Amit Singh

asingh51091@gmail.com
917-251-1842

OBJECTIVE

Seeking a network security engineer position with a well-established company that will allow me to utilize my skills and
abilities to maximize the company's output and foster continuous learning.

PROFESSIONAL SUMMARY

 6+ yrs. of experience as a Network Administrator specializing Network security, Firewalls.

 Experience in the areas of Technical Implementation/Support, Project Management, System Administration,
Networking and end-to-end Infrastructure Management
 Experience in installing, configuring and troubleshooting of Checkpoint Firewall
 Strong knowledge base in the design and deployment of Blue Coat Proxy SG, Palo Alto Firewalls and Check Point
Firewalls
 Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View
Tracker applications
 In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting,
VLSM, TCP/IP, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3 Sonnet POS OCX / GigE circuits, Firewalls.
 Good Knowledge in IPv6 Addressing, Ipv6-IPv4
 Hands on experience in manage and troubleshooting with SDN technology
 Implementing and maintaining F5 LTM Devices (Versions 9.x, 10.x and 11.x). Responsibilities include device builds for
continuous application availability and Windows/Unix load balancing, code upgrades, and configuration management.
 Secure Email Gateway, WebMarshal proxy gateway and Secure Connect Fortinet Firewalls.
 Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations.
 Proficiency in configuration of VLAN setup on various Cisco Routers and Switches.
 Expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good
experience on IP services.
 Highly experienced in VPN Implementation IPsec VPN and SSL VPN Server-to-Server and Client-to-Server.
 Experienced in DHCP DNS, NIS, NFS, SMTP, IMAP, ODBC, FTP, TCP/IP, LAN, WAN, LDAP, HP RDP, security management,
and system troubleshooting skills.
 Configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
 Experience in Configuring Checkpoint Clusters with Nokia IPSO and GAIA OS
 Experience in tools like SNMP, AAA, RADIUS and designed VPN with IPSEC security layer.
 Expertise in IP sub netting and worked on various designing and allocation various classes of IP address to the domain.
 Involved in monitoring network traffic and its diagnosis using performance tools like Snort, Snortsnarf, ping tools, and
packet player.
 Experience in authentication protocols PAP, CHAP, 802.1x and Port Security and Configuring Security policies including
NAT, PAT, VPN, Route-maps, prefix lists and Access Control Lists
 Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: OSPF, EIGRP, RIP, IGRP, BGP etc.

Page 1 of 8
 Experience in Deployed Check Point Provider-1 NGX and configured CMAs
 Knowledge on Juniper SRX240, SRX220, and SRX550 series firewalls
 Expertise in installing, configuring, and maintaining Cisco Switches (2900, 3500, 3700 series, 6500 series), Alcatel
Omniswitch 6k series, Omnistack 3k, 4k series and Aruba 3k, 6k series.
 Expertise in installing, configuring, and troubleshooting of Cisco Routers (3800, 3600, 2800, 2600, 1800, 1700, 800)
 Knowledge on Nexus 7000, Nexus 5000 and Nexus 2000 switches

PROFESSIONAL EXPERIENCE

HCL, Orlando, Florida (2016 April- Present)

Role: Sr. Network Engineer

 Monitored and maintained client Firewall, intrusion detection systems and VPN systems including (Check Point
FW-1 / VPN-1 / Cisco PIX / Secure VPN / Secure IDS).
 Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with Cisco ASA VPN
experience.
 Administer the Optimization of Network Access Control System tools, specifically ForeScout CounterACT 7.0.0 and
Enterprise Management.
 Perform maintenance upgrades, troubleshooting steps, and documentation on all aspects of the current and
future Cisco, Checkpoint, ForeScout, and NetOptics based network environments.
 Execute continuous assessment of network health and security, to include remediation, using appropriate
software tools - SolarWinds and ForeScout NAC.
 Provide advanced support for but not limited to CheckPoint Firewalls, IDS, ForeScout CounterACT 7.0, and VPN or
any future security technology.
 Participated in the SOX testing of the General Computer Controls.
 Executed regulatory reporting program compliance to ensure the adequacy of the financial and IT control
environment in conformity with PCAOB AS-5 and with conformity with SOX 302 AND 404 and enterprise COSO and
ICFR compliance.
 Experience as a Network Security Administrator specializing Network security, Firewalls and provided support for a
Cisco VOIP Multi-cluster environment.
 Experience in the setup of Access-Lists, and RIP, EIGRP, and tunnel installations and diagnosed and troubleshoot
daily VoIP and network issues.
 Proficiency in configuration of VLAN setup on various Cisco Routers and Switches and also configured Cisco VOIP
sets; 7975, 7940, 7941, 7960, 7937/8831 polycom and 8841 SIP Devices.
 Unpacked, racked, cabled, and installed hardware in data centers across the company campus, ensured initial
connectivity to devices such as network, server, cyber security, and Cisco VOIP systems.
 Extensive experience with SIEM and log management products: LogMatrix, Juniper Networks, Nitro Security,
Novell, RSA enVision, ArcSight, Cisco, LogLogic, Symantec SIM, RSA Archer Symantec, LogRhythm, Alert Logic
 Updated the IT applications for risk assessment mapping and ITGC control framework to comply with CoBit 5
standards.

Page 2 of 8
 Design and deployment of corporate wide best practices, due diligence preparation for year one SOX 404
compliance and SEC filing of new registrant. Audits on various ERP systems.
 Perform SOX IT and Internal Controls over Regulatory Reporting IT audits.
 Reviewed Highmark's information technology infrastructure for compliance with PCI, COBIT, HIPAA, NIST, and ISO.
 First line testing of applications implementation of internal and SOX controls in multiple control domains -
Foundation (BIA, CIA, TVA) IAM, Security Monitoring, Platform Security, IT resilience, Change Management and
record retention.
 Implementing targeted controls for regulatory topic such as GDPR (cookie tracking, targeted marketing and big
data) and PCI-DSS.
 Developed and reviewed information security controls based on ISO 270002 as part of a project to realign the IS
policy framework with industry standards.
 Designed information security control procedures base on ISO 270002, NIST and PCI DSS in order to provide
 Review of Policy Flow in both ForeScout and Checkpoint for upcoming Data Center WAN Migration requirements.
 Implemented automatic email notification of the monthly statements for the customers using Java Mail
 Anchored team formation and worked with technical on SDN/NFV, ONOS and Network Monitoring tools
 SOX Risk Analysis Consultant ITGC, PCI, CoBIT 5 Risk and Remediation
 Managed and matured information technology risk management processes, programs and strategies. Aligned
information technology activities with COBIT, NIST, PCI, and SOX, and FAA regulatory requirements and internal
governing enterprise risk management policies.
 Configure DHCP, HSRP, VRRP, VLANs, VTP, DHCP Snooping, Portfast, BPDU Guard, Root Guard, NTP, STP.
 Create econnect rules for the internal network using bluecoat proxy
 Configuring VPN, clustering and ISP redundancy in Checkpoint firewall
 Migrations included and not limited to Cisco to Cisco and Cisco to Checkpoint and Checkpoint to Checkpoint
 Hands on experience on different Cisco VC units like SX 80, MX-700, SX10, SX20, SX20Netc
 Implementation of Cisco voice and video infrastructure, Telepresence video
 Bluecoat Configuration modification for updates to rule sets .
 Expert in F5 Networks configuration of devices such as LTMs, GTMs, Load Balancers, DNS/DHCP services.
 Worked on F5 BIG-IP LTM 8900, Citrix NetScaler Configured profiles.
 Worked on implementation of the basic F5 ASM, F5 Fire pass and VE, F5 APM.
 Complete Devices installations, maintenance and perform regular upgrades and patch work on F5 load balancer
devices.
 Designed and developed web UI screens using Angular-JS, Bootstrap, HTML, CSS and JavaScript
 Configuring and troubleshooting F5 BIGIP LTM load balancing and implementing, Creating irules, Virtual servers,
Pools, Nodes with health, Profiles, SNAT, SSL, NAT, Traffic Policies and QoS.
 Creating Virtual Servers, Nodes, Pools, Iapps and Irules on BIG-IP F5 in LTM module.
 Configured High availability and implemented it on F5 Load balancer.
 Hands on experience in SDN/NFV/ACI virtualization, Cloud technologies Orchestrators; OpenStack, Mirantis
VMware, Open day light(ODL).
 Hands on experience in SDN/NFV virtualization, Cloud technologies Orchestrators; OpenStack, Mirantis VMware,
Floodlight, ONOS and open day light(ODL).

Page 3 of 8
 Translate these configuration commands into a YANG model or potentially a vendor-specific model which allows a
Software Defined Network (SDN) like architecture.
 Working in Nuage SDN (VSD/VSC/VRS/VCIN ) VMware-center-V-spher, VRO, VRA.
 Bluecoat Troubleshoot for Root Cause Analysis to ensure limited downtime
 Advanced knowledge in Linux and Unix Operating Systems, web security devices or proxy - Cisco WSA/CWS and
Bluecoat, understanding of global security policies
 Working on Bluecoat proxy server, Tipping Point Intrusion Protection System management.
 Implemented complete CISCO Voice Infrastructure Migration
 Worked with web security gateway like bluecoat proxySG for content filtering, authentication and ICAP relay.
 Create and consume RESTful API calls with AngularJS as a front end and Java as a back end using Apache karaf as a
microservice container for the OSGi framework
 Implement Bluecoat policy after testing it on Lab environment.
 Responsible for fiber optic and Cat5/Cat6 network installation and testing
 Manually Installed McAfee NDLP Prevent 10.x ISO.file and configured in McAfee ePO server
 Provided expertise with incident response, security event monitoring, vulnerability management, asset security
compliance and Data Loss Prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP
 Experience with Designing, Implementing and Troubleshooting Cisco Routers and Switches using
 Managed McAfee EPO A/V environment using EPO console to pull reports to validate security protection
compliance via DAT file updates, and take appropriate action to correct issues found within the ePO environment
 Support Bluecoat proxy migration to new platform for all Business and Datacenters in environment
 Configure and maintain Bluecoat ASG500 gateways for all HTTP and HTTPS traffic traversing the PBGC network.
Effectively update the Visual Policy manager (VPM) as per required access by the client. Periodically upgrade
the bluecoat devices to desired feature set OS level as required.
 Configuring Bluecoat Proxy and Cisco WSA for Web access, Web authentication and content filtering.
 Black listing and White listing of web URL on Bluecoat Proxy servers.
 Hands on experience on all software blades of checkpoint firewall
 Configuring, maintaining and troubleshooting IPS and IPS-1 in Checkpoint
 Experience testing Cisco & Juniper routers and switches in laboratory scenarios and then deploy
 Migration experience with both Check Point and Cisco ASA VPN.
 Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Cisco PIX,
NetScreen Firewalls, Check Point Provider-1 / VSX, Nokia VPN, Palo Alto IDS, Foundry / F5 Load Balancers, and Blue
Coat PacketShaper systems.
 Implementation & trouble shooting of vlans, high availability solutions like hsrp, ether channels, SSL vpns, access
control lists, NAT, PAT, routing solutions etc
 Maintaining Corporate Firewalls by analysis of firewall logs and implementation of security firewall policies for
the migration of Datacenter
 Configuring VPN, clustering and ISP redundancy in Checkpoint firewall
 Implementation, configuration and support of Checkpoint and ASA firewalls for multiple clients
 Experience working with migration from 6500 series devices to 4500 Series switches in Campus deployments at
Core, Distribution and Access Layers.
 Developed the Java daily batch jobs in new Concurrent threading framework, Java collection APIs.

Page 4 of 8
  Built and support VRRP / Cluster based HA of Checkpoint firewalls
 Migration of servers from one datacenter to another, providing switch connections to the new servers, updating
Check Point Firewall rules for the new servers, A10 to F5 load balancers Migration
 Worked on Layer2 switching technology implementation, operations included L2 and L3 switching and related
functionality. This also includes VLANs, STP, VTP, RSTP, PVST+, HSRP, VPC, VDC, OTV.
 Moderate knowledge in configuring and troubleshooting Cisco Wireless Networks: LWAPP, WLC, WCS, Standalone
APs, Roaming, Wireless Security Basics, IEEE 802.11 a/b/g, RF spectrum characteristics.
 Designed and deployed new Cisco catalyst 6513 and 6509 with dual Supervisor Engine 720 at both Distro and
Core layer.
 Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to
avoid loops in the network. Trunking and port channels creation.
 Good knowledge in ACL, NAT/ PAT, Ether Channel, IP Sec and VPNs. Experience in Troubleshooting for connectivity
and hardware problems on Cisco Networks.
 Troubleshooting the VPN tunnels by analyzing the debug logs and packet captures.
 Configuring failover for redundancy purposes for the security devices. Implemented the stateful& serial failover
for PIX/ASA firewalls, Check Point Clustering and load balancing features.
 Periodical update of software on security devices depends upon the bugs fixed with the new software releases.
 Converted Cisco ASA VPN rules over to the Palo Alto solution
 Experience with converting Check Point VPN rules over to the Cisco ASA solution. Migration experience with Cisco
ASA VPN.
 Backup and restore of Check Point and Cisco ASA Firewall policies.
 Monitoring Traffic and Connections in Check Point and ASA Firewall.
 Manage project task to migrate from Cisco ASA Firewalls to Check Point Firewalls.
 Responsible for implementing and troubleshooting various Networking Devices such as Routers, Cisco Switch,
Cisco Firewall.
 Responsible to provide network connectivity as and when new location comes in to the network.
 Worked extensively in configuring, monitoring and troubleshooting Cisco's ASA 5500/PIX security appliance,
failover DMZ zoning & configuring VLANs/routing/NATing with the Firewalls as per the design.

PCTEL, Melbourne, Florida

Role: Network Engineer (2015 November-March2016)

Worked extensively in Configuring, Monitoring and Troubleshooting security appliance, Failover DMZ zoning & configuring
VLANs/routing/NATing with the firewalls as per the design
 Worked on multi-vendor platform with checkpoint, Fortinet and Cisco firewalls requesting net flow for security
compliance, coding, and pushing firewall rules after approval and troubleshoot incidents as required
 Experience with converting checkpoint VPN rules over to the Cisco ASA solution Migration with Cisco ASA VPN
experience .
 DNS, DHCP, VRRP, HSRP, VLANs, and InterVLAN routing.
 Worked on the Logging issues of the F5 load balancer and the process of the workflow with the syslog servers
making sure the communications through the switches and routers.

Page 5 of 8
 Performed design, deploy, refresh and change control for Cisco ASA firewalls, routers and switches, F5 Networks
LTM and GTM load balancing.
 Worked on three different SDN controller; Floodlight, ONOS and OpendayLight
 Extensive knowledge in configuring F5 Big-IP LTM-3900, and 6900 Load balancers, as well as worked on the
implementation of iRules.
 Have expert level of experience on F5 related stage and test device tickets for creating, upgrading and
modification on the virtual servers, pool members and custom related health monitors to satisfy client and
application team.
 Developed rich UI using technologies like Google Web Toolkit(GWT) with AJAX, Action Script, Flash, JavaScript,
HTML, CSS, Struts Tile Framework.
 Worked on an ONOS project controller.
 Design and Architecture of F5 LTM, GTM, APM, ASM and application delivery network.
 Configured F5 Big IPs with VIPs, Pool, IRules and SSL certificates to ensure traffic was load balanced.
 Determining the functionality with the DNS naming conventions and migrations from old load balancing
environments to the F5 environment.
 Perform Checkpoint and PIX firewall/IDS design, integration and implementation for Cyber Trap client networks .
 Built Cloud infrastructure utilizing virtualization, SDN, NFV, Orchestration, Contrail, VMware, KVM, OpenStack
(Mirantis) and OpenFlow in multiple production-like lab environments.
 Familiar with bluecoat ProxySG S200, S400.
 Implementing of Secure Communications (IPSEC VPN), Branch to Branch VPNs, Third-Party remote access VPNs
(VPN Clients) using Cisco ASA 5500 series, Juniper SRX, Checkpoint Firewalls and Palo Alto Firewalls.
 Perform QA Checks on block point builds of SPLAT and GAiA Checkpoint Firewalls running on HP Proliant Servers
 Worked on the migration to new Checkpoint R7x firewalls from Cisco ASA firewalls.
 Responsible for installation, troubleshooting of firewalls (Imperva Web app Firewalls, Checkpointfirewalls) and
related software, and LAN/WAN protocols.
 Using SmartUpdate, User Management and Authentication in Checkpoint Firewall
 Support and troubleshoot Cisco and Bluecoat proxy environments
 Configured and installed Bluecoat Proxy SGs to a newly designed network scheme, from an inline perspective to a
WCCP load balanced network layout.
 Experience in implementing Next Generation Firewalls (NGFW) such as Bluecoat Proxy such as Palo Alto networks
NGFW for URL filtering
 Monitoring Traffic and Connections in Checkpoint and ASA Firewall
 Maintained, configured, and installed Cisco and Juniper routers and switches: 7500/catalyst
6500/RV320/2960/catalyst 3550/12410, 12816, 1204 series, Nexus 7k and 5k, WLC, and ASA 5540
 Upgradation configuration changes, implement the Firewall Rules, configure the NAT, implement the new VPN,
troubleshooting and handling the incident on number of vendor's Firewalls (ASA, Checkpoint) and other security
products.
 Regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2900,
3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800) Cisco
Router and Switches, Juniper Routers and Firewalls, Nexus 7k, 5k & 2k, f5 BIG IP, Palo Alto
Firewalls, Bluecoat Proxy and Riverbed Steelhead appliances
 Configuration and maintenance security devices Checkpoint R77 Gaia, and Palo Alto.

Page 6 of 8
  Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
 Cisco ASA Firewalls, Palo Alto Networks Firewalls.
 Installed and tested Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS
switching for stable VPNs.
 Demonstrate deep expertise in technical and security process design, and ONOS project controller.
 Performing scheduled backups and storage of Checkpoint management servers and firewall
 Administering and installing Checkpoint Firewall rules and policies.
 Configuration of Checkpoint Firewall as Standard and Distribution deployment to have the network secure and
also maintaining Site to Site VPN Connection through the Firewalls.
 Leading onboarding calls with customers to address all technical consideration like Network related questions,
who are interested to following cloud service providers such as Microsoft Azure, Amazon Web Services, Cisco
WebEx, Sales Force, Box, Blue Jeans and addressing all technical networking questions.
 Worked with converting Cisco ASA solution over to the Checkpoint VPN rules. Migration with both Checkpoint and
Cisco ASA VPN experience.
 Hands on experience in installing and configuring Cisco and Juniper MX series routers.
 Support Cisco 7000, 6509s, 3750, 3550, Juniper SRX 1400, M10i, MX-80, Alcatel SR 7750 ESS 7450 routers
 Implement and support WAN / LAN services including IPsec VPN /SSL VPN Hub Spoke topology additionally
supporting OC12 circuits. Currently implementing a Cisco Single Cloud DMVPN Utilize Cisco Nexus 7000 routers for
core layer 3 services in a heterogeneous networking environment.
 Configure policy-based and route-based firewall solutions on Juniper SRX1400, SSG5, Cisco ASA 5525
 Datacenter Architecture design using VMWARE vSphere 5; 6 etc., Cisco UCS Servers;
Cisco HyperFlex, Nexus switches etc., EMC VNX etc.
 Handled converting Checkpoint VPN rules to Cisco ASA solution.
 End to End Integration automation with CISCO ACI SDN solutions.
 Good understanding of Cisco DNA Automation.
 Datacenter L4l& deployment using Cisco ASA/ASAv, VPX, SDX etc
 Network management support for Cisco products
 Working with Datacenter products such as vmware vSphere, vmware SRM, Cisco
UCS Manager, Cisco Nexus, EMC VNX, Recoverpoint etc.
 Utilize troubleshooting tools to monitor, evaluate and optimize network performance. These tools include
Interface Ports Mirrors, RSPAN, IXIA ANUE NTO's, Wireshark, Gigastor, and INEOQUEST packet analyzers
 Maintain firewall including manage multiple SSG5s, and Juniper SRX 110 CE firewalls
 Troubleshoot issues related to Latency and MPLS advertisement.
 Providing support to create Virtual Private Cloud (VPCs) and gateways in AWS console.
 Maintain extensive Visio 2012 documentation that supports network operation including network diagrams, IP
addressing schematics, vendor agreements, network device and hardware backup configuration
 Troubleshooting and communication with different team to resolve customers NetBond issues such as latency,
route missing, ExpressRoute mismatch.
 Providing on-call 24*7 supports.

Flextronis Logistics, India (Aug 2011– June 2015)

Page 7 of 8
Role: System Administration

Application Deployment and Support to E Biz Support Operations. To maintain a world class eBusiness & Application
Development, QA and support Infrastructure through robust processes, Open Standards, Best of the Breed software,
utilities and tools with the intention of providing a common end-user experience across the GECF eBusiness infrastructure.
 24*7*365 eBusiness Operations Support for all eBusiness related issues.
 Application Infrastructure support to Project Teams deploying on eBusiness platform.
 Application performance testing, analysis/metrics management
 Application deployment /build across multiple environments
 Single Sign On (SSO) deployment/support across multiple environments Maintain digitized change control, escalation,
and user ticketing tools
 Subject Matter Expert in network security, Cloud computing security and SDN security applications. Recognized as one
of the top security leaders at Cisco.
 Assist with Functional Specifications development. Assist with Technical Specification development. Review / Approve
Application Infrastructure Architecture (3 hrs per Week)
 Problem Resolution. Reports directly to the Project Manger Collections Technology GECF America. Contributing in
charting, building and sustaining the project team (4 hrs per week)
 Be the escalation point for process related issues. Plan, schedule and conduct process monitoring. Provide technical
expertise on Siteminder, LDAP and WebLogic servers. (5 hrs per week)
 Design / troubleshoot / support of windows 2000, Windows 2003/NT, Linux based systems. Application support for
Intel based Architectures. (5 hrs per week)
 Implementing and configuring network services like DNS, DHCP, WINS and RAS for Network operations and remote
connectivity. Administered the users and groups using the Windows 2000 native tools (5hrs per week)
 Customized system policies for user’s environment. Implementing Backup policies and restoring the data. ISP
Installation and Creating Web Sites. Configuring IIS 6.0 (6 hrs per week).
 Replicating and Clustering in IIS 6.0. Fault Tolerance and Load Balancing.
 Performance and stress Testing. Installation of operating system on INTEL machines.
 Disk space partitioning as per the system and application requirement (4 hrs per week)
 Setting up EEPROM PARAMETERS (BOOT PROM parameters). Installation and verify of systems packages. Installation
and verification of system patch’s. (5 hrs per week).
 Managing and addition of new users using command line or using GUI Admin tool- Managing password policies
through the /etc shadow file. Monitoring the system access using command who, finger or last. (3 hrs per week)
 Additional responsibilities taken fixing the Motherboard, Hardware for Dell Latitude D600/D610’s Laptops and
Application Troubleshooting for the escalated Issues.
 Experience working with Cisco IOS, IOS-XR, NXOS for configuration & troubleshooting of routing protocols: MP-BGP,
OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.
 Hands-on experience with handling with daily RTB tickets and troubleshooting.
 Used Cisco IOS to configure simple routed or switched LAN and WAN networks.
 Implementation configuration and troubleshooting of Check Point Firewall R77.
 Designed and configured testing changes/additions to the encryption infrastructure.
 Ensured 24x7 uptime of encryption services.
 Configured Junos OS on M20, M120, J series and MX series devices.

Page 8 of 8