Network, Security & Virtualization Engineer

NAME: PRAVEEN KUMAR KATTA

PHONE: +1-346-***-****

Email: ad4773@r.postjobfree.com

PROFESSIONAL SUMMARY:

Around 9+ years of experience in the IT industry. I specialize in cloud and network security, and I hold certifications in Palo Alto, Checkpoint, Nutanix, VMware, Zscaler & Qualys. I work with global clients to design, implement, and manage secure and scalable cloud, Security and network solutions, using technologies such as Palo Alto, Checkpoint, Zscaler, F5, VMware, Nutanix Cisco and Cumulus Linux Networking.

CERTIFICATIONS:

•Palo Alto Networks Certified Network Security Administrator (PCNSA).

•Palo Alto Networks Certified Network Security Engineer (PCNSE).

•Check Point Certified Security Administrator (CCSA) R81.

•Zscaler Private Access (ZPA) Certified Administrator.

•Zscaler Internet Access (ZIA) Certified Administrator.

•Zscaler Digital Experience (ZDX) Certified Administrator.

•Zscaler For Users - Advanced (EDU-202).

•Cisco Certified Network Associate (CCNA).

•VMware Certified Technical Associate - Data Center Virtualization 2024 (VCTA-DCV 2024).

•VMware Certified Professional - Data Center Virtualization 2024 (VCP-DCV 2024).

•Nutanix Certified Professional - Multicloud Infrastructure (NCP-MCI 5).

•Qualys Certified Specialist.

•AWS Certified Cloud Practitioner

TECHNICAL SKILLS:

Network Security & Firewall Platforms: Cisco Identity Service Engine (ISE), Zscaler, Palo Alto Networks (VM Series, PA-3000, PA-200 series), Checkpoint (2200, 4600, VM series), CISCO ASA (5500-X Series), F5.

Routing Protocols: OSPF, EIGRP, BGP.

Switching Technologies: Cisco (Catalyst 2960, Catalyst 3650, Catalyst 9300 series), Cumulus Linux (Mellanox SN series), Super Micro (Edge core).

Switching Protocols: VLANs (802.1Q), Spanning Tree Protocol (STP), Virtual Port Channels (vPC), MLAG, MAGP, Access Control Lists (ACLs). Virtual Switching System (VSS), Port security (802.1x),

VPN Technologies: IPsec VPNs, SSL VPNs

Firewall Policies: Application-based filtering, Intrusion Prevention System (IPS), Quality of Service (QoS).

Hypervisor Technologies: VMware vSphere (ESXi, vCenter server), Nutanix (AHV & ESXI Hypervisors), HPE SimpliVity (ESXI), Microsoft Hyper-V – Intermediate.

Operating Systems: Windows (2016,2019,2022), Linux (Cumulus Linux, Onyx)

Containerization Technologies: Kubernetes, Docker- Beginner

Cloud Platforms: Aws, Azure, GCP.

Awards:

Best Team Award.

STAR of CCD.

Certificate of Excellence.

Trail blazers in Architecture, Domain, innovation.

Best Project Award.

PROFESSIONAL EXPERIENCE:

Infosys Limited Sep 2014 – Mar 2024

Network, Security & Virtualization Engineer

Responsibilities:

Palo Alto & Checkpoint:

Designed, implemented, and managed Palo Alto Networks firewall solutions for large enterprise networks, ensuring advanced threat protection, application visibility, and network segmentation.

Deployment and configuration of Palo Alto Networks next-generation firewalls, including PA Series and VM-Series, in both physical and virtualized environments.

Designed, implemented, and managed Palo Alto Networks Panorama solutions for large enterprise networks, providing centralized management and orchestration of firewall policies.

Deployed and configured Panorama appliances in high-availability configurations to ensure reliability and fault tolerance in critical network infrastructure.

Implemented Panorama features such as Device Groups, Templates, and Dynamic Address Groups to automate policy enforcement and streamline firewall management workflow.

Developed security policies, including application-based and user-based rules, to enforce granular access controls and mitigate security risks.

Designed, implemented, and managed Palo Alto Networks firewall solutions for client-to-site and site-to-site VPN deployments, ensuring secure connectivity for remote users and branch offices.

Implemented and managed Palo Alto Networks firewall solutions for small to medium-sized businesses, including configuration of client-to-site VPNs for remote users and branch offices.

Implemented IPSec-based site-to-site VPN tunnels between Palo Alto Networks firewalls to establish secure communication channels between geographically distributed locations.

Configured VPN profiles, authentication methods, and encryption algorithms to meet security and compliance requirements while optimizing performance and usability.

Configured GlobalProtect VPN solutions to provide secure remote access for users across multiple platforms, including Windows, macOS, iOS, and Android

Performed Checkpoint & Palo Alto device upgrades, software upgrades on firewall devices.

Configured and troubleshooted security policies, including application-based filtering, user-based authentication, and threat prevention profiles.

Responsible for implementing Change Requests, new Tunnel establishment and other Firewall changes.

Troubleshooting the issues like Performance of the Client Applications, new access enabling, decommissioning the exiting connectivity.

Configure and Troubleshooting of Site-to-Site VPN and Client to Site VPN (Checkpoint, Palo Alto): IKEV1, IKEV2, NAT-T.

Checkpoint Firewall DHCP-Relay, Cluster XL, Secure XL, Core XL, Anti-spoofing.

Checkpoint Setup Static / Hide NAT, Automatic NAT and define Manual NAT Rules

Knowledge on standalone and distributed deployment of checkpoint.

Identity awareness and application control and URL filtering.

Palo Alto: App-ID, User-ID, Content-ID, High Availability SSL Forward Proxy, Wildfire.

Integrated Palo Alto Networks firewalls with other security components such as SIEM platforms, endpoint protection systems, and threat intelligence feeds to enhance overall security posture.

Designing the network and preparing the Document for network design and making provision for future expansion.

Conducted firewall rule optimization and cleanup initiatives to improve security posture and streamline firewall performance.

Conducted regular security audits and compliance assessments to identify vulnerabilities and ensure adherence to industry standards and regulations.

Proactively analyze Capacity & utilization reports and take the required corrective actions to optimize service availability.

Documented firewall configurations, operational procedures, and incident reports to maintain accurate records and facilitate knowledge transfer within the team.

CISCO Identity Service Engine (ISE/NAC):

Designed, implemented, and managed Cisco ISE solutions for large enterprise networks, ensuring secure and seamless access control for users and devices.

Designed, deployed, and managed virtual instances of Cisco ISE for large enterprise networks, leveraging virtualization platforms such as VMware vSphere and Nutanix (AHV & ESXI).

Deployment and configuration of Cisco ISE appliances, including Policy Service Nodes (PSNs), Monitoring and Troubleshooting Nodes (MnTs), and Policy Administration Nodes (PANs).

Implemented identity-based access policies using Cisco ISE, including Authentication, Authorization, and Accounting (AAA) policies, Network Access Control (NAC), and guest access portals.

Configured authentication and authorization policies based on user identity, device type, and endpoint security posture to ensure compliance with security policies and regulatory requirements.

Developed custom endpoint profiling policies to classify network devices and enforce access policies based on device characteristics and behaviour.

Implemented dynamic access control policies using Cisco ISE's Policy Sets, Identity Groups, and Endpoint Identity Groups to streamline policy enforcement and reduce manual configuration.

Configured and troubleshooted network access policies, including 802.1X authentication, MAC authentication bypass (MAB), and web authentication for wired and wireless networks.

Created and managed device registration portals and guest access workflows using Cisco ISE's self-registration and sponsor-based guest access features.

Creating TACACS rules and adding switches/routers to CISCO ISE.

Conducted performance monitoring and optimization of Cisco ISE deployments, ensuring scalability and reliability under heavy load conditions.

Provided on-call support and responded to security incidents, demonstrating strong troubleshooting skills and the ability to mitigate security threats effectively.

Integrated Cisco ISE with other network components such as Cisco switches, routers, wireless controllers, and third-party security solutions to enforce consistent access policies across the network.

Implemented cisco ISE pxGrid integration with third-party security products for real-time threat detection and response.

Conducted network access assessments and audits to identify security vulnerabilities and compliance gaps, implementing remediation strategies to mitigate risks.

Provided technical guidance and mentorship to junior engineers, sharing best practices and knowledge of Cisco ISE technologies.

Collaborated with cross-functional teams including network architects, security specialists, and system administrators to ensure seamless integration of Cisco ISE with existing network infrastructure.

Stayed abreast of industry trends and best practices in network security and identity management, continuously improving skills and knowledge.

Documented Cisco ISE configurations, deployment guides, and operational procedures to facilitate knowledge transfer and ensure consistency in implementation.

F5:

Designed, deployed, and managed F5 BIG-IP Local Traffic Manager (LTM) and Global Traffic Manager (GTM) solutions to optimize application delivery and ensure high availability of critical services.

Collaborated with network architects and application teams to design and implement load balancing and traffic management solutions for complex multi-tiered applications.

Developed and maintained iRules for custom traffic handling and application-specific optimizations, enhancing the functionality and flexibility of F5 deployments.

Configured F5 BIG-IP Access Policy Manager (APM) for SSL VPN connectivity, providing secure remote access to corporate applications and resources for remote users.

Conducted performance tuning and optimization of F5 configurations to improve application response times, minimize latency, and maximize throughput.

Configure nodes, VIPs and server pools in F5 devices.

Experience in installing SSL certificates on F5.

Participated in the evaluation and testing of new F5 features and updates, providing feedback to product development teams.

ZSCALER:

Implemented, and managed Zscaler Internet Access (ZIA) solutions for large enterprise networks, providing secure and direct access to the internet for users and devices.

Configured Zscaler Private Access (ZPA) for secure remote access to internal applications, replacing traditional VPN solutions and improving security posture.

Created and maintained security policies, including URL filtering, SSL inspection, and cloud firewall rules, to enforce consistent security controls and compliance across the organization.

Conducted regular audits and assessments of Zscaler configurations and policies to identify security risks and optimize performance.

Integrated Zscaler with identity providers such as Active Directory, LDAP, and SAML for user authentication and access control.

Zscaler Private Access (ZPA): Deployment of app connectors and management.

Conducted performance monitoring and optimization of Zscaler deployments, ensuring optimal user experience and bandwidth utilization.

Deployment of VSE on ESXI virtual infrastructure.

Configuring VSE clusters.

Deployment of Zscaler proxy.

Securing browser-based access with help of Zscaler.

Client connector installation and configuration.

Designed, implemented, and managed Zscaler Digital Experience (ZDX) platform for monitoring user experience and application performance across the organization's network.

Manage and maintain endpoint agents, ensuring all endpoints are equipped with necessary security measures.

Participated in the evaluation and testing of new Zscaler features and updates, providing feedback to product development teams

CISCO Routing & Switching:

Managed and maintained LAN/WAN networks, including network devices, cabling, and infrastructure components, to ensure optimal performance and reliability.

Involving design of WAN/LAN network layouts, configuration & maintenance of devices

Securing Network Devices by disabling unwanted services, access restriction of networks, logging and trusted advisor capable of building solid, long-term relationships with customers.

Implemented network security policies and technologies, including ACLs, VPNs, IPS/IDS, and Firepower services, to protect against cyber threats and ensure compliance with industry standards.

Configured and maintained Cisco routers, switches, firewalls, and wireless access points, including Cisco Catalyst, Nexus, ISR, ASR, and ASA platforms.

Deployment and configuration of Cisco routers, including ISR routers, ASR routers, and Cisco Aggregation Services Routers (ASR) for diverse network environments.

Led a team of engineers in the deployment and configuration of Cisco Catalyst switches, including Catalyst 9000 series, Nexus switches, and Catalyst 6000 series.

Configured and optimized VLANs, trunking, and port channels to segment network traffic and enhance performance and security.

Designed and implemented VLANs, trunking, and spanning tree protocols (STP, RSTP, MSTP) to ensure efficient and resilient network connectivity.

Configured and troubleshooted VLANs, spanning tree protocol (STP), port security, and other advanced switching features to ensure optimal network performance and security.

Implemented and managed dynamic routing protocols such as OSPF, EIGRP, and BGP to optimize routing efficiency and fault tolerance in enterprise networks.

Configured and optimized IP addressing, subnetting, and route summarization to minimize routing table size and improve routing convergence times.

Configuration of NAT on routers. Disabling and enabling of NAT.

Implementation of VPN tunnels on cisco routers.

Implemented QoS (Quality of Service) policies and traffic shaping mechanisms to prioritize critical applications and ensure optimal utilization of network resources.

IOS up gradation, Password Recovery& Backup.

Expertise in Catalyst Switches 6509,4506,4507,2960,3750,3550, Nexus 7k,5k & VSS switches & Cisco Routers 3700, 2800, 2900, 903, 7200,7600 series Modules.

Manage the TACACS servers in and TACACS configuration on network and security devices for authentication, authorization and accounting the logs.

Provided Tier 3 support for network-related issues, troubleshooting complex problems and identifying root causes to ensure timely resolution.

Conducted network performance analysis and optimization, utilizing tools such as Cisco Prime Infrastructure and Wireshark to troubleshoot issues and improve network efficiency.

Collaborated with cross-functional teams to integrate network infrastructure with other IT systems and services, including Active Directory, DNS, DHCP, and VoIP solutions.

Conducted periodic security assessments and audits, identifying vulnerabilities and recommending remediation actions to enhance network security posture.

Provided technical support and guidance to junior engineers and end-users, resolving network-related issues and delivering training on Cisco technologies and best practices

Knowledge of ITIL incident, problem & change management. Applying changes and implementation of new network gears into the production as per change management process & within scheduled downtime.

Participated in the planning and execution of network upgrades, migrations, and expansion projects, ensuring minimal disruption to business operations and adherence to project timelines.

Documented network configurations, diagrams, and procedures to maintain accurate and up-to-date network documentation for reference and troubleshooting purposes.

Collaborated with cross-functional teams including network architects, security specialists, and system administrators to integrate routing and switching infrastructure with other network components and systems.

Cumulus Linux:

Managing around 60+ Mellanox cumulus Linux switches which are part of NUTANIX, SimpliVity & Open stack cloud.

Preparing architecture & cabling diagrams and gathering network segments for switch deployments.

Co-ordinating with multiple stake holders for bringing switches into production.

Deploying and upgrading Mellanox switches with Cumulus Linux & Onyx OS.

Creating L2, L3 vlans configurations and routes in cumulus switches.

Configuring mlag & mgap for switch high availability.

Implementing breakout connection configuration.

Configuring SIEM integration for monitoring access in switches.

TACACS integration for access level privileges with CISCO ISE server.

Resolving the hardware issues in co-ordination with respective vendor.

Performing BCMS activities on switches for high availability.

Created ansible paly books for switch configuration backups.

Coordinating with security team and performing VA scan and fix the vulnerabilities on switches.

Configuring ACL’s as per requirement.

Expertise in Mellanox spectrum, Edge core ethernet and fiber switches.

NUTANIX:

Managing around 20 NUTANIX clusters worldwide.

Nutanix design and planning for deployment (including network design).

End to end management of NUTANIX cloud which includes networking configuration.

Deploy and manage Nutanix clusters.

Design and deployment of distributed Virtual switches for management, storage & VM workloads.

Configuration of local and remote back up policies.

Creation of images in AHV.

Deploying Nutanix clusters in Robo locations.

Configuration of Nutanix file server for both (SMB and NFS).

Implementing Nutanix object services for S3.

Implementing Nutanix AHV networking and security

Implementing Nutanix availability and disaster recovery.

Virtual machine migration between different platforms (ESXI-AHV) with help of Nutanix Move.

Upgrading Nutanix software and firmware through LCM.

Proactively monitoring alerts and their remediation

Troubleshooting performance and availability issues

Capacity planning & reporting.

VM lifecycle Management (creation, deletion, cloning, snapshot etc.)

Collaborate with Nutanix support for advanced troubleshooting.

Plan, implement and execute DR drills.

Leverage Nutanix products and features to automate administrative tasks.

Guide and train the Client team on Nutanix Administration.

Keep the clients well-informed by providing status reporting on projects, updates to software and any ancillary documentation.

VMware vSphere:

Manged around 400 SimpliVity nodes and 40 NUTANIX ESXI nodes across the globe with multiple VMware vSphere vCenters which are hosted in linked mode.

Preparing architecture & cabling diagrams and gathering network segments for deployments.

Deploying VMware vCenter server and appliance.

Creating firewall rules on vCenter server to restrict access.

Configuring ILO network and upgrading ILO and firmware as per HPE recommendations.

Configuring RAID for deployment.

Deploying HPE SimpliVity nodes with help of SimpliVity deployment manager and adding to VMware vCenter server.

Configuring HA, DRS & EVC on SimpliVity cluster.

Adding SimpliVity nodes and vCenter servers to domain.

Creating Virtual/Distribution switches for ESXI management, storage & Federation and VM workloads.

Proving RBAC access for vCenter server

Creating content library and templates for virtual machine deployments.

Configuring datastore for storage and creating LUN’s.

Experience configuring SAN Storage Arrays.

Resolve customer technical issues with the vSAN product through diligent research, reproduction, and troubleshooting.

Creating backup policies and configuring automatic remote backups with time, retention periods.

Port group VLAN, NIC Teaming and Security policies configuration.

Virtual machine creation and configuration changes as per client requirements.

Creating snapshots and restoring VM’s with snapshots.

Virtual machine migrations with vMotion across SimpliVity cluster and vCenters.

Performing upgrades of ESXI and vCenter servers.

Taking care of BCMS test for the HA, vMotion and node failures.

Involve in new Site implementation in term of Architecture of site and configuration of network devices and Systems.

Contact this candidate