P Avinash Reddy

Sr Network Security Engineer

Email ID: ac7gks@r.postjobfree.com Phone No:609-***-****

Professional Summary:

IT professional with around 8 Years of extensive hands on experience in Networking Security and proven expert proficiency in designing, engineering, configuring, and maintaining of large enterprise firewalls, proxies, Routing, Switching, Application security Managers. Worked with state Clients, Financial Clients and large environments on implementing, improving Design on Security side.

Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.

Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next-Generation Firewalls R65, R70 & GAIA R77.30, Net Screen Firewall, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA.

Worked on different firewall & security appliance such as, Checkpoint 4400,4600,4800, 21700, Palo-Alto 200,500,3020,3060, 5020,5060, Panorama M-100, Cisco ASA 5505, 5510,5512-X,5500-X,5585-X, Cisco WSA S370, S680, Radware DefensePro IPS, Radware Appwall (WAF).

Experience on working with different migrations environment such as, Staging, Sandbox, Development, Production (Go live).

Managing and implementing remote firewall for State agencies using NSM, SPACE, Smart Dashboard and CSM.

Experience with Layer 7 security on SSL forward proxy, URL filtering, IPS/IDS, APP ID, Threat ID, 2 factor Authentication, RSA tokens, SSL Decryption.

Experience with F5 APM in configuring authentication roles using SAML, OAUTH etc. Experience with security policies on ASM for application level security on Java and SQL injections etc.

Experience on Splunk Server. Checking logs, writing Queries to retrieve the necessary data from Splunk. Checking the web proxy and firewall logs on Splunk to identify traffic flows and threats.

Advanced knowledge in Cisco ASA 5000 series and PIX installation, configuration and maintenance, configuration and installation of IOS security features and IPS module, security risk analysis, attack mitigation & penetration tests based on LPT methodology.

Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.

Maintaining Corporate Firewalls by analysis of firewall logs and implementation of security firewall policies for the migration of Datacenter.

Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.

Knowledge of Intrusion Detection and Prevention System, DMZ, encryption, IPsec, proxy services, Site to Site VPN tunnels, MPLS/VPN, SSL.

Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers, Cyber Security, Amazon Web Service (AWS), and Bluecoat URL filtering & Packet Shaper systems.

Hands on experience using Tanium suit for endpoint protection, asset management, integration and threat intelligence.

Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.

Experience with NAT, PAT, Policy NAT, ACL etc. on Firewalls.

Configuration and implementation of Cisco Firewall PIX/ASA.

Experience on PCI and ISO compliant security implementations on the firewalls and perimeter devices.

Advance Knowledge in Penetration testing tools such as Metasploit, Nessus, Qualys, Nmap, Zenmap, AppScan, SQL Map, Burp Suite, IBM Appscan.

Knowledge in Documenting and preparing the Process related Operational Manuals and worked on office 365.

Ensuring network availability, vendor management, fault management. Strong ecommerce, general management, negotiation, inter-personal, communication and team building skills.

Technical Skills:

Firewall Checkpoint R65/R70/R75/R77.30 GAIA/Firewall-1, Palo Alto 3000/5000 series, Cisco ASA 5505/5506X/5555-X / 5585/5550, FortiGate, Panorama M-100, Wildfire, Radware WAF, Cisco ISE,

Protocols NAT, VTP, VLAN, TCP/IP, UDP, EIGRP, OSPF, RIP

Nexus Nexus 7000/5000 /2148

ADC F5 BIG-IP LTM 6900/6400, APM, ASM.

Switches Cisco Catalyst VSS 1440 / 6807 / 4900 / 3850 / 3750-X / 2960X

Routers Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Operating Systems Linux, Windows XP/7/8, Windows Server 2003/2008/2012

Protocols TCP/IP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Routing OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Summarization, Static Routing

Switching VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Education:

New England College, Henniker, NH, USA

Master’s in Computer Information Systems

CERTIFICATION:

CCNA (Cisco Certified Network Associate) Certified

Palo Alto Networks ACE (Accredited Configuration Engineer)

Professional Experience:

UBS Financial Services Inc, New Jersey April 2017- Present

Sr. Network Security Engineer

SIEM management using Tanium connect for integration and correlation for active monitoring.

Asset categorization and management by using Tanium Discover and provide continuous monitoring.

Create security assessment of security controls on Information Systems by interviewing, examining and testing methods using NIST 800-53A rev4 as a guide.

Review and update System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53A rev4 and NIST SP 800-53.

Performed continuous monitoring on Information Systems using NIST SP 800-137.

Experience in management of Checkpoint VSX environment and using VSX with Multi-Domain Security Management (SDM).

Experience on working with Checkpoint and Palo Alto Next-Generation Firewall.

Working on setup Cisco ASA 5555-X firewall on IPsec VPN, Palo Alto IPsec VPN and Global Protect VPN, and AWS VPN solution.

Integrating TACACS+ with Palo Alto Firewall and syslog server for logging and SNMP for monitoring.

Experience on working on Checkpoint Provider-1 and Panorama M-100 for centralized management

Implementation and maintenance of PA 3050 and PA 5060 firewalls and providing support service to client. Experience with VPN tunnels, SSL VPN, APP ID and Threat ID on PA.

Migration from Cisco ASA to PA 5K series from scratch. Configured Next Gen Firewall features on PA firewalls in Perimeter.

Worked on Cisco ASA image upgradation and IPsec VPN and Any connect VPN. Remote site connectivity using IPSEC over GRE.

Working on different modules of Checkpoint Next Generation firewall R77.30 such as IPS, Application control and URL filtering, Identity Awareness, DLP and IPsec VPN.

Working on Firemon for network security policy audit and PCI/DSS compliance audit.

Day to day customer interaction on client related projects on different firewalls and VPN.

Working on different Security tool such as Nessus Vulnerability Scanner and Cisco Iron port.

Configuring and troubleshooting Access-lists, Service Policies, and NAT rules, Network Object Groups, Service Object Groups on ASA 5585 and 5505 Firewalls.

PCI and ISO compliant security implementations on the firewalls and perimeter devices.

Advance knowledge of Amazon Web Services (AWS) with broad IT infrastructure services, Deep visibility into compliance and governance and Hybrid Cloud capabilities.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.

Experience with LTM & GTM F5 component to provide high availability with providing services across data centers.

NH State House, Concord, NH October 2016– March 2017

Sr. Network Security Engineer

Designs, tests and deploys IT security systems, solutions and ecommerce environment.

Working on Service Now ticket management tool by providing support service to client by implementing and working on change request, Incident request and troubleshooting.

Configuration of checkpoint firewall mainly VSX according to client topology and checkpoints features such as Application & URL filtering, IPS, Identity Awareness, IPS, VPN.

Configuration of Palo Alto Next-Generation Firewall mainly VSYS according to client topology and working on Content-ID, User-ID, App-IP.

Experience in Qualys policy compliance in detecting internal and external threats and vulnerability.

Perform troubleshooting by packet capture analysis using TCP Dump, Wireshark and analyzing the PCAP.

PCI and ISO compliant security implementations on the firewalls and perimeter devices.

Experience using Nessus & Qualys Tool for networking discovery and mapping, asset prioritization, vulnerability assessment and tracking.

Bluecoat proxy server’s setup, configuration, upgrade and Troubleshooting with optimization of WAN Application, SSL traffic, Web traffic, URL filtering & Content filtering.

Experience in working with designing, installing and troubleshooting of Palo Alto firewalls.

Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN.

Create policies, alerts and configure using SIEM tools (Splunk, Solar Winds, LogRhythm).

Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering). Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.

Worked on network packet analyzer tools such as, Wireshark, Microsoft Network Monitor, Snort, Tcpdump, SSL Dump etc.

Migration from Cisco to Palo Alto firewall & Cisco to Checkpoint firewall.

Experience with working on Palo Alto Next-Generation firewalls security profiles and Cisco ASA VPN.

Experience on working with migration with both Checkpoint and Palo Alto Next-Generation.

Firewall as well as virtualization of firewall, both VSX and VSYS.

Worked on security tools and software’s like Cisco WSA, Qualys, Splunk, Symantec Endpoint Protection, Bit9, HP Network Node Management.

Exposure to wild fire advance malware detection using IPS feature of Palo Alto.

Configured Site to Site IPsec VPN tunnels and Split tunnel to peer with different clients and each of client having different specifications of Phase 1 and Phase 2 policies using Cisco ASA 5500 series firewalls.

Worked on bluecoat proxy to optimize WAN Performance by analyze and scan malwares to protect the infrastructure and URL filtering.

Routing and Switch protocols: BGP, OSFP, VLAN, VTP, STP, RIP, RSTP.

Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.

Responsible for planning, documenting and implementation of complex Firewall and VPN solutions,

Represent the changes at the weekly change review and application migration meeting.

Sterling Law Firm, Long Island, NY Jan 16– Sep 16

Sr. Network Security Engineer

Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Firewall VPN-1 FW-1 NGX R65, R70 & R75 Provider-1/Site Manager-1 R65, R70.30 & R75.40 Smart Domain Manager (SDM) command line & GUI.

Supports the implementation and ongoing operations of network access control devices to include firewalls, web proxies, and SSL VPN devices.

Installation of checkpoint Next-Generation firewall GAIA R76/77.30 in Open Server, UTM.

Configuration of checkpoint firewall mainly IPS (Intrusion Prevention System) module according to client topology and checkpoint MDS.

Experience in working with IPsec site to site VPN and capturing logs for analysis.

Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.

Configuration, Upgradation and monitoring of Cisco ASA Any Connect VPN.

Experience in working with designing, installing and troubleshooting of Palo Alto firewalls.

Experience with working on Amazon Web Service (AWS) environment for cloud computing.

Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA and Checkpoint firewall MDS.

Experience with Using GTM, APM & LTM F5 component to provide 24“7 access to applications. SSL VPN configuration on F5 APM.

Configuring Checkpoint and ASA for NAT (Static PAT/Manual NAT) to enable remote access for sites by doing Port redirection and configuring various VPNs like IPsec Site to Site, SSL VPN.

Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)

Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature.

Experience with Cisco ASA firewall Cisco security Manager (CSM) and migration from Cisco to Palo Alto.

Worked on automating process for migration of security policy using Palo Alto Migration tool 3.0 and Symantec Endpoint Protection.

Experience on Cyber Security & Penetration Testing tools such as, Metasploit, SQL Map, App scan, Burp Suite, Nmap, Nessus Vulnerability Scanner and familiar with shell scripting.

Worked on bluecoat proxy to optimize WAN Performance by analyze and scan malwares to protect the infrastructure and URL filtering.

Deployment of datacenter LAN, WAN, MAN using Cisco Nexus 7k, 5k, 2k switches.

Successfully installed Palo Alto PA-3060 firewalls to protects Data Center. Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.

Palo Alto installation (Application and URL filtering, Threat Prevention, Data Filtering).

Responsible for managing Network & Security Engineering implementation that architect, design, builds, manages and supports Network and Security Infrastructure and Data Centers.

Trans First, Denver, CO Jan 15– Dec 15

Sr. Security Engineer

Tanium integration and configuration of templates and connectors of third-party tools like SIEM such as Splunk, ArcSight, and log monitoring tools.

Collect and analyze detailed endpoint data like device manufacture, OS, open ports/applications etc by using Tanium Discover.

Malware detection using Tanium Connect and gathering threat intelligence from the endpoint for rapid and effective identification of systems compromised by known viruses, Worms.

Exhibit problem solving when analyzing system designs to identify potential information security risks.

Provide oversight, guidance, and critical feedback to IT System Owners, Program Managers, Information System Security Officers.

Creating policies using Bluecoat SG proxy. Intercepting, blocking and URL filtering using Bluecoat proxy.

Identify, assess and maintain security risk exposure for existing and new technologies. Generate Security Assessment Reports (SAR).

Perform vulnerability management program and asset categorization using Tenable, RSA Archer, Rapid7.

Review internal policies and procedures, ensure that the organization complies standards.

PCI compliance auditing to make sure that the company is adhering to those standards.

Create, implement and enforce security awareness training program.

Conducted Vulnerability testing using tools like Nessus, Burp Suit, Retina and Web Inspect, and analyzed reports. Validated remediated vulnerabilities.

Monitored controls post authorization to ensure continuous compliance with the security requirements.

Demonstrate attention to detail reviewing new systems or networks to implement appropriate security measures.

Worked on network packet analyzer tools as, Wireshark, Microsoft Network Monitor, Snort.

Exposure to wild fire advance malware detection using IPS feature of Palo Alto.

Maintained and Configured Checkpoint VSX with firewall virtualization and checkpoint clusters.

Configuring rules and Maintaining Palo Alto Firewalls with IPS & Analysis of firewall logs.

Honeywell, Hyderabad, INDIA Dec 2011 - Dec 2014

Network Security Engineer

Planned, installed, monitored and was the single point of contact for all intrusion detection for client systems. Monitored and maintained client firewall, intrusion detection systems and VPN systems including (Checkpoint FW-1/VPN-1/Cisco PIX/Secure VPN /Secure IDS).

Experience working with Palo Alto Next Generation Firewall with security, networking and management features such as URL filtering, Anti-Virus, IPsec VPN, SSL VPN, IPS, Log management.

Support and troubleshoot Checkpoint and Cisco ASA firewalls. Firewall Policy Implementation on Checkpoint R62 and R65 using Provider 1.

Site to site VPN implementation on Checkpoint Firewall R62 with 3DES encryption over IPsec.

Configuring failover for redundancy purposes for the security devices. Implemented the stateful& serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.

Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.

Worked with Checkpoint Firewall for management, logging (smart log, smart view tracker). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.

Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.

Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.

Configured redundant interfaces, DHCP server, DHCP relay, NTP settings, and sub interfaces on firewalls.

Responsible for implementing Data Center Security best practice, audit and compliance (PCI/SOX/DOD) requirements.

Implemented Positive Enforcement Model with the help of Palo Alto Networks.

Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.

Implemented the redundancy for ACS servers by replicating the database between primary & secondary servers.

Maintain the security standards across the security devices as per the security policies. IDS/IPS Signature updates and CSM Management

Configuring of OSPF, BGP on firewalls.

Firewall log monitoring using Cisco MARS.

Configuration and Maintenance of ASA 5550, ASA 5510, PIX 535, PIX 515E, FWSM Firewalls and Cisco IPS 4240 using Cisco Security Manager (CSM).

Implemented Firewall in multiple context mode. Implemented clustered firewall.

Expertise in VPN configuration, routing, NAT, access-list, security contexts, and failover in ASA firewalls.

Administration of Cisco Secure Access Control Server 3.3.

TACACS+ Configuration

Administration Cisco 6500, 2600 series switches. Administration of Cisco 3700 series Routers.

PCI Firewall auditing and documentation.

Evaluating and creating a plan to deploy Windows 2000 Advanced server in a separate domain (Active Directory Services), to be integrated into existing environment once the production environment is ready to migrate to Windows 2000 ADS model. Installed and configure BackOffice 4.5 on this server.

Monitoring and managing network resources using HP Openview by implementing policies and creating custom events.

Worked with various ISP providers, InterNIC, providing online WAN tech support.

Systems Management of complete MS Exchange 5.5 Infrastructure.

Created and deployed desktop images using Symantec Ghost 5.1c.

Contact this candidate