Network Engineer Security
Resume:
Donappa reddy
Network & Security Engineer
***********@*****.*** 626-***-****
Professional Summary:
Certified Network Engineer with overall 8 years of working experience in Network Infrastructure, Security which includes designing, deployment and providing network support, installation and analysis for a broad range of LAN / WAN protocols, routing, switching, configuring, implementation, troubleshooting of complex networking system.
Working experience with Routers, Switches, Load Balancers, Firewalls and Proxies.
Excellent hands-on experience in configuring Cisco Nexus 2248T, 2224T, 5548P, 5596T, 6000, 7010, 7018, 7710,9300,9200 series switches. Also implemented VDC and VPC on the Nexus 5505, 7010, 7710,9000 series switches.
Hands on experience in performing various configurations on Access, Distribution and Core layer switches like Cisco Catalyst 2960,3650, 3750, 4507, 4010, 6506,,9300,9200 switches.
Hands-on experience in implementing and troubleshooting Switch technologies such as STP, VTP, 802.1q, VLAN and MPLS.
Experienced working on network monitoring and analysis tools like SOLAR WINDS, CISCO works and RIVERBED and Wireshark.
Proficient in designing, implementing, and maintaining IVR systems to enhance customer experience and streamline call routing.
Skilled in developing IVR scripts using industry-standard tools such as Avaya Experience Portal, Cisco Unified Customer Voice Portal (CVP), or similar platforms.
Experienced in configuring, deploying, maintaining, and troubleshooting of routing protocols like RIP, OSPF, EIGRP and BGP on Cisco 1800, 2600, 3600, 7200 and 7600 routers. And also performed Policy based routing in WAN topology.
Deployed and configuring Ruckus networking equipment such as access points, switches, and controllers to create robust and efficient network infrastructures.
Extensive knowledge of deploying & troubleshooting TCP/IP, Implementing IPv6, Transition from IPv4 to IPv6, Multilayer Switching, UDP, Fast Ethernet, Gigabit Ethernet, Voice/Data Integration techniques.
Proficient in configuring and troubleshooting route Re-distribution between Static, RIP, EIGRP, OSPF, and BGP protocols and in Route Manipulation.
Expert level knowledge on IP Addressing, Subnetting, VLSM, OSI model, TCP/IP model.
Using IP Address Manager (IPAM) provides a centralized management of the IP address space, including IPv4 and IPv6 Address Management.
Hands-on experience in creating security zones and security policies on branch Juniper SRX 240 and SRX 100 firewalls.
Experience installing, configuring and troubleshooting juniper switches EX2200, EX2500, EX3200 and EX4200 series.
Hands-on experience in deploying Frame-relay, GRE tunnels, Remote Access VPN and
Site-to-Site VPN.
Expert in configuring and implementing proxy servers and Authorization, Authentication & Accounting (RADIUS, TACACS+)
Experience in design, Deploying & Troubleshooting F5 Load Balancer Includes BIGIP Series 5050V, 10000V, 8900, 6900, and 3900.
Experience in Deploying & Troubleshooting policy management on Web Proxies.
Experience in administration and designing web proxies which includes Bluecoat.
Experience with MacAfee and Splunk SIEM tools for log analysis and threat management analysis.
Experience in design, installation, configuration, maintenance, migration and administration of Checkpoint Firewall R55 up to R77.
Experience in Policy based filtering using Palo Alto Firewalls. Experience working with Palo Alto GUI Panorama.
Experience in migrating Checkpoint to the Cisco ASA Devices. Also migrating from Cisco to Palo Alto.
Extensively used packet capture tools like TCP dump, Wireshark and snoop on the devices to identify the potential network issues.
Proficient in using Network Management Application layer software like SNMP, Solar winds, NTP and Syslog. Proficient in using MS Visio for documentation purposes.
Education:
Bachelor of Engineering in CSE at the oxford college of engineering
Certifications:
Palo Alto Accredited Configuration Engineer (ACE).
Technical Skills:
Cisco Switches
Nexus 9k, 7K, 5K, 2K, 3k & 1K, Cisco routers (7200, 3800, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4510, 4500-x, 3750x, 3550, 2960s, 2900series, 9300/9500 series). Juniper Switches Ex2200, Ex2500.
Routers
Cisco 2600, 2900, 3600, 3900, 7200 and 7600 series
Infrastructure services
DHCP, DNS, SMTP, FTP, TFTP
LAN technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- Channel, VLANS, VTP, STP, RSTP, 802.1Q, SVI
Routing Protocols
RIP, IGRP, EIGRP, OSPF, BGP, HSRP, VRRP, & GLBP.
WAN technologies
Frame Relay, ATM, MPLS, leased lines & exposure to PPP, T1 /T3 & SONET.
Firewall Technologies
Cisco ASA 5580 series, PANOOS 2020, Juniper SRX, Palo Alto, Checkpoint.
Network Security
NAT/PAT, Ingress & Egress Firewall Design, VPN Configuration, Internet Content Filtering, Load Balancing, IDS/IPS, SSL, IPSEC, IKE, Static, Dynamic, Reflexive ACL, and authentication AAA (TACACS+ & RADIUS)
Network Management
SNMP & knowledge on Cisco Works, Ethereal.
Platforms
Cisco IOS (11.x, 12.x), LINUX, Nexus OS, Windows XP.
Documentation
MS Office, MS Visio
Load-Balancer Technologies
F5 BIG-IP LTM.
Operating Systems
Microsoft XP/Vista/7/8, UNIX, Linux
Professional Experience:
AT&T, Charlotte, NC July 2022 – Present
Sr. Network Engineer
Responsibilities:
Configuration and troubleshooting of Cisco 2540, 2560, 3650, 6500, 7500, 7200,9000 Series switches.
Worked on Catalyst 3650,2960, 4506E, 4507, 6503E and 6506E,9200,9300 series switches along with Nexus 9k,7k,5k switches in change of configurations and maintenance.
VSS on 6506E switches maintenance to provide dual homing for the consumers as well redundancy.
Configured and maintained VDCs in 7018 switches, maintained VRFs in those separate VDCs. Operated in OTV to extend L2 VLANs amongst data centers over IP on Nexus 7018 switches.
Upgradation of Nexus OS from 6.2.2a to a higher version to increase performance and support new features on Nexus 9000 series switches.
Proficient in Configuring VPC between the Cisco Nexus 9k, 5k.
Configure Versa SD-WAN devices on Dell hardware as a process of replacing the border routers with Versa SD-WAN software devices.
Experienced in integrating IVR systems with databases, CRM (Customer Relationship Management) systems, and other backend applications to provide personalized and efficient customer service.
Knowledgeable in IVR best practices, including prompt design, menu structure optimization, and call flow management to improve usability and minimize caller frustration
Expertise in designing, implementing, and optimizing wireless networks using Ruckus technologies, including Wi-Fi 6 (802.11ax) access points and smart antenna arrays for improved coverage and throughput.
Work on day-day troubleshooting calls which include SD-WAN, firewall issues primarily, along with routing and switching as a part of operational team.
Configure EPG, update APIC, implement access and fabric policies in Cisco ACI environment.
Worked with other network engineers to deploy the Cisco ACI fabric.
Focused on working with Cisco Channel partners to build practices around Cisco ACI.
Route redistribution between OSPF, EIGRP and also in required routers, between IGP and BGP.
Configured and maintained PVST+ for L2 loop prevention on Cisco Catalyst switches.
Documented migration of data center from legacy switches to nexus switches.
Handled LAN environment involving HSRP, VLANs, Trunking and Spanning Tree protocol.
Worked on migrating the Cisco ACS TO Cisco ISE. And Successfully implemented Cisco ISE for wireless security across our company network.
Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on Cisco ISE.
Configured Cisco ISE for Domain Integration and Active Directory Integration.
Configured Cisco ISE for Wireless and Wired 802.1x Authentication on Cisco Wireless LAN Controllers.
Performing troubleshooting on slow network connectivity issues, and Performance on F5 and Cisco ASA Firewalls.
Proficient in configuring and troubleshooting DTMF signaling protocols such as RFC 2833 and SIP INFO for VoIP (Voice over Internet Protocol) networks.
Skilled in ensuring accurate DTMF detection and transmission across various telephony platforms, including traditional PSTN (Public Switched Telephone Network) and IP-based systems.
Experienced in implementing DTMF-based IVR applications to enable callers to interact with automated systems using keypad input.
Knowledgeable in DTMF payload formats and negotiation mechanisms for SIP (Session Initiation Protocol) and RTP (Real-Time Transport Protocol) sessions.
Deploying and decommissioning Cisco switches/Firewalls and their respective software upgrades.
Configuration, Troubleshooting and Maintenance of Palo Alto Firewalls (36+ firewalls) - PA200, PA2000 series, PA3000 series, PA4000 series and PA5000 series.
Hands on experience in Installing and Configuring Palo Alto PA-3060 Firewalls to protect Data Center.
Implemented Positive Enforcement Model with the help of Palo Alto networks.
Design, rack & stack, cable, configure, and turn up 2 new data centers consisting of Nexus 7k's, Palo Alto 5620's, and Cisco 5520 WLC's with dual MPLS, metro ethernet, and internet connectivity. 100Gb, 25Gb, 10Gb, and 1Gb connectivity.
Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Configuration and installation of Palo Alto Networks 5050 application firewalls (NGFW).
Performed Configuration on ASR 9K Pairs includes HSRP, Bundle Ethernet Config, Assigning dhcp profiles.
Configured Layer 2 NAT Software for IE 2000, IE 4000, IE 4010, and IE 5000 Switches to end device and communicate on the both the private and public subnets.
Managed the logistics for a large customer upgrade to new Cisco iWAN Routers.
Setup high availability using Cisco ASA, Firepower 2100 series across various sites.
Experience with converting Cisco ASA to Cisco FTD, working with both FTD and Cisco ASA experience.
Make use of Packet-tracer, packet captures daily and deal with excess CPU usage for the FTD-9300 from time to time due to several bug issues.
Hands on experience in Configuring VPN, routing, NAT, access-list, security contexts, and failover in ASA firewalls.
Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9K redundant pair.
Involved in stacking additional AL and DL switches to the existing stackable switch.
Experience on Implementation, working analysis, troubleshooting and documentation of LAN, WAN architecture with excellent work experience on IP series.
Rack and stack network equipment and conduct testing and tracing of network cables
Implemented Palo Alto solution for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.
Maintained TACACS+/RADIUS Servers for AAA authentication and User authentication.
Provided VPN services to site-to-site and, Remote access VPNs using IPSec tunneling.
Work with IP for any Vulnerabilities /ACLS and remediate as needed.
Configured DMVPN tunnels and Implementation and troubleshooting of iWan, PFR, Wireless.
Worked On application data re-encryption using Blue Coat appliances to optimize WAN performance.
Performed upgrading of load balancers from citrix to F5 BigIP load balancer to improved functionality, reliability and scalability in the system.
Managed the F5 BigIP GTM/LTM appliances to include writing iRules, SSL offload and everyday task of creating WIP and VIPs.
Upgrades/Downgrades of F5 TMOS, Hot-fix installations depending on need.
Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability.
Worked on troubleshooting and resolving issues escalated by the NOC and internal systems, including developing, implementing and deploying emergency hot fixes within a global network.
Configuring F5 ASM policies for external applications.
Configuration of Palo Alto Next-Generation Firewall mainly creating security profiles and VSYS according to client topology.
Successfully installed Palo Alto Next-Generation PA-3060, PA-5060 firewalls to protect Data Center with the use of IPS feature.
Environment: Juniper routers and switches, Cisco ASA Firewalls, Cisco routers 7200, Cisco Catalyst switches 6500, 4500, 2950; Big-IP F5 Load Balancer, Palo Alto firewalls, Blue Coat Proxy, Cisco Nexus 7k,5k, Nexus OS, Nexus switches.
OG&E Energy Corp, Oklahoma City, Ok Jan 2021 – July 2022
Network Security Engineer
Responsibilities:
Configured High availability, User ID on Palo Alto firewall.
Designed security policies on Palo Alto network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements.
Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
Extensive Packet level debugging and troubleshooting on Palo Alto Firewalls to resolve numerous network issues.
Assisting with Zscaler cloud security deployment and configuration of ZPA (Zscaler Private Access) VPN solution.
Employing Zscaler ZTNA (Zero Trust Network Access) to replace currently used Cisco any - connect VPN.
Configuration of Zscaler internet access, ZIA, for system security outside of the office.
Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) and Switches (9200,9300,6509E, 4507, 4500-X, 4900M, 3850, 3650, 2960) to perform functions at the Access, Distribution, and Core layers.
Working with Cisco Nexus 2248 Fabric Extender and Nexus 5500 series to provide a Flexible Access Solution for datacenter access architecture.
Configured Cisco 7600, 7200 series routers for MPLS VPN connectivity and VRF tables on Edge routers for customer usage of the MPLS network.
Configured BGP features such as as-override, Local pre, EBGP load sharing on client connections Configured and resolved various OSPF issues in an OSPF multi area environment between multiple branch routers.
Troubleshooting Layer 2 issues, Spanning Tree protocol, RSTP, MST, VTP, VLAN on Cisco 9200,9300 6500 series switches.
Configuring HSRP between the 3845 router pairs of Gateway redundancy for the client desktops.
Configuring GLBP, VLAN Trucking 802.1Q, STP, Port security on Catalyst 6500 switches.
Involved in configuring IP, IPsec, mGRE/GRE tunnels, Multicast, NAT overload, VRF, Policy Based Routing (PBR), Dynamic Multipoint Virtual Private Network (DMVPN) and MPLS.
Experience on Checkpoint GAIA R77. The environment consisted of 30+ Check Point firewalls and performed configuration, troubleshooting, and maintenance.
Integrated VMware solutions seamlessly into cloud environments, providing a secure and efficient network foundation for cloud-based applications and services.
Worked on groups and updating access-lists and responsible on Checkpoint Firewall, apply static, hide NAT using smart dashboard.
Performed upgrades for all IP series firewalls from previous Checkpoint versions (R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77) to R77.10
Environment: Cisco Nexus switches: 2232, 2248, 5548, 6001 and 7018(Sup 2E), Routers, Switches, Routing Protocols, Splunk, Cisco ISE, Websense, Solar Winds NPM, Checkpoints, VPNs, Cisco ASA.
Credit one Bank, Vegas, NV Feb 2020 – Jan 2021
Network Engineer
Responsibilities:
Implementation and configuration of ASA 5520 in failover along with the CSC module as per the customer requirement.
Implemented clientless SSL VPN on ASA 5500-x platforms.
Preformed Firewall configuration primarily through the command line interface.
Experience working with the Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall.
Configuring RADIUS and TACACS+ authentication on Cisco ASA firewalls.
Configure and troubleshoot the FTD 9300, FTD 2110 using FXOS, LINA, FMC on a day-to-day basis, deploy the firewalls 9300 in HA and 2110 in stand-alone based on the site type. Configure BGP, EIGRP on the FTD platform devices.
Configuring Firepower on Cisco ASA including IPS (NGIPS), Application visibility and Control as well as Advanced malware protection.
Configure policy-maps to redirect the traffic from ASA to Sourcefire module. Adding the devices to FMC and applying the health policies, platform policies and applying the patches on the Sourcefire module.
Manage and administer the sourcefire architecture and ensure security appliances are up to date with the latest OS, patches, signatures and vulnerability database updates.
Upgraded the Cisco ASA firewalls from version 8.6 to 9.
Negotiate VPN tunnels using IPsec encryption standards and also configured and implemented Site to Site VPN and remote VPN.
Performing the ACL requests changes for various clients by collecting source and destination information from them.
Implemented Cisco Application Centric Infrastructure (Cisco ACI) as a solution for data centers using a Spine and Leaf architecture.
Expert in troubleshooting production issues and resolving incidents and change tickets related to Cisco ACI.
Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.
Apply Cisco ISE configuration to switches.
Worked with Cisco ISE to identify threats in the network for rapid containment and remediation.
Experience on dealing with Cisco ISE Secure Network Server 3515 and other network security products.
Work with application team and Information security for ACL renewals and ACLS aging.
Hands on Experience on IPAM tool used for periodical scans a subnet and provides the availability status of IP addresses in that subnet.
Hands on experience with Cisco 3500, 3650, 3750, 4500, 6500, series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
Experience in migration of Frame-relay based branches to MPLS based technology using multi-layer stackable switch like 3650,6500 series and 9300/9500,2800 series switches.
Implemented DHCP, DNS, IPAM configuration on the servers to allocate, resolute the IP addresses from Subnet.
Upgrades and backups of Cisco router configuration files to a TFTP server.
Design, WAN link using PPP Multilink and by implementing Cisco WAAS.
Analyzed network traffic using analyzer using Wireshark.
Configure VoIP phones to be provisioned through company servers.
Experienced of network monitoring and management utility: Tcpdump and Wireshark.
Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices.
Environment: Cisco routers 7200; Cisco Catalyst 3650 switches 6500, 4500, 2950, Cisco Works; MS Visio, Checkpoint, Cisco ASA and Blue Coat Proxy, Cisco PIX Firewalls 535, 525 Routing Protocols OSPF, BGP, STP, VTP, VLAN, VPN,
Cognizant Technologies, Bangalore, India July 2017 – Jan2020
Network Engineer
Responsibilities:
Performed network engineering, design, planning (WAN & LAN) & implementation. Studied single point failures & designed WAN structure in such a way that there are no failures in network in case of any device or link failure.
Configured and maintained Cisco ACS server for AAA Authentication (RADIUS).
Involved in configuring switch for 802.1x port-based authentication.
Configured and designed LAN networks with Access layer switches such as Cisco 4510, 4948, 4507 switches.
Configured VLANs on a switch for inter-VLAN communication. Configured VLAN Trucking Protocol (VTP) on Core Switches. Configured various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches for STP, VTP Domain, VLAN, Trucking, Fast Ether Channel configuration.
Worked Extensively on Cisco Firewalls, Cisco (506E/515E/525/) & ASA 5500(5510/5540) Series.
Responsible for Checkpoint firewall management and operations across our global networks.
Involved in Configuration of Access lists (ACL) on checkpoint firewall for the proper network routing for the B2B network connectivity.
Setting up VLANS and configuring ISL trunk on Fast-Ethernet channel between Switches.
Deployed a large-scale HSRP solution to improve the uptime of collocation customers, in the event a core router became unreachable.
Implementing, Monitoring, Troubleshooting and Convergence in Frame-Mode MPLS inside the core.
Administrating on F5 LTM, GTM, ASM, APM on series 5050, 10000 8900.
Created an automated backup procedure for all F5 load balance appliances.
Configured routing policy for BGP. Switching related tasks included implementing VLANs and configuring ISL trunk and 802.1Q on Fast-Ethernet channel between switches.
Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
Troubleshooting on network problems with Wire shark, identify problem and fix.
Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
Performed the maintenance of Active Directory and replication scheme, DNS/DHCP services and time services; wrote step-by-step procedures for implementing upgrades.
Environment: Linux, Cisco 2800/2900/3000 Series 3650, ISR’s and Cisco 3640/12000 /7200/3845/3600/2800 routers, SQL, Cisco ASA 5500, Active Directory, series routers, Windows Server 2003/2008, ACL, SIP, RIP, OSPF, MPLS, BGP, EIGRP, Wi-Fi, LAN, MacAfee, WAN, WAP, IDS, IPS, Aruba WLAN, VPN, HSRP, F5
DXC Technologies Bangalore, India May 2016– July 2017
Network Administrator
Responsibilities:
Responsibilities included taking care of the IP Addressing in the organization which included designing new subnets based on the requirements.
Involved in implementing & designing the switched network. Configured STP, VTP and dot.1q in switching network.
Created VLAN& Inter-VLAN Routing with Multilayer Switching.
Implemented cluster and configuration of SRX-100 & 110 Juniper firewalls.
Designed security policies on Palo Alto network firewall for controlling what traffic needs to be allowed or blocked based on customer requirements.
LAN Cabling in compliance of CAT5 standards.
Assisted in Troubleshooting LAN connectivity and hardware issues in the network of 100+ hosts.
Maintained Redundancy on Cisco 2600, 2800 and 3600 routers with HSRP.
Performed RIP, OSPF, EIGRP routing protocol administration.
Learned and tested various BGP parameters like Local Preference, MED, Weight, and replicated customer issues in the Lab environment.
Involved in monitoring the performance of the network, thereby identifying the bottlenecks in the network, troubleshooting the connectivity problems using Ping, Trace route and Telnet.
Involved in troubleshooting IP addressing issues and Upgrading IOS images using TFTP.
Daily responsibilities included monitoring network connectivity and administration of the remote location.
Analyzed and studied Client requirements to provide solutions for network design, configuration, administration and security.
Environment: Cisco 2950 switches and Cisco 2800 Routers, EIGRP, BGP, MPLS, VLAN, QOS, DHCP, Trunk protocols, DNS, Spanning tree, OSPF.
Contact this candidate