It Infrastructure Palo Alto

Avinash Vishwas Viswanath

Mobile: +1-630-***-**** email: ad5vyy@r.postjobfree.com

Naperville, Chicago, IL www.linkedin.com/in/avinash-vishwas Summary

I am an experienced Network Manager having 12 years of experience in IT infrastructure, with a proven track record of success in network security and administration where my skills and experience can make a positive impact on the company’s IT infrastructure and growth. With a capability to work independently or as part of a team, can demonstrate excellent troubleshooting and problem-solving skills. Technical Skills

Network Security:

• Palo Alto Firewalls, Cisco ASA, IPS, FMC and FTD, Bluecoat/Symantec WSS, CISCO Umbrella SWG.

• Security technologies: NAT, ACL, DLP, Port security, IPsec, GlobalProtect and Anyconnect VPN. Administration & Management:

• Panorama based Prisma access SASE cloud infrastructure and firewall, Cortex Data Lake.

• Windows servers, AD, TACACS, RADIUS, LDAP, OKTA, Symantec VIP access MFA, FTP, TFTP, SNMP, Syslog, DHCP, DNS, Secure Web Gateway.

• Good knowledge of ticketing system like Manage Engine with adherence to SLA and provide timely resolution, Change Management and Incident Management in compliance with ITIL Process.

• Enterprise console like PAM360, CyberArk, Tenable Nessus, Thousand Eye and OpManager.

• Managed a team of 5 and an office location consisting of 500+ users, IT Operation and network infrastructure, information security and audits, escalation management from client and inhouse teams. Routing:

• Hardware: Cisco C9000, 2800 series router, Viptela vEdge.

• Routing technologies: Static, BGP and OSPF.

• Load balancer: Radware link proof 108 load balancer.

• WAN technologies: VIPTELA SD-WAN, MPLS, P2P and Internet leased line. Switching:

• Hardware: Cisco Catalyst series 2000, 3000, 9000 and 4500 series, Brocade BR-VDX6740

• Switching technologies: STP, PBR, RSTP, VTP, VLAN, FHRPs (HSRP, VRRP), and Ether Channel. Operating Systems and tools:

• Networking Tools: Syslog Analyzer, Patch view, Http HAR viewer, WinMTR and Wire shark.

• Operating Systems and tools: Windows, Ubuntu, Libre, MS Office and Visio. Projects

• Implemented Palo Alto’s PRISMA Access SASE cloud-based solution in POC and production environment including network design. Prisma access consisting of service connection (5+ DC), remote connection (10+ sites), secure inbound and mobile users (5000+) Global Protect VPN with URL filtering, OKTA MFA and certificate authentication integrated, syslog managed in CORTEX Data lake (CDL) and forwarded to SIEM.

• Palo Alto Panorama migration from M-100 to M-200 with firewall PAN-OS upgrade, policy and license migration including cloud plugin activation for Prisma access.

• Implemented AWS-based CISCO firewall Management Center (FMC) for centralized management for FirePower Threat Defense Firewalls (FTD) and ASA based Sourcefire (SFR) IPS modules.

• Implemented CISCO Meraki SD-WAN for branch office and remote user and CISCO Umbrella with SWG.

• VIPTELA SD-WAN implementation at multiple branch offices and connecting AWS VPCs and TGW.

• Implemented BlueCoat/Symantec web security service in forwarding/explicit mode of proxy.

• Worked on IT infra setup for new location accommodating 350+ users and office space expansion for 200+ users with datacenter setup including rack, panel cabling, and monitoring device setup and mounting. Professional Experience

Infosys Ltd, Richardson, Tx, USA (Jan 2024 – March 2024) Role: Lead Consultant

• Managing Palo Alto Prisma Access SASE cloud infrastructure, including Global Protect VPN for 20k+ mobile users across multiple geolocations, service connections to 5+ data centers and remote connections to 100+ branch sites.

• Cortex Data Lake log management and Strata cloud manager for monitoring Prisma Access Infra.

• Managing Palo Alto Panorama based 50+ firewalls in On-prem and AWS environment, adhering to the security best practices. Including License, inventory, resource forecast and support management.

• Managing Palo Alto Panorama Template and device groups, security, NAT, PFB and decryption policies. Wildfire, App-ID, content-ID, user-ID, URL filtering and Anti-virus profiles including troubleshooting.

• Provide 24x7 L1/L2 support and manage offshore team. Perform firewall changes and access provisioning.

• Participate in access related troubleshooting activities in collaboration with other teams.

• Remediate any vulnerabilities on the firewall, Policy management, VPN, PANOS upgrade and bug fix.

• Firewalls rules review and rationalization. Manage operator tasks, such as system backup, restore, reset etc. ArkTek IT Solutions, Chantilly, VA, USA (Sept 2023 – Jan 2024) Role: Principal Engineer

• Managing and remote deployment of Palo Alto firewalls via Panorama Template and device groups, security, NAT, PFB and NAT pre/post policies with Wildfire and URL filtering profiles.

• Palo Alto Prisma Access and management, including Global Protect VPN for remote users, service and remote connections to data center and branch office.

• Checkpoint, CISCO FMC, FTD, ASA, Umbrella DNS with SWG and Anyconnect VPN.

• Addressing Vulnerabilities, IOCs, patch management adhere to change management and approval process.

• Managed datacenter scheduled preventative maintenance and annual shutdown.

• Coordinating with TAC for support and OEM partners for RMA, Documenting ticket updates and all records, including uptime reports, warranty certificates and coordinating with AMC vendors for renewals. Acuity Knowledge Partners, Bangalore, India (Nov 2019 – Aug 2023) Role: Principal Engineer

• Configuring and managing Palo Alto firewalls (PA-850, 3050 and VM series) with Panorama (M-200), CISCO FPR 2100 series ASA/FTD with FMC. Including OS upgrade and vulnerability management.

• Managing Palo Alto Panorama Template and device groups, security, NAT, PFB and NAT pre/post policies. Wildfire, URL filtering and Anti-virus profiles including advanced troubleshooting.

• Palo Alto Prisma Access management with End-to-end support, including Global Protect VPN for remote users, service and remote connections to data center and branch office.

• Monitoring and investigating threats using checkpoint firewall, CISCO Source fire IPS SNORT and syslogs.

• Configuring and managing CISCO catalyst switches and routers with hands on experience in catalyst 9000 series L3 switches and 2800, C8000 series Router.

• Cisco Catalyst Center (DNAC) based policy creation, monitor network performance and manage hardware/software lifecycles.

• Network device hardening as per CIS standards using NESSUS Tenable, OS upgrades with approved versions and hot fixes, SIEM Syslog actions on investigating IP hits and threats, VAPT and its fixes.

• Symantec Bluecoat WSS URL filtering and CISCO Umbrella DNS protection with SWG.

• Worked on client/internal IT audit requirements including ISO 27001 and SOC 2 related.

• Monitoring inter-office P2P, ILL and MPLS links of multiple locations using OpManager and other Network monitoring software to ensure zero downtime during production hours.

• CISCO VIPTELA SD-WAN, Radware link proof appliance with multiple internet leased lines services.

• Acting on security advisories and related IOC blocking at endpoint and gateway devices. Moody's Analytics knowledge services, Bangalore, India (Dec 2017 – Oct 2019) Role: Lead Engineer

• CISCO firewall Management Center (FMC) for centralized management, ASA 5500 series firewall, Sourcefire (SFR) IPS modules. ACL, NAT, DMZ, IPS signatures, SSL single domain certificate for Anyconnect VPN hosting. Device IOS upgradation and vulnerability management.

• Configuring and managing CISCO catalyst switches and routers, VLAN, Trunk, ACL, Port-channel.

• Managing Bluecoat proxy for URL filtering for both On Prem and remote users. Policy and access management including SSL interception and troubleshooting.

• CISCO Anyconnect VPN with Symantec VIP access two factor authentication, deployment, user mapping.

• Network device hardening as per company policy, Syslog management and analysis for network devices like CISCO ASA and investigating IP hits and threats.

• Implementation of internet facing firewall using Checkpoint 21400 firewalls as perimeter firewall and configuring Nat and threat prevention policies.

• Worked on VMware ESXi hypervisor for mounting images and hosting services.

• Acting on security advisories and related IOC blocking at endpoint and gateway devices.

• Network device IOS upgrade, maintaining complete Hardware/Software inventory and license management.

• Working on service requests and change managements using Manage Engine Service desk plus ticketing system, this is also used for logging and maintenance of user requests/tickets.

• Implementation and audit documentation, report and dashboard generation of SCCM based monthly patch management, various link utilization and its uptime.

• Worked on design and configuration of all Global sites for HPE using Checkpoint 5400 and 15400 Firewalls with enabling IPS, URL filtering, Application Control and Threat emulation on multiple Firewalls. Copal Amba, Bangalore, India (Aug 2014 – Nov 2017) Role: Network Engineer

• Configuring and managing CISCO switches and routers including IOS upgrade, Port-channel and Trunk.

• Creating and managing VLANs and ACLs. Access control with respect to various team requirements like FTP and Citrix external access allowed in ASA and Web filter.

• Monitoring entire network’s inter-office links, internet lease lines and MPLS links of multiple locations

(branch offices) using tools like SOLARWINDS and other Network monitoring software to ensure zero downtime during production hours.

• Managing CISCO UCS server and products like Jabber, meeting place and WebEx.

• Load balancing and redundancy using Radware link proof 108 with multiple internet leased lines services.

• Managing AD user group and OUs. User creation, printer configuration and folder sharing.

• L2 and L3 level troubleshooting with remote support and providing solutions for issues with respect to networking, windows applications and Citrix client support.

• Documentation, report and dashboard generation of various link utilization and uptime.

• Worked on client/internal IT audit requirements. Vendor Management for the various IT related activities such as ISP, Service Request, Supplies, AMC, Support related services etc. Amba Research, Bangalore, India (Feb 2012 – Jul 2014) Role: IT Consultant

• End-user remote support and troubleshooting for Networking, hardware/software and Windows operating systems issue with minimum downtime during production.

• Installation, configuring and managing CISCO switches and routers as per the requirements.

• Monitoring network using PATCHVIEW and SOLARWINDS Network monitoring software to ensure zero downtime during production hours.

• Data backup management, McAfee antivirus epo, agent and DAT maintenance.

• Documentation, report generation of various link utilization and uptime in weekly and monthly basis.

• Inventory and Vendor management with respect to Networking, Hardware, Software and coordinating with Service provider in case of various link issues.

• Project: Implemented Microsoft LAPS for local user account password management. Enforcing via group policy and updating attribute in AD where computers are in respective domain. CLOUDLYTE Technologies, Chennai, India (Nov 2011 – Jan 2012) Role: Apprentice

• Worked in web designing and development using HTML, CSS and PHP technologies.

• Worked in Photoshop CS5 for webpage templates design, Eclipse IDE for PHP Programming and XAMPP for MYSQL database table creation and modification. Academic Profile

• B.E in Electronics and Communication from M.V.J College of Engineering, Bangalore, Visvesvaraya Technological University, June 2011.

• PUC in Science from Stracey Memorial PU College, Bangalore, Karnataka State Board, March 2006.

• SSLC from Stracey Memorial High school, Bangalore, Karnataka State Board, March 2004. Professional Awards

Pride of Acuity, 2021. Employee of the year awarded in recognition towards demonstrating excellent proficiency and determination in areas key to organization’s success – IT Dept.

Contact this candidate