Security Engineer Network
Resume:
Devanshi Charadva
Senior Network Security Engineer
California• +1-510-***-**** • *************@*****.***
WORK EXPERIENCE
As a Network Security Engineer with over 6 years of experience, specializing in network installations, configurations, testing, and optimization of enterprise data networks and service provider systems. Key achievements include cleaning up legacy firewall policies and migrating to Palo Alto firewalls (PA-5410, PA-5280, PA-7050), administering Fortinet FortiGate firewalls (1000F, 1800F), and managing Cisco routers (7200, 3800, 3900, 2800 series) and switches (6500, 3750, 2960s, Nexus 5000, 2000, 7000 series). Experienced in deploying Cisco ASA firewalls in AWS, configuring F5 Big-IP load balancers, and leveraging monitoring tools like SolarWinds, Wireshark.
Certifications:
Cisco Certified Network Associate (CCNA)
Skills:
Data Center
Nexus 9K, 7K, 5K, 2K and 1K and Arista switches
Networking Concepts
Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPSec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi
Firewall
Palo Alto (7080, 7050, 7000, 5430, 5060, 3020), FortiGate (3000F, 3200F, 3500F, 7121F, 6500F), ASA Firewall (ASA 5540, 5500, 5555-X), Juniper SRX (240) Fortinet, Access Control Lists, IPsec, IDS and IPS.
Network Tools
Solar-winds, SNMP, Cisco Works, Wireshark
Load Balancers
Cisco CSM, F5 Networks (Big-IP)
Security Protocols
IKE, IPSEC, SSL-VPN
Operating System
Windows, Linux/Unix
Sr. Network Security Engineer Toyota Motor North America, Plano, TX Mar 2023 – Present
Responsibilities:
Maintained network posture with Fortinet FortiGate firewalls 6300F, 6500F, and 7081F appliances.
Successfully integrated Fortinet firewalls with VLANs to establish secure communication channels between different network segments.
Actively administered FortiManager 7.0 to centralize and streamline configuration management.
Implemented FortiAnalyzer for comprehensive log analysis, reporting, and threat intelligence.
Implemented and maintained Fortinet's Intrusion Prevention System (IPS) to proactively identify and block malicious activities, enhancing overall network security posture.
Worked on security policies on Palo Alto Firewalls, including URL filtering, threat prevention profiles, anti-spyware, antivirus, and file blocking.
Using the Palo Alto Panorama M-100 management server to expedite configuration and monitoring, coordinated centralized administration of Palo Alto firewalls, including PA-7080 and PA-5420 models, was carried out.
Configured and deployed Palo Alto Networks 5250 Next-Generation Firewalls to strengthen network security, guaranteeing thorough defense and effective administration.
Set up rules and performed proactive maintenance on Palo Alto firewalls, which included analyzing firewall logs using a variety of tools to find and handle security-related events.
Worked in tandem with Palo Alto firewalls, including PA-3410 and PA-5220, by employing Panorama servers to monitor traffic flow and apply modifications, thereby guaranteeing efficient firewall administration and security enforcement.
Configured and optimized inter-VXLAN routing on Cisco Nexus 9000, 7000 switches, allowing communication between VXLAN segments while maintaining logical isolation.
Design and implementation of security infrastructure for client focusing on Cisco firepower and ASA suite of products.
Managed software upgrades and updates for Cisco Nexus 9000, 7000 series switch.
Deployed and managed Cisco Nexus NX-OS software updates and patches, ensuring a secure and up-to-date network infrastructure.
Implemented security solutions in Juniper SRX 380, SRX 2300, and Net Screen SSG firewalls.
Configured, Maintained, and Troubleshooted dynamic routing protocols including BGP, OSPF, EIGRP, and RIP on a range of Cisco routers, including 7613, 7201, and 3945E, ensuring optimal routing and network efficiency.
Maintained detailed documentation of router configurations, network topology, and troubleshooting procedures.
Experience in configuring and managing a diverse range of Cisco routers, encompassing models such as Cisco 2900, 3900, 7200, and ASR series, to ensure optimal performance and network functionality.
Managed user authorization on Cisco ISE using protocols such as PEAP and EAP-TLS, overseeing and monitoring users' access privileges for optimal network security.
Played a key role in integrating Infoblox with SIEM solutions, resulting in improved network visibility and strengthened capabilities for detecting and mitigating potential threats.
Design and Implementation of 802.1xwired/wireless user Authentication using Cisco ISE radius Server.
Conducted regular network security audits using ISEC tools (or relevant vulnerability scanners), actively identifying and mitigating security weaknesses to uphold a resilient and secure network infrastructure.
Responded promptly to user queries, efficiently resolving login/authentication issues, executing password resets, and addressing Active Directory-related incidents to maintain uninterrupted access for end-users.
Configured and managed ADFS to enable single sign-on (SSO) for external applications and services.
Implemented Cisco ACI Multi-Pod architecture to scale and enhance flexibility in expansive data centre environments, optimizing resource utilization and connectivity.
Monitored the performance of SD-WAN infrastructure, regularly conducting health checks, and employed analytics tools within vManage for proactive troubleshooting and continuous performance optimization.
Implemented security measures in the SD-WAN environment, including encrypted tunnels (IPsec), segmentation, and centralized policy enforcement, fortifying data protection.
Implemented F5 iRules for streamlined, template-based application deployment, automating the provisioning of application services across the VIPRION platform and simplifying the management of complex application architectures.
Collaborated closely with application teams to troubleshoot and resolve issues related to application delivery and performance on the F5 VIPRION 2400, 4400, 4800 platforms, implementing monitoring and diagnostic tools to ensure optimal functionality.
Designed and configured Azure Virtual Networks (VNets), subnets, Azure network settings, DHCP address blocks, DNS settings, security policies and routing.
Implementation of file transfer systems using FTP, NFS, and SSH (SCP) in Linux environment.
Hands on experience on the automation framework using python scripting.
Utilizing Azure AD limited access services in conjunction with Azure Multi-Factor Authentication (MFA) improves security and privacy for cloud-based resources.
Designed and implemented security policy and access control using Cisco ISE, Cisco FirePower, Cisco Umbrella, Cisco AMP, and (Advance Malware Protection).
Integrated F5 VIPRION seamlessly with a range of technologies, including firewalls, web application firewalls (WAFs), and intrusion prevention systems (IPS), bolstering the overall security posture and ensuring thorough threat mitigation.
Showcased a strong command of Arista products and EOS, actively working with series such as 7500E, 7300, and 7200 to implement and manage network solutions effectively. (Secondary Data Center).
Employed AWS Direct Connect to fulfill compliance and data residency requirements, ensuring the secure retention of sensitive data within dedicated network connections.
Development of Python extensions for reading and assessing protected log data from devices has resulted for forensic analysis and recovery attempts.
Created subnets to allow for both present and future network expansion and addressing for both IPv4 and IPv6 network devices.
Implemented AWS Transit Gateway to streamline the network architecture, facilitating scalable connectivity between Virtual Private Clouds (VPCs) and on-premises networks for enhanced efficiency.
Automated network provisioning and configuration management using tools like Ansible to achieve consistent and repeatable deployments.
Monitored and optimized network performance using advanced Windows Server tools and third-party solutions, identifying and resolving bottlenecks.
Worked on complex network automation workflows with Ansible puppet to streamline and automate routine tasks.
Employed Cisco Meraki Heat map to analyse client traffic trends, guiding decision-making processes. Successfully upgraded multiple Meraki firewalls, switches, and access points to their latest stable versions.
Network Security Engineer Collins Aerospace, Charlotte, NC Nov 2020 – Feb 2023
Responsibilities:
Monitored LSVPN traffic patterns and performance metrics using Palo Alto’s monitoring and reporting tools, identifying bottlenecks and optimizing VPN configurations for improved throughput and latency.
Used built-in rule optimization tools provided by Palo Alto Network, such as Rule Usage Statistics, to identify unused or rarely matched rules for removal.
To improve threat detection capabilities and strengthen security posture, FortiGate firewalls may be integrated with additional security products, such as FortiSandbox for advanced threat analysis.
Implemented log retention policies on Fortinet firewalls, to ensure compliance with data retention requirements while optimizing storage space.
Successfully resolved complex security incidents and network anomalies by leveraging FortiGate’s real-time monitoring, logging, and reporting functionalities.
Setting up and managing VPN connections, including site-to-site VPNs and remote access VPNs, on FortiGate 3700F, 3500F, and 4400F for secure communication and data transfer.
Resolved account lockout tickets by making the necessary corrections after determining the underlying issues, which may have included expired credentials, incorrect passwords, or brute force assaults.
Worked on Cisco Routers 3000, 4000 and 7200 ASR 1002, 1006, Cisco Catalyst 2900, 3570, 4500 and 6500 Switches.
Configured VLANs (Virtual LANs), Spanning tree protocols, OSPF, BGP, and EIGRP.
Experienced in migrate the conventional remote sites with ISR routers with Viptela SD WAN and achieved elastic network connection through MPLS and internet.
Worked on escalations and activates new turn up for new clients and advance troubleshooting for the SDWAN deployment in both ISP and network infrastructure on both versa and cisco viptela SDWAN solution.
Implemented centralized VIPTELA vSmart controller to intelligently route traffic across the WAN, making it more efficient and cost-effective.
Integrated Cisco Trustsec with threat detection and mitigation tools to rapidly respond to security incidents and prevent lateral movement of threats.
Created and managed ACLs and access policies within Cisco TrustSec, allowing fine-grained control over network traffic.
Worked on various network protocols, including BGP OSPF, EIGRP with hands-on experience in configuring and troubleshooting routing protocols.
Configured VLANs and implement inter-VLAN routing on Arista switches 7000 series to segment and optimize network traffic.
Served a platform for other services that are required within the data center or cloud environment using Cisco ACI.
Managed policy control point for the ACI fabric, provided a graphical user interface (GUI) and API for administrators to configure and manage the network.
Design, implementation and testing of a satellite prototype network incorporating failover scenarios, redundancy, IPv4/IPv6 dual-stack and intrusion detection (IDS).
Worked on Cisco Nexus 9K family of switches whose hardware is based on Cisco ACI and implemented contracts, Multi-tenants between Endpoint groups using SDWAN in ACI.
Worked on network redundancy and high availability solution, such as Cisco ISE node replication and load balancing.
Integrated ClearPass with existing identity stores such as Active Directory (AD), LDAP, and RADIUS to streamline user authentication and access management processes.
Maintaining compliance with administrative and legal safety concerns, the Azure Policy guidelines control asset name and labelling methods.
Implemented DNS failover mechanisms using Infoblox to ensure high availability of services by automatically redirecting traffic to alternate server in case of failures.
Continually upgraded Meraki MR security devices as all store locations and kept current firmware, verified Meraki was upgraded, both circuits were functioning through the Meraki and wireless clients were using the Meraki appliances.
Co-ordinated with the AWS team to integrate AWS Tag Labels into CI/CD pipelines, ensuring unified tagging for cloud-native applications.
Designed network/security solutions and implemented security appliances such as; NGFW& ASA/Firepower, Juniper SRX, PaloAlto and CheckPoint, Cisco ISE, FireEye, Cisco WSA, and Cisco ACS.
Created several AWS Data Migration jobs ordering AWS Snowball edge and moving data from data center of customer into AWS leveraging AWS S3 bucket in a secured manner, data encrypted in transit and at rest.
Developed custom python scripts and Ansible modules to interface with proprietary security systems and handle certain network security requirements.
Designed, deployed, and maintained robust Linux-based network infrastructures, ensuring high availability and scalability.
Developed test scripts using Python and assorted proprietary software tools.
Scripted F5 VIPRION iRules using TCL for automation of routine tasks and configuration changes, automating the creation of new SSL profiles for secure application deployments.
Managed and maintained BIG-IP VIPRION B2150 Blades (A113) situated in VIPRION 2200 Chassis.
Maintained F5 IP pools to ensure proper assignment of addresses to devices and applications.
Used Ansible to automate the patching process for network devices minimizing vulnerabilities and maintain a secured infrastructure.
Network Support Engineer Endeavour Health, Buffalo, NY Aug 2018 – Oct 2020
Responsibilities:
Upgraded and patched Checkpoint R77.30 and R81.10 firewalls to the latest firmware versions to address security vulnerabilities and enhance performance.
Designed and deployed a Cisco Identity Services Engine (ISE) solution (Wired, wireless, and VPN users) for a commercial client with converged access switches and cisco ASA firewalls.
Troubleshooting and Configuration of Cisco 5580, 5540, FWSM, firewalls for all the agencies connecting.
Continuously analyzed network traffic, monitoring for suspicious activity and potential security breaches using Cisco ASA’s traffic analysis capabilities.
Monitoring and analyzing network traffic using features on Palo Alto (PA-7000, PA-5000, PA-3000), Application Command Center (ACC) and Traffic Logs to identify security risks and anomalies.
Set up logging and reporting using Cisco ADSM (Adaptive Security Device Manager) to provide insights into network activity, security events, and compliance, allowing for immediate response and informed decision-making.
Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint Secure Platform, JUNOS, and other security products.
Implemented micro-segmentation strategies utilizing Tetration’s policy enforcement capabilities to isolate and secure application workloads effectively.
Deployed F5 BIG-IP 1500 Series (1600 and 1600S) for global load balancing and disaster recovery solutions.
Worked with team on SolarWinds Network Configuration Manager (NCM) to automate device configuration backups, changes, and compliance checks.
Monitored network bandwidth usage and traffic patterns using SolarWinds to optimize network resource allocation and detect anomalies.
Employed Wireshark for malware and intrusion detection, identifying and mitigating security threats through packet-level analysis.
Enhanced network security by implementing network access control lists (ACLs) and security groups in conjunction with AWS CSR instances, effectively controlling inbound and outbound traffic.
Implemented INFOBLOX DNS appliance and run scripts as needed.
Created and configured service profiles within Cisco ACI to define the characteristics and behavior of shared services, allowing for customization and adaptability.
Experience in working on the Quarterly maintenance windows for failover, reboot of Palo Alto firewalls, as well as other security devices.
Worked on Cisco Nexus 7K, 5K, 2K, Cisco ASA firewalls, Catalyst switches (6000 and 8000), Cisco ASR & ISR routers (1000, 2900, 3945, 4500, 7200, 7600).
Worked with Cisco routers such as CISCO-GSR-XR, CRS-16/S and, CRS-8/S.
Used DHCP to automatically assign reusable IP addresses to DHCP clients via INFOBLOX IPAM.
Worked on RSA authentication manager and Cisco NSA (Network Admission control) to authenticate users and devices to the network.
Analyzed network traffic patterns and utilized SD-WAN VIPTELA’s analytics to make data-driven decisions for network optimization.
Configured F5 Wide IP, Pool Load Balancing Methods, Probers and monitors recreating HTTP and HTTPS.
Managing and administering Juniper SRX at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
Ability to troubleshoot complex network issues in the LAN/WAN networks and work with multiple application and system teams to identify bottlenecks in connectivity and other configuration issues.
EDUCATION :
Bachelor's Degree Specialization/Year of Completion/Location: California State University East Bay- Hayward, California
Contact this candidate