Security Engineer Network
Resume:
Shruti Sadanand Patil
Senior Network Security Engineer
ad4vyi@r.postjobfree.com
Professional Summary:
Over 10+ years of experience in IP Network Design, Network Integration, deployment and troubleshooting and RF Engineering
Configuring and troubleshooting Layer 3 Interior Gateway Routing protocols such as Link-State routing protocols (OSPF and IS-IS) and Distance Vector routing protocols (RIPv1, RIPv2 and EIGRP). Wide exposure to LAN/WAN setup, installation, configuration and commissioning of network devices.
Configuring and troubleshooting Exterior Gateway protocols such as BGPv4 including internal BGP (iBGP) and external BGP (eBGP).
Strong hands-on experience on Cisco Catalyst (series 3850, 3560, 4500, 6500), Cisco Nexus (series 2K, 5K, 7K), Cisco Routers (series 7300, 4000, 3800, ASR 9000), Firepower (4100), Load Balancers (Citrix NetScaler, Cisco ACE, F5 BIG-IP LTM/GTM ADC), IDS/IPS (HIDS, NIDS, NIPS, HIPS), Fire eye, Splunk, Palo Alto Networks Firewalls (PA-820, series PA-3K, 5K), Checkpoint IP Appliances (NXG R60, R70, 3100, 5900), Fortinet Firewalls.
Hands on Experience on FortiGate firewalls (7040/7030) by implementing security policies and firewall rules.
Hands on experience in configuring high end routers like GSR 12000 series, 7500 series and Catalyst Switches like 7600, 6500, 4500 series. Extensive experience in upgrade, backup and password recovery of Cisco IOS.
Experience in working with Cisco Nexus Switches like 5000 and 7000 series and Virtual Port-Channel configuration. Implemented VDC, VPC, VRF and OTV on the Nexus 5505 and 7009 switches and 9K series.
Proficient in monitoring and managing networks using SolarWinds Netflow Traffic Analyzer, Network Performance Monitor (NPM), Network Configuration Manager (NCM); Cisco Prime, Arista, Security Device Manager (SDM), Cisco Works; Infoblox, HP OpenView and Wireshark. writing shell scripts.
Experience with Cisco IOS, Cisco ACI, F5. Strong understanding in cloud, managing systems and networks in an AWS and Azure environment. Primary support for all Blue Coat Proxy activities on the network security team.
Thorough experience in configuring Virtual Local Area Networks (VLAN) with IEEE 802.1Q, VLAN trunking protocol (VTP), shortest path bridging, Multiple VLAN Registration Protocol and VLAN Cross Connect (CC).
Experience with F5 LTM, GTM and APM modules for application load balancing. Worked on migration from cisco ACE to F5. Worked on SSL off loading, Virtual servers, Monitoring, Profiles, irules, SNAT.
Expertise on Arista unified Cloud fabric.
Deliver application connectivity intent via auto- MLAG to host and automated L2/L3 networking through private cloud integration for Arista Unified Cloud.
Experience in troubleshooting both connectivity issues and hardware problems on Cisco based networks. Work with TAC on IOS bugs and high level issues.
Experience in testing Cisco routers and switches in lab scenarios and deploy on site for production.
Good knowledge of IPv4 and IPv6 Addressing, IP Subnetting, Fixed Length and Variable Length Subnet Masking (VLSM), OSI and TCP/IP models. Experience in migration of IPv4 addresses to IPv6 addresses using mechanisms like Tunnel Broker, Transport Relay Translation (TRT), In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, NAT, DHCP, DNS, FT1 / T1 / FT3 / T3, SONET POS OCX/ GigE circuits.
In-Depth Knowledge and experience of various wireless 802.11 standards, controllers, Access Points, Wi-Fi analytics from various vendors (Cisco Meraki, HPE /Aruba, D-Link and Netgear), SD-WAN (MX 65, MX100, MX400).
Good understanding of SNMP, IP SLA and Network Monitoring with experience in tools like PRTG.
Experience in troubleshooting a variety of problems. Streamlined and improved process to be quicker to market, ensured compliance and optimized operational efficiency. Identified opportunities for continued improvements of process to ensure maximum output in focus to deadlines.
Worked on Bluecoat and Zscaler proxies. Implemented and configured Cloud proxies for exceptions, URL categories, SSO Authentication using Azure, PAC fi
Implemented traffic filters using standard and extended access-lists, distribute-lists and route maps.
Deployed, Managed, monitored and supported Bluecoat Proxy for content filtering, internet access between sites and VPN client users, forward proxy scenario and reverse proxy scenario for security and worked on adding URLs in Bluecoat Proxy SG's for URL filtering.
Professional Experience:
City and County of San Francisco, San Francisco, CA July 2023 – Till Date
Sr. Network Security Engineer
Responsibilities:
Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.
Utilized Panorama, Palo Alto Networks central management platform, for centralized configuration, monitoring, and reporting across multiple PA-7000 and PA-5000 series of firewalls.
Worked on leveraging FortiGate’s integration with FortiGuard threat intelligence services, enabling updates and proactive protection against emerging threats.
Configured custom firewall rules and routing policies on FortiGate7000 series devices to control traffic flow and optimize network performance.
Deployed and maintained HP Aruba wireless access points (APs), optimizing coverage, and ensuring seamless connectivity for users across different environments
Deployed ClearPass Policy Manager to enforce role-based access policies, ensuring a secure and compliant network environment.
Conducted site surveys and fine-tuned Aruba wireless configurations to achieve optimal signal strength and minimized interference.
Involved in leveraging Cisco Firepower’s advanced threat protection features, including intrusion prevention (IPS), antivirus, application control, and URL filtering, to safeguard the network from evolving threats.
Provided technical support, integration, and configuration Cisco Meraki switching, Cisco ISE, Aerohive Wireless LAN, network monitoring software, and User based authentication such as 802.1x
Having experience in Migration from Cisco ASA's to Fortinet’ s Fortigate firewalls
Worked on LAN Technologies including QoS, Dot 1x Authentication process and experience in configuring & troubleshooting related issues.
Implemented Aruba ClearPass for authentication and access control, ensuring network security compliance and effective user authentication.
Integrated Aruba ClearPass with diverse network infrastructure, including switches, routers, and wireless controllers, to enhance overall network security.Collaborated with cross-functional teams to seamlessly integrate ClearPass into existing network architecture.
Worked on Redundancy features (hot-swappable power supplies and fans, as well as In-Service Software Upgrades (ISSU)) on Cisco Nexus 9000, 7000 series switch.
Implemented automation and scripting techniques to streamline the provisioning and management of ACI Overlay-1 VRFs, reducing manual configuration errors and deployment time.
Developed and enforced comprehensive network access policies using ClearPass, enhancing security and compliance with industry standards.Configured dynamic role assignments based on user and device attributes for granular access control.
Administrates, manages, configures and implements firewalls, including Fortinet Fortigate, Juniper, Cisco Meraki
Experience in Managing and deploying SDA (Wired & Wireless infrastructure) using Cisco DNAC
Worked on Cisco infrastructure technologies and WiFi6.
Implemented advanced features within the Spine-Leaf architecture, such as Multi-Pod and Multi-Site deployments, to extend ACI’s capabilities for global data center interconnectivity.
Devise, plan, deploy, and improve wireless networks from the beginning to implementation by collaborating with vendors, managers, and network engineers.
Worked on CCF’s SDN architecture to ensure rapid network recovery by eliminating box-by-box protocol convergence delays.
Worked with Cisco Meraki centralized cloud managed architecture enables plug and play branch deployment and control across any number of distributed system
Experience working with Fortinet Firewall series FortiGate 3800, 3700, 3200, 3100,2500 & 2000.
Installation of new firewalls as well as perform in place upgrades. Hardening the Fortinet and Check Point firewalls before moving them to Production
Had expertise in configuring and troubleshooting WAN, LAN & wireless setup including Routing Protocols, QoS, Wireless performance.
Worked in the design and validate the performance, quality, and reliability of the RF link.
Handhold other inhouse engineers to train them on wireless technologies, besides guiding other nontechnical people.
Optimized the performance of Software-as-a-Service (SaaS) applications by leveraging SD-WAN VIPTELA’s direct internet access and application acceleration capabilities.
Implemented SD-WAN ZTP processes using vBond Orchestrator to automate device onboarding and minimize manual configuration efforts, reducing deployment time and errors.
Used tools to evaluate to test and tweak wireless products, such as routers, switches, hubs, bridges, virtual private networks (VPNs), and network amplifiers, among others.
Assisted in troubleshooting and resolving network access issues using 802.1X and Cisco ISE, ensuring minimal disruption and maintaining a secure network environment.
Worked on BGP, ISIS routing protocols.
Understanding on VXLAN & LISP for SD Access Operations and Service now
Working Knowledge on Load Balancers (LTM/ GTM), SSL Certificates, Radius, AAA, CA etc.
Worked on troubleshooting skills using debug analysis.
Good with Documentation skills. Build Configuration/ MOP for new Cutovers and perform Site Cutover with complete ownership.
Worked on managing operations (Incident/ Change/ Problem management)
Wrote manuals and document current network procedures.
Worked on F5 BIG-IP 5000, 6000, 7000 series devices to detect and mitigate distributed denial of service (DDoS) attacks, safeguarding network resources.
Created and customized iRules on F5 LTM devices (BIG-IP 4000 series) to define traffic behavior and optimize application-specific load balancing rules.
Assisted in configuring traffic distribution across AZs using AWS Elastic Load Balancing (ELB) to evenly distribute user requests and ensure optimal application performance.
Implemented fine-grained access control policies using AWS Identity and Access Management (IAM) and bucket policies to restrict unauthorized access to S3 objects.
Utilized Infoblox IPAM capabilities for centralized management of IP address assignments, subnetting, and IP address tracking.
Contributed on monitoring and response to security alerts by leveraging ISEC’s advanced threat detection and incident response tools.
Worked on Arista fabric cloud architecture for RBS.
Worked on CCF, NetOps, DevOps and CloudOps teams to collaborate, and rapidly on-board applications and tenants as part of the (Arista Unified Cloud Fabric).
Handled tickets on Aruba Wireless as well.
Developed Python scripts with Netmiko to manage and modify device configurations, ensuring compliance with network standards and policies.
Gigamon,SantaClara,CA Jan 2022 – Jun 2023
Sr. Network Security Engineer
Responsibilities:
Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto.
Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues.
Configured role-based access control (RBAC) and firewall policies on HP Aruba devices to safeguard the network against potential threats.
Advanced Knowledge on Firewall Platforms Checkpoint, FortiGate Cisco, Migration, Integration
FortiGate Firewall deployment/configuration experience and troubleshooting application connectivity skills.
Implemented and managed secure guest access solutions using ClearPass Guest, providing a seamless and secure onboarding experience for visitors.Customized guest portals and authentication methods to align with organizational branding and security requirements.
Managed and maintained Fortinet Firewalls through IPv4 policies, traffic shaping, IPS, web filtering, interfaces, and routing
Provided technical support, performed upgrades, and maintained documentation related to HP Aruba network infrastructure.
Strong understanding of general networking and design (Firewalls, Routing, Load Balancing, OSI Model, TCP/IP, Packet trace and analysis)
Configured systems log on the Palo Alto firewall and moved the logs to Splunk.
Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
Responsible for Palo Alto and Cisco ASA firewall administration across our global networks Maintenance and configuration of Cisco ASR1000 series
Installing, configuring, managing and modifying cisco Data Center Network Manager version 10.3 and 10.4.
Experience in Fortinet 100D, Fortinet 60C, Fortinet 60E, Fortinet 60D, Fortinet 200E (HA), this includes the whole UTM (app control, Web Filter, IPS, DoS, DDoS, etc.
Implemented dynamic network policies using ACI contracts to enable real-time traffic control, ensuring optimal data flow and security.
Configured ACI policies to prioritize and manage Quality of Service (QoS) for critical applications, for optimal performance and resource allocation.
Monitored and analyzed real-time authentication and authorization logs in Cisco ISE for security incident detection.
Datacenter experience create new cable run list (L1), document runbook and Solution planning and upgrading, architect VXLAN, ACI and ASA cluster firewall with NAC, ISE
Installing and configuring new Cisco equipment including Cisco catalyst switches 9300, Nexus 7010, Nexus 5548 and Nexus 9k as per the requirement of the Organization.
Worked with other team to work on designing and implementation of the engineered and managed customer viptela SD-WAN network that encompassed all nodes.
Experience with F5 load balancers and Cisco load balancers (CSM, ACE, and GSS).
Working on configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centers.
Configuring and managing F5 ASM (Application security manager). Developed security policies.
Work with Load Balancing team to build connectivity to production and disaster recovery servers through F5 Big IP LTM load balancers
Thorough understanding and Experience in F5 concepts which include Virtual servers, Pools, Health monitors, SSL Profiles, Persistence profiles, Load balancing methods, HA pair, irules.
Experience with F5 load balancers to provide Land Balancing towards Access layer from core layer and configuring F5 LTM both by GUI and TMSH/CLI and Cisco load balancers (CSM, ACE and GSS).
Upgraded load balancers from Radware to F5 BigIP v9 which improved functionality and scalability in the enterprise.
Used Cisco ACI Fabric which is based on Cisco Nexus 9000 series switches and Cisco Application Virtual Switch (AVS).
Installed and configured latest Cisco equipment including Cisco catalyst switches 6500, Nexus 7010, Nexus 5548 and Nexus 2k as per business requirements.
Implementation and Configuration (Profiles, irules) of F5 Big-IP LTM-6400 load balancers
Managed the F5 Big IP GTM/LTM appliances to include writing irules, SSL offload and everyday task of creating WIP and VIPs.
Managing and providing support to various project teams with regards to the addition of new equipment such as routers switches and firewalls to the DMZs.
Participated and implemented zscaler cloud firewall for all the remote offices in North America, Europe and Asia sites.
Managed DNSSEC keys and certificates using Infoblox to ensure the integrity of DNS responses and secure the DNS infrastructure.
Configured zscaler tunnels on the dia circuits on all the remote offices and moved all the offices of to backhauling the internet from data center to local dia circuit through zscaler firewall.
Worked to deliver application connectivity intent via auto- MLAG to host and automated L2/L3 networking through private cloud integration for Arista unified Cloud Fabric project.
Worked with security team to perform penetration test to simulate cyberattacks, assess security measures and identify entry points for potential attackers.
Built-in multi-tenancy and delegated administration, ideal for DevOps/Cloud teams for programmatic automation for Arista unified Cloud Fabric project for Arista unified Cloud Fabric project.
CVS Health, Los Angeles, CA Feb 2019- Dec 2021
Sr. Network Security Engineer
Responsibilities:
Networking specialist with Meraki, Checkpoint and Fortinet.
Responsible for the operation and maintenance of Network lab hosts and associated network infrastructure.
Firewall Policy Provisioning and troubleshooting firewall connectivity related issues using Fortinet Manager.
Configured and optimized authentication protocols such as 802.1X, MAC authentication, and captive portal authentication within ClearPass for diverse network environments. Ensured the multi-factor authentication (MFA) integration was performed for an extra layer of security.
Responsible for Test plan creation, configuring test setup (hardware), test execution, failure analysis, bug reporting and debugging with development team
Perform Automaton testing by creating test scripts in Python code.
Involve in Regression testing on weekly builds using Python OS package and CSV packages for output processing
Working in a team of 12 people to test solution called Secure Agile exchange (SAE).
Experienced in Prime and Solar winds
Worked on ServiceNow and JIRA ticketing.
Experience with setting up Cloud infrastructure like AWS and Azure.
Worked on Bluecoat Proxy, Cisco CSR routers and N9K switches.
Worked on configuring various switching techniques like configuring VLANs, VTP, spanning tree and worked on redundancy protocols like HSRP, VRRP and GLBP.
Performed Data analysis using SQL for certain editing functions. Maintained, monitored the company s Datacenter using SAN and NAS Qnap
Experience in using routing protocols like BGP, OSPF and EIGRP.
Was responsible for setting up the CICD pipeline using Jenkins and Bitbucket.
Created EC2 instance on AWS to set up JFROG artifactory and Jenkins to store the source code artifacts.
Worked extensively on Linux ubuntu to SSH and run network related configurations.
BNY Mellon, NYC, NY Sep 2017 – Jan 2019
Network Engineer
Responsibilities:
Involved in complete LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).
Involved in Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter VLAN routing, LAN security etc.
Implemented with Cisco Layer 3 switches 3750, 4500, 6500 in multi VLAN environment with the use of inter-VLAN routing, HSRP, ISL trunk, ether channel.
Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, EtherChannel implementation on ASR 9Kredundant pair.
Implementing the necessary changes such as adding, moving and changing as per the requirements of business lines in a data center environment.
Experience with SAN and NAS storage in Unix/Linux/Windows Server environment
Installing, configuring Cisco Catalyst switches 9300, 6500, 3750 & 3550 series, Access control lists, ISDN, ATM, load balancing switches and configured IPX/SPX, HDLC, BGP, EIGRP, OSPF and VRRP on various sites.
Setup simplified and traditional VPN communities, and Cisco Any connect.
Worked on stacking of the devices based on the network requirement with Cisco Catalyst 9300 series depending on the requirement with a stack count of 8, 6, 2, 3.
Installation, configuration and OS upgrade of Sun Solaris 8, 9, 10 and Red hat Linux.
We used Unix/Linux shell environment. Typically, in Unix we create "bash" shell scripts, but I can also create shell scripts using python, and it's simple. We have named shell scripts with the .sh extension and run as any bash shell script.
Configuring HSRP between VLANs, Configuring Ether-Channels and Port Channel on Cisco 9300 catalyst switches
Experience with Cisco ACI (Application Centric Infrastructure) SDN architecture to reduce operating costs, automate IT tasks, for greater visibility and scalability in a data center environment.
Worked with Cisco Channel partners to build practices around Cisco ACI, worked on configuring tenant policies, VXLAN, VTEPS, VNI, Bridge Doamins.
Responsible for the secure development lifecycle environment form NX-OS to Application Centric Infrastructure (ACI) in Data center, implemented in the lab environment.
Implemented Cisco Application Centric Infrastructure (ACI) as a solution for data centers using a Spine and Leaf architecture.
Administrating VMware vSphere, vCenter, orchestrator, Horizon View 5-6, vShield, veembackup, PowerCli. (50+ Hosts, 5 Cluster, 550+ VM) Terminal systems for 1C&Colvir based on MS Terminal Services, Citrix XenApp Administrating CISCO UCS Blade Family, CISCO Invicta, HP Blade Family, Dell T-Series, HP EVA24k,5K,8K, MSA, EMC (Clarion, DD, VNX) SAN Switches, Zoning.
Migrated Nexus 7Ks & Nexus 5Ks to an ACI Fabric consisting of 9336PQ Spines & 9332PQ Leafs in a Datacenter.
Configured MPLS CE (Customer edge router) and complete support for MPLS POP & Relate dissues in MP& CG
Experience with setting up MPLS Layer 3 VPN ax in data center and also working with BGP WAN towards customer
Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
Worked with implementation of FortiGate secured SD-WAN architecture FortiOS 6.0 in creating efficient routing policies.
Worked on Nozomi Networks Labs Enhances Redamsa for Safer ICS Software.
Worked on Nozomi Networks Labswhich contributed three components to Radansa to make it easier to test ICS
Deployed Viptela SD-WAN, worked with the team in implementing and designing of SD-WAN infrastructure and providing WAN connectivity across the enterprise.
Worked on Cisco ISE deployment which was a replacement for the ACS and provided new long term and short-term guest wireless services for the Port Authority.
Serve as technical leadership for Cisco Identity Services (ISE) Security Consulting Services projects. Act as a delivery engineer within our strategic Cisco Identity Services Engine (ISE) specialization team.
Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers, Catalyst Switches, and Cisco ASA Firewalls.
Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network Access Control integration with Cisco ISE
Worked with Tufin secure change-firewall optimization tool to implement rules.
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Hands-on experience in using VMware machines.
Experience working with our team on monitoring, maintaining and troubleshooting LAN, WAN, and Wi-Fi network connectivity
Configured WIFI APs connected in LAN to reduce cable costing by creating AP, worked on Cisco SP Wi-Fi, troubleshoot in Cisco Aironet3700,1700 and 600 series.
Installed, maintained, and administered storage area network servers in a VMware environment.
Deploying Cisco Aironet 2700, 3700 Series, Cisco Meraki Enterprise Cloud Access Points and Wireless Bridges/Repeater for LAN Expansions.
Performed sizing calculations of VMware environments based on current systems and future growth.
Customize Layer 2 and Layer 3 networking between VMware, networking components, and storage for high availability and maximum performance.
Experience working in SD-WAN technology. Part of a migrating team from MPLS to SD-WAN.
Implementation experience with SD-WAN, SD-LAN.
Accenture, INDIA Nov 2013 – Aug 2017
Jr. Network Engineer
Responsibilities:
Configuring and troubleshooting multi-customer network environment.
Involved in network monitoring, alarm notification, and acknowledgment.
Implementing new/changing existing data networks for various projects as per the requirement.
Troubleshooting complex networks layer 1, 2to layer 3 (routing with MPLS, BGP, EIGRP, OSPF protocols) technical issues.
Performing troubleshooting for IOS related bugs by analyzing history and related notes.
Carrying out the documentation for tracking network issue symptoms and large-scale technical escalations.
Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-around technical support.
Worked with scripting Automation for JavaScript, Linux/Unix toolbox, Python, Perl, Bash, ESX, VMware Virtual Switch with Design/Implementation
Monitor the traffic of the network via NTA and IPAM
Provided Technical Support to customers and partners on Palo Alto security appliances
Commissioning and Decommissioning of the MPLS circuits for various field offices.
Preparing feasibility report for various upgrades and installations.
Ensure Network, system and data availability and integrity through preventive maintenance and upgrade.
Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, Trunking, STP, Inter-VLAN routing, LAN security.
Worked on the security levels with RADIUS, TACACS+.
Completed service requests (i.e. – IP readdressing, bandwidth upgrades, IOS/platform upgrades, etc.)
Identify, design and implement flexible, responsive, and secure technology services
Created scripts to monitor CPU/Memory on various low-end routers in the network.
Installed and maintained local printer as well as network printers.
Handled installation of Windows NT Server and Windows NT Workstations.
Contact this candidate