Security Engineer Network
Resume:
Narayana Rao
Mobile: +1-571-***-**** ***************@*****.***
LinkedIn: www.linkedin.com/in/narayana-rao-5752b62b9
: Microsoft Certified, AZ-900 Azure Fundamentals.
Designation: Senior Network Security Engineer.
PROFILE SUMMARY
Results-driven IT Analyst with over 8 years of experience in data, server, SOC, and network operations, specializing in configuring and troubleshooting routers, switches, and firewall technologies.
Proven excellence in designing, implementing, and maintaining robust network security solutions, effectively securing complex infrastructures against cyber threats and vulnerabilities.
Proficient in IT systems and infrastructure management, server administration, network support, and ensuring security compliance across environments.
Skilled in deploying and managing security technologies, including firewalls, intrusion detection/prevention systems, VPNs, and endpoint security solutions.
Experienced in collaborating with cross-functional teams to deliver solutions that enhance productivity, efficiency, and reliability.
Competent in setting up Windows Server with Active Directory for user management, enforcing security policies with Group Policy, and scheduling regular updates for system integrity.
Skilled in using deployment tools for Windows 10/11 installation and configuration on workstations, enabling automatic updates to maintain security standards.
Extensive experience managing large-scale integrated security systems, such as cameras, access controls, and Perimeter Intrusion Detection Systems (PIDs).
Highly skilled in troubleshooting network and communication protocols, including TCP/IP, UDP, IPSEC, HTTP, HTTPS, and routing protocols.
In my experience, I have used load balancers such as NGINX and HA Proxy to ensure high availability, scalability, and efficient traffic distribution across servers and applications. These tools have been essential for managing load, improving application resilience, and providing smooth user experiences in various projects.
Demonstrated sound judgment in assessing technical risks and prioritizing issues, with proven expertise in root cause analysis for complex problem resolution.
Strong background in Palo Alto firewall management, including dynamic routing, NAT configuration, and packet-level analysis.
Experienced in creating observability dashboards and conducting firewall log analysis for proactive network monitoring.
Hands-on experience in data center environments, specializing in secure network infrastructure design and deployment.
Skilled in configuring ticketing systems like JIRA and ServiceNow to match organizational workflows, set issue categories, and establish SLAs for timely resolution.
Clear and effective communicator with strong analytical, problem-solving, decision-making, and interpersonal skills.
AREAS OF EXCELLENCE
Installation & Configuration to OT Services (MES, PI, Data Analytics, DCS, PLC/SCADA)
Incident & Change Management
Routing and Network Configuration
Security Infrastructure Maintenance
Project Management & Planning
Vulnerability Assessment & Mitigation
Technical Issue Resolution & Troubleshooting
Stakeholder Engagement & Communication
End-to-End Operations & Deployment
Performance Optimization & Monitoring
Risk Assessment & Management
Compliance & Security Audits
System Upgrades & Patch Management
Documentation & Knowledge Transfer
TECHNICAL SKILLS
Hardware:
Firewalls
Palo Alto, Fort iGATE, JUNIPER, Checkpoint
Cisco Routers
1841, 25xx 26xx, 28xx, 36xx, 37xx and 38xx series
Cisco Switches
Nexus 6000, 9000, C2950, 3560, CE500, SG300, WS-3750(layer3)
Others
ASA5540, Juniper SRX3400, fortigate 2200E & E2200 Series, PA-5220
Software:
Multiple versions of Cisco IOS Nexus- 9.3(8), Catalyst 12.2
Technologies & Protocols: TCP/IP, OSPF, IPsec, HTTP/HTTPS, SNMP, ICMP, POP3, EIGRP, BGP, DNS, DHCP,RIP,VLANs
PAN-OS 8.1, FortiOS 7.4, ASA 9.1(x), Junos17.3
Window 7 and 10/11, Windows Server 2012 R2
Cloud Technologies AWS, VMware Cloud on AWS(vSphere, vSAN, NSX, and vCenter Server on AWS),Azure Networking.
Load Balancers: Citrix NetScaler, NGINX, HA Proxy
Scripting Language: Proficient in Python for automation and scripting.
CERTIFICATIONS
International Industry Recognized Certifications:
Credentials Vendors: CISCO SYSTEMS
oCCNP - Security Certification In progress
CISSP - Security in Progress
CEH, CISM, CISSP In progress
WORK EXPERIENCE
Duration
April 2024 - Till Date
Designation
Senior Network Security Engineer
Client
Location
Xcelligen inc
13873 Park Center Rd Suite 55M, Herndon, VA 20171.
Responsibilities
Experence Working on firewall techonolgies like Palo alto PA-5220, Fortigate -2200E, Checkpoint CP-4000 Creating inbound, outbound security policies, Source Nat and destination Policies .whitelisting payments gateway and services for existing DMZ applications.
Configuration of SSL decryption policies and SSL Offloading,
Configuration of security profile like Antivus, vulnerability protection, thret prevention and file blocking .
Involuing in OS Upgration activities for firewall like palo alto and Fortigate firewalls ad firewalls migration activities .
Engaging in production and disaster recovery (DR) end-to-end operations and deployment, security infrastructure maintenance, change management, and incident management
Scheduling and accountability for switching fabric migration from Cisco catalyst and Nexus family. Associating with application teams to assure application health checks before and after network changes and migration tasks
Involving in configuration and:
oFraming of Security Policies, Nat rules, and security profiles like IPS/IDS, antivirus, URL filtering, and content filtering in Fort iGATE 2200 E, Checkpoint, Palo Alto firewalls.
oTroubleshooting of IPSEC Site-Site VPN and SSL VPN for remote access servers hosted internally and for users to access internal resources. Configuring routing protocols by default, static,, OSPF, and redistribution and BGP Protocals
oTroubleshooting of Infoblox by generating records for both internal and public DNS and records like A, AAA, CName, and MX records.
oConfiguring and assessing logs in SIEM Splunk assure all router, switch, and firewall logs reach Splunk by adding devices and reviewing any vulnerability
oConfiguration of Tacacs, Radius in network devices and integrating with CISCO ISE and integrating LDAP with Cisco ISE and ensuring authentication and accounting
oConfiguration of NetScaler and F5 LTM load balancers following application stack holder’s requirements
oCisco L3 and L2 switch configuration and troubleshooting, VLAN (SVI), Inter-Vlan Routing, Access-List, and DHCP configuration in Nexus 9k Spine and Leaf Architecture WS-3750X series 48-port Layer 3 switch, stacking 3750 24-port switches, access ports, trunk ports, and vlan configuration in 2960,Nexus 9K
Ascertaining IT Security protection and awareness by tracking traffic and logs reviewing, Security alerts for irregular behaviour Vulnerability scanning and instituting preventing procedures
Cloud Technologies
oWorking on cloud networking creating VPC, Internet Gateway, Subnets, routing table, Nat Gateway, EC2 Instance, direct connect,Transit Gateway, VPN Virtual gateway, route 53, Cloud Inspector, Cloud Watch, Cloud guard,,
oConfiguration of IPSec Site to Site tunnel connecting on-premsis and cloud infrastructure,direct connect configuration connectivity lease line from AWS Cloud to on premises Network .
Duration
May 2020 - Feb 2024
Designation
Senior Network Security Engineer and Operations
Client
Bank America, Data Centers, Financial Service Company
Responsibilities
Roles and Responsiblities .
oTroubleshooting and implementation and enhancing efficiency of CORE Bank Tier 3 data Centers end-to-end infrastructure and entire Bank networks connecting all branches Offices, across Globe and ATM’s, mainly including day-to-day Operations
oRouting and framing and revision policies in firewalls including Palo alto,Firewall, panorama, Fort iGATE, Firewalls, Checkpoint firewalls security Policies and enabling Ports and security profile like web filtering, Antispam, IPS & IDS, App-id, Content filtering
oOf NetScaler Citrix Load Balancer for Internal Load balancing among backend Servers, taking appropriate measure to reduce latency among applications. Installations of SSL certificates on Load Balancers
oOf Public DNS servers Infoblox for Mapping Public IP to domain name and internal DNS, ipv4, ipv6 address Arecords, AAAA, CNAME Records
oSource NAT, Destination Nat, Dynamic Natting, hide NAT according to applications and stake holder’s business requirements
Cooperated with applications developer teams in troubleshooting and working accordingly to application team requirements, assuring 100 % uptime
Enabled in white listing payments gateways services and offered high end security to servers hosted in Bank of America Centers, coordinating with unified payment interface (UPI) and National Payment Corporation teams for mitigating network related concerns on digital transactions
Configuration of Cisco ISE and integrating with LDAP and ensuring validation and authorization and accounting thought Cisco ISE for all network devices within infrastructure
Configuration and Induction of NEXUS 6000 and 9000 series Layer 3 Switches and configuring according to requirement, vPC, VLANS, Port Channeling, Trunk port, access ports, STP, RSTP, Bpdu Guards, SVI, access -list configurations
Configuration and troubleshooting Layer 2 devices Cisco Switches STP flavours BPDU guard, Root Guard, Loop guard BPDU filters, port fast, Ether Channeling, VTP pruning
Configuration and troubleshooting of IPSEC Site-SiteVPN& SSL VPN for remote access for servers hosted internally and for users to access internal resources
Monitoring and sustaining network firewalls and other security throughout group and responding to security threats and breaches. Coordinating with 3rd party ISPs/suppliers MPLS Links connecting AZURE, AWS, and Google clouds with data centre, in addressing network issues in cloud migration activities. Analysing traffic logs on Wireshark and riverbed
Involving in:
oInduction and de-induction of servers and hosting application’s and coordination and doing necessary configuration at network level for DRDrill’s activities migration of application from production to DR Data Centers vice versa
oComplete project life cycle from conceptualisation to delivery inclusive of BAU support for bank data Centers
Seasoned experience in functioning on:
oSOC incidents, and threat analysis and threat prevention and investigation vulnerability assessment to reduce Vulnerabilities and to prevent threat attacks, tuning firewalls, basic knowledge in WAF & ensuring all device logs reaches Q-Radar SIEM and analysing
oAWS Cloud, VPC, internet Gateway, EC2 instances, Direct connect, VPN gateway, NAT gateway, Security Groups
Duration
Dec 2018 - April 2020
Designation
Network & Security Administrator
Client
Northern Healthcare.
Roles and Responsibilities
Responsibilities
Network devices configuration, troubleshooting, implementation, and tuning for optimum performance network fault isolation, modifications routing policies, access-list real time monitoring security measures DDoS, unauthorized users, port scanners
Antivirus, IPS/IDS, Antispamlogs, monitoring all in bound and out bound traffic:
oConfigurations and Troubleshooting of Fortinet200D, Cisco ASA 5540, Checkpoint Firewall Palo alto PA-4040 firewalls policy management in HA mode for active - passive
oFraming and Revision of security policies and enabling required ports for policies, and enable security profiles in firewalls adhere to business and applications needs
oConfigurations of static NAT, Dynamic NAT, NAT Overload and PAT, and port forwarding configuration in firewalls. Monitoring Intrusions and Vulnerabilities. Web filtering, URL filtering. Blocking vulnerable IP’s and Domains, Geo blocking
oConfiguration and troubleshooting of F5 LTM, load balancing based on BAU requirements
oWhite listing IP’s of vendors namely, Banks and Financial services CDAC SMS services towards our internal hosted revenue servers for secure payment transactions. Associating with Stakeholders
oHosting new applications and allowing public access. Cooperating with Server and application teams for troubleshooting websites and services when downtime
oConfiguration of Default Routing, Static, OSPF Intra & inter area, EBGP in firewalls and Cisco WS-3750 - 48 port Layer 3 switch, layer 3 Router, Redistribution, OSPF
oConfiguration and troubleshooting of VLAN (SVI), Inter-Vlan routing, Access-list,DHCP configurations in WS-3750X series 48 port Layer3 switch, Stacking 3750 24 port switches, Access port,Trunk ports, Vlan configuration in 2960, 3560, CE500 Layer2
oConfiguration and troubleshooting Layer 2 devices Cisco Switches STP flavours BPDU guard, Root Guard, Loop guard BPDU filters, port fast, Ether Channeling, VTP pruning
oConfiguration and troubleshooting of IPSEC Site-SiteVPN, SSL VPN for remote access for servers hosted internally and for users to access internal network
oConfigurations and Monitoring, troubleshooting of 3 ISP Internet Lease lines connected for Fortinet firewall allowing 950 users accessing internet
oMonitoring and Configuration of Orion solar wind NMS, Syslog server, Wire hark tools for monitoring entire branch office network status and servers’ status to accomplish scalability and reliability
oMonitoring security related issues on based on firewall logs, IPS/IDS, Antivirus, Antispam, VPN Traffic. Brief knowledge on SD WAN Implementation
oHandling documentation and network diagram reports, taking regular backup configuration files of firewalls, routers, switches using TFTP Server, Backup DHCP log
oInstallation and Configuration of Windows server 2012 R2, Active Directory Organisational units, GPO, DNS configuration Local DNS and PUBLIC DNS Records (Mapping IP address to Url’s ), DNS forwarders (for internet users name resolution Purpose), Conditional Forwarders, Domain controller (DC and ADC). Virtualisation Hyper Visor, VMware implementation
oInstall and Configuration, Access Point and Client Access
Duration
May2016- Nov 2018
Designation
Network Administrator
Client
British Telecom
Roles and Responsibilities
Responsibilities
oUsing service now for handling the tickets. Handling the tickets and reach the user with in the SLA time as well response and resolution time.
oHardware & Software Installations, configuration, troubleshooting and maintenance of all Desktops/laptops.
oProviding end to end service as well versed with the knowledge as well as with policies.
oUpdating daily trackers, monitoring the ticket queue (using ticketing tool) within agreed timelines.
oInstalling the OS and troubleshooting the windows problem like application installation, Driver issue, BSOD, Hardware issue
oConfiguring Outlook and configured the Client mail and troubleshoot the problems.
oRemote Assistance to Desktop & Laptop issue using Remote desktop.
oMaintaining security patch and Anti-Virus updating to all systems
oTroubleshooting on network related issue Like Lan connectivity and office Wi-Fi relates issue
oInteract with vendor support contacts to resolve technical problems with desktop computing equipment and software.
oProviding the VLAN configuration as per the Project Requirement and Providing the Project Relates access for accessing their applications.
oUpdate status and completion information to manager and users through E-Mail or direct communication.
EDUCATION
Andhra University Andhra Pradesh, India Bachelor in Information Technology Engineering 2016
Contact this candidate