SIVA KISHORE KATRAGADDA
Senior Security Engineer
adzh2v@r.postjobfree.com
Masters in Computer Science (Network Security ~ Servers ~ Load Balancing)
SUMMARY:
** ***** ** IT experience as Network and Security Engineer in configuring and deploying network devices like Cisco routers and Switches, Firewalls, Load Balancers. Troubleshoots connectivity issues in small and large enterprise network environment.
Experience on Checkpoint (GAIA, Splat, IPSO), Cisco, ASA Firewalls, Palo Alto,Fortinet, Juniper SRX Firewalls, F5 Load Balancer,CyberArk, Splunk,Websense,Ironport,Symantec Endpoint,RSA, McAfee,TrendMicro,Tipping point,FireEye, Qualys, Nessus, Unix/Linux servers, Azure/AWS.
Experience on Checkpoint MDS, CMA (R80.30, R80.10, R77.30 versions)
Configured and Managed Cisco Routers 871,1800,1900, 2500, 2600, 2800, 2911
Configured and Managed Cisco Switches 300, 2900, 3500, 4000, 4500, 5500, 6500, Nexus 5K’s,7K’s.
Wireless Controllers WS 2000, 5100, RFS 4000, 7000 and AP 300 and Cisco WLAN 5508, AP 3500.
Routing Protocol (BGP, OSPF, EIGRP, IGRP, RIP), Routed Protocol TCP/IP.
Configured and Managed Palo Alto Firewalls PA-220R,3050,3060, 5050, 5060 and 7080.
Configured and Managed Cisco ASA Firewalls 5505, 5510, 5520 and 5540.
Configured and Managed Juniper SRX 650,3600, 5800, SSG-20 Firewalls.
Experience on Palo Alto Panorama Server M-100,M-600 and managing PA Firewalls and creating
Vsys, V-router, Zones, ACL Policies, URL filtering policies and NAT rules.
Configured and Managed DM VPN, SSL VPN and IPSec VPN on Cisco ASA, PAN, SRX Firewalls.
Hands on experience on configuring and managing F5 BIG IP Load Balancer LTM, GTM, VIPRION,
ASM/WAF, APM.
Configuring VIP profiles, IP Pools, SSL Certificate, SSL Offloading experience in F5 Load Balancer.
Experience on configuring and managing Web Application Firewall (F5-ASM, Imperva) to protect the
web-applications against the OWASP vulnerabilities.
Experience on Exchange/O365 applications, SharePoint
Worked on F5 Local Traffic managers (LTM),Viprion, of series C2400, 6400, 3600
Proficient using the F5 based profiles, monitors, VIP’s, pools, pool members, iRules for virtual IP’s
Involved in scripting the iRules using TCL (Tool command language) and PERL for HTTP redirection
Deployed F5 Enterprise manager of 4000 series for the all cluster devices over the network for easier management of configurations like ssl certificates, disable and enable of nodes states
Worked on Juniper Netscreen And SRX Firewalls like, SRX 650,110,220,NS50
Designed and deployed highly available LAN/WAN infrastructure.
VLAN Management with VTP. Monitoring spanning tree functionality to check for any loops and mis configuration
Implementing standard security measures on all the Routers and Switches. Configuring AAA on all network devices with TACACS+ using Cisco ACS.
Infrastructure expansion project management from kick-off to completion and provide solutions that are cost-effective, and integrate seamlessly with existing setup.
Expertise in L3 Routing protocols like RIP, ISIS, EIGRP, OSPF & BGP.
Hands-on in implementing and troubleshooting Switch technologies such as VLAN, VTP,STP, VTP AND 802.1q
Implemented network security protocols such as NAT, PAT, IPSEC tunnels, GRE tunnels, ACLs and VPN – MP-BGP
Work with the data center planning groups, assisting with network capacity and high availability requirements.
Gained experience working with Layer-2 and Layer-3 Switching and Security
Expert in writing test procedures and test plans with a strong understanding of design, implementation, and execution of testing methodologies
Good knowledge of OSI Model and TCP/IP networking standards with protocols such as SNMP, FTP, ICMP and IPv6
Highly motivated team player with good communication skills
Have experience with server administration and trouble shooting on servers running Sun Solaris and UNIX. Have good knowledge of Blade center architecture and environment.
Hand-on experience configuring Multicast Routing
Accurately assess customer needs and specifications both by phone and in person. Quickly identify problems and issues and provide fast troubleshooting and problem resolution. Collaborate with vendors to achieve successful new product implementation, manage technical support, and attain improvement in customer systems' performance.
Adapt in requirements analysis, network design, installation, configuration, maintenance, and administration. Effectively train end-users and perform skilled problem resolution. Record of achieving maximum system uptime.
Tested and worked with software designers to establish a user-friendly environment.
Review all changes to network configuration for technical accuracy and impact and provide Multi-Protocol Network problem resolutions
PROFESSIONAL EXPERIENCE:
United Nations (New York, Secretariat) Jan 2018 –Till Date
Network Security Engineer
Responsibilities:
Hands on experience on configuring and managing of Checkpoint Firewalls, Cisco ASA Firewalls, Palo Alto Firewall series of 3050, 3060, 5060 and Panorama Server.
Hands on experience on creating Vsys, V-router, Polices, Zones, NAT rules and adding the routes in Panorama and pushing the rules in to PAN-Firewall’s.
Hands on experience on configuring Global protect VPN, APP/CONTENT/USER-ID, URL filtering in PAN-Firewall’s.
Experience in Upgrading the Palo Alto Firewalls
Hands on Experience on building VPN tunnels with AWS and Azure Firewalls
Hands on experience on Unix/Linux servers (RHEL)
Worked on analyzing the legacy firewall rules of acquired entities and remote sites and then creating updated firewall rules on Palo Alto Firewalls with site specific rules.
Experience in Threat Prevention and High availability configurations in PA Firewalls
Experience in Monitoring and Reporting in PA Firewalls
Hands on experience on migrating the legacy firewalls Checkpoint Firewalls to Palo Alto Firewalls
Worked on F5 LTM, GTM ASM series C2400 (Viprion chassis), 8800, 8900 and GTM 8900 series for the corporate applications.
Experienced in configuring and troubleshooting F5 OS version 9.x, 10.x and 11.x.
Design, Build, Implement various solutions on F5 LTMs and GTMs
Create Virtual IP address, Pools and Persistence profiles, updating the SSL certificates across the F5 devices
Proficient in using the iRules for redirection of HTTP based traffic to HTTPS traffic, HTTP acceleration irule,
HTTP header-insertion and modification.
Involved in creating and updating the F5 wide ip configurations using various load balancing methods.
Experience in dealing with Bigpipe commands, Bigpipe configurations, and command line tools like Tcpdump, Qkview, Bigtop and Bigstart
Hands on experience on configuring and managing of Palo Alto Firewall series of 3050, 3060, 5060 and Panorama Server.
Hands on experience on creating Vsys, V-router, Polices, Zones, NAT rules and adding the routes in Panorama and pushing the rules in to PAN-Firewall’s.
Hands on experience on Office 365 applications including Word, Excel, Outlook, Skype for business, power point, Microsoft access etc
Active directory support and Administration (Group policy, permissions, Account provisioning)
Exchange/o365 support, maintenance and administration (Account provisioning, Migration from Exchange to office 365, distribution group creation). SharePoint Administration and Support.
Design, Build, Implement various solutions on Check Point, Juniper SRX Firewalls
Infrastructure expansion project management from kick-off to completion and provide solutions that are
cost-effective, and integrate seamlessly with existing setup.
Performed Upgradation from old platforms to new platforms R62 to R70,R75,R77.30
Worked on various platforms of Checkpoint like – GAIA, Nokia, SPLAT etc.
Worked on IPSO 2.0, IPSO 4.0, IPSO 5.0
Design and implementation projects on F5 Load balancers (Viprion boxes)
Worked on Dual Factor Authentication project for remote access by implementing client certificate requirement.
Upgradation and implementation projects on Websense
Worked on Websecurity and Data Security modules on websense
Configure websense policies,exceptions,protocol filtering etc
Experience on Email Security product Ironport ESA(C360) and MSA(M160 and M170)
Configure cisco ironport mail policies,Content and Message filters,Cisco res(Encryption) etc
Add filters to white lists and black lists on the Ironport email security appliance
Day to Day policy/rule management activities on Checkpoint and Juniper SRX firewalls, Fully versed in the syntax of security platforms and day to day rule verification
Provided high-level analysis on security data to identify significant activity using various command line tools and security appliances such as: Wireshark, FireEye.
Configured IPSEC tunnels on Juniper SRX firewalls for various Vendors
Design and implement project on Microsoft Certificate Servers (PKI project)
Experience on implementing and configuring end point protection products (SEPM and Trend Micro)
Worked on IPS/IDS devices like HP tipping point,Cisco IPS(ASA Module)
Creating Virtual IP address, Pools and Persistence profiles on F5 LTMs.
Create complex iRules using TCL language for URL redirections, HTTP header-insertion and HTTP header modification.
Worked on upgrading LTM from 11.0 to 11.4,11.6 based on the End of line process.
Hands on experience on the LTM products like 6800 with 10.x,11.x and 3600 with 4.x TMOS versions
Dealt with redundant pair issues during the deployment of 6800 LTM Box
Deployed the iRules using TCL for the Enterprise Intranet work for the VLAN based applications and their
load balancing between datacenters.
Worked on building the LTM boxes with initial setup configurations like Trunks, VLAN, static and floating IP allocation
Proficient in handling with SSL offloading issues, HTTP monitors, and DNS allocation for the newly built applications
Worked on assigning the SSL certificates to the websites and updating them on the expiry basis.
Used tools like HTTP watch and TCP DUMP for troubleshooting the packets on the internal routing.
SSL offloading,Profile Management (Persistance,SSL), Monitors etc on F5 load balancers.
Experienced with physical layer interfaces and cabling standards
Auditing and updating DNS entries for all servers, and also updating server inventory database
Installed operating systems, applications, service packs etc
Working knowledge of installation, testing and troubleshooting of Routers, Switches, Servers and Firewalls.
Provide server and production support for network around buildings and Cisco servers
Manage, monitoring successful backups, 24x7 support, and testing new products in the environment
Support to plan and execute LAN (VLAN Management) and WAN management activity
Excessively worked with F5 load balancer including multiple servers
Maintain proper context roots and VIP's in the F5 load balancers
Maintain a thorough understanding of the basics behind the Internet and its workings (DNS, Security, IP Routing, HTTP, VPN, Email Routing, SPAM, etc.)
Experienced with the installation and management of Cisco’s ASA 5500 production line
Configured EIGRP, RIP, OSPF, BGP and static routing, MPLS WAN connectivity, Frame relay Wan Connectivity and Telnet and SSHv2 sessions.
Executed and systematized Ironport Filter creation and management.
Configured and Verified Load balance configuration for Windows servers through ACE network module
Provided numerous worldwide customers with phone, email, and remote desktop support for the NetQOS suite of networking software
Cisco Catalyst 6500 switches and Virtual Switching System VSS technology
Configured NAT and PAT on the Checkpoint Firewall for the Internal Systems
Supported remote location with site to site VPN, Remote access VPNs.
Designing the firewall implementation architecture.
Planning the security levels for each zone.
Migration of policies from existing firewall to new firewall.
Implementing HA in firewall.
Fine-tuning policies and implementing management access.
Hardening the firewall according to the standards.
Installation, Maintenance & Repair of computers, troubleshoot of Windows 2003/2007 Servers
Identified and resolved issues involving configurations and connectivity
Astoria Bank /Sterling National Bank Oct 2013 – Jan 2018
Senior Security Engineer
Responsibilities:
Installed configured and deployed Routers and Switches for branch expansion and improved network infrastructure for higher throughput.
Worked extensively on Access-list on firewall and router for permitting required flow of traffic.
Implemented Route Redistribution for traffic flow between different routing protocol platforms
Created VLANs for separating different corporate internal database, efficient network management and VTP for inter-vlan routing.
Configured and implemented VLAN, VTP, LAN switching, STP and 802.x authentication in access layer switches.
Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunking, VTP Ether channel, STP, RSTP and MST.
Worked on Name Change project (Astoria Federal to Astoria Bank)
Worked on Complete Network Migration Project (Astoria Bank to Sterling National Bank)
Worked on migrating to R75.20 on IP690 nokia boxes.
Continuous monitoring of CPU utilization, link utilization, connection table utilization.
Creating Wide IPs with various load balancing methods like, Global Availability, Topology and Round Robin.
Deployed LTMs and GTMs in DMZ environments with FIPS solutions
Experienced in configuring and troubleshooting F5 OS version 9.x, 10.x and 11.x.
Design, Build, Implement various solutions on F5 LTMs and GTMs
Deployed LTMs and GTMs in DMZ Environments with FIPs solutions
Provided on call support for all the production and non-production issues.
Involved in iRule management like loading rules, writing iRule syntax using TCL language and iRule extension to TCL.
Gathering details from customers and providing best security infrastructure solutions with F5 load balancers, Check Point/SRX firewalls and websense.
Implemented Static NAT and PAT for internet users
Hands on Experience testing iRules using Browser(IE), HTTP watch, curl, Scripts(shell/batch file/perl) and host files
Involved in creating and updating the F5 wide ip cnfigurations using various load balancing methods.
Experience in dealing with Bigpipe commands, Bigpipe configurations, and command line tools like Tcpdump,
Qkview, Bigtop and Bigstart
worked on content routing requests, generate a SSL certificates, load configurations and creating DNS entries
Dealt with creating VIP(virtual servers), pools, nodes and applying iRules for the virtual servers like cookiepersistency, redirection of the URL
Proficient knowledge in LTM/GTM (TMOS) Traffic management operating system of BIP IP followed by Packet-by-packet architecture to full proxy architecture
Dealt with cookie persistence issues related to client request from the nodes to the pools.
Deployed site-to-site VPNs over IPsec and GRE.
Worked on Cisco 2300, 4000, 6500 series Router and Cisco 1600, 2900, 6500 series switch
Designed and deployed highly available LAN/WAN infrastructure.
Configured and maintained Internetworks with EIGRP, BGP and OSPF.
Worked on the CatOS to IOS conversation of enterprise IDF Cisco switches and MDF ‘s upgrades of IOS image to a news 12.2 version
Experience on Check Point Firewalls NG, NGX, NG R55, NGX 60, NGX R65, R70, R75,UTM
Configured Check Point clusters with Nokia box and crossbeam.
Installed and configured 6509 Cisco Catalyst Switch, creating VLANs and assigning ports to the VLAN, configuration of L3 routing protocols such as OSPF, EIGRP and RIP
Configuring and installing client and server network software for upgrading and maintaining network and telecommunication systems
Worked with Nagios for monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, SNMP, FTP, SSH).
Proficient in layer 2 & layer 3 switching protocols including VLAN, VTP, STP, RSTP, and
MPLS.
Collaborating with clients to drive innovation, cost reduction, and delivers and manage products and services from Cisco, Palo Alto, Riverbed, and other industry leading technology vendors.
Worked with checkpoint R75, R75.20, R76 and ASA firewalls like 5520/5550/5580.
Implemented security from outside and web access using Dynamic and Static NAT, PAT.
Enabled user authentication using CSACS server by implementing AAA security using TACACS+.
Provided IP addressing to different devices connected with the help of DHCP server and implementing VLSM
Configured and Implemented Site-Site VPN and Remote Access VPN for User flexibility and security using IPSEC
Experience deploying F5 Load Balancers for load balancing and traffic management of business application
HCL COMNET JULY 2010 - JULY 2012
Senior Security Analyst
Responsibilities:
Worked on F5 LTM, GTM series like 6400, 6800, 8800 for the corporate applications and their availability
Supports sales plan through pre- sales and/or post-sales of local voice services with consulting activities.
Provided monitoring and troubleshooting of network infrastructure with the help of PING and TRACEROUTE.
Provided IOS upgrade with help of TFTP server.
Experience with ASA, firewalls, Layer 3, switching
Opening and following up troubleshooting tickets with ISPs to resolve problems with circuits
Implemented ISL and 802.1Q for communicating through VTP
Managing and troubleshooting Wireless LAN connectivity issues.
Implemented clientless ssl vpn on ASA 5500-x platforms
Worked on ASA and ASDM configuring the ACL’s and monitoring.
Worked on ASA routed mode and transparent mode
Worked on ASA 5500-x platform configuring the web, ssl, any connect VPN’s.
Configuring failover and working on ssl-vpn when in active/standby failover on ASA.
Dealt with configuration, migration of VLAN from old to new VLAN domain and worked on the allocation of Class A IP address range to infrastructure devices
Cisco IOS experience on 3600/7200 class hardware in complex WAN environment and experience on Cisco OS and IOS on CAT6500 in a complex data centre environment
Hands on experience installing Sup720 for Cisco 6509-E series and its Gigabit Ethernet port deployment in the core network
Experience in configuring routing protocols like EIGRP,RIP v2, OSPF & BGP and Cisco ACS protocols like RADIUS and TACACS
Coordinated with senior engineers with BGP/OSPF routing policies and designs, worked on implementation strategies for the expansion of the MPLS VPN networks
Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying from the scratch and fixing them with various modules like Gig card,VPN SPA Card,T1-WIC card and other modules
Worked on Netscout and Sniffer traces of the packets for finding the loop holes in the network and improved the resources like bandwidth, Round trip time, and availability
Understanding of IPSEC & GRE tunnels in VPN technology implementation using Cisco IOS and checkpoint firewall /VPN
Involved in designing VPN architecture with IPSEC, VPN-Services, RADIUS-Servers, IP-addressing and IAS log viewer of the end user
Deployment of OSPF dynamic routing NOC engineering network routers, previously running RIP and Static routes