Palo Alto Access Control
Resume:
M. Srikanth
Mobile : 646-***-****
E-Mail ID : ********************@*****.***
SUMMARY
11+ years of experience in Planning, designing, Implementing, Configuring, troubleshooting, upgrade/maintenance of Cisco, Palo Alto, Juniper, Checkpoint, Big F5 Products with deep understanding of application level security
Excellent analytical and logical skills in understanding complex designs, amend issues in documentation
Created and executed documentation for process and procedure improvements to streamline and optimize work performance
Experience in configuring Cisco & Juniper routers/switches, Security products working in multi-vendor environment
Experience in IP Routing with BGP, OSPF, EIGRP, ISIS.
Designing schemes for IP Addressing & Subnetting
Expertise in Designing, Implementation, Troubleshooting of LAN/WAN architecture
Strong troubleshooting experience on Cisco Devices
Expertise in Routing & Switching on Cisco CRS 1, CRS 3, GSR 12k, ASR 9k, Nexus 9k/7k/5k/2k, Catalyst 6500, Juniper T640, MX960, M320 etc
Good experience with Layer 2 and Layer 3(L2 & L3) Switching
Proficient in Layer 1/Layer 2/Layer 3 troubleshooting
Experience in configuring IP Multicast routing, Spanning Tree (STP 802.1D), Port security, BPDU Guard, Portfast, VTP, DTP, FHRP, HSRP,VRRP, GLBP, Dot1Q/802.1Q, Native VLAN, Ether channel (LACP, PAGP), VLAN, Private VLAN, VXLAN, NTP, VPC, VDC, FEX, VSS, Fabric path, OTV, Qos, RADIUS/TACACS+, AAA, BFD, ECMP, Access Lists, Redistribution, SONET, T1/T3, NAT, PAT, DNS, DHCP, Policy Based routing, Metro ethernet
Experience in implementing MPLS-VPNs(L2 & L3), VRF's, DMVPN, IPSec VPN, GRE VPN, mGRE, Easy VPN, Web VPN, SSL VPN (Client and Clientless), EVPN, NHRP, DWDM
Protocols : IPv4, IPv6 TCP/IP, UDP, OSI, VLSM/CIDR, ARP, Proxy ARP, CDP, SNMP, Telnet, SSH, FTP, SFTP, TFTP, SCP, SMTP, HTTP, HTTPS, SSL, SNMP, DNS, DHCP, LDAP
Experience with Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Identity Services Engine (ISE)
Experience in security with various firewalls like Cisco ASA/PIX, Palo Alto, Azure, Checkpoint, Juniper(SRX/Netscreen)
Configuring and deploying multiple vendor firewalls like Palo Alto, FortiGate, Juniper SRX and ASA firewalls
Experience with maintenance and deployment of Palo Alto firewalls
Hands on knowledge on Big F5 load balancers, its methods, implementation and troubleshooting on LTM and GTM
Hands on experience working in data centres
Good experience with 802.1x and Network Access Control (NAC)
Experience with voice protocols like H.323, MGCP, SIP and SRST & SIP Trunks
Expertise with Microsoft Office, Office 365, MS Visio, Excel, SharePoint
Good understanding of the Cisco Wireless LAN(WLAN) Controllers
Maintaining Firewall products and firewall auditing
EDUCTAION
Bachelors in Electronics & Communication Engineering- JNTUH, Telangana, India 2012
Master of Science in Electrical Engineering - Wichita State University, Kansas, USA 2014
TECHNICAL SKILLS
LAN Technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, VLAN’s, VTP, DTP, MLS, STP/802.1D(Port fast, Uplink fast, Backbone fast, Root Guard, BPDU Guard), CST, PVST, PVST+, RSTP(802.1w), RPVST+,MST(802.1s), Port Mirroring, EtherChannel/Link Aggregation (PAGP, LACP), Inter VLAN routing
WAN Technologies
ATM, Frame Relay, ISDN, MPLS(LDP/TDP/RSVP), PPP, HDLC(PAP &CHAP), T1/T3, DS1, DS3, OC 192
IP Routing Protocols
BGP, OSPF, IGRP, EIGRP, RIP, IS-IS
Wireless
802.1 a/b/g, WLANS, 802.1X, 802.11i, WPA/WPA2, WEP VOIP SIP, RTP, H.323, MGCP
Switches
Nexus(9k,7k,6k,5k,2k), Catalyst(6500/4500/3750/3650/2960),3550, 2900, Juniper MX480, MX 240, MX 104, MX 80, MX 40, MX5, EX 2200, EX 4200, EX4300
Security
Cisco(PIX/ASA),Checkpoint(R71/R75),Palo Alto(2000/4000/7000), Juniper (SRX/Net screen), IPS, IDS, ISE, Wildfire, Threat Prevention
Load Balancer
Big F5 LTM/GTM(3900, 6900,8900), APM, ASM
Network Tools
Palo Alto Global Protect, Panorama, Checkpoint SDM, Juniper NSM, CyberArk, TUFIN, Firemon, Firepass, Infoblox, Splunk, Service Now, Cisco Prime/Cisco Works, Putty, SecureCRT, Solarwinds, ServiceNow
Servers
MS Server 2003, 2008 & 2012, Exchange, Active Directory, Certificate Authority Services, DNS Servers, WINS Servers, Mail Servers, Proxy servers
Operating Systems
Cisco(IOS, IOS-XR, NX-OS, CatOS), Junos, Linux, Solaris
Certifications
CCNA
CCNP
Work Experience
Credit Agricole, New York Jul 2023 – Apr 2024
Network Security Engineer
Upgrading Solarwinds from 2020.x.x to 2023.x.x
Troubleshooting bandwidth utilization issue on Solarwinds.
Monitoring interfaces, bandwidth, alerts, networking devices on Solarwinds monitoring tool.
Creating and implementing firewall policies on Fortinet and checkpoint firewalls.
Upgrading firmware on Fortinet, Fortimanager and checkpoint firewalls
Auditing Firewall policies for compliance
Creating VIPS, Pools, and configuring load balancing methods on F5
Troubleshooting L1, L2 network issues
Troubleshooting issues on MCafee web gateway proxy server.
Performing IOS upgrade on Cisco switches and routers
Creating DNS and host entries with Infoblox
Troubleshooting Pulse VPN issues.
Geico, Chevy Chase, Maryland Jan 2020 – Jun 2023
Senior Network Engineer
Experience with communicating with different customers, IT teams in gathering details for the project.
Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & EIGRP (route redistribution, route-maps, offset-lists, prefix lists, route summarization, route-feedback, BGP attributes) on Cisco Routers 7613, 7201
Experience working on Cisco Nexus data centre infrastructure with 2000, 5000 and 7000 series switching by enabling networked devices to communicate effectively.
Hands-on knowledge in configuring cisco 3500, 4500 series switches to implement information sharing and resource allocation for increased productivity.
Automated network implementation and tasks and designed monitoring tools using python scripting.
Configured networks using routing protocols such as OSPF, BGP and manipulated routing updates using route-map, distributed list and administrative distance for on-demand infrastructure.
Experience configuring VPC, VDC and ISSU software upgrade in Nexus 7010
Migrated firewall policy configuration from checkpoint, Juniper to Palo Alto firewalls.
Remote access and site to site VPN configuration and administration on Palo Alto firewalls
Configured security policies including NAT, PAT and VPN, route-maps, access control lists.
Hands on experience on Big F5 Load balancers, its methods, implementation and troubleshooting on LTMs and GTMs
Dealt with creating VIP (virtual servers), pools, nodes and applying iRules for the virtual servers like cookie persistence, redirection of the URL on Big F5
Hands on experience testing iRules using Browser (IE), HTTP watch on Big F5
Migrated multiple sets of Big F5 LTM devices from version 10.x to version 11.x operating systems.
Rockwell Automation / HCL America, Milwaukee, Wisconsin Jan 2017 - Dec 2019
Subject Matter Expert/Network Security Engineer
Working on Incident management and change tickets using ServiceNow Management tool.
Implementing security Solutions using Palo Alto Pa-5000/3000, Cisco ASA, Checkpoint firewalls R75, R77.20.
Managing and deploying Azure firewalls on the cloud environment.
Analyse and resolve escalated problems. Also act as a mentor for the support staff in aligning their technology and non-technology skills to best suited environment being supported.
Assess firewalls policies, architecture & provide recommendations for improvements.
Worked with Cisco Layer 3 switches 6500, Cisco Nexus 9396 and 7010 with the use of inter-VLAN routing, 802.1Q trunk, ether channel
ISIS/BGP/OSPF configuration, troubleshooting within the LAN and WAN, implemented MPLS.
Upgrading circuits on ASR 9k (IOS-XR) boxes.
Running scripts to make changes on ASR 9k IOS-XR devices.
Involved in the replacement of hardware break fix activities on ASR 9k (IOS-XR) like replacement of line cards, fans, faulty sfp’s, troubleshooting connectivity issues, and monitoring the environment of the boxes which may include fans, power supply, temperature etc.
AAA server management, user database management, configuring privilege level and command authorizations using TACACS+ protocol. .
Creating implementation plans and scheduling changes on Panorama and Palo Alto, checkpoint, juniper firewalls.
Configuring high availability, and BGP routing in Palo Alto firewalls, Monitoring Panorama for critical alerts, Configuring URL filtering policies, configuring express routing in Azure based NGFW.
Experience with Palo Alto and checkpoint firewalls with next gen firewall features that includes app id, threat id, URL filtering, user id, SSL decryption.
Implemented Palo Alto 7050 Firewall in HA Pairs as an internet firewall, configured rules and Zones based on traffic. Creation of policies/rules based on requirements of the users.
Involved in upgrading Palo Alto firewalls, Panorama for 6.x.x version to 7.1.11, 8.xx OS version.
Worked on critical break fix activities on Azure firewalls and upgraded the OS versions successfully.
Migrated checkpoint and Juniper firewalls to Palo Alto firewalls.
Creation of Pools, Pool members and configuring load balancing methods on the Big F5 load balancers
Involved in the upgrade of Big F5 LTMs. Renewing Certs on as needed basis
Participation in disaster recovery exercises and providing inputs for disaster recovery teams and helping narrow down the loopholes.
Migrated the SAP environment from one Data Center to the another with no outage.
Migration of critical Core Data Center firewalls involving SAP environment
Replacement of faulty NIC cards for Data Center Palo firewalls.
VPN policy configuration, administration, and troubleshooting
Performing necessary health checks on CISCO ISE on a regular basis. Creating user profiles for Wi-Fi access to guests.
Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS, TACACS+, 802.1x posture compliance policies and controls and remediation processes:
Fetching reports from firemon and running through the reports to fulfil the audit requirement.
Decommissioned Firemon as part of security compliance during migration to TUFIN.
AT&T, Saint Louis, Missouri July 2014 - Dec 2016
Network Engineer / Network Support Engineer (NOC)
Ability to work independently and work as part of Deployment teams and NOC team(Network Operations center), following established guidelines.
Responsibilities included Writing, Verifying MOPs(Method of Procedures/templates).
Responsibilities include providing real time in-depth analysis and real time trouble resolution of incidents associated with the CISCO, Juniper, and associated Operations Support Systems, and Data Communications Network Technology platforms.
Responsible for management of the interoperability between Cisco and Juniper Layer 3 Platform, through the use of alarm and ticket systems, individually designed customer scripts, customer notification, and Business Partner escalations.
Working closely with Cisco tac in ordering RMA’s, tracking them and getting the hardware replaced.
Hosted/Managed bridge calls for maintenance independently by engaging/coordinating with Onsite Operations team, Security team, DevOps team, testing team, and various other teams.
Experience working on various Cisco platforms which include Nexus (7k,6k,5k,2k), ASR 9K, GSR 12k, CRS 1, CRS 3 and Juniper platforms which include M320, T640, MX 960.
Configured BGP and OSPF on Juniper (CE/PE) and Cisco (P/Core) routers for the performance testing of MPC7e/MPC5 line cards supporting the SDN Contrail Controller.
Implemented & Optimized SOPs for VNF / SDN issues resolution.
Implemented changes on ASR 9k, CRS, 12 k routers (IOS –XR) successfully via scripting without any issues.
Replacing line cards and troubleshooting any network issues on CRS1, CRS3, GSR 12k (IOS-XR)routers.
Configuring and installing MPLS WAN circuits on Cisco CRS-1, CRS 3 (IOS-XR) routers.
Breaks fix activities involving replacement of fabric cards, power supplies.
Maintenance of Nexus 7K Software and Hardware upgrades for various Data Centers.
Software, Code, EPLD and Supervisor Hardware Upgrades of Nexus 7K Switches.
Nexus 7010 Line Card, Memory Card/RAM, Fabric Card Upgrades.
Nexus 7K F2 to M2, M1 to M2, 40 Gig & 10 Gig Line Card Upgrades.
Troubleshooting Line cards, Hardware modules, Fabric cards, Fans, Memory issues after Software and Hardware Upgrades, verifying light levels and interface status.
Configuring & Troubleshooting VLAN, VLAN Trunking, VTP, MSTP, VRF, LACP, Bandwidth, OSPF, BGP, HSRP, VRRP, Prefix Lists, Access lists on Cisco and Juniper Routers/Switches.
Configured VPC, VDC on Nexus switches.
Involved in Replacement of FPCs, PICs on Juniper M320 and T640 routers.
Resolving trouble tickets and customer issues by working the ticket queue on monitoring tools like ITL.
Running test scripts before and after every maintenance on several routers/switches to ensure they are in good health, troubleshooting and fixing issues in case of failures.
Wichita State University, Wichita, Kansas Aug 2013 to May 2014
Network Admin
Configured, implemented, and supported virtual desktop infrastructure and wireless networks using Linux systems.
Analysed network environments and identified potential hardware and software enhancements to improve network performance.
Provided technical support for help desk staff and the IT team, which included troubleshooting complex networking issues.
Contact this candidate