Resume

Palo Alto Network Design

Location:

Aldie, VA

Posted:

December 18, 2023

Contact this candidate

Resume:

Yelam Kiran Kumar

Cell: 216-***-****, Email: ad12jy@r.postjobfree.com

Summary:

•CCNA, CCNP, PCNSE CERTIFIED professional with Over 15 years of experience in network Design, Implementation, and L3-Support. Routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.

•Experience in NGFW’s, Cisco, FTD, Palo Alto, Virtual-Palo-Alto Forcepoint firewalls.

•Experience with Firewalls, Cisco ASA, Meraki MX and Juniper.

•Experience with CSM, FMC, and Panorama for Firewall management.

•Experience with Cisco Routers, ISR and Cisco IOS Switches, Nexus Switches (N9K, N5K, N2K) and IBM Mellanox and Cumulus Switches.

•Experience with Juniper devices Firewalls, Routers, Switches.

•Experience with Prisma for cloud security to protect the environment.

•Experience with SDWAN VMWare/Velocloud, Orchestrator, Edges.

•Experience with AZURE & GCP Cloud Networking & Security.

•Experience with f5 Load Balancers LTM and GTM.

•Experience with Cisco ISE for Tacacs and Radius authentication

•Experience with Data Center Setup, Maintenance, and modifications as necessary.

•Experience with IPS/IDS configuration on Cisco Firepower / Palo Alto.

•Experience with Network Design and Architecture.

•Experience with Migration projects, EOL, Enhancements, Code Upgrades, Hardware Upgrade.

•Experience with Meraki Firewalls, Switches and Wireless devices.

•Cisco traditional WLC and Access points configuration and troubleshooting.

•Experience with Bluecat DDI (DNS, DHCP and IPAM) .

•Experience with POC setup to explore the new products for project requirements.

•Experienced as a POS SPOC for procurement and support business profit.

•Adhere to company policies and comply with all security controls.

•Experience with Ansible tower automation for Network devices configuration changes.

•Software Code/IOS upgrades activities for all network devices.

•Knowledge Sharing by Providing technical training to the team members.

•Microsoft Office skills to document the KB articles, project documents, RCA.

•Experience with Monitoring tools Solar Winds, Nagios and Troubleshooting tools Wireshark.

•Creating the Network LLD and HLD diagrams through Microsoft VISIO

•Experience in installing and configuring DC, ADC, DNS, DHCP server.

•Deployment of DNS, DHCP and IPAM infrastructure as per business requirements.

•Experienced in Administrating and diagnostics of LAN and WAN with in-depth.

•Hardening the network devices as per the security standards.

•Proficient in setting up IT infrastructure including wide area networks (WAN), local area networks (LAN), security management systems network device administration.

•Adhere to the Change management process and timely documentations (Word, Excel, and VISIO).

Education & Certifications:

•BSc Computer science, Karnataka University Bangalore, INDIA. ( 2008 – 2011 )

•Diploma in Electrical and Electronics Engineering, JNTU, HYD, INDIA. (2001 – 2004)

•Azure AZ 700

•PCNSE (Palo Alto)

•CCIE-Security (Written)

•CCNP

•CCNA

•ITIL

Technical Skills:

•Azure Cloud Network

•Palo Alto Firewall

•NGFW Cisco FTD

•ASA Firewall

•Nexus Switch

Professional Skills: Senior Network Engineer / Network Lead

Client: KOHLS August 2021 – Till Date.

Responsibilities:

•VMWare SDWAN Velocloud, Profile Configurations, Business Policy, Dynamic multi-path Optimization, Link Steering Options, Edge Template and VPN configurations.

•VMware SDWAN implementation, management and troubleshooting Velocloud Orchestrator.

•Profile creation, Object groups creation to attach the policies for SDWAN functionality.

•SDWAN, Configure, Monitor, Diagnose of VMWARE VCO Functions.

•VPN Tunnel configuration on VMWARE Velocloud SDWAN

•Velocloud SDWAN Gateway Functions configurations, management, and troubleshooting.

•Configuring, managing, troubleshooting multiple Palo Alto firewalls through Panorama.

•Configuration, implementation of Azure VM Palo alto Firewalls.

•Troubleshooting Palo Alto firewalls from cli for quick resolution.

•Expertise in packet analysis and network traffic flow identification

•Fast troubleshooting and problem-solving skills on Palo Alto

•Ability to analyze network packet traces (PCAP).

•Hands-on experience with PA FW Site-to-Site VPN tunnels

•Palo Alto firewall rule modification, implementation, NAT configuration through Panorama.

•Threat defense, URL Filtering, Antivirus management from Panorama.

•Security policies configuration based on User-ID, App-ID, Content-ID.

•Ability to analyze network packet traces (PCAP).

•Code upgrade of Panorama and Palo Alto to enhance security features and mitigate the bugs.

•Cisco ASA Configuring and troubleshooting of multiple site-site VPN tunnels, Cisco Any-connect and SSL VPNs. Configured around 300 Tunnels of IPsec Ver1 and IPsec Ver2.

•Access control list, objects, objects-groups configuration on ASA firewall through cli.

•Static NAT, Dynamic NAT, Source NAT, Destination NAT configuration on ASA firewalls.

•Experience with context base firewalls, active-standby, active-active HA pairs.

•IOS code upgrade for ASA firewalls (every quarter around 50 ASA Firewalls).

•Upgraded the IOS software for all the network devices to fix the bugs and improves performance.

•Firewalls policy configuration, modification, rollback.

•Static routing, Policy based routing configuration on routers and firewalls.

•Static routing, dynamic routing BGP on Cisco ASA Firewalls and Switches.

•Experience with Juniper firewall devices of access rules configuration, NAT configuration, interface configuration and route configurations.

•Experience with juniper routers of routing protocols configurations.

•Experience with juniper switches of configuring L2 and L3 Vlan, interfaces configurations.

•Experience with AZURE Cloud Networking.

•Configuring the VNETs and designing the IP Network schema to avoid overlapping.

•Configuring the Network Interfaces and associating the Basic/ Standard Public IP’s.

•Experience with Azure routing and VNET Peering for communication between diff VNETS.

•Configuring and troubleshooting of HTTPS & Non-HTTPS Load Balancers.

•Configuring the private network access for Azure services.

•Configuration& troubleshooting of Express route, VWAN and private Endpoints.

•Configuration of internal and external Load Balancers.

•Application Gateway configuration and troubleshooting.

•Configuration of Azure Front door for applications.

•Creating VPN tunnels from Azure on non-cloud environments.

•Implementation of the custom Network VM’s Palo Alto firewalls.

•Resource group creations for isolation and managing the environments.

•Configurations of Static routes, VNET Peering, VPN Gateway Connection.

•Network and Application security group creations for access control and security restrictions.

•Creating the application gateways and Azure front door WAF.

•Configuration of UDR on Azure for Custom Routing Rules, Internet Traffic Control, Effective Routes,

•Azure network traffic monitoring and troubleshooting.

•VPN peering, VPC gateway configuration and troubleshooting.

•Configuration of ingress/egress Network security groups.

•Configuration and setup of f5 LB on BIG-IP and assigning the resources.

•Experience with f5 load balancer for VIP, pool, node creations.

•Experience with configurations of iRules, SNAT, Security profiles.

•VIP load balancing operations mechanism configurations and troubleshooting.

•SSL certificate renewal for VIP on f5 load balancers.

•Configuration and troubleshooting of f5 WAF for application security.

•Failover off the VIP’s over GTM and node mgmt. for maintenance.

•Bluecat DDI solutions experience for DNS (internal & external), DHCP, IPAM.

•VLAN, VTP. STP Configuration on Cisco IOS and Nexus Switches.

•HSRP, VRRP redundancy protocols configuration for HA.

•Configuration of Juniper Routers, Switches and Firewalls.

•Port Channel configuration and troubleshooting on Cisco Nexus Switches.

•Port channel and vPC configuration to increase the redundancy and increase port speed.

•Configuration and troubleshooting of Linux based Cumulus and juniper switches.

•Troubleshooting the LAN and WAN issues to avoid the service impact.

•Configuration and managing the cisco WLC, Cisco Meraki wireless.

•Automation of network devices configurations using Ansible Tower.

•BGP Experience, iBGP, EBGP configuration and troubleshooting.

•Creating Route maps, Path manipulation, re-distribution of BGP.

•BGP configuration and troubleshooting of Multi home.

•Managing the service requests and providing the support within defined SLA.

•Resolved P1 & P2 tickets as top priority and update the status on running bridge call and provide the RCA for P1/P2 issues.

•QOS configuration for bandwidth allocation for all the clients as per the requirements.

•Collecting the logs and validating to resolve the network issues.

•Troubleshooting and resolving the issues on live t-shooting calls to minimize the service impact.

•Responsible for handling all kinds of Network issues and end to end support.

•Keep track of all tickets resolved, ending and share data to management for monthly review.

•Present all changes in CAB meeting and complete successfully with prior planning and execution.

•De-commissioning of legacy network devices and migrating to the existing network.

•Configuring the network devices firewalls, routers, switches with AAA for tacacs authentication.

•Security policy review configuration and troubleshooting in ASA Firewall in Datacenter.

•Maintenance and troubleshooting of LAN, WAN, IP Routing, and Multi layers Switching.

•Monitor network performance and troubleshoot problem areas as needed.

•Create and maintain documentation and Visio diagrams as it relates to network configuration, network mapping, processes, and service records.

•Network asset management, including maintenance of network component inventory and related documentation and technical specifications information.

Tech Mahindra, Ashburn VA Dec 2013 – July 2023

CLIENTS: Solenis, Cynosure, JTEKT, PayPal, DowJones, Sigura, CSD

Senior Network Engineer/ Network Security Architect / Network/Security Lead

Responsibilities:

•Expert in Design, configuring and maintaining of Data centers and network infrastructures.

•Network architecture designing for network infrastructure and information security.

•Migration of multiple client networks from legacy network to new infrastructure.

•Providing complete Data Center support, racking & stacking of hardware devices, configuring, implementing, managing, and troubleshooting.

•Extensive knowledge of troubleshooting the networks issues within the SLA to avoid business impacts.

•VMWare SDWAN Velocloud, Profile Configurations, Business Policy, Dynamic multi-path Optimization, Link Steering Options, Edge Template and VPN configurations.

•VMware SDWAN implementation, management and troubleshooting Velocloud Orchestrator.

•Profile creation, Object groups creation to attach the policies for SDWAN functionality.

•SDWAN, Configure, Monitor, Diagnose of VMWARE VCO Functions.

•VPN Tunnel configuration on VMWARE Velocloud SDWAN

•Velocloud SDWAN Gateway Functions configurations, management, and troubleshooting.

•Configuring, managing, troubleshooting multiple Palo Alto firewalls through Panorama.

•Configuration, implementation of Azure VM Palo alto Firewalls.

•Troubleshooting Palo Alto firewalls from cli for quick resolution.

•Expertise in packet analysis and network traffic flow identification

•Fast troubleshooting and problem-solving skills on Palo Alto

•Ability to analyze network packet traces (PCAP).

•Hands-on experience with PA FW Site-to-Site VPN tunnels

•Palo Alto firewall rule modification, implementation, NAT configuration through Panorama.

•Threat defense, URL Filtering, Antivirus management from Panorama.

•Security policies configuration based on User-ID, App-ID, Content-ID.

•Ability to analyze network packet traces (PCAP).

•Code upgrade of Panorama and Palo Alto to enhance security features and mitigate the bugs.

•Experience with AZURE Cloud Networking.

•Configuring the VNETs and designing the IP Network schema to avoid overlapping.

•Configuring the Network Interfaces and associating the Basic/ Standard Public IP’s.

•Experience with Azure routing and VNET Peering for communication between diff VNETS.

•Configuring and troubleshooting of HTTPS & Non-HTTPS Load Balancers.

•Configuring the private network access for Azure services.

•Implementation of the custom Network VM’s Palo Alto firewalls.

•Resource group creations for isolation and managing the environments.

•Configurations of Static routes, VNET Peering, VPN Gateway Connection.

•Network and Application security group creations for access control and security restrictions.

•Creating the application gateways and Azure front door WAF.

•Experience with ISE configuration for TACACS and Radius authentication.

•Policy configurations for end user devices authentications, authorizations.

•ISE, Certificate based user authentication over the LAN an.

•Validating the ISE logs to troubleshoot the authentications/login issues.

•Cisco ASA Configuring and troubleshooting of multiple site-site VPN tunnels, Cisco Any-connect and SSL VPNs. Configured around 300 Tunnels of IPsec Ver1 and IPsec Ver2.

•Access control list, objects, objects-groups configuration on ASA firewall through cli.

•Static NAT, Dynamic NAT, Source NAT, Destination NAT configuration on ASA firewalls.

•Experience with context base firewalls, active-standby, active-active HA pairs.

•IOS code upgrade for ASA firewalls (every quarter around 50 ASA Firewalls).

•Upgraded the IOS software for all the network devices to fix the bugs and improves performance.

•Firewalls policy configuration, modification, rollback.

•Static routing, Policy based routing configuration on routers and firewalls.

•Static routing, dynamic routing BGP on Cisco ASA Firewalls and Switches.

•Experience with f5 load balancer for VIP, POOL, node creations.