Zankhana Shah

E-mail: actj3w@r.postjobfree.com Ph.: 510-***-****

PROFESSIONAL SUMMARY

7+ Years of IT Experience with expertise in Network Security.

Strong knowledge based in the planning, design, and implementation of Information Systems and Network Technologies.

Certified cloud based Salesforce developer -401.

Experienced in handling and installing Palo Alto Firewalls.

Proficient in design, implementation, management and troubleshooting of Check Point firewalls like R61/65/R70/R75/R77, Nokia IP 1280, 2450, 61000, Cisco PIX, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto-3060/5020 IDS, Foundry / F5 Load Balancers, and Blue Coat Packet Shaper systems.

Configure all Palo Alto Networks Firewall models (PA-3000, PA-5000 etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.

Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.

Advanced knowledge in Switches and Routers Configurations.

Experienced in implementing / maintaining compliance with security and IT standards such as BS7799, BS15000, and SAS70.

Experience in Deployed Check Point Provider-1 NGX and configured Checkpoint VSX.

Experienced on Juniper Net screen Firewalls like, NS50, SSG 550M, SSG520M and ISG 1000.

Proficient at establishing User Tunnels in Nortel VPN Routers, implementing network security protocols, installing and supporting backup strategies, and planning/executing disaster recovery solutions.

Hands on experience in Implementation, Troubleshooting &configuring for Checkpoint R77. 30 with GAIA and SPLAT.

Experience in Configuring Checkpoint Clusters with Nokia IPSO and GAIA OS.

Hands-on configuration and operational experience working on Checkpoint Firewalls (Nat policies, VPN Configurations, policies) in both standalone and HA mode.

Experienced with Cisco routers and switches, and a good understanding of IP sub netting and routing such OSPF, BGP, HSRP, VLAN and MPLS.

Knowledge of Server Maintenance, including establishing Security Protocols, Configuring Network, and Troubleshooting Problems.

Thoroughly familiar with Checkpoint models, capabilities, and architectures.

Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.

Knowledge of virtual firewalls like checkpoint VSX, IDS, IPS as well as encryption techniques.

Has extensive knowledge in implementing and configuring BIG-IP LTM-6400, 8900 load balancers.

Knowledge about Cybersecurity threats and defense mechanisms

Knowledge on ON target and Remedy ticketing tool

Experience with complex Voice over Internet Protocol (VoIP).

Knowledge of DNS, Active Directory and Certificate Services (PKI).

Experience in managing and migration of large scale enterprise networks, extensive knowledge in developing test plans, procedures and testing various LAN/WAN products and protocols

Knowledgeable in TCP/IP & OSI model, IPv4 & IPv6, NAT/PAT, TACACS+, OSPF and QoS.

Education Details:

Degree: Bachelor of Engineering in Electronics and Communication

University: Gujarat University, Gujarat, India

Passing Year: 2007

TECHNICAL SKILLS

Firewall

R61/R65/R70/R75/R77, Provider-1 firewall,

Cisco ASA,VSX,

Firewalls ISG 1000/2000, Checkpoint Secure

Platform (SPLAT) Checkpoint NG FP3 - NGX R75.40

Checkpoint GAiA, Checkpoint SG and Smart-1

Appliances, Palo Alto – 3060/5020,

Routers

Cisco 2600, 2800, 3600, 4400, 7200, 7609 Series, CUCM, CUPS

Switches

Cisco 2900, 3500, 3700, 5000, 6500 Catalyst Series, Cisco 7000, 5000, 2000 Nexus Series,

Load Balancer

F5-Big-Ip, LTM, Ax10

Communication Protocols

TCP/IP, UDP, DHCP, DNS, ICMP, SNMP, ARP, RARP

Routing Protocols

BGP, OSPF, EIGRP, VRRP, HSRP, GLBP, RIP, QoS

Switching Protocols

STP, RSTP, PVSTP, VTP, ARP, VLA

IP Services

DHCP, NAT, VLAN, DNS, FTP,SFTP,

TFTP, LAN/WAN

WAN Technologies

ATM, ISDN, PPP, MPLS, ATT, 802.11, 802.11a, 802.11b, APLUS

Network Technologies

IPsec, GRE, NAT/PAT, ACL, IPv4, IPv6

VPN SOLUTION

Cisco & Nortel VPN Clients, ASA SSL VPNs, Nortel Connectivity 600, Nortel 5000 VPN Routers

Operating Systems

Windows XP/7/8, Linux, UNIX, DOS, Windows 2003/2008 server

Tools

SNMP, Syslog, Juniper NetScreen Security Manager NSM Sniffer, Wireshark, Bluecoat Packet shaper

PROFESSIONAL EXPERIENCE

Best Buy, Minnesota (July 2014- till date)

Network Security Administrator

Strong hands on and exposure to Checkpoint R77.30 & Palo Alto 5020 on a regular basis.

Configuration and Administration of Palo Alto Networks Firewall to manage large scale firewall deployments.

Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection

Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools

Configuration, support and administration of Palo Alto and Checkpoint and to migrate all gateways and management servers to new hardware and software – Checkpoint SG appliances running GAiA OS and Checkpoint R75.40

Upgrade of Checkpoint firewalls and management servers from Splat R75.30 to Gaia R77.20.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.

Successfully installed Palo Alto PA-3060 and PA-5020 and firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.

Configuring Palo Alto Firewalls (PA 3020 and PA 5020) with Panorama.

Generating User Activity and Application Reports on PA-5020 Firewalls

Implemented Positive Enforcement Model with the help of Palo Alto Networks

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs

Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and Checkpoint

Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall

Exposure to wild fire feature of Palo Alto.

Implemented Positive Enforcement Model with the help of Palo Alto Networks.

Reviewing & creating the FW rules and monitoring the logs as per the security standards in Checkpoint

Monitoring Traffic and Connections in Checkpoint.

Designed application mapping and application delivery using F5 BIG IP LTM

Exposure on Network monitoring tools - Nagios / Solar Winds

Configuring VPN, clustering and ISP redundancy in Checkpoint firewall.

Manages BlueCoat Proxy / Anti-Virus / Director appliances

Established IPSec VPN tunnels between branch offices and headquarter using Checkpoint Firewall

Set up a DMZ lab for multivendor testing consisting of Checkpoint, Palo Alto as well as Tipping point IPS appliances.

Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools and health monitoring.

Implemented and troubleshot of the CSD-Network Managed Services (NMS) to provide administration support.

Used Wireshark and packet analyzer for packet capture and analysis and traffic monitoring.

Installed and configured Solar winds’ Orion Network Performance monitoring for network infrastructure monitoring purposes.

Provide Tier1 technical support, with voice over internet protocol (VOIP).

Troubleshooting of DNS, DHCP, Wintel, and UNIX server connectivity issues.

Sound knowledge of EIGRP/ BGP/ OSPF & Firewall / VPN / SSL VPN concepts.

Sound knowledge of VLAN / STP / RSTP / VRF / Static routing / Dynamic Routing / HSRP / VRRP / MST / Ethernet channel.

Configuration the access-list rules, network object-service group based on well-known port the port i.e. FTP/SFTP, SSH, HTTPS/HTTPS (SSL) and etc

Built and support VRRP / Cluster based HA of Checkpoint firewalls.

Perform QA Checks on block point builds of SPLAT and Gaia Checkpoint Firewalls running on HP ProLiant Servers

Capable of developing and implementing new ITIL framework and procedures as well as improvements to existing policies and procedures.

Security monitoring process with the help of Log management tools (i.e. Splunk) and Security Information Event Management (SIEM) tools

Utilize network analysis tools such as tcpDump, WireShark, QRadar, and ArcSight SIEM

Rockwell Automation, Wisconsin (Sep 2012- June 2014)

Network Security Engineer

Primary responsibility for the Core Security of the Network. Managing the entire Network Security Products deployed in the network such as Checkpoint (GAIAR61/ R75.40/77)

Experience on Checkpoint firewalls with R65, R70, R75, and R76 version IPSO 6.2 OS

Worked on checkpoint provider R71, R75.40 and R77 GAIA and secured policies and blocked websites using URL filtering, application identification and threat prevention

Implemented Checkpoint FW Interface, NAT and VLAN using R77 GAIA Smart Dashboard.

Migrated firewalls from ASA to Palo Alto.

Worked on the migration to new Checkpoint R61/R75.40 firewalls from Cisco ASA firewalls

Implementing proxy rules in Bluecoat Proxy SG using blue coat director.

Bluecoat (SG810) Administration - Blocking/Unblocking URL's

Extensive knowledge and Implementation on Firewalls design (e.g. Checkpoint R71, R77, and McAfee), IPSec VPN and working experience on IPS / IDS.

Blue Coat Web Proxies – Proxy SG, Proxy AV, Content Analysis System, Packet Shaper, Threat Detection Proxy CAS, Director, Reporter.

Deploying Cisco WSA and Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.

Good experience on Secure Application design in DMZ related infrastructure.

Installed and Configured Checkpoint Firewall in Internet Edge

Good experience and understanding on F5 Load balancers (LTM, GTM) and Proxy devices (Bluecoat).

Complete renaming of all firewall objects and rules.

Configured and maintained DNS, Mail and FTP /SFTPservers and its related applications.

Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications.

Review and optimize firewall rules using Secure Track TufinISIMtuff tool and firewall audit reports

Daily responsibilities included design, implementation, support and administration of multiple security products running CheckPoint Provider-1 and VSX, Source Fire, and ISS Real secure.

Provide best practice security consulting for multiple compliance initiatives, with a focus on highly resilient solutions.

Maintained checkpoint 41000 and 61000 systems, Participated in the OS and firmware upgrade of the 61K.

Troubleshoot VoIP related issues such as call setup failure, one way audio, voice quality, and phone

registration

Creating technical implementation plans, project plans, and worked closely with internal and external customers to supply solutions that fulfill their needs.

Regularly performed firewall audits around Checkpoint Firewall-1 solutions for customers.

Troubleshoot and hands on experience on security related issues on Checkpoint and Palo Alto Firewalls.

Implementation of Checkpoint VSX, including virtual systems, routers and switches.

Implementing and configuring Checkpoint VSX for security gateways.

Work with Tier1 technology to provide VoIP support.

VoIP – Monitor and maintain all IP Telephony installations

Wireless – Internal and Guest Wi-Fi infrastructure including configuration, Maintenance and regular administration.

Implemented MPLS VPN solution for IP backbone of 2.5G mobile Network successfully.

Installed and configured DNS on servers.

Provided tier 3 support for CheckPoint Firewall-1 software to support customers

Strong working knowledge of Checkpoint VSX virtual firewall.

Configuring Bandwidth allocations (QoS) in Checkpoint Firewalls.

Strong knowledge and understanding with IPsec, Remote Access VPN, and Source Fire intrusion prevention systems.

Digital Mojo - San Diego, CA (Dec 2010- Aug 2012)

Network Engineer

Configuring Routers as of client requirement which includes routing protocols such as RIPv2, EIGRP and OSPF.

Technical support for field engineers during installation.

Implement Security using access-list, route maps & NAT depending upon the network requirement.

Responsible for implementation and troubleshooting of network connectivity at all the locations.

Responsible to provide network connectivity as and when new location comes in to the network.

Troubleshooting hardware and network related problems.

Configured and managing site-to-site VPN tunnel in Checkpoint R75.10 Firewall.

Configured and managing Remote Access VPN on Checkpoint Firewall.

Upgrading the existing Checkpoint R70 to Checkpoint R75.10.

Creating object, groups, updating access-lists on Check Point Firewall, apply static, hide NAT using smart dashboard

Configuration of Checkpoint R75 Firewall Rules and Application and URL Blades and VPN\IPSEC Set up IPSEC Tunnels and VPN. Upgrade when needed.

Support Video On Demand content, transcode and package processing per platform requirements while delivering files through FTP, SFTP

Verify Firewall status with Checkpoint Monitor.

Worked on Checkpoint Firewalls Clusters of both High-Availability and Load-Sharing

Maintained a Checkpoint NG Firewall infrastructure

Designing, installing and configuring Checkpoint firewalls - NGX R65 in active/active mode

Subnetting networks. Troubleshooting DHCP and DNS Servers.

Performed upgrades on all Checkpoint firewalls, and support for client services

Installed high availability Big IP F5 LTM and GTM load balancers to provide uninterrupted service to customers.

Managing Checkpoint (NGX 70) on SPLAT platform, Standalone and HA mode implementation, Hide NAT and Static NAT configuration as per clients requirement.

Managed multiple ISP providers to insure adequate provisioning of connectivity services (Ex: Circuit termination, MPLS, QoS, etc.). This included refresh of WAN routers and modification of the routing design.

Support complex solution for user MPLS, VoIP, SIP, or any IP transport.

Configured and administered Windows server 2008 R2 Active Directory.

Responsible for the setup of user accounts, organizational units, and security groups, setup group policy for users OS Windows XP, 7, and 8.

Parivartan Technologies, India (Jan 2008- Nov 2010)

Network Support Engineer

Provides technical support to all areas of Network Administration, Telecommunications, Systems and Network Architecture, and Personal Computer Administration.

Maintaining of Cisco Adaptive Security Appliances (ASA firewall) for LAN, WAN and Internet connectivity.

Manage Local Area Network by Maintaining VLANs and Wireless Aps (TP Link devices).

Setup and configure network monitoring and management systems, which include Cisco Works 2000 to manage Cisco devices.

Troubleshoot network connectivity issues such as DNS, WINS and DHCP.

Develops and maintain IT security policy related to LAN and WLAN.

Operated the router-point-defense Intrusion Detection System for the data network (ASIMS Director, Net Ranger Director, and via Firewall VPNs).

Helped standardize workstations and file servers including: hardware software, naming conventions, and IP addresses.

Implemented file system, firewall security and disaster recovery strategies.

Designed and implemented Windows networks and Active Directory (AD) and security group hierarchy based on delegation requirements.

Installed external storage raid servers for corporate and production use.

Contact this candidate