Palo Alto Network Engineer
Resume:
Prudvi D
Sr. Network Engineer
********@*****.***
Phone: +1-401-***-****
PROFESSIONAL SUMMARY:
Around 9 years of experience in Cisco/Juniper networking and Palo Alto security, covering network design, deployment, support, installation, and analysis for diverse LAN/WAN protocols.
Hands-on experience configuring, deploying, and troubleshooting Cisco platforms including Catalyst 3600/3750/6500, 7200/7600 routers, Nexus 2K/5K/7K switches, and ASR/ISR series (9001, 1006).
Implemented Cisco Nexus 2K Fabric Extenders with 5K and 7K switches, optimizing network efficiency and reducing latency for mission-critical applications.
Deep expertise in configuring, deploying, and managing Next-Generation Firewalls (NGFWs), including Palo Alto Networks, Cisco ASA, and Check Point firewalls.
Extensive experience in installing, configuring, and troubleshooting NGFW (Palo Alto/ASA), Juniper SRX Firewalls, Sourcefire IPS/IDS, Cisco ISE, and VPNs, including rule and policy management on Palo Alto firewalls with Panorama servers.
Hands-on experience in configuring pre-rules, post-rules, object groups, and templates in Palo Alto Panorama for centralized firewall management.
Performed a seamless upgrade of Palo Alto Firewalls from PAN-OS 7.1 to 8.0, enhancing system stability and incorporating advanced security features.
Configured DMZ, PAT, SSL encryption, and application identification (App-IDs) on Palo Alto Networks firewalls.
Migrated from Cisco PIX and ASA to Palo Alto firewalls, configuring User-IDs, App-IDs, SSL Decryption, URL Filtering, Policies, Zone Protection, High Availability, and Certification Management.
Experienced in firewall architecture and network/cloud security principles, ensuring strong protection across various environments.
Hands-on experience in configuring and managing remote access VPNs on Cisco ASA and Juniper devices, ensuring secure and reliable connectivity for remote users.
Extensive experience configuring and troubleshooting routing protocols on Cisco IOS/IOS-XR/NX-OS and Juniper JUNOS, including MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, and MPLS.
Designed and deployed redundancy solutions such as HSRP, VRRP, GLBP, and EtherChannel (LACP & PAgP) to improve network resilience, reliability, and performance.
Managed the implementation and troubleshooting of complex Layer 2 technologies, including VLAN Trunks, VTP, EtherChannel, STP, RSTP, and MST.
Configured Virtual Chassis on Juniper EX4200 switches and SRX210 firewalls to streamline centralized management and enhance network scalability and redundancy.
Deployed and configured Palo Alto Networks firewalls, Cisco PIX (506E/515E/525), ASA Firewalls (5505/5510), Juniper SSG series, Checkpoint R75/76 firewalls, and Security Device Manager (SDM) for centralized management of large-scale firewall deployments.
Deployed and managed Palo Alto Networks security solutions, including Prisma Access, to strengthen network security across AWS and hybrid environments.
Developed Python-based automation scripts and custom APIs for provisioning and monitoring Juniper QFX and Arista switches, enhancing network efficiency and scalability.
Engineered and deployed highly reliable LAN, WAN, and VPN solutions for corporate campus environments, guaranteeing low latency and seamless connectivity.
Managed and configured Check Point (Secure Platform R70) and Cisco ASA firewalls for global network security.
Extensive experience with physical cabling, IP addressing, and TCP/IP configuration and support.
Developed network automation scripts using Ansible and Terraform, improving deployment efficiency and scalability in network infrastructure.
Proficient in leveraging Python to automate network operations, streamline workflows, and enhance infrastructure efficiency.
Configured and managed secure shell (SSH) access for remote administration, ensuring encrypted communications and robust security for network devices.
Hands-on experience with Cisco ACI (Application Centric Infrastructure), focusing on the deployment and management of spine-leaf architecture for scalable and high-performance data center networks.
Maintained and managed VLANs, Spanning Tree, HSRP, and VTP for the multi-layer backbone with Catalyst switches.
Proficient in utilizing packet monitoring tools such as Packet Sniffer, TCP Dump, and Wireshark for in-depth network analysis and troubleshooting.
Automated deployment processes and integrated with CI pipelines by developing scripts using Python and PowerShell.
Deployed, scaled, and automated network infrastructure across multiple global data centers, supporting AWS environments.
Extensive experience with HPE Aruba routing, switching, and wireless solutions, including hands-on work with Aruba Mobility Controllers, Aruba Airwave, Aruba Central, Aruba Activate, and Aruba ClearPass to optimize network performance and security.
Demonstrated deep understanding of the OSI model and its practical applications in designing and troubleshooting complex network systems.
Expertise in SD-LAN and WAN optimization technologies to enhance application performance and data delivery across enterprise networks.
Deep knowledge of SD-WAN architecture and principles, including vManage NMS, vSmart controllers, SD-WAN routers, and vBond orchestrators.
Configured and managed Aruba Wireless solutions, including ClearPass for secure access control and Aruba Central for cloud-based network management.
Strong understanding of SD-Access architecture, including underlay, overlay, fabric data plane, policy plane, and fabric roles and components.
Strong interpersonal, communication, and organizational skills with the ability to collaborate effectively across all levels of the organization.
Expertise in troubleshooting and resolving virtualization issues within vSphere 4.1/5.1/5.5 infrastructure.
Delivered second and third-level technical support for ACI (Application Centric Infrastructure) technologies.
Experience with Zscaler Cloud Proxy Architecture with ZIA, traffic forwarding using GRE tunnels to Zcloud, Azure AD Authentication, Access policies, ZAPP.
TECHNICAL SKILLS:
Networking Technologies
LAN/WAN Architecture, TCP/IP, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP, SD-WAN, SD Access, Fabric Path.
Networking Hardware
Cisco Switches, Cisco Routers, ASA/Palo Alto/Fortinet/Juniper firewalls.
Routing Protocols
OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting
Security Technologies
PAP, CHAP, Cisco PIX, Blue Coat, Palo Alto, ASA, Fortinet, Checkpoint
Network Monitoring
SolarWinds, Wireshark, HRping, Whatsupgold, Infoblox
Operating Systems
Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR, IOS-XE, NX-OS
Routers
1800, 2611, 2800, 3600, 3845, 3900,4300, 4400, 4500, ASR 1000X, 7206VXR, Juniper M & T Series.
Load Balancers
F5 Networks (BIG-IP), NetScaler (Citrix)
Capacity & performance
Cascade Riverbed (Flow Monitor), WAN Killer
Switches
CISCO 2960,3750,3850, CAT 9300, CAT9400, CAT 9500,4500,6500,6800 Nexus 7k,5k,2k
Programming Languages
C, C++, Perl, Power Shell, Python
Simulation Tools
GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence
Firewalls
Juniper Net Screen (5200), Juniper SRX (240, 650, 3600, 5800), Pix (525, 535), ASA (5520,5550,5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls (7k, 5k, 2k)
AAA Architecture
TACACS+, RADIUS, Cisco ACS
Features & Services
IOS and Features, HSRP, GLBP, VRRP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR’s, HLD and LLD documents, Dell equal logics
EDUCATION:
Bachelor of Technology in Computer Science.
Masters in computer science.
CERTIFICATION:
Cisco Certified Network Associate R&S (CCNA)
Cisco Certified Network Professional (CCNP)
PROFESSIONAL EXPERIENCE:
Client: Edward Jones, St. Louis, MO Dec 2022 – Present
Role: Senior Network Engineer
Responsibilities:
Expertise with Cisco 9K Catalyst series switches, responsible for designing, testing, implementing, and supporting network infrastructure.
Configured VSL to combine Catalyst 4500, 6500, and 9500 series switches into a single network element for campus networks.
Managed migration of Delta hub airport and campus networks from legacy devices to Cisco Catalyst 9000, 3000, 6500 series switches, and ASR 1K & ISR 4K routers.
Participated in upgrading Fast Ethernet and Layer 3 LAN infrastructure from Cisco legacy devices to Cisco ASR & ISR routers and Catalyst 9500/9300 switches at the access level.
Converted branch WAN links from TDM circuits to MPLS and migrated encryption from IP Sec/GRE to GET VPN.
Collaborated with customers and IT teams to gather requirements for network refresh projects.
Configured ASR 1K pairs with HSRP, Bundle Ethernet, and assigned DHCP profiles.
Proficient in working with Nexus 7010, 5548, 5596, 2148, and 2248 devices.
Led the migration from a traditional Catalyst 6500 infrastructure to an ACI Data Center, implementing Nexus 9508 Spine and N9396 Leaf switches.
Implemented Transport Layer Security (TLS) protocols to secure data transmission across network services, enhancing the confidentiality and integrity of communications.
Proficient in configuring and troubleshooting Fortinet Firewalls, enhancing network security through advanced firewall management and rule optimization.
Hands-on experience with Juniper QFx5120/5130 series switches, implementing high-performance switching in data center environments with a focus on reliability and scalability.
Provided support for Cisco UCS partners, Nexus data center cloud platforms, and virtualized environments.
Hands-on experience with Cisco cloud-managed devices, including MX84 and MX100 routers, MS210 and MS250 switches, as well as MR42 and MR52 wireless access points.
Enforced zero-trust network architecture within the ACI environment, utilized Cisco ACI fabric telemetry data for proactive monitoring and threat detection, and documented network configurations and policies using Cisco ISE to facilitate remote support and ensure accurate network documentation.
Installed and configured Cisco Meraki Switches (MS-225/350), Meraki Router/Firewalls (MX-64/84), and Meraki Wireless (MR-42/52) in thousands of nationwide stores.
Troubleshot complex LAN/WAN infrastructures, including routing protocols like EIGRP, OSPF, BGP, and MPLS.
Configured VPC (Virtual Port Channel) and VDC (Virtual Device Context) in Nexus 7010/7018 devices.
Migrated legacy WAN network to SD-WAN with virtual firewalls on WAN routers.
Migrated 200 company sites from legacy hub-and-spoke WAN to SD-WAN, supporting a star topology with virtual firewalls at remote locations.
Designed and deployed IPSec VPN solutions to establish secure remote access connections, ensuring data confidentiality and integrity across public networks.
Configured and optimized Zscaler web proxies for Zero Trust security and advanced threat detection, and implemented Aruba ClearPass for dynamic NAC, enhancing secure access and data protection.
Collaborated with security teams to implement Zero Trust architecture, ensuring seamless integration of security measures within the network infrastructure.
Delivered resilient network systems with a strong focus on enhancing user experiences through reliable and secure connectivity solutions.
Provided 24/7 network support and maintained 99.98% uptime for systems and networks across airports, campuses, and data centers.
Designed and implemented Palo Alto firewalls with application and URL filtering, SSL decryption, and SSL forward proxy. Configured and maintained IPSEC and SSL VPNs. Successfully deployed PA-5000 series firewalls as perimeter firewalls in the data center.
Migrated ASA firewalls to PA next-generation firewalls using the PA migration tool. Successfully migrated all IPSEC tunnels, ACLs, NAT rules, and policies.
Utilized Cisco Prime for daily tasks, offering consultation and technical support for lifecycle planning, problem management, integration, and network configuration.
Configured and maintained VPC with public and private subnets, NAT instances, and Elastic Load Balancing (ELB) to monitor public and private instances within the VPC.
Expert knowledge in working with Wireless LAN Controllers, Cisco NCS, Cisco APs, LWAPs, standalone APs, and mesh APs.
Implemented AWS Direct Connect and Azure ExpressRoute solutions for secure, high-performance hybrid cloud connectivity.
Integrated multi-cloud environments using Mega port and Equinix to ensure secure, low-latency WAN connections.
Experienced in cloud-based storage services, security filtering, and mission-critical applications, with LAN/WAN design using SDN/NFV, OpenStack/VNF, and Cisco Tail-F controllers.
Developed NFV and SDN transformational solutions, providing architectural design and strategic planning for future customer transformations.
Extensive experience with Cisco Wireless Access Points, including 1100, 1200, 3700, and 3800 series.
Experienced with wireless tools such as Spectrum Analyzer, Protocol Analyzer, and Site Survey tools.
Monitored and managed alerts for all components related to the Cisco ISE solution for network switches.
Configured and ensured Cisco ISE interoperability with network switches, verifying functionality across the network segment.
Managed configuration, authentication, and policy capabilities for network models, with secondary Cisco ISE nodes functioning in a backup role.
Planned, designed, and implemented network and security solutions, including Palo Alto, Check Point, ASA Firewalls, data center switching, Bluecoat Proxy, and F5 Load Balancers.
Troubleshot issues after migrating internet traffic through Bluecoat Proxy by tracing traffic or capturing it for analysis.
Upgraded Palo Alto Firewalls, Cisco Routers, Nexus Switches, F5 Load Balancers, and Bluecoat Proxy devices.
Managed SCIM provisioning from Azure AD to Zscaler ZIA for user and group synchronization.
Replaced traditional SSL VPN with Zscaler Private Access (ZPA).
Set up on-prem connectors and established outbound communication from connectors to ZEN nodes.
Configured Bluecoat Proxy SG for securing web applications via reverse proxy.
Implemented Bluecoat accelerators across all data center and remote servers, optimizing data backup time and improving functionality.
Re-encrypted application data using Blue Coat appliances to optimize WAN performance.
Led the migration from Bluecoat to Palo Alto URL filtering, configured rules, and maintained Palo Alto Firewalls, while analyzing firewall logs.
Troubleshot and resolved security issues related to Cisco ASA/PIX, Checkpoint, IDS/IPS, and Palo Alto firewalls.
Configured, managed, and monitored Palo Alto firewall models, particularly PA-5050 and PA-5260.
Deployed Active/Standby High Availability (HA) modes with session and configuration synchronization on multiple Palo Alto firewall pairs, with expertise in Active/Active HA modes.
Handling ACI fabric in multiple data centers across Europe, Asia, America region.
Providing L3 support for the configuration and maintenance of Cisco ACI fabric to ensure optimal network performance.
Troubleshooting and resolving incidents and service requests, addressing network issues efficiently.
Managing device migrations from legacy infrastructure to the ACI network, ensuring seamless transitions with minimal downtime.Handling client IT network infrastructure for Internet Security which includes Load balancers, Anti- DDoS and WAF support.
Technical Support for Load balancers which includes Radware (Alteon and Appdirector) and F5 Big- IP LTM and GTM, Citrix NetScaler (NS 10.5 and NS 9000).
Client: CVS Health, Woonsocket, RI Feb 2021 – Aug 2022
Role: Sr. Network Engineer
Responsibilities:
Developed network initiatives aimed at enhancing continuity and implementing security measures to fulfill and surpass contractual obligations, including system analysis and troubleshooting.
Participated in the design of new temporary disaster recovery Datacenter components, including SRX 3600 Firewalls, QFX 10008 switches, and MX 960 routers.
Established an Active-Passive cluster configuration between two Juniper SRX devices and an Active-Active pair on Juniper MX 960 routers to ensure high availability.
Developed new redundant Ethernet interfaces by enabling Link Aggregation Control Protocol (LACP) and established new VLANs for each redundant Ethernet interface.
Established a new eBGP relationship between Juniper QFX Spine switches and Firewalls for effective route advertisement.
Configured and troubleshot various protocols and services including HSRP, BGP, OSPF, DMVPN, MPLS WAN, QoS, and Route Maps.
Developed route leaks and filters to facilitate route advertisement among multiple virtual routing instances.
Engaged in the design of new F5 Load Balancers for disaster recovery data centers and the development of load balancing strategies tailored to diverse application requirements and traffic patterns.
Set up F5 devices in an Active/Passive cluster configuration and activated High Availability features.
Managed application security by implementing SSL for both client-side and server-side connections, utilizing various encryption protocols and cipher suites for TLS connections to critical business applications.
Diagnosed Layer 3 issues between F5 devices and Firewalls, adjusting routing and iRules settings on F5 during migration processes.
Designed and deployed secure, scalable VPN solutions using DMVPN and IPsec, and ensured the security of VPN connections through robust encryption and access controls.
Maintained comprehensive documentation of F5 implementations and standards regarding network security, application delivery, and connectivity.
Installed and configured Nexus 9k, Cisco 6500, 3800, and 3600 switching platforms in alignment with deployment strategies.
Comprehensive knowledge of Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) architecture, facilitating efficient Layer 2 and Layer 3 network connectivity in modern data center designs.
Established multiple tenants on Nexus 9k switches and implemented BGP on each tenant to create a transit network to Palo Alto devices.
Configured VxLAN, Equal-Cost Multi-Path (ECMP), and Ethernet Virtual Private Network (EVPN) on Nexus switches.
Participated in the migration of virtual machines from NSX to Cisco's Application Centric Infrastructure (ACI).
Developed IP addressing schemes, VLAN configurations, switch port assignments, and implemented EtherChannel setups.
Implemented and configured redundancy protocols such as Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP) for default gateway redundancy.
Engaged in the implementation, configuration, and troubleshooting of various routing protocols, including OSPF, iBGP, and eBGP, across Cisco and Juniper routers and firewalls.
Collaborated with application owners to comprehend their application flow to facilitate server migration to the new disaster recovery data center.
Extensive experience with security firewalls, NAT/PAT, IPsec, site-to-site VPNs, and ALG protocols (RTP, RTSP, FTP, DNS, HTTP).
Conducted performance monitoring of applications and web servers to ensure quality of service and maintain network stability.
Managed core switches by creating VLANs and configuring VLAN Trunking Protocol (VTP).
Designed and implemented Palo Alto 7080s, migrating workloads from legacy and existing disaster recovery data center SRX firewalls to next-generation Palo Alto firewalls.
Developed multiple virtual systems on Palo Alto and connected virtual system-1 to Juniper QFX 10k spine switches to support Juniper QFabric to QFX migrations, while linking virtual system-2 to Cisco Border Leaf Nexus 9k for workload migration to Vx Block.
Engaged in streamlining network architecture by consolidating nearly 30 virtual routers from legacy devices down to 6 virtual routers in the new environment.
Responsible for the upgrade and maintenance of all production network devices from Juniper, Cisco, and Palo Alto.
Participated in application failover testing between data centers and disaster recovery testing for data centers.
Diagnosed network issues within data centers and addressed WAN backhaul network challenges.
Established virtual routers in Palo Alto firewalls using a Hub-Spoke architecture, utilizing route redistribution to advertise routes with filters on the Hub.
Configured firewalls with multiple virtual routers, assigning security zones to their corresponding virtual routers.
Configured high availability between two Palo Alto devices with link monitoring enabled, conducting tests under various conditions.
Linked enterprise and data center firewalls to Panorama M-600s for centralized management purposes.
Configured various security profiles, including antivirus, anti-spyware, vulnerability protection, URL filtering, and DoS protection profiles, to safeguard against flood attacks, reconnaissance attacks, viruses, trojans, malware, and unauthorized access, integrating these profiles into security policies.
Established administrative roles, server profiles, authentication profiles, logging configurations, interface management, and zone protection profiles.
Transferred IPSEC tunnels from Juniper SRX 3600 firewalls to Palo Alto 7080s.
Developed NAT and security policies utilizing the App-ID concept on Palo Alto, tagging each security policy according to the application for simplified management.
Recommended best practices for network and security considerations during workload migrations to ensure a smooth transition.
Configured various F5 load balancing options and features, including persistence, SSL offload functions, HTTP profiles, and iRules.
Configured BGP, OSPF, access control lists (ACLs), Quality of Service (QoS), and routing policies on SD-WAN routers.
Gained experience in configuring SD-WAN cloud on-ramps for SaaS applications like Office 365 and Azure, providing direct internet access and monitoring performance metrics such as jitter, loss, and delay.
Acquired experience in Azure cloud connectivity through Express Routes, as well as utilizing Azure Cloud Security Center and cloud application security.
Configured network security groups within cloud security and set up Azure Active Directory for authentication to cloud applications using SAML and ADFS.
Experienced in integrating existing APIs with Azure API to extract attributes related to alerts, usage, analytics, monitoring, and security.
Gained hands-on experience in deploying Azure Multi-Factor Authentication servers.
Engaged in change management and monitored network performance utilizing various network tools.
Performed wireless site surveys using industry standard tools such as Air Magnet and Cisco & Aruba Switches
Managed and completed over 100 projects installing/upgrading client's wireless infrastructure to Aruba and Supported wireless networking team working on Aruba wireless.
Experienced in configuring Guest access using Aruba ClearPass and Web Authentication
Experience with Wireless Aruba and Cisco Controllers based Enterprise networks
Environment: Nexus 9k, 7k Cisco 6800, 6500, 4500, 3800 and 3600 switches, Juniper MX 960, MX 480, Juniper EX 4600, 9200, QFX 10008, SRX 3600, 5800, 240, F5 BIG-IP, Palo Alto 7080, PAN M-600, VRRP, iBGP, eBGP, OSPF, DMVPN, MPLS WAN, QoS, Route Maps, VTP, Proxy ARP’s, Route based Forwarding, PBF, Route Filtering, Route Reflectors, Route Re-distribution, Port Forwarding.
Client: Google, Mountain View, CA Sep 2018 – Jan 2021
Role: Network Engineer
Responsibilities:
Participated in the implementation of Trunking protocols, including Dot1Q and ISL, on Cisco Catalyst switches.
Engaged in the design, troubleshooting, and maintenance of Local Area Networks (LANs) according to company requirements.
Possess enterprise routing experience with protocols such as RIP, EIGRP, OSPF, and BGP.
Conducted software migration and configurations for new installations of Alcatel Lucent 7450, 7750, and 7705 devices.
Diagnosed and resolved Layer 2 and Layer 3 issues on Alcatel 7705, 7740, and 7750 routers, and Omni switches.
Skilled in configuring protocols such as HSRP, VRRP, GLBP, ICMP, HDLC, and SNMP, alongside configuring and troubleshooting routing protocols including RIP v1/v2, EIGRP, OSPF, IS-IS, BGP, and MPLS, as well as installing and configuring DNS and DHCP servers.
Developed and tested Cisco router and switching operations utilizing the OSPF routing protocol, ASA Firewalls, and MPLS switching to ensure stable VPNs.
Utilized network analysis tools such as Ethereal to investigate and resolve network issues.
Employed a TFTP server to back up Cisco configuration files.
Conducted network layer tasks involving the configuration of IP addressing using Fixed Length Subnet Masking (FLSM) and Variable Length Subnet Masking (VLSM) for all applications and servers across the organization.
Implemented routing and switching protocols such as IS-IS, OSPF, and BGP on Juniper M series routers.
Involved in configuring Inter-VLAN routing, redistribution, access lists, and dynamic routing.
Participated in the configuration and implementation of composite network models comprising Cisco 3750, 2620, and 1900 series routers, as well as Cisco 2950 and 3500 series switches.
Technical support offered for expanding the existing network architecture to accommodate new users.
Engaged in the configuration of Access Control Lists (ACLs) on Check Point firewalls to ensure proper network routing for B2B connectivity.
Integrated Microsoft Active Directory (LDAP) with Check Point for identity awareness and user authentication.
Gained experience in adding rules and monitoring Check Point firewall traffic through Smart Dashboard and SmartView Tracker applications.
Monitored and addressed network anomalies using SolarWinds/Orion software, recommending suitable solutions for identified issues.
Conducted tests and verified continuity using the SolarWinds Orion monitoring tool.
Utilized various network tools for network evaluation, including SolarWinds Engineering Toolset, Wireshark, SSH Putty, and SolarWinds Orion.
Oversaw DNS servers, including creating and modifying DNS records and troubleshooting DNS-related issues.
Collaborated with various teams to gather information for new requests and troubleshoot connectivity issues by capturing traffic with TCPDUMP and SmartView Tracker.
Possess experience in implementing and troubleshooting various protocols and technologies, including configuring EtherChannel’s, trunks, VLANs, and HSRP in a LAN environment.
Client: Syntel, IND July 2016 – Aug 2018
Role: Network Engineer
Responsibilities:
Configured policies and managed Palo Alto firewalls, performing log analysis using various tools.
Installed Palo Alto PA-3060 firewalls to secure the data center, offering L3 support for routers, switches, and firewalls.
Migrated Checkpoint VPN rules to Cisco ASA, leveraging extensive experience with Cisco ASA VPN configurations.
Ensured team alignment with SOC mission and goals through effective communication and onboarding.
Established and monitored quarterly and annual objectives for the team.
Monitored network traffic to identify trends and detect malicious activities, generating vulnerability reports with actionable recommendations.
Held primary responsibility for core network security, managing all deployed network security products including Checkpoint (GAIA R75.40/77.20).
Configured VLANs, Spanning Tree Protocol (STP), VSTP, and SNMP on Juniper EX series switches.
Researched, designed, and upgraded outdated Checkpoint firewall infrastructure with next-generation Palo Alto firewalls.
Designed and installed Palo Alto firewalls, implementing application and URL filtering, threat prevention, and data filtering.
Oversaw the team’s quality analysis of security events through regular audits and coaching.
Ensured timely delivery of accurate and insightful security event analysis to customers.
Installed, configured, and troubleshooted issues on Riverbed Steelhead devices.
Maintained SOP processes to ensure they are accurate, efficient, updated, and scalable.
Managed Juniper SSL VPN, Websense Web Security, and IronPort administration.
Assessed McAfee Network Access Control by building checks and benchmarks for McAfee products, WSUS servers, IE proxies, and encryption alerts.
Deployed virtual machines (VMs) in Windows Azure for testing in SIT and QA environments.
Created VMs with SQL Server 2012 in Windows Azure to meet QA test requirements.
Configured Active Directory domains and virtual networks in a Windows Azure testing environment.
Configured zone-based firewalling and security policies on Palo Alto firewalls.
Configured and installed Aruba 7210 wireless controllers and access points.
Developed Python and Shell scripts to build monitoring and alert systems for applications and servers.
Managed Checkpoint firewall policies, adding and removing rules to accommodate project requirements.
Provided support for 2-tier and 3-tier firewall architectures, including Checkpoint, Cisco ASA, and Palo Alto firewalls.
Configured Checkpoint R77.30 series firewalls and routed outbound traffic through a Blue Coat proxy server.
Implemented firewall rules daily on Juniper SRX 3600, SRX 650, and SRX 220 devices using SPACE and CLI as required.
Collaborated with the Level 2 team on the migration of CMA instances between Provider-1 platforms.
Implemented site-to-site and client-to-site VPNs using Checkpoint Firewall-1/VPN-1.
Monitored and identified potential intrusions for the Cyber Security Operations Center (CSOC) using McAfee ePolicy Orchestrator.
Set up a Syslog server to facilitate proactive network monitoring.
Implemented VLANs for different departments, using trunks to connect them, with one VLAN in server mode and the rest in client mode.
Configured
Contact this candidate