Data Center Palo Alto
Resume:
Kovidh Kumar
+1-937-***-**** *************@*****.***
LinkedIn: www.linkedin.com/in/kovidh-kumar-76bb77108
Professional Summary:
Having 10+ years of hands-on experience in Network Engineering, Designing, Integrating, Deploying, Maintaining and Supporting a broad range of Communication Systems. Very good exposure to various networking tools, topologies, multi-vendor equipment and various work environments.
Hands-on experience with Cisco ACS and ISE on RADIUS/TACACS authentication and setting up MPLS Layer 3 VPN cloud in data center with BGP WAN towards customers.
Adept at working on BGP routing protocol, configuring BGP sessions, and troubleshooting on Nexus 1K, 5K, 7K, Juniper MX-960 routers, and Cisco ASR routers.
Integral part of a team designing a new cloud platform for existing legacy applications using Azure technologies, contributing to the new architecture.
Active participation in scrum teams as part of the agile process, contributing to the implementation of security solutions using Palo Alto, Cisco, and Checkpoint firewalls.
Configuration and administration of various firewalls, including Checkpoint, Juniper, and Cisco ASA, with expertise in high availability setups using Cluster XL on Checkpoint.
Experience with Python and Ansible for network automation tasks that include automatic backups, config templates, tasks automation like software upgrades etc.
Hands-on experience with ZCC/ZAPP on endpoints, forwarding and APP profile policies, ZPA APP connector configuration, ZPA Application segments, and policies based on user groups.
Extensive work on both Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA), including configuring traffic forwarding, policies, IDP config, log connectors, migration of users, and troubleshooting.
Proficient in creating documentation for various platforms, including Nexus 7k, ASR9k, and ASR1k, ensuring the successful deployment of new devices on the network.
Expertise in F5, Cisco ACE 4710 Load balancers, with migration experience from ACE to F5 and NetScaler's to F5, showcasing comprehensive knowledge of virtual server, pool, node, profiles (TCP, HTTP, HTTPS, FTP, fastl4), persistence mechanisms (Source IP, SSL, Cookie), SNAT, iRules, iAPP, SSL offloading, and more.
In-depth knowledge of F5 GTM, specializing in DNS, Global-level load balancing, Wide IPs Zones, Prober pools, and Delegation from Windows DNS server to listener IP.
Knowledgeable in a multitude of programming/scripting language
Key contributor to the migration from Cisco IronPort proxies to Zscaler Internet Access (ZIA), actively involved in configuring and troubleshooting various aspects of the migration.
Proficient in traffic forwarding from on-premises to Zscaler Cloud using GRE tunnels and configuring URL categories, Cloud APP control policies, authentication IDP, user group-based policies, SSL inspection, and SSL bypass for ZIA.
Good experience with the network automation using Ansible tool and scripting language Python, C
Expertise in hardware load balancers i.e F5 and Cisco Load balancers and scripting for network automation
Experience in systems programming with understanding of programming concepts and development/scripting skills using, Python, PowerShell, LinuxShell with the ability to pick up quickly.
Extensive knowledge in configuring and deploying Next Generation Firewalls including Palo Alto, Cisco ASA and Checkpoint Firewalls.
Experienced in configuring Nexus 2000 Fabric Extender (FEX) as a remote line card for Nexus 5000 to connect servers and storage devices.
In-depth experience in enterprise and public safety wireless LAN/WAN, Cisco ISE for wireless 802.1x authentication and authorization, and configuration of Cisco Wireless LAN Controllers for network access control integration with Cisco ISE.
Technical Skills:
Load Balancers
F5 (LTM, GTM), Cisco ACE 4710 Load balancers, NetScaler
Network Protocols
TCP/IP, UDP, DHCP, HTTP, OSPF, BGP, MPLS, QOS, VLAN, STP, RIP, ISIS, EIGRP, SUBNET, MULTI-CAST, DNS over TLS (DoT)
Compliance
HIPAA
Zscaler Internet Access (ZIA)
Migration from Cisco IronPort proxies, GRE tunnels, URL categories, SSL inspection, ZCC/ZAPP, ZPA, User-based policies
Documentation
Platform documentation (Nexus 7k, ASR9k, ASR1k), Deployment documentation
Ticketing tool
ServiceNow
Monitoring & Troubleshooting
Wireshark, SolarWinds, CloudWatch, Azure Monitor
Cisco Networking
Nexus 2000 Fabric Extender (FEX), ACS, ISE, MPLS Layer 3 VPN, BGP routing
Cloud Technologies
AWS, Azure platform design
System Administration
Windows Server Administration, Active Directory (AD)
Virtualization
VMware, Hyper-V
VoIp
QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Avaya
Network Security
Palo Alto, Checkpoint (Cluster XL), Juniper, Cisco ASA, Aviatrix
Wireless Networking
Aruba wireless controllers, Cisco ISE for wireless authentication, Cisco Wireless LAN Controllers
Scripting & Automation
Terraform, Python, CloudFormation, Chef
Work Experience:
Apple, Sunnyvale, CA Feb 2023 – till date
Senior Network Engineer
Key Responsibilities:
Designed and implemented network security solutions using Cisco Firepower Management Center (FMC), improving threat detection and response capabilities.
Implemented Cisco Firepower Threat Defense (FTD) solutions, enhancing the organization's ability to protect against advanced threats.
Managed ServiceNow tickets for network-related incidents, ensuring timely resolution and documentation.
Managed the configuration and maintenance of firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs to secure sensitive data.
Streamlined the process of code deployment using Docker and Kubernetes, reducing downtimes in a greater extent.
Architect and deploy scalable network solutions using Terraform, automating the provisioning and configuration of network resources.
Automated network configuration and management tasks, reducing manual effort and minimizing errors.
Automated network operations using Terraform and Ansible, reducing manual configuration time by over 60% and increasing team productivity.
Design and implement cloud network architectures using Terraform and Chef to automate deployment and configuration.
Led the migration of 5+ enterprise-level applications to a hybrid cloud environment, resulting in a 30% cost saving on infrastructure expenses.
Lead the network team in deploying Aviatrix solutions to enhance multi-cloud network performance and security.
Established network monitoring using SolarWinds, enabling proactive responses to issues and a 35% decrease in network-related incidents.
Collaborated on a cloud-based VoIP implementation that supported over 1000 users, improving communication efficiency while cutting costs.
Led the transition to SD-WAN technology, which resulted in a 30% increase in WAN efficiency and reduced operational costs.
Established a robust Zero Trust Security model for the Azure cloud infrastructure that drastically minimized attack vectors for potential breaches.
Experience in F5, Cisco ACE 4710 Load balancers. Migration Experience from ACE to F5 and NetScaler’s to F5. Worked on critical applications on Layer 4 and layer 7 load balancing. Experience with Virtual server, Pool, Node, Profiles – TCP, HTTP, HTTPS, FTP, fastl4, Persistence – Source IP, SSL, Cookie, SNAT, iRules, iAPP, SSL offloading.
Configured and maintained DNS servers, ensuring robust security measures were in place to prevent DNS spoofing and cache poisoning.
Monitored network traffic for signs of DDoS attacks and coordinated with ISPs for mitigation efforts.
Implemented and managed network security solutions to protect against DDoS and spoofing attacks.
Deployed advanced DDoS protection solutions, reducing downtime and ensuring service continuity.
Implemented Disaster Recovery strategies, including regular testing and updates to maintain readiness.
Led data backup and recovery initiatives, reducing recovery time objectives (RTO) by 30%.
Implemented anti-spoofing measures, including IP address validation and filtering, to enhance network security.
Administered VMware virtualization environment, including server consolidation and resource optimization.
Worked on the project to migrate from Cisco IronPort proxies to Zscaler Internet Access, ZIA. Also worked on Zscaler private access to replace SSL VPN for some business units. I worked from scratch in configuring and troubleshooting the following in the migration.
Worked on ZPA Application segments. Worked on Policies for various APP segments based on user groups.
Have hands on experience on Python and Ansible network automation scripting.
Worked on ZCC APP profiles for various endpoints.
Worked on traffic forwarding from on-premises to Zscaler Cloud using GRE tunnels.
Experience with F5 load balancers LTM and GTM and reverse proxy design and setup. Migration from A10 to F5.
Worked on both Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA).
Worked on both ZIA and ZPA on configuring traffic forwarding, Policies, IDP config, Log connectors- NSS and LSS, migration of users to ZIA and ZPA, and troubleshooting.
Managed and secured DNS infrastructure, implementing DNSSEC and other security protocols to enhance DNS security.
Experience with setting up MPLS Layer 3 VPN cloud in data center and working with BGP WAN towards customers.
Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure, QoS, NAT, PAT, and multicast.
Installation and Configuration of Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing.
Experienced working in the scrum team as part of the agile process.
Environment: DNS security, DDoS, Spoofing, LTM, GTM, Cisco, ACE, Virtual server, Pool, Node, TCP, HTTP, HTTPS, FTP, fastl4, SSL, Cookie, SNAT, iRules, iAPP, SSL, Zscaler, Cloud APP, BGP, ZIA, ZPA, Nexus 7k, ASR9k, ASR1k.
Walmart, Bentonville, AR Apr 2020 – Jan 2023
Senior Network Engineer
Key Responsibilities:
Enterprise and Public Safety Wireless LAN/WAN (802.11, Mesh). Implemented Cisco ISE 1.2 for Wireless 802.1x Authentication and Authorization with Flex-Connect
Implementing security Solutions using Palo Alto PA-5000/3000, Cisco 5580/5540/5520, Checkpoint firewalls R70, R75, R77.20 Gaia, and Provider-1/MDM.
Supported the deployment and maintenance of network infrastructure, focusing on automation and efficiency improvements.
Assisted in the creation of Terraform scripts to automate network resource provisioning.
Configuration and administration of firewalls, which include Checkpoint, Juniper, and Cisco ASA firewalls.
Designed and deployed a multi-cloud network architecture using Aviatrix and AWS Transit Gateway to enable seamless connectivity between AWS and Azure environments.
Implemented monitoring and alerting solutions using Terraform to deploy and configure tools like Prometheus, Grafana, and CloudWatch, ensuring real-time visibility into the health and performance of the cloud infrastructure.
Configuring High Availability using Cluster XL on Checkpoint as well as VRRP and monitor the Sync status for tasteful replication of traffic between active and standby member.
Deploy, configure, and support Aruba wireless controller and AP devices globally a direct escalation path for all wireless issues.
Researched, designed, and replaced Checkpoint firewall architecture with new next-generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and URL and application inspection.
Configuring rules, Maintaining Palo Alto Firewalls, and analysis of firewall logs using Panorama.
Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
Exposure to wildfire features of Palo Alto.
Configured and performed software upgrades on Cisco Wireless LAN Controllers 2504, 4404, 5508 for Wireless Network Access Control integration with Cisco ISE.
Upgrading Cisco ISE Appliances Company-wide. Recently rolled out OpenDNS including onsite VM appliances.
Experienced with Cisco ISE and advanced technologies like QOS, Multicasting, MPLS and MPLS-VPN, and Bluecoat proxy server SG.
Fortinet Firewall administration configuration of Fort iGATE 3000, 3815 series as per network diagram
Understand OSPF configuration and authentication settings to migrate routing over to the Firepower platform.
Manage multiple Palo Alto firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
Implementation, Maintenance and Administration of Active Directory (Group Policy, Scripting).
Developed and enforced anti-spoofing rules across the network, significantly reducing the incidence of spoofing attacks.
Deployed and maintained DNS solutions across AWS Route 53, Azure DNS, Google Cloud DNS, and Cloudflare, ensuring high availability and security.
Configured and managed DNS servers using PowerDNS and Microsoft DNS ensuring optimal performance and security.
Automated DNS server deployments and configurations using Ansible and Puppet, enhancing operational efficiency.
Supported hybrid DNS configurations, integrating on-premises and cloud-based DNS solutions for seamless network performance.
Routers: Cisco (IOS and IOS-XR), Juniper MX Series routers, and Nokia (Alcatel 7750, 7950).
Administered Cisco AMP endpoint security infrastructure and monitored endpoints for threats.
Exposure to design and implementation experience primarily on Cisco WSA proxy.
Configuration and Maintenance of Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 series firewalls.
Experience configuring and managing Cisco Web Security Appliance (WSA) in an enterprise environment.
Monitoring Traffic and Connections in Checkpoint and ASA Firewall.
Manage project tasks to migrate from Cisco ASA firewalls to Check Point firewalls.
Policy Reviewing, Audit, and cleanup of the unused rule on the firewall using Tufin and Splunk.
Configuring and troubleshooting site-to-site IPSEC VPN tunnels using Cisco ASA 5540 for third-party connectivity.
Creating objects, and groups, updating access lists on Check Point Firewall, apply static, hide NAT using a smart dashboard.
Installed and configured high availability Big IP F5 LTM and GTM load balancers like 6600, 6800 to provide uninterrupted service to customer applications and monitor the availability.
Identified opportunities for implementation of network best practices, particularly F5 load balancer implementations.
Configuring F5 Load Balancers: Adding virtual IPs, nodes, pools, and health monitoring.
F5 BigIP iRules programming and troubleshooting.
Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
Configuring SNAT, High Availability on F5 BIG-IP appliances SSL termination and initiation, Digital certificates
Migrated from Cisco ASA to Palo Alto firewalls.
Worked with protocols such as Frame Relay, IEEE 802.11 and VLAN, OSPF and BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP, and TELNET.
Configure and Monitor Cisco Sourcefire IPS for alerts.
Provided operational support for network topologies and connections TCP/IP, ATM, VOIP (Voice-over-IP), and MPLS.
Follow information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
Monitor the Intrusion Detection Systems (IDS) console for active alerts and determine the priority of response.
Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN.
Environment: ASA, IPS, WSA, ACS, VPN, IDS, NIST, IPSEC VPN, NAT, ASA firewalls, VLAN, VOIP, QoS, VOIP, DIA, VOIP, TCP/IP, ATM, MPLS, IEEE 802.11, VLAN, OSPF, BGP, DNS, DHCP, FTP, NTP, SNMP, SMTP, TELNET, SNAT, F5 BIG-IP, SSL, Cisco CSS, GTM, NAT, Cisco ASA, WSA, IOS, IOS-XR, IPSEC, SSL VPNs, Palo Alto, Cluster XL.
Alaska Airlines, Seattle, WA Aug 2018 – Mar 2020
Network Engineer
Key Responsibilities:
Worked on Virtual Switching System (VSS) in combination of catalyst 6500 series switches
To secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures
Managing and administering SRX and Checkpoint Firewalls at various zones including DMZ, Extranet (Various Business Partners) ASZ, and internal.
Working with Network Design and implementation teams on various projects related to Brach, Campus, and Data Center.
Single-handedly managing/operating Linux/RHEL/Slackware platforms providing SMTP, POP, DNS, FTP, Apache, proxy, NMS tools (MRTG, Cacti) services and shell scripting in order to automate network /backups.
Designing and deployment of Partner IPSEC VPN tunnels.
Excellent knowledge of RNC/Node-B Scripting, XML Scripting for OSS & router scripts for Cisco/Juniper OAM routers.
Involved in the configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, and BGP v4. Configured IP access filter policies.
Deploying and decommissioning Cisco switches and their respective software upgrades.
Implemented network infrastructure projects, leveraging Terraform for IaC to ensure consistency and repeatability in network deployments.
Converting CatOS to Cisco IOS Config Conversion on distribution layer switches
Experience with manipulating various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation.
Configuration and troubleshooting of Site-to-Site and Client-to-site VPN’s on Cisco PIX/ASA Firewalls and IOS Routers.
Experience configuring Virtual Device Context in Nexus 7010
Experience in Configuring, upgrading, and verifying the NX-OS operation system.
Performed OSPF, BGP, DHCP Profile, HSRP, IPV6, and Bundle Ethernet implementation on ASR 9K redundant pair.
Configured CIDR IP RIP, PPP, BGP, MPLS and OSPF routing.
Configuring and Troubleshooting of Multicasting.
Performing the ACL requests change for various clients by collecting source and destination information from them.
Performed Break Fix support through driving to different buildings, identifying the root cause of the hardware issues with switches, routers.
Created Visio Dean / Visio Documentation to give a complete picture of network design for each building.
Administration Big IP F5 LTM for all Local Load balancing and use GTM for load balancing across Data Centers.
FWSM configurations in single/multiple contexts with routed and transparent modes.
Support Data Center Migration Project involving physical re-locations.
Environment: Smart Utilities, CLI, SRX, DMZ, ASZ, Brach, Campus, Data Center, IPSEC VPN, MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, Cisco, CatOS, Cisco IOS, BGP, MED, Route-Reflector clusters, Route-maps, VPN’s, PIX/ASA, F5, SSL/VPN, CISCO ASA, Nexus 7010, NX-OS, OSPF, BGP, DHCP Profile, HSRP, IPV6, OSPF, ACL, T-Series, M-Series, MX-Series, J-Series Routers, DHCP, DNS, IPAM, GTM.
Bank of America, East Hartford, CT Nov 2016 – July 2018
Network Engineer
Key Responsibilities:
Experience with converting cisco catalyst 6500 switches to Cisco Nexus in the data Center environment
Implemented Active/ Standby HA configuration on Cisco ASA Firewalls.
Configuring Cisco ASA firewalls in Single and Multiple Context Mode firewalls.
Upgrade of Cisco ASA Firewall in Active/Standby mode with no downtime.
Configuring VPN both B2B and remote access SSL and centralized policy administration using FortiManager, building Fort iGATE High Availability using Fort iGATE Clustering Protocol (FGCP).
SDN switches can be used for RGDD via the installation of rules that allow forwarding to multiple outgoing ports.
Firewall Compliance and Rule remediation for compliance such as SAS 70 Audit.
LAN/WAN level 3 support (diagnose and troubleshoot layer 1, 2, 3 problems)
Vlan design and implementation, Spanning Tree Implementation and support using PVST, R-PVST and MSTP to avoid loops in the network. Trunking and Port channels creation.
Firewall Policy Provisioning and troubleshooting connectivity issues through the firewall.
Developed and executed network automation scripts using Terraform and Chef to streamline operations.
Upgrade of Checkpoint Gateways in Cluster with Minimal downtime.
Working on MPLS switches, and routing protocols like BGP, OSPS and EIGRP. Design and Implemented OSPF and BGP on various sites for routing enhancement, high availability and reducing administrative overhead.
Worked on Ansible scripting to perform Network Automation in the infrastructure.
Experienced in troubleshooting various WAN technologies like Frame-Relay, MPLS, T1, DS3 and ISDN.SD
Knowledge of DOS/Terminal functionality, Windows XP/7/8, iOS devices, Unix/Linux, Basic Perl/Python, Nmap, ESXI 5.1, VMware vSphere 5.0, Metasploit with Armitage, Penetration Testing, and usage of Qualys Guard Vulnerability Management/Policy Compliance/WAS/ Asset Management / PCI.
Basic knowledge of Multi-Protocol Label Switching (MPLS), Voice over IP (VoIP), Firewall PIX, Cisco Call Manager and routing protocol BGP.
Experience with Firewall migrations from PIX firewall to Cisco ASA and Juniper SRX firewall appliances
Working with OSPF as internal routing protocol and BGP as exterior gateway routing protocol.
Documentation and Project Management along with drawing network diagrams using MSVISIO.
Environment: CISCO routers and switches, Access Control Server, RIP V2, OSPF, EIGRP, VLAN, Trunk Protocols, CISCO ASA, DHCP, Perl/Python, SDN, DNS, Spanning tree, Nimsoft.
TCS, Chennai, India Oct 2013 – Aug 2016
Network Engineer
Key Responsibilities:
Assisted in the creation and maintenance of Business Associate Agreements (BAAs) to ensure third-party vendors met HIPAA requirements.
Participated in HIPAA compliance reviews and addressed any findings to improve security posture.
Implemented logging and monitoring solutions to track access to ePHI, ensuring compliance with HIPAA auditing requirements.
Responsible for Data Backup, System Update, Recovery and Restore, and Spyware removal.
Assisting Junior and Senior Engineers, on-site management of cable-wiring technicians
Troubleshot problems on a day-to-day basis and documented every issue to share it with design teams.
Implemented and configured routing protocols like EIGRP, OSPF and BGP.
Connected switches using trunk links and Ether Channel.
Responsible for maintenance and utilization of VLANs, Spanning-tree, HSRP, VTP of the switched multi-layer backbone with catalyst switches.
Racking, stacking, and cabling network-based, IT systems
Configuring of IP Allocation and sub netting for all applications and servers and other needs throughout company using FLSM, VLSM addressing.
Troubleshot the issues related to routing protocols.
Perform routine network maintenance checks as well as configure and manage printers, copiers, and other miscellaneous network equipment.
Installing operating systems, software and hardware on computers.
Implemented redundant Load balancing technique with Internet applications for switches and routers.
Support Network Technicians as they require training support for problem resolution including performing diagnostics, configuring network devices
Used Network Monitoring tool to manage, monitor and troubleshoot the network.
Configured Cisco IOS Feature Set, NAT/PAT and Simple Network Management Protocol SNMP and Network Management Technical Plans NMTP for Network Security implementation.
Environment: TCP/IP, Racking, Stacking, VLSM, IP addressing, Sub netting, Routing Protocols.
Certifications:
Cisco Certified Network Associate (CCNA), Cisco Systems
Cisco Certified Network Professional (CCNP), Cisco Systems
CompTIA Security+ Certification (SY0-701) - CompTIA CE
AZ-104 Microsoft Certified Azure Administrator Associate.
Education:
Aditya University, Kakinada April 2013
Contact this candidate