Palo Alto Network Engineer
Resume:
George Sumanth Bitla
Senior Network Engineer
************@*****.***
PROFESSIONAL SUMMARY:
9+ years of experience in Network design, Security, Tier support of Networks in various environments.
Experienced in Palo Alto Firewall with PA-7000, PA-5000, PA-3000, PA-2000 series and configuring security polices and implementing VPN.
Installed and migrated company’s security firewall environment from FortiOS 5.4 firewall platform FortiGate1000D and FG100D.
Extensive experience working on Cisco and Juniper routers/switches in complex environments with multiple ISPs.
Upgraded Open Shift clusters from v3.4 to v3.9 using blue green deployment methodology.
Deployment of prisma access (Palo Alto cloud solution).
Hands on experience with checkpoint and configuring firewalls and managing issues.
Deployed 51 different ASA and firepower Next Generation firepower threat defense with IPS, IDS and URL filtering such as 5508-x, 5516-x, 5525-x, 5545-x and 2100 and 4100 series as well in FMC.
Design and implement industry leading SD-WAN infrastructure to provide secure, carrier independent WAN connectivity across the enterprise.
Extensive knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols on Palo Alto firewall as well as Cisco ASA and checkpoint.
Acquainted with Cisco Meraki for Cisco Wireless Devices Monitoring, managing and troubleshooting Cisco Wireless devices using Cisco Meraki.
Experience to adding Palo Alto firewall to current network infrastructure. Intergrade Cisco ISE wif Cisco Firepower to enable automated remediation.
Expert in dealing with Networking Protocols and Standards such as TCP/IP, OSI, UDP, Layer 2 (VLANs, STP, VTP), Routing Protocols (EIGRP, OSPF, BGP), WAN technologies (Frame relay, IPsec, VPNs) Qi’s.
Experience on Monitoring and Management tools such as HP Open view, Solar Winds and Wireshark.
Technical Skills:
Operating Systems
Windows (Server 2003/2008, Vista, Windows 7), Linux OS
Routers
Cisco GSR12016, ASR1001, 2900, 3900, 7200, 7600, ASR9000 & ISR routers
Switches
Cisco 3750, 3850, 4507, 4510 & 6500 series switches, Nexus 9K, 7K, 5K, 2K
Routing
MPLS, OSPF, EIGRP, BGP, PBR, IS-IS, Route Filtering, Redistribution, Summarization, Static Routing
Switching
LAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switch, operations, Layer 3 Switches, Ether channels, Transparent Bridging.
Network security
Cisco (ASA) 510, Palo Alto, juniper SRX, ACL, IPSEC VPN, GRE VPN, NAT/PAT, Filtering, Load Balancing, IDS/IPS,
Load Balancer
F5 Networks (Big-IP) LTM Module, Cisco ACE 30 load balancer
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
AAA Architecture
TACACS+, RADIUS, Cisco ACS
PROFFESIONAL SUMMARY
Fannie Mae, NYC, NY Oct 2022 - Present
Sr. Network Engineer
Responsibilities:
Configured ASM WAF polices for the internet facing HTTPS applications using the learning mode and monitoring the suggestions and disallowed incoming traffic from targeting know vulnerabilities in the web applications.
Experienced in configuring, deploying and managing Palo Alto firewalls, including device series PA-7K, 5K, 3K and 2K in conjunction with Panorama centralized management featuring device M-500 series.
Worked with panorama for managing the Palo Alto firewalls and prisma tunnels.
Worked on Terraform for automating VPCs, ELBs, security groups, SQS queues, S3 buckets and continuing to replace the rest of our infrastructure and migration from traditional to cloud environment.
Managing and support Cisco, Fortinet, checkpoint/Kemp routers and switches, LB, Foundry and firewalls.
Worked in configuring alerting methods via ansible playbooks for machineconfigs, PV, PVC and all the openshift 4.x components to alert support teams.
Extensive Knowledge on mapping the rules in Gigamon according to the requirement.Deployed all the devices in various locations.
Implemented and managed Guardicore Centra to enhance network security and segmentation, resulting in a 30% reduction in potential security breaches.
Experience in configuring, implementing, analyzing and supporting Splunk server infrastructure across Windows, UNIX and Linux.
Configured and deployed 18 firepower threat defense with IPS, IDS, AMP and URL filtering and integrated with firepower management center FMC for 5516-x, 5545-x, 2100 and 4100 series.
Involved in developing scripts and templates using AWS CloudFormation and Fortinet’s APIs to streamline rule complexity, and ensuring compliance with security protocols.
Integrated Fortinet devices with FortiManager for centralized management and FortiAnalyzer for log analysis.
Working knowledge and demonstrated experience on the Cisco Juniper, HP Aruba, Avaya and Arista switches &Routers.
Implemented firewall policies, intrusion prevention, and web filtering on FortiGate 60E devices to ensure comprehensive threat protection.
Configured active/passive high availability and link monitoring on Fortigate and Junos firewalls.
Implemented l4/l7 services and network Micro segmentation using ASA, Palo Alto virtual firewalls and integration with ACI fabric and Arista VXLAN fabric.
Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software (heavy Cisco shop) experience.
Build the Open Shift cluster in PaaS solution for TestNet, Development, DMZ and Production live environments.
Hands on experience on testing tools and traffic generators tools (Sprient test centre, IXIA and IXN2X).
Administering Splunk and Splunk apps to include developing new/custom Apps to perform specialized functionality.
Strong Experience in upgrading Cisco IOS and Cisco Nexus NX-OS in the Datacenters .Also Experienced in working with Arista EOD and Juniper JUNOS.
Migrated remote branch sites Palo Alto firewalls to prisma cloud for increasing the flexibility and reducing the operational life cycle management.
Used Terraform to reliably version and create infrastructure on Azure. Created resources using Azure Terraform modules and automated infrastructure Management.
Worked on Multi-Vendor platform with checkpoint, Fortinet and Cisco firewalls requesting net flow for security compliance, coding and pushing firewall rules after approval and troubleshoot incidents as required.
Troubleshooted networkflow and application performance with Wireshark Gigamon and network flow.
Designed and implemented micro-segmentation policies using Guardicore, effectively isolating critical assets and minimizing lateral movement within the network.
Performed troubleshooting and configuration changes to resolve Splunk configuration issues.
Worked with Cisco, Palo Alto, ASA, Juniper SRX, Checkpoint, Fortinet, Zscaler and other vendors to provide a stable, high-speed, secure network.
Developed Terraform Modules for automating the provisioned the AWS Infrastructure
Worked on integrating Cisco ACI with other security solutions, such as firewall and intrusion detection/prevention systems (IDS/IPS), to enhance network security and threat mitigation.
Used Cisco ACI’s traffic management features, including Quality of Service (QoS) and bandwidth allocation, to prioritize critical applications and optimize network performance.
Configured edge routing policies on vEdge devices vEdge1000 and vEdge2000 series, to make efficient traffic routing based on application type, quality of service (QoS).
Worked with Air Magnet Wifi Analyzer for 802.11 a/b/g/n VLAN troubleshooting, tuning, and channel rotation as required for adequate wireless coverage.
Troubleshoot the Open Shift Infrastructure - cluster level issues, determine the root cause and apply fix.
Deploying Cisco Aironet 2700, 3700 Series, Cisco Meraki Enterprise Cloud Access Points and Wireless Bridges/Repeater for LAN Expansions.
Hands on experience Zscaler cloud proxies ZIA and ZPA. Worked on setting up tunnels to Zscaler Zens, zero trust network access.
Setting up OSPF/LDP scale for both 600 OSPF neighbor and LDP Sessions with 3.5M labels from Spirent/IXIA.
Established secure cross-account access to S3 buckets through resource-based policies, allowing designated AWS accounts to access shared data.
Employed SSL Offload and acceleration capabilities to enhance security while improving the performance of encrypted traffic of VIPRION F5 Series.
AT&T, Middletown, NY June 2019 – Sep 2022
Sr. Network Security Engineer/Operations Engineer
Responsibilities:
Firewall Policy Provisioning and troubleshooting firewall connectivity related issues using Fortinet Manager.
Configure and administrating Fortinet Firewalls (FortiGate 240D, Forti WiFi 60D), IPv4 policy, interfaces DHCP Servers, IPsec VPN between two Fortinet routers, on premise and VPC in AWS, SSL VPN for client app.
Written templates for Azure Infrastructure as code using Terraform to build staging and production environments.
Experience working on IXIA and Landslide and troubleshooting using IRIS, Netscout, nGenius and Wireshark.
Utilized network tools like Gigamon and Wireshark for troubleshooting and monitoring.
Implemented and configured Prisma Access & Panorama.
Experience working with Fortinet Firewall series FortiGate 3800, 3700, 3200, 3100, 2500 & 2000.
Experience in Fortinet 100D, Fortinet 60C, Fortinet 60E, Fortinet 60D, Fortinet 200E (HA), this includes the whole UTM (app control, Web Filter, IPS, DoS, DDoS, etc.
Integrated with security orchestration and automation platforms for streamlined incident response and threat mitigation on Palo Alto PA-5000 series.
Migrated security policies, NAT rules, and VPN configurations from PA-3000 series to PA-5000 series firewalls while ensuring policy consistency and adherence.
Integrated Build process using Jenkins to setup Auto Deploy pipeline wif Terraform for end to end automations for site core Deployments for custom Domain apps.
Worked on logging and monitoring on the PA-5000, PA-3000 series firewalls to enhance visibility into network traffic and security events post-migration.
Deployed Palo Alto firewalls using Confidential NS through L2 and L3 interfaces on model such as VM-300, VM-500, and VM-1000-HV.
Building Automation tools for Nexus9K, 3K and Juniper QFX5100 using Netconf, pyez, and Ansible module.
Migrating applications from AWS&On-prem to OpenshiftPlatform, support pushing the docker images into the registry, support creating BuildConfig and Deployment,Config Files, creating services and routes
Responsible for configuring and managing Arista,Cisco Switches, including new build configurations,maintaining current configuration and adding new connections and features.
Expertise in designing and implementing micro-segmentation strategies using Guardicore.
Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools that use various protocols.
Installed Snort security Sensors and Gigamon Port Mirroring devices along with fabric core switches.
Extensively worked on Terraform modules that had version conflicts to utilize during deployments to enable more control or missing capabilities. Managed different infrastructure resources, like physical machines, VMs and Docket containers using Terraform.
Manage policy on Cisco firepower 9300 wif SM-44s running in ASA mode and Legacy ASA 5k Firewalls.
Leveraged the enhanced incident response tools in Firepower v7 to handle and mitigate security incidents more effectively.
Developed ACI (Cisco Application Centric Infrastructure) base Cisco Validated Designs for Enterprises and Service Providers to transform Traditional 3 Layer Architecture to ACI based (Spine, Leaf and APIC) Architecture.
Configured LACP, OSPF protocols on Arista 7250qx-64 switches.
Experience in collaborating with vendors and cross-functional teams for successful integration of Guardicore solutions.
Worked on Cisco Nexus 9000 NXOS to ACI fabric to work in concert with existing Nexus 7000s and ASRs for Multi-Protocol Label Switching (MPLS).
Integrated Cisco ACI with other security solutions, such as firewalls and intrusion detection/prevention systems (IDS/IPS), to enhance network security and threat mitigation.
Worked on centralized VIPTELA vSmart controller to intelligently route traffic across the WAN, making it more efficient and cost-effective.
Utilized SD-WAN VIPTELA’s traffic engineering capabilities to prioritize critical applications and ensure Quality of Service (QoS) across the network.
Involved in implementing advanced encryption techniques such as IPsec and TLS to secure data in transit across the SD-WAN VIPTELA network.
Enabled secure remote management and monitoring of vEdge1000 devices, adapting to evolving network requirements and dynamic conditions.
Design and implementation of security infrastructure for clients focusing on Cisco firepower and ASA suite of products.
Deploy new Splunk systems and Monitor Splunk internal logs from the monitoring console(MC) to identify and troubleshoot existing or potential issues.
Configured and managed Cisco Identity Services Engine (ISE), including the Cisco ISE 3000 series.
Managed DHCP, DNS and IP address thru INFOBLOX, and Admin for Internet sites access thru Zscaler.
Interacted with security team to implement intrusion detection and prevention systems (IDPS) in ISEC to monitor network traffic for suspicious activities and respond to potential security breaches promptly.
Leveraged the improved features of version 7, optimizing threat defense capabilities and enhancing our security posture.
Set up AWS Direct Connect Gateway with AWS team to simplify network management and extend Direct Connect connections to multiple virtual private cloud (VPCs) within the AWS cloud.
Involved in CloudWatch and AWS VPC Flow Logs to monitor and log network traffic and performance metrics, enabling proactive troubleshooting and security incident detection.
Involved in designing and managing security groups and network access control lists (NACLs) to control inbound and outbound traffic to EC2 instances, enforcing the principle of least privilege.
Deployed F5 GTM BIG-IP 1500 Series devices (Such as 1600 and 1600S) for global load balancing and disaster recovery solutions, ensuring optimal network performance and fault tolerance.
Addressed SSL/TLS certificate and configuration issues on F5 BIG-IP devices to ensure secure communication between clients and servers.
Global NTT, Chicago, IL Sep 2017 – May 2019
Sr. Network Security Engineer
Responsibilities:
Managed and maintained Fortinet Firewalls through IPv4 policies, traffic shaping, IPS, web filtering, interfaces, and routing
Upgraded the Cisco ASA firewalls from 6.2.3.1 to 6.2.3.9 for better performance and to avoid unwanted Health warnings thrown by the FMC.
Implemented security policies using ACL, Firewall, IPSec, VPN, AAA Security TACACS+ and RADIUS on different series of routers.
Creating site to site IPsec tunnels between 4221 router and cisco ASA firewalls to provide secured connectivity between customer location and datacenter.
Expert Level experienced in Wireshark for network analysis purposes and to Analyze packet traces.
Configure Security Profiles such as Antivirus, Anti malware, Threat Prevention, Vulnerability
Configured WAF is an appliance, and server plug-in, applying a set of Rules to an HTTP port 80
Developed several SolarWinds dashboards to provide key insight to chief executives.
Handled content distribution and data transfer and implementing content delivery network over Amazon Cloud Front using Amazon WAF
Experience with using SNMP and Network Performance Monitoring tools (Solarwinds) to maintain network
Creating process documents for various security tools like Source Fire, Fortinet Firewall, Pulse VPN appliance, Blue Coat proxy etc.
Provided technical support, integration, and configuration Cisco Meraki switching, Cisco ISE, Aerohive Wireless LAN, network monitoring software, and User based authentication such as 802.1x
Monitor network performance by proactively utilizing monitoring and analysis tools. (Solarwinds, Netwrix, Logic Monitor)
Focused on working with Cisco Channel partners to build practices around Cisco ACI.
Lancaster General health, Lancaster, PA Mar 2014 – Aug 2017
Sr. Cloud Network Security Engineer
Responsibilities:
Responsible for Internal and external accounts and, managing LAN/WAN and checking for SSL Security Settings of the networking devices (Cisco IOS, Router, switches) coordinating with the system/Networking administrator during any major changes and implementation.
Managed network connectivity and network SSL Security, between Head offices and Branch office.
Implemented Secure Remote VPN for high speed remote access.
Implemented & troubleshooting of complex of WAN, LAN, VLANS, private VLANS, high availability solutions like HSRP, VRRP, GLBP, ether channels, site – to- site VPN, access control lists NAT, PAT, routing solutions etc.
Installed and Configured DNS server and Checkpoint Firewall with IPS feature in Internet Edge.
Education:
Bachelor’s in Computer Science from Northeastern Illinois University, Chicago, Illinois
Certifications-
CCNA
CCNP
Contact this candidate