Center upgrades and ensure the Smart center has the highest package (follow Checkpoint recommendation).
Managed multiple virtual instances of gateways and vpn peer on Check Point VFX devices.
Setup of Cisco Security Manager Server on virtual machine running on VMware vSphere.
Integration with Active Directory Servers, Radius Servers on the backend.
Documentation of migration process and MACD on CSM, ASDM and CLI.
Following ITIL process of creating, updating and closing change request on BMC remedy.
Project: eBay, Austin Mar 2013– Sep 2016
Role: Network and Security Engineer
As part of Network and Security team responsible for managing Internet and Extranet segment of the hosted environment in the data center for multiple clients
Installation Configuration and Troubleshooting of Cisco ASA, Checkpoint Security Gateways as well as Firewall blade module FWSM on 6500 Switches in the network.
My role is more focused on Remote Access support to various Partners connecting from different WAN locations via MPLS and PTP circuits to the data centers. These users are semi trusted hence their access has been restricted as per their role and access requirements from Line of Business.
Defining user roles on the SSL VPN based on business groups and support functionality.
Network Connect configuration and troubleshooting with and without split tunnel.
Troubleshooting Authentication and Role Assignment issues on SSL VPN.
Configuring SSL VPN roles and Realms and associated to appropriate Authentication profiles.
Actively configure and use JSAM for all secure access from remote client PC at various business partner locations back to the data center.
Configure and support more than 16 Cluster nodes of SA 6500, SA 6000 and SA 4500 devices.
Web URL rewriting with Selective Rewriting, Pass-through Proxy (SAML arch) and Rewrite Filters
Firewall Policy provisioning and work with firewall requests submitted by users through change system.
Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard.
Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using smartview monitor etc. Command line troubleshooting for packet level debug.
Cleanup and Optimize firewall rule base and database. Reorder rules for optimal firewall performance.
Manage global objects and policies through provider-1 GUI as well as MDS management.
Performed Checkpoint Firewall changes using the Smart Dashboard NGX R65, R70 and R75.
Performed Installation, configuration and troubleshooting of Checkpoint security gateway and manage through Smartcenter. IP Appliances and SPLAT based gateways.
Performed Security Gateway upgrades from R65 up to R75.
Clustering of Checkpoint firewalls using Nokia VRRP (IP Appliances) as well as Cluster XL.
Upgrade of Smart center and ensure synchronization between Primary and standby smart centers.
Use Smartview Monitor for configuring SAM Rules as well as monitor health of Firewalls.
Firewall policy management and support on Cisco ASA and Checkpoint Firewalls.
Build and support Site to Site VPN with various business partners.
Use command line utilities such as Tcpdump to collect more detailed logs while troubleshooting the flow of traffic on the checkpoint security gateways.
Installation and configuration and troubleshooting of Juniper Firewalls especially SRX and Netscreen
Bluecoat SG Proxy administration and support for URL filtering.
Configure White/Black list of URL’s based on client requirements as well as Guest profile set up on Bluecoat.
Configuring and managing Nexus Vulnerability Scanners and review the vulnerabilities in the network
Configuration and support of Nexus 5k, 7k switches
Track changes made to firewall access rules and objects using Tufin. PCI Remediation.
Support routing protocols including BGP and OSPF routing, High availability using HSRP, VRRP, load balancing/failover configurations, GRE Tunnel Configurations, VRF configuration and support on the routers.
Documentation and draw network diagrams using MS Visio and use SharePoint portal as site repository.
Client: Dell, India Jan 2008- Dec 2012
Role: Network Security Engineer
Day-to-day work involves changes on the Checkpoint Firewall using the Smart Dashboard R65, R70, R71 and R75 software and connecting via Smart Center management.
Responsible for managing and supporting network and Security at the Data center.
Level 3 support for Firewall and Network security related events
SA VPN 4000 Appliance support for remote users (Vendors and Offshore Delivery Centers)
Managed more than 6 Pairs of SA 4000 Clusters nodes.
Configure and support Network connect and JSAM installations
Active passive clustering for High Availability.
Vlan design and implementation, Spanning Tree Implementation and support
Netscreen Firewall implementation and support.
BGP configuration and troubleshooting for ISP failover.
Configuring NAT and PAT on the Cisco ASA Firewalls.
Deployed Syslog servers to allow proactive network monitoring.
VLAN Segregation and Inter Vlan routing.
Change and Incident Management using HP Service Manager. Schedule day to day firewall related changes and seek CAB approval if required for production impacting changes.
Firewall policy administration and support on Checkpoint as well as Cisco ASA Firewalls.
Firewall OS upgrades and Maintenance of OS updates as part of addressing Vulnerabilities on Firewalls
Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard. Configure and support checkpoint SmartCenter features including Smart View Tracker, SmartView Monitor, Smart Provisioning.
Troubleshooting connectivity issues on the firewall using smart view tracker, monitor health of the appliance using SmartView monitor etc.
Supporting more than 150 Site to Site IPsec based VPN Tunnels for all B2B and 3rd party communications
Implement and support Netscreen/Juniper SA 4500 SSL VPN Solution, ISG for DMZ solution.
SA VPN 4000 Appliance support for remote users (Vendors and Offshore Delivery Centers)
ITIL Based Service Delivery and Management.
Support Disaster Recovery for the applications between Primary and DR Data center locations.
Work on Routing and Switching on the third party segment using Cisco based Routers and switches. Work on IDSM modules Cisco 6500 switches
Deployed Syslog servers to allow proactive network monitoring.
VLAN Segregation and Inter Vlan routing.
Configuring Perimeter firewall and support Site to Site VPN tunnels.
Configured Client VPN technologies including Cisco’s VPN client via IPSEC.
Review firewall policies on regular basis for audit compliance and ensure to follow best practice for firewall deployments.
Centralized Fortinet Firewall Policy Management using FortiManager. Provision Zone based Firewall policy deployment and centralized and shared object database and rule sets.
Identify Firewall Ports required for application using Smart view Tracker as well as CLI logging and debugging features.
Contact this candidate