Shoaib Syed
*****.***@*****.***
Having around 7 years of experience in routing, switching, firewall technologies, systems design, and administration and troubleshooting.
Experience in Supporting and troubleshooting Checkpoint (R80, R77 Gaia, R75, R70, R65, Provider-1, VSX, SPLAT, Cluster XL, Smart Center Server) Juniper (SRX, JUNOS, ScreenOS, Netscreen SSG and NSM), Palo Alto (Pa-500, PA-3k,PA-5k, PA-7k, VSYS and Panorama) and Cisco firewall (ASA 5550, 5540, 5520, FWSM,5585 with Firepower module, VPN 3000 concentrator, PIX 535, CSM and ASDM) technologies.
Strong hands on experience in installing, configuring and troubleshooting of Cisco 7600, 7200, 3900, 3600, 2900, 2600, 2500 and 1800 series routers, Nexus 3k, 5k series, Cisco Catalyst 6500, 4500, 3750, 2950 and 3500XL series switches.
Configure High Availability Checkpoint Cluster XL on VSX as well as perform Upgrades.
Performing migrations from Cisco PIX to ASA, Juniper SSG to SRX and Checkpoint to Palo Alto firewalls.
Performed device upgrades, software upgrades on firewall devices and network devices.
Configuring Checkpoint Firewall in IPSO, Secure Platform and GAIA platforms.
Expertise in Designing, implementing and configuring virtual device contexts (VDC’s), virtual port channels (VPC’s), and virtual routing and forwarding instances (VRFs).
Experience in implementing site-to-site, remote access VPN, DMVPN Technologies using GRE, IPSEC & MPLS.
Expertise in Cisco ACS and Cisco ISE Authentication, Authorization and Accounting Protocols. Expert Hands On Experience in Cisco ACS & Cisco ISE for 802.1x, AAA Configurations.
Performing packet captures using Wireshark, TCPDUMP, FW Monitor and Snoop during troubleshooting.
Perform firewall rule audit and optimization using Tufin, Firemon and Algosec.
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability.
Experience in L2/L3 3 protocols like VLAN’s, STP, RSTP, PVSTP+, VTP, MPLS and Trunking protocols.
Worked with Cisco ASA security appliances including Sourcefire, FirePOWER services, and Fire Sight Management Console.
In-depth knowledge in designing, implementing, configuring with best practices on NexGen IDS/IPS Firewalls such as Palo Alto, Cisco Firepower (Sourcefire).
Identified the vulnerabilities and non-compliant issues in the network and applications using Nessus vulnerability scanners and IBM Qradar, Splunk SIEM tools.
Highly enthusiastic, creative team player, project implementation, analytical, interpersonal and communication skills
CERTIFICATIONS:
Cisco Certified Network Associate (CCNA)
Checkpoint Certified Security Administrator (CCSA)
Palo Alto Accredited Configuration Engineer (ACE)
EDUCATIONAL BACKGROUND:
Bachelor of Engineering in Information Technology– Osmania University, India.
PROFESSIONAL EXPERIENCE:
Client: SAP America, Palo Alto, CA Jun 17– Current
Network Security Engineer
Install, upgrade and configure Next-Gen Palo Alto Firewall series PA-500, 3000, 5000, 7000.Installed Palo Alto PA-3060 Firewalls to protect Data Center.
Configuring rules and maintaining checkpoint VSX, Palo Alto Firewalls & Analysis of firewall logs using various tools.
Upgrading the code from Pan OS 7.1.X to 8.0.X. Experience working on Panorama M100. Migration from Cisco ASA to PA firewalls.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
Design, Build, and Implement various solutions on Check Point Firewalls (R75, R77.30), Blue Coat Proxies, F5 Load balancers and F5 Global Traffic Managers.
Management of security solutions including Symantec Endpoint Protection and Sourcefire, Firepower.
Strong hands on and exposure to Checkpoint, Cisco ASA & Palo Alto on a regular basis
Deployed Cisco ASA Firepower Services Delivers cultivating rapid threat detection and mitigation using Cisco Sourcefire IPS with AMP.
Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Fortinet and Palo alto appliances serving as firewalls and URL and application inspection
Implement and maintain IPS/IDS systems using Cisco Firepower appliance
Created virtual systems (firewalls) in the Palo Alto and Checkpoint firewalls.
Configuring VPN, clustering and ISP redundancy in Checkpoint firewall
Migration from Cisco firewalls to Palo Alto firewalls platforms PA -5000, series (5060/5050/5020), PA 4000 (4060/4050/4020) and PA 500 and PA- 200 firewalls
Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Check Point firewalls
Tune Sourcefire on Unclassified and Secret systems for false positives on Unclassified systems and secret.
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 5000
Strong knowledge and understanding with IPsec, Remote Access VPN, and Source Fire IPS.
Configured F5 Big-IP LTM and GTM. Responsible for troubleshooting of F5 load balancers.
Experience in Evaluating existing policies and optimizing the rules based on current corporate requirements
Knowledge on usage of Queries in Smart View Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
Implemented new Cisco Firepower IPS modules in Cisco ASA’s, tied to a Firepower Management Center.
Performing creation and deletion user accounts and global group’s creation in global policy in Provider-1.
Upgrading and applying hot fixes to checkpoint firewalls in the maintenance window.
Experience working with BGP attributes such as Weight, Local-Preference, MED and AS-PATH to influence inbound and out bound traffic
Performed code upgrade from R77.30 to R80 in a lab environment.
Worked on the Tufin in cleaning up the rule base and optimizing it from time to time.
Added, Removed and Updated custom properties within SolarWinds Orion in line with applicable Configuration Management processes & procedures
Client: AFN, Niles, IL Jan’ 16 – May ‘17
Sr Security Consultant.
Maintained multi-vendor firewalls Paloalto 3k, 5k and 5k series firewalls, Checkpoint 12k and 15k appliances, Checkpoint R77.30, R75, Cisco ASA 5540, 5585 firewalls with firepower and Juniper SRX 540, 1400 series firewalls.
Implemented Cisco Firepower NGIPS, Imperva WAF, OOB solutions, perimeter protection, DMZs
Edge Security design and implementation of Cisco ASA security appliances with Firepower services.
Implementing firewall rules using Palo Alto panorama, Checkpoint smart dashboard, Provider- 1, Cisco CSM and Juniper NSM.
Worked on Paloalto APP-ID, User-ID and other security profiles like Anti-virus, Threat Prevention, URL-filtering and Wildfire etc.
Perform testing of all SourceFire IPS/NGFW appliances and open source snort. Create packet captures and snort rules to test SourceFire sensor operation and verification of traffic.
Create separate test cases for the SourceFire product and OpenSource Snort for manual as well as automated testing.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewalls and Juniper firewalls.
Provided Tier 3 support on SourceFire IPS/NGFW sensor placement and deployments.
Performing backups and upgrades from time to time on different type of firewalls mostly on Palo Alto and Cisco ASA firewalls.
Performed firewall migration from Cisco ASA platforms to Paloalto firewalls using Paloalto conversion tool
Worked on extensively on troubleshooting multiple issues and driving Incident calls to resolution by doing packet capture techniques and performing other troubleshooting scenarios.
Installing and configuring F5 LTM load balancer in Active-Standby mode and Creating Virtual Servers, VIP’s and server pools based upon application requirements.
Worked on the Bluecoat proxies for URL and content filtering solutions.
Used SIEM tool called Splunk SIEM tool to Analyse firewall logs and incident event analysis.
Performing Firewall rule audit and Firewall policy optimization using Tufin analyzer tool.
Working on trouble tickets in remedy ticketing system which comes to our queue.
Participating in 24*7 on-call support and implementing changes in different time zones as per the client requirements.
Gathering information and co-ordinate with business before we migrate checkpoint to Palo Alto firewalls.
Client: First Data, New Castle, DE Jan 14 – Dec 15
Network Security Engineer
Responsibilities:
Implementing Security Solutions in Juniper SRX and Netscreen SSG firewalls by using NSM.
Implementing and troubleshooting firewall rules in Checkpoint R77 Gaia, R75.40, VSX also managing 15k, 41k series checkpoint appliances, Open servers as per the business requirements.
Performing creation and deletion user accounts and global group’s creation in global policy in Provider-1.
Adding firewall rules in checkpoint smart dashboard as per user requirements.
Knowledge on Checkpoint- management and logging server R75, R77 Gaia OS.
Perform device upgrades, configuration changes, tuning, analysis, and troubleshooting on the following security platforms: Sourcefire IPS, Cisco IPS, Cisco FirePower, Tippingpoint, McAfee Intrushield, Checkpoint IPS,
Performing backups and upgrades from time to time on different type of firewalls mostly on Checkpoint and Cisco ASA firewalls.
Updates at OS level, firmware and application level on Check Point, Juniper, Cisco, Sourcefire Devices.
Adding zone based rules in Juniper SRX and netscreen SSG firewalls as per client requirements.
Upgrading and applying hot fixes to checkpoint firewalls in the maintenance window.
Hands-on experience on Cisco ASA Firewalls - ASA 5540, 5550, ASDM, CLI, Firepower, Sourcefire IPS/IDS.
Built and manage firewall high availability using Checkpoint cluster XL.
Building site to site VPN and any connect VPN connections using Cisco ASA firewalls.
Lab Implementation of multiple security contexts in ASA firewalls and Checkpoints configures redundancy (Active-Active failover and active-standby failover) among them
Troubleshooting the VPN tunnels by analyzing the debug logs and syslog’s in firewalls.
Performing Firewall rule audit and Firewall policy optimization using Tufin analyzer tool.
Implementing and configuring F5 LTM’s for VIP’s and Virtual servers as per business needs.
Configured ACLs in Cisco 5550 ASA firewall for Internet Access requests for servers, Protocol Handling, Object Grouping and NAT Control using Object NAT.
Working on trouble tickets in remedy ticketing system which comes to our queue.
Worked on the migration project of Converting old PIX firewalls into new ASA firewalls.
Migrated Legacy Netscreen SSG firewalls to SRX firewalls for couple of environments.
Adding Websites to the URL filtering block list in Bluecoat Proxies and upgrading firmware on the bluecoat proxies.
Configuring and managing Checkpoint UTM applicants.
Knowledge of modifying and maintaining the bluecoat Proxy Pac files.
Maintenance of Cisco ACS server - Authenticating, Authorization and Accounting for several Network Devices in the environment
Performing packet captures using TCPDUMP, fw monitor, Snoop, wireshark and other network monitoring tools.
Used SIEM tool called Splunk SIEM tool to Analyse firewall logs and incident event analysis.
Continually monitor, assess and improve network security, test and implement new security technologies.
Participate in all technical aspects of LAN, WAN, VPN and security Internet Service projects including, short and long term planning, implementation, project management and operations support as required.
Participating in 24*7 on-call support and implementing changes in different time zones as per the client requirements.
Client: Shell Networks & Solutions, Hyderabad, India Sep’11 – Dec ‘13
Network Support Engineer
Responsibilities:
●Maintenance responsibilities included software & hardware installation & configuration
●Maintaining and creating login credentials, privacy settings and user privileges for the employees in the company.
●Replacement of the older routes and switches with new routers and switches with the configuration set up.
●Tasked with Implementation, Troubleshooting, and Tuning Sourcefire Cisco Firepower Intrusion Prevention System(IPS).
●Assigned a task to set up their LAN. Worked on the entire project from cabling to IP addressing assignment.
●Configured and maintained Cisco 2500, 4000, 7000 and 7500 Series Routers as well as Catalyst 5000 and 5500 Series switches
●VLAN Configuration to different applications with RSTP, STP, VTP.
●Switching related tasks included implementing VLANS and configuring ISL trunk on Fast-Ethernet channel.
●Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation.
●LAN/WAN hardware including, Ethernet Hubs, Cisco Switches, switch panel's installation, configuration and troubleshooting, Frame-Relay configured support.
●Routing related tasks included providing cisco router configuration and change management, providing technical support for Cisco Router configurations and installation for Customer. Configuring IP RIP, EIGRP, OSPF and BGP.
●Configuring static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution,
●Upgrade Cisco 7200, 3600 Router IOS Software, backup Routers and Catalyst 3560, 4500 switch configurations
●Involved in installing and configuring PIX 515E firewall.
●Support 24x7 operations and answer calls from the customers on network emergencies and resolve issues
●Created & documented wiring and network diagram using MS- Visio.