Lalith Mudiyanselage

Employer: Jared
Phone: 832-770-6386
Email: jared@cambaycs.com
SUMMARY:

Network and network security Engineer with 8+ years of expertise in Designing, Implementing and
troubleshooting various Network Technologies.

Provide scalable, supportable military grade TCP/IP security solutions along with expert TCP/IP network
designs that enables business functionality.

Hands-on experience, specializing in Cisco Environment in Data Center, systems, network and user
administration, LAN / WAN and Security.

Administration, engineering, and support for various technologies including proficiency in LAN/WAN, routing,
switching, security, application load balancing, and wireless.

Experienced in installation, configuration, design and ongoing maintenance of Cisco router and switches.

Worked on Cisco Catalyst Switches 6500/4500/3500 series,

Responsible for Checkpoint and Cisco firewall administration across global networks.

Knowledge of managing, maintaining, administering, troubleshooting high end network devices such as cisco
routers switches and firewalls.

Policy development and planning / programming on IT Security, Network Support and Administration.

Knowledge of Checkpoint VSX, including virtual systems, routers and switches

Experience in Network LAN/WAN deployment,

Experience with DNS/DFS/DHCP/WINS Standardizations and Implementations and work experience with
Infoblox.

Experience on Checkpoint, Paloalto, Juniper and Cisco ASA Firewalls.

Network Administration, monitoring networks for vulnerabilities or intrusions.

Extensive understanding of networking concepts, (IE. Configuration of networks, router configuration and
wireless security, TCP/IP, VPN, Content Filtering, VLANs, and routing in LAN/WAN, Ethernet Port, Patch Panel
and wireless networks.)

Configured IP addresses and subnet masks of workstations

Configured Cisco routers and switches to hosts or servers Configured mail exchange servers, and other servers
on Microsoft Outlook, and Mozilla Setup email on mobile phones and email exchange servers such as POP,
POP3, IMAP, and SMTP.

A broad understanding of computer hardware and software, including things such as installation configuration,
management, troubleshooting, and support.

Experience in Active Directory, GPOs, File & Print Server, FTP, Terminal Server, NAT, and Exchange Mail
Server.

Administration of production Windows Servers infrastructure that includes Domain Controllers, IIS Web Servers,
SharePoint, File and Print and FTP/SFTP servers.

Extensive experience in Windows 2008 R2/2008/2003 Wintel Servers at single or multi domain platforms.

Proficient in installing and configuring Windows Server 2003, 2008, 2012 and Windows XP, 7 & 8 Professional
Client Operating Systems.

Experience in Microsoft Office Suite, Visio and Outlook.

TECHNICAL SKILLS:

Hardware: SonicWall/Checkpoint/NetScreen/Cisco Firewalls, SSL, CDP, Cisco routers & switches, 3COM
Routers & switches, Barracuda, HP, Compaq, Dell, and IBM Servers

Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900 / 3750-X / 2960

Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Firewall: ASA 5585/5520, FWSM, Checkpoint 4200/Nokia IP-560, Cisco PIX 535/525

Server Applications: VMWare, MS SQL, ConnectWise, Remedy, SonicWall SGMS, MS ISA, MS Exchange, MS
IIS, MS SharePoint, MS Proxy, MS SMS, Backup Exec, Symantec AV, Trend Micro AV, Avast AV

Operating Systems: Windows XP, Vista, Windows 7 & 8, Terminal Server, Citrix, Windows 2003 & 2008

Networking: NAT, VTP, VLAN, L2TP, PPTP, RDP, TCP/IP, IPX/SPX, NetBEUI, UDP, ARP, NTP, EIGRP, OSPF,
RIP, VoIP, SIP, SSL, VPN, ESP, 802.11 Wireless, HTTP, HTTPS, FTP, POP3, SMTP, DNS, ICMP

PROFESSIONAL EXPERIENCE:

The Neiman Marcus Group LLC, Irving, TX

June 2016 Present

Network Security Engineer

Managed network and security devices including Cisco routers, switches, Cisco ASA, Cisco VPNs,
Juniper SSL, Check Point, Paloalto, Juniper, Aruba switches, Aruba wireless controllers and Access
Points , Infoblox as well as content delivery networks (F5 Big IP LTM and load balancers) enterprise
environment
Implemented and performed troubleshooting activities on with respect to security issues on Paloalto,
Checkpoint (Gaia/VSX) Juniper and Cisco ASA firewalls as per the business requirements.
Based on the client/customer request, performed activities such as adding a rule (policy) to existing rulebase, Removing a rule (policy) to existing rule-base, Modifying an existing rule (ports, source ip address
change, destination ip address change), Configuring site-to-site IP-Sec tunnel, Troubleshooting network
connectivity problems through the firewall Checking logs through GUI and Performing TCP Dump through
command-line, Managing Net-screen Security Manager.
On daily basis, Performed activities such as monitoring the Internal IP-Sec tunnels in the Datacenter,
Performing health checks, Interface / VPN Link Status Monitoring, Monitoring Firewall Alarms, Monitoring
Firewall Events, Monitoring IP-Sec VPNs in NSM, Monitoring NSM Alerts and events, Monitoring the
availability of Firewalls and NSM, Monitoring Flow counters in Firewalls, Monitor Logging status to Arc-sight,
and Monitoring Firewall High Availability status
After a change is implemented, performed firewall ports document update task.
On the availability and need, performed applying hotfixes for Screen OS / IOS and upgrading the Firewall
Screen OS / IOS
Performed end of Support product check and end of Life product check.
Performed backup of current running configuration weekly or when there is an update to configuration.
Worked on f5, by adding and removing applications to F5 Load Balancers (Pools, Node members, VIPS
etc.., LB techniques, persistence etc..) - working with Application teams
Add/Remove/Renew Public as well as private SSL Certificates for Applications behind F5 and Participate in
Post-production performance testing and analysis for new/changed applications
As per requests, Add/Write/Remove/Manage iRules in F5 Load Balancers
Performed troubleshooting activities for application access problems (slowness, latency, inaccessibility) and
Monitor Application availability through F5 Load Balancers on daily basis.
Add/Write/Remove/Manage iRules in F5 Load Balancers, Participate in Post-production performance testing
and analysis for new/changed applications, and performed hardware Support through Vendor on request.
Monitored availability of F5 Load Balancers/ASM and checked the performance of and Load Balancers more rigorous during sale events and any other special days (like private day)
Interacted with F5 Support for product related issues (escalated/complex)
Monitored the validity of External SSL Certificates installed on F5 Load Balancers, alerted the respective
application team on impending SSL Certificate, Renewed the SSL Certificates with Vendor and Installed the
new SSL Certificate on the F5 Load Balancer
Monitored availability of Checkpoint URL Filtering Server and its Services, Integration between Bluecoat and
Checkpoint URL Filtering, Integration between Corporate Internal Firewall and Checkpoint URL Filtering,
Checkpoint URL Filtering licensing limits, and Checkpoint URL Filtering Server Disk/CPU status
Blocked and unblocked the web site suspicious up on the request.
Logged into Arc-Sight console to check health of partition status, Archive Status, Compression status and
verified any arcsight notification for errors/warnings on email notification
Replaced aging Cisco ASA 5500-X series with next generation Palo Alto 5000 series appliances serving as
firewalls and URL and application inspection in Panorama management tool.

Implemented Site-to-Site IP-Sec VPN on DC checkpoint firewall to communicate with Vendors and branch
offices in different regions within and outside the USA.
Responsible for Check Point, Cisco ASA and Palo Alto firewalls (5050) configuration and administration
across global networks.
Configured ACLs, NAT tables and inter VLAN policies and BGP on PAN 500 firewalls.
Configuration of Palo-Alto PA 500 and 5050 series firewalls for outbound traffic via Blue Coat proxy
server..
Worked on changing global objects and global rules to local objects and local rules for migration project.
Implemented new Test Lab (Called Security Lab) set up in the data center to simulate the actual Neiman
Marcus retail stores and Data Centers network and network security architecture and configured all
network and network security device as per the requirement.
Implemented security requirement in establishing the connection for OpenTable APP installed in iPads with
the Core MobleIron server, MobileIron Cloud, Apple cloud, etc this is for OpenTable App implementation
project for Store restaurants for customers to reserve their tables on availability in advance. Store Paloalto
firewall, Corporate Checkpoint and Juniper
DMZ firewall in Datacenter were involved in this
implementation.
Participated in Store WAN router refresh projects to replace old WAN router with a new version of Router
and verified the WAN/LAN network connectivity, WIFI and internet connectivity, Failover testing of WAN
links, isell application, Registers transaction /POS services availability, and Phones incoming/outgoing
The new routers was configured as per the existing old router and changed some configurations to suite the
new router where necessary.
Worked on NICE application server implementation project and implemented new network security
requirement to suite the new design by implementing new firewall rules and replicating the existing firewall
rules where appropriate.
Worked on Fort-Worth new store re-design project and configured a new set of network and network security
appliances which include Cisco routers, switches (MDFs and IDFs), Avocent Control switch, Paloalto
firewalls, Infoblox, Aruba Wireless Controller and APs (Access Points)
Prepared/drew network diagrams (logical and physical) to prepare ESoW document (Engineering Scope of
Work) for new project implementations.

LEVI STRAUSS & CO, Westlake, TX

Network Security engineer

February 2015 May 2016

Troubleshooting complex Checkpoint issues, Site-to-Site VPN related.

Performed upgrades for all IP series firewalls from previous versions (R75.40, R75.40VS, R75.45, R75.46,
R75.47, R76, R77) to R77.10

Support for all migrations, upgrades, PCI and SOX audit requirements, and vulnerability assessments.

Support for all firewalls and related environments.

Documented network problems and resolutions for future reference.

Managed Smart Center Checkpoint management server (SmartView Tracker)

Managed Checkpoint Firewalls from the command line using PuTTy sessions. (cpconfig and Sysconfig).

Administration and management of all firewall environments.

Management of each firewall is done remotely and onsite at client sites.

Black listing and White listing of web URL on Blue Coat Proxy servers

Working and commenting on global firewall polices.

Providing input on day-to-day security architecture policies and procedures.

Developing systems and process to protect, various user groups while accessing public Internet content from
malicious hack attacks.

Perform troubleshooting through command line interface.

Manage LAN & WAN and Bluecoat proxy servers.

Provides technical expertise in configuration and troubleshooting of various IP routing protocols including OSPF,
EIGRP, and BGP

Maintained, upgraded, configured, and installed Cisco routers, Cisco Catalyst Switches

Network migration from OSPF to EIGRP.

Performed Fresh Installation of R77.10 on Smart Event 150 appliance through the Console to establish the
connection between the Checkpoint Management server to receive the logs

Configured weekly SCP backup in the checkpoint to send the logs to SCP server.,

A few UTM boxes in remotes sites and client locations were replaced with SG models and upgraded into latest
software version (R77.10 of firewalls to avoid high CPU utilizations to get the policy pushed.

Upgraded SEPM in test environment and then need to plan the upgrade for production SEPM

Raised RMAs (Return Merchandize Authorization) to replace the problematic Checkpoint and new items were
racked and stacked in the data center

Cleaned up of Domain controllers for AAA server groups (LDAPSSL_LEVI and LDAPSSL_LSAPPS).

Upgraded LUA to version 2.3.4 to fix the issues related to the automatic purging of old definitions

Worked on issues with LUA (NAM region) dalappinfra29 where the C drive gets filled up often as the distribution
jobs get stuck in between..

Added Turkey Retail store users profile (Istanbul_00 and Istanbul_Franchisee) in Westlake ASA (dal-asa01)
similar to Brussels ASA(bru-asa01) as a backup during failure.

Installed R77.10 on the new Smart1 appliance and fixed the issue with that and it is receiving the logs properly.

Upgraded: The below firewall is running on Levi_BaseIPS_Detect profile in detect mode, which is copied from
Checkpoints recommended profile.

Upgraded of SEPM 12.1 RU6

Upgraded IPS: Changed 17 firewalls in EU and AM field offices to detect mode and changing the 4 firewalls in
AM region to prevent mode.

Troubleshooter with Checkpoint Diamond Support engineers for various product issues (eg. on SmartEvent
and ArcSight to receive the logs)

Kept a good relationship with POCs (Point of Contacts for firewall locations across the globe (Europe region,
American region, Asia Pacific region, etc.) to ease the troubleshooting sessions where physical contacts of
firewalls are needed.

Deleted unused Checkpoint policies, unused gateway objects, and unused VPN communities to clean up the
Checkpoint firewall environment.

Moved the higher Hit Count rules to the top of the rule base.

Resolved issues with Identity Awareness issues causing high bandwidth utilization and AD load issues.

Base on the functionality, Configured only local DCs for all firewalls to send the entire security event information
to the firewalls and looked look at the secondary DC option as needed.

Identity Awareness: We raised the Change to point the firewalls to contact the local DCs for Identity awareness.

It is already completed on 16 firewalls; it will be completed within next week for the 26 firewalls. We do not have
the local DC information for 10 firewalls. We need get the nearby DCs that these users are authenticating to
from Server team and configure them to get the identities from the appropriate firewalls on those locations

Hit Count Issues: We logged the call with checkpoint and working to correct the issue.

Checked the Debug logs on the firewall, and enabled rulebase_uids_in_log, in the Global settings currently
to get the Hit Count on the each rules on the dashboard policy is been pushed to the firewall, it displays the
correct hit count.

Upgraded DR firewalls

Installed the jumbo hot fix in order to resolve High CPU Utilization of firewalls when needed.

Duplex setting: auto negotiation was enabled on most of the firewalls and hardcoded 100 Mbps Full duplex to
fix the issues.

Coordinated with Network Ops team to provide the switch duplex settings in order to hardcode the firewalls and
changes were raised to hardcode the firewall.

Configured Anti-Bot: Anti-Bot feature on all Gateways to block any events of High and Medium confidence level
irrespective of the severity and observed events with High and Medium confidence level getting only detected
for a part. Escalated the issue to vendor and worked towards closure.

Local DC Configuration completed on more than 80% of the firewalls.

Installed Jumbo Hotfix that covers the SHA-256 based certificates

Addition of CIs: We added the CIs for Canton firewall, Hebron firewall and an item for Firewall management as
well in the service now.

Collected Switch duplex settings for all firewalls from network ops team

Resolved The terminal server access issue in Brussels with the help of local point of contacts

Used ServiceNow tool to get INCIDENTS, TASKS, PROBLEMS resolved and for raising CHANGES

And also for made IT request as per the user requirements.

Created new rules as per the customer requirement and installed the policy on respective firewalls to allow
respective access through specific ports.

Participated and conducted Daily Security Operation Meeting, Infrastructure CAB (Change Advisory Board)
meeting, Weekly Discussion on Support Issues meeting, and joined bridge calls to resolve the issues from the
network and security standpoint as needed.

Travel Port Fredericksburg, VA

FIREWALL ENGINEER

Aug 2013 Feb 2015

Responsible for overall firewall configuration implementations and policy installations across all platforms during
maintenance windows including Juniper, Check Point, and Fortinet for major enterprise network.

Configure, administer, and document firewall infrastructure, working with Cisco ASA, Check Point SPLAT, GAIA,
Crossbeam, and Nokia platforms for Data Centers.

Manage the firewall deployment, rules migrations, and firewall administration.

Responsible for converting existing rule base onto new platforms.

Deploy new equipment and work with remote site support to get devices racked and stacked as well as
configured per standards

Used FireEye to detect attacks through common attack vectors such as emails and webs

Troubleshooting Firewall related issues in a call center environment.

Troubleshoot and resolve firewall software and hardware issues including VPNs, connectivity issues, logging,
cluster configurations, hardware installations.

Review and analyze implemented Check Point/ Juniper firewall policies.

Used BeyondTrusts vulnerability management software to prevent data breaches, to maintain compliance, and
to ensure the business continuity.

Used McAfee soft wares for protecting data, database security, emails and web security, End Point protection,
network security, and also security management and event management (SIEM).

Identify firewall rules that are potential security risks.

Recommend rules to be remediated through change control procedures.

Create, organize and update technical documents.

Check Point SPLAT: R70, R71, R75

Responsible for all code upgrades on all platforms including tracking and scheduling.

SUPERVALU Eden Prairie, MN

Systems Engineer/ Systems Administrator

Apr 2012 Aug 2013

Responsible for the implementation of Windows based infrastructure (Physical, VMware and Cloud
environments) based on site requirements and adhering to operational procedures.

Oversees appropriate level software installations, patching, upgrades and related software packages to be
deployed

Collects and reviews system data for capacity planning purposes. Analyzes capacity data and develops
capacity plans for appropriate level enterprise-wide systems, coordinates with appropriate management
personnel to implementing changes.

Supports the configurations of complex system architectures, such as Cold Fusion application, Tomcat and
Crystal Enterprises.

Supports complex data recovery through system backups and secondary backups operations, such as
Symantec Backup Exec

Reviewed audit files and security logs for potential vulnerabilities and problem-related issues to make the
necessary security changes on the servers, switches and firewalls.

Creates documentation for incident and change requests to improve security and stability of the whole
infrastructure

Experience administering DNS, DHCP, FTP, Printers, Active Directory, and Group/Security policies in an
enterprise and cloud network environment

Provided, diagnose, research and resolve security related or technical issues then document solutions

Used protocol analyzes software such as Wire Shark, Snort: Analyzed HTTP, TCP, UDP, ARP protocols.
Experience utilizing Cisco 5505 firewall such as configuring and maintaining access list

Provide day-to-day systems and server backups and verify the validity of the data.

ING, NY
Network Engineer

Oct 2010 - March 2012

Checkpoint/ASA Firewall Management, including DMZ and Network Segmentation.

Maintain overall client platform stability, security, and supportability to ensure the customers firewalls are
running properly.

Provide technical oversight and guidance to delivery teams to ensure components fit into the overall technical
architecture.

Used Four Scout to get real time visibility to users, devices, operating systems and applications that are
connected to the network

Provide technical mentoring to peers and partner organizations.

Resolve network security problems that involves Intrusion Detection, Firewalls, DMZ, Load Balancing, Routers,
VPNs, and common network level vulnerabilities.

Configure Cisco routers, switches, and wireless access points

Configure and install Cisco equipment.

Monitored and troubleshot network outages, LAN & WAN issues.

Organize and update network documentation.

VPN setup and administration, this includes Portal, B2B, and AnyConnect

Maintain and upgrade Cisco Security Manager and Cisco Prime NCS

Configuration and Implementation of Wireless Controllers and Access Points

Responsible for day to day Support and Enhancement of Network Infrastructure.

Review scan findings with clients and provide technical and business recommendations for addressing
vulnerabilities.

Netback up tuning to increase performance and catalog backup using Vault on a daily basis and send media
offsite for disaster discovery.

VolvoTech Solutions, Srilanka

Technical Support Specialist

Jul 2008 Sep 2010

Remote Support over 500 clients, Administration of Checkpoint, Bloxx Content Filtering, TrendMicro (Mail
Security, Web Security, SMB Anti-Virus Solution, DLP solution, Deep Security).

Analyzed customer needs and architect solutions that meet these requirements,

Prepare solutions with a business minded technical approach,

Deal with third parties (vendors and partners) for proper solution designs and integration of the products and
services,

Assist sales on customer visits/meetings with the business minded technical view of the products/solutions and
technology laying behind,

Touch based used of Vormetric to enable data-at-rest encryption and to collect security intelligence logs without
re-engineering applications, databases or infrastructure.

Provide hardware and software support, including the installation of new software and updates when required,
across all supported sites.

Served in computer maintenance, performed all types of hardware, software maintenance and engineering in
addition to systems selection, backup and technical support.

Installing, configuring and Windows 2003 servers of DHCP, FTP, WSUS, Web Server and SQL Database
Server.

Implemented and managed McAfee Antivirus EPO Server and clients for LAN security

Monitoring of Internet usage, Antivirus statistics and reporting to Project Manager.

Assigned duties and supervised a team of junior network engineers.