Rohitha

Senior Network Security Engineer

ad0v77@r.postjobfree.com

404-***-****

Summary:

IT professional with around 8+ years of extensive hands on experience in Network Security.

Worked on Palo Alto firewall with different types of series PA-7k, 5k, 3k series and configured security policies and monitored real-time network traffic.

Experienced in configuring and managing FortiGate firewall appliances, including various series FortiGate 1000, 3000 and 5000 and provided robust network security solutions.

Managed and monitored multiple Cisco Nexus 9000, 7000 and 5000 series dashboard from a single pane of glass.

Involved in leveraging Infoblox DDI (DNS, DHCP, and IPAM) automation capabilities in AWS to streamline IP address allocation, DNS record management, and DHCP lease assignment.

Experience in Implementing Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75, R77 and Palo-Alto 200,500,3020,3060, 5020,5060, Panorama M-100.

Designed and configured Cisco Application Centric Infrastructure (ACI) solutions and enabled real-time traffic control.

Experience in managing ASA/FirePOWER and FWSM using CLI, Cisco Adaptive Security Device Manager (ASDM), Cisco Security Manager (CSM), Firepower management center (FMC).

Configured and monitored real-time traffic flows within the SD-WAN environment, ensuring efficient data routing and reduced latency.

Developed Python scripts and Ansible playbooks to automate routine network security tasks, such as firewalls rule updates, configuration management, and vulnerability assessments.

TECHNICAL SKILLS

Firewall Series

Palo Alto (PA 220, PA820, PA-2K, PA-3K and PA-5K), Fortinet, Cisco Firepower, Checkpoint and Cisco Firewalls

(ASA 5505, 5510, 5585)

Switching Series

Nexus 9000, 7000, 5000 and 3000 series, Arista switches and Juniper switches

Routing Series

Cisco ISR 4000, 1000, 900 and 800, Juniper MX480 and MX960 series

AWS Cloud

Cloud Watch, EC2, S3, ELB, ALB and AWS Direct Connect

F5 Load Balancer

F5 BIG-IP LTM 2000, 3900, 5000, 6400, 6800, 8900 LTM, GTM and VIPRION

Networking Protocols

MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4, IPv6, SNMP, DHCP, DNS, TCP/IP suite, NTP

Programming and Scripting languages

Java, Python, AWS, Azure,

PROFESSIONAL EXPERIENCE:

All spring, NC May 2021- Present

Senior Network Security Engineer

Responsibilities:

Implemented Zero Trust Network (ZTNA) principles on the PA-5000 series, guaranteeing that network resources are exclusively accessible to authorized users and trusted devices.

Implemented Azure Security Center to gain insights into security threats and vulnerabilities across Azure environments and to take proactive security measures.

Worked closely with Azure Resource Manager (ARM) templates to automate the deployment of DDoS Protection policies across Azure environments.

Developed incident response procedures for handling WAF-triggered security events, ensuring rapid threat containment.

Implemented Fortinet's SSL-VPN solutions for remote access, allowing employees and authorized users to securely connect to the corporate network from anywhere in real-time.

Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.

Administered system upgrades, patches, and firmware updates to maintain the currency and security of Firepower and FMC systems.

Leveraging FortiGate's 3000 series advanced threat protection features, including intrusion prevention (IPS), antivirus, application control, and web filtering, to mitigate cybersecurity threats effectively.

Successfully configured and managed Security Email Gateways (SEG) to protect the organization from email-based threats, including phishing, malware, and spam.

Worked with Cisco Layer 3 switches 3560, 3750, 4500, 6500; Cisco Nexus 5000 and 7000 in multi VLAN environment with the use of inter-VLAN routing, 802.1Q trunk, and ether channel.

Isolated and mitigated security threats, such as malware infections, intrusion attempts, and DDoS attacks, by leveraging the PA-5000 series firewall’s advanced threat prevention capabilities.

Conducted thorough risk assessments to identify segmentation requirements and define access controls for each network segment.

Involved in leveraging Cisco FMC's advanced analytics and reporting capabilities to proactively identify and respond to security incidents, vulnerabilities, and threats.

Configured and monitoring site-to-site VPNs and remote access VPNs on Cisco FTD firewalls, providing secure connectivity for remote users and branch offices.

Administered and maintained Web Security Gateways (WSG) to secure web traffic and enforce acceptable use policies.

Employed dynamic address groups and custom objects within Palo Alto policies to streamline rule administration and enhance policy adaptability.

Configured firewall rules and access control lists (ACLs) on AWS CSR 1000v to control traffic flow and enforce network security policies.

Configured the SEG to automatically quarantine emails containing suspicious attachments, providing a first line of defense against malware.

Managed and documented Palo Alto VPN configurations, keys, and certificates, ensuring proper backup and recovery procedures for continuity of VPN services.

Worked on optimizing NSG rules for performance and minimizing potential bottlenecks in network traffic.

Involved in working with High-end security appliances FortiGate 1000 series, implemented advanced features for high-speed content inspection and advanced threat protection.

Configured VLAN trunking and tagging to allow the transport of multiple VLANs over a single network link, enhancing network flexibility.

Continuously monitored network performance metrics (Jitter, Packet loss and latency) of SD-WAN Viptela.

Worked on maintaining the latest threat intelligence feeds, such as OpenAppID, to ensure Cisco Firepower v7 is up-to-date in identifying and blocking new threats.

Implemented Azure DDoS Protection Standard to safeguard Azure-based workloads and applications against distributed denial-of-service attacks.

Leveraged Azure Active Directory (Azure AD) for identity and access management, implementing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) for enhanced security.

Enabled SSL decryption on the WSG to inspect encrypted web traffic for potential threats. Monitored the WSG logs for SSL traffic anomalies and configured alerts for any certificate issues

Implemented SSL decryption and inspection policies in Cisco FTD to analyze encrypted traffic and detect malicious activities hidden in encrypted communication.

Implemented dynamic path selection and intelligent traffic steering on vEdge 1000 series devices, leveraging real-time network conditions to choose the best WAN link for optimal performance.

Executed ZTP procedures for Viptela vEdge 1000 series devices, streamlining device provisioning and minimizing on-site configuration requirements.

Monitored the effectiveness of these sessions by analyzing SEG and WSG logs to identify improved employee awareness and reduced security incidents.

Implemented advanced email filtering rules and policies to minimize false positives and enhance email security without hindering legitimate communication.

Performed real-time incident response activities, such as isolating compromised devices, blocking malicious IPs, and conducting forensic analysis using Cisco Firepower's v7 threat intelligence and integration capabilities.

Involved in the implementation redundancy and high availability features within the ACI fabric, including Virtual Port Channels (VPC), In-Service Upgrades (ISSU), and Graceful Insertion and Removal (GIR), to ensure uninterrupted network operations.

Assisted in troubleshooting connectivity issues on Nexus 9000 series, including layer 2 and layer 3 problems, by conducting thorough analysis of routing and switching configurations, ARP tables, and spanning tree instances.

Utilized NSG flow logs and monitoring tools to track network traffic patterns and identify security anomalies.

Proficient in AWS services like VPC, EC2, S3, ELB, Auto Scaling Groups(ASG), EBS, RDS,IAM, Cloud Formation, Route 53, Cloud Watch, Cloud Front, Cloud Trail.

Worked on Cisco Meraki Cloud managed Switches (MS250, MS350, and MS410) and SD- WAN (MX 65, MX100, and MX400).

Monitored and analyzed security events and alerts from Firepower devices through Cisco FMC, investigating and responding to potential security breaches.

Conducted traffic analysis and anomaly detection using Azure DDoS Protection to proactively identify and mitigate potential attacks.

Implemented rate limiting and IP reputation filtering in the WAF to mitigate distributed denial-of-service (DDoS) attacks.

Capable of integrating FortiGate firewalls with FortiManager and FortiAnalyzer for centralized management, monitoring, and reporting across distributed network environments.

Experienced in configuring Azure Network Security Groups (NSGs) and Application Security Groups (ASGs) to control inbound and outbound traffic, enforce micro-segmentation, and enhance network security within Azure VNets.

Integrated Firewall Version 7 with other security tools and platforms, creating a cohesive and layered security infrastructure.

Integrated SEG and WSG solutions with existing security tools and SIEM systems to provide a centralized view of email and web security events for real-time monitoring and incident response.

Engineered Cisco ISE 3000 series to minimize downtime, and conducted software updates, patches, and firmware upgrades.

Maintaineed the configuration and maintaining Aruba wireless controllers and access points (Aps), including Aruba Mobility Controllers and Aruba Instant on Aps, for seamless and reliable wireless network operations.

Utilized Fortinet's FortiClient VPN client software to facilitate secure remote access for users, providing real-time connectivity to internal resources.

Interacted with to implement firewall filters and access control lists (ACLs) on Juniper MX480 routers to enforce security policies and protect against unauthorized access.

Involved in leveraging Infoblox DDI (DNS, DHCP, and IPAM) automation capabilities in AWS to streamline IP address allocation, DNS record management, and DHCP lease assignment.

Utilized Cisco FTD's real-time visibility and reporting capabilities to proactively detect and mitigate security threats, including malware, viruses, and intrusions.

Worked on creating custom email templates for SEG to improve email content and attachment analysis, ensuring enhanced threat detection and prevention.

Utilized VLANs, subnets, and security groups to create logical network segments based on business requirements and security policies.

Utilized Azure Monitor and Azure Log Analytics to collect and analyze security logs and telemetry data, enabling the detection of suspicious activities and rapid incident response.

Implemented NSG logging and monitoring to maintain visibility into network traffic and security events.

Charter Communications, CO Feb 2020- April 2021 Senior Network Security Engineer

Responsibilities:

Migrated security policies, NAT rules, and VPN configurations from PA-3000 series to PA-5000 series firewalls while ensuring policy consistency.

Acted swiftly in response to security incidents, utilizing SEG and WSG logs to trace the source of email or web security breaches.

Managed the cut-over phase of the migration in real-time, transitioning traffic from the old PA-3000 series to the new PA-5000 series firewalls with minimal disruption.

Performed post-migration audits to validate the successful transition and ensure that security policies and configurations on the PA-5000 series firewalls were in compliance.

Managed the procurement and deployment of the new Palo Alto firewalls series, ensuring that hardware and licensing were provisioned accurately and on schedule.

Established custom URL filtering policies, ensuring that employees adhered to the organization's internet usage policies while minimizing the risk of malware infection through web downloads on WSG.

Implemented tagging policies to enforce resource naming conventions and compliance standards across AWS accounts, enhancing resource consistency and security.

Implemented VLANs on Layer 2 and Layer 3 switches to isolate broadcast domains, control traffic flow, and reduce collision domains.

Actively involved in the deployment and management of Cisco Firepower Version 7 (v7) and Firepower Threat Defense (FTD) security solutions for real-time threat detection and prevention.

Involved in the designing and implementing complex security policies on FortiGate 3000 series devices, including firewall rules, application control, intrusion prevention (IPS), antivirus, and web filtering policies.

Implemented VLAN access control lists (ACLs) to control inter-VLAN communication and enforce security policies.

Automated NSG rule deployments and updates using infrastructure-as-code (IaC) tools like Azure Resource Manager (ARM) templates.

Maintained real-time logging, alerting, and reporting capabilities on FortiGate 3000 series firewalls, providing comprehensive visibility into network traffic and security events.

Set up network monitoring tools and SNMP for real-time monitoring of Cisco router (2900 and 3900) performance, traffic analysis, and proactive issue identification.

Implemented ACI Spine-Leaf topologies to provide high-performance, low-latency, and non-blocking network connectivity for data center environments.

Established custom URL filtering policies, ensuring that employees adhered to the organization's internet usage policies while minimizing the risk of malware infection through web downloads on WSG.

Extended Cisco ACI fabric capabilities by leveraging APIs and SDKs, enabling custom integrations and automation to meet specific requirements.

Leveraged threat intelligence feeds and information sharing communities to enhance the threat detection capabilities of SEG, staying updated on the latest email-borne threats.

Managed and operated Cisco Firepower Version 7 security appliances, including Firepower Threat Defense (FTD), to safeguard network infrastructure.

Worked closely with Azure Resource Manager (ARM) templates to automate the deployment of DDoS Protection policies across Azure environments.

Implementing AWS Shield and AWS WAF for Distributed Denial of Service (DDoS) protection, ensuring high availability and resilience of AWS-hosted applications.

Implemented Cisco Nexus 7000 series features like hot-swappable components, Virtual Port Channel (VPC) for redundancy, and graceful restart for minimal service disruption during software upgrades.

Actively monitored and managed VPN tunnels in real-time using Fortinet's management interface, ensuring optimal performance and security.

Worked on Cisco Nexus 7000 series switches incorporate technologies like Fabric Path and Cisco Overlay Transport Virtualization (OTV) for efficient data center network design.

Integrated Arista 7000 switches (Secondary center) with virtualization platforms such as VMware vSphere and Open Stack to support virtualized workloads and enhance network agility.

Oversaw the upgrade and patch management process for Cisco ISE, meticulously planning and executing upgrades while minimizing disruption to critical network operations.

Conducted real-time monitoring of network traffic and security events using Cisco FTD's advanced analytics and threat detection features to identify and respond to potential security incidents.

Implementing Zero Trust Network Access (ZTNA) principles with FortiGate1000, 1500 series firewalls to ensure secure access control based on identity and device trust.

Configured firewall rules and access control lists (ACLs) on AWS CSR 1000v to control traffic flow and enforce network security policies.

Implemented security groups, network ACLs, VPNs, and security appliances to enhance network security within AWS environments.

Adapted SEG and WSG configurations to address new security challenges, ensuring ongoing protection against evolving threats.

Managed and operated Cisco Firepower Version 7 security appliances, including Firepower Threat Defense (FTD), to safeguard network infrastructure.

Implemented WAF policies to filter and inspect incoming web traffic for malicious payloads and suspicious activities.

Designed and implemented network segmentation strategies to isolate critical assets from potential threats and contain lateral movement.

Integrated WAF services into BIG-IP 4000 devices to protect web application from security threats and vulnerabilities.

T- Mobile, WA Sep 2017- Jan 2020

Network Security Engineer

Responsibilities:

Worked on migrating the project from traditional firewalls to Palo Alto Networks next-generation firewalls, improving security posture and visibility into network traffic.

Managed and monitored Checkpoint firewall models (Specifically the R81.20.M and the R80.30).

Provided daily Checkpoint Network firewalls administration such as security NAT, Threat prevention, URL filtering, IPSEC and SSL VPN’s Security rules, zone based integration and analysing, syslogs.

Performed Network Operation by health monitoring using PRTG, Solar Winds to detect issue and Incident resolution using ticketing systems and workflow software.

Used Wire shark to ensure adherence to security policies and compliance requirements by monitoring and auditing network traffic.

Assisted in utilizing Security Group Tags (SGTs) in Cisco Trust Sec to classify and label network traffic, simplifying policy enforcement and segmentation.

Traced frames or packets to analyze network-related issues with protocol analyzers such as Wire shark.

Assisted in troubleshooting LAN/WAN Infrastructure including routing protocols like EIGRP, OSPF, and RIP.

Involved in working on Cisco ACI fabric architecture, including fabric discovery, fabric access policies and integration with external Layer 2/Layer 3 network.

Wipro, India Jun 2015- Aug 2017

Network Engineer

Responsibilities:

Configured BGP on both Nexus and Palo Alto, over SVI (server VLAN) interfaces from ASA core to Palo Alto.

Deployed a new Meraki cloud base Guest and Corporate Wireless system. Personally built, installed and maintained Meraki MR42 Access point and cloud system.

Configured user’s roles and policies for authentication using Cisco NAC and monitoring the status of logged users in network using Cisco ISE.

Created and Modified firewall rules on Cisco 5555, 5520, Juniper SRX and Palo Alto VM-300 devices.

Upgraded load balancers from Radware to F5 BIGIP v9 which improved functionality and scalability in the enterprise.

Install and support various MPLS/BGP, Metro Ethernet deployments and configure routing and switching platforms and Aruba Wireless Solutions.

Educational Details :

Bachelor’s – BSC Computers,OU.

Contact this candidate