Network Engineer Security Specialist
Resume:
Subhash kasthuri
Network Engineer
****************@*****.***
SUMMARY:
Dedicated Network Engineer and Security Specialist with over 6+ years of experience in designing, implementing, and managing complex network infrastructures. Expertise in Cisco router and switch management, as well as network security protocols, including firewalls and VPN solutions. Proven ability to optimize network performance and enhance security using tools such as SolarWinds, Wireshark, and SIEM technologies. Skilled in configuring and troubleshooting LAN, WAN, and wireless networks, with a strong focus on delivering high availability and reliability. Adept at collaborating with cross-functional teams to develop solutions that meet organizational needs and improve operational efficiency.
PROGESSIONAL SUMMARY:
Over 6 years of experience, specializing in Cisco router and switch management, security, and server infrastructure.
Skilled in configuring and optimizing network infrastructure, including LAN, WAN, VPN, and wireless solutions, to ensure high availability and performance.
Experience in site-to-site and remote access VPN solutions.
Proficiency in configuration of VLAN setup on various CISCO Routers and Switches.
Implementation of traffic filters on Cisco routes using Standard and extended Access list.
Hands-on configuration and experience in setting up Cisco routers to perform functions at the access, Distribution, and core layers.
Experienced working on network monitoring and analysis tools like SOLAR WINDS, CISCO works and Wireshark.
Hands-on deployment, tuning, and troubleshooting experience, ideally with Palo Alto Networks, Juniper.
Experience in installing and configuring DNS, DHCP server.
Experience in configuration Voice over IP (VOIP).
Routing, switching, firewall technologies, system design, implementation and troubleshooting of complex network systems.
In-depth expertise in the analysis, implementation, troubleshooting & documentation of LAN/WAN architecture and good experience on IP services.
Experience in working with operating systems like Linux and Unix.
Experience in F5 load balancers.
Strong hands-on experience in installing, troubleshooting, configuring of Cisco 9300,3945, 3650 series Routers, Cisco Catalyst 6500, 4500, 3750series switches.
Expertise in TCP/IP, Subnetting, Network Diagrams, Documentation and troubleshooting L2, L3 connectivity issues.
Strong experience in working with SIEM tools such as Splunk, QRadar and monitoring tools including Wireshark, SolarWinds with strong troubleshooting skills.
In-depth knowledge and hands-on experience in ISP
Experience on IPv4 and knowledge on IPv6
Experience on Virtual Private Network (VPN) for operating Network and Data Center.
Experience with Internet/Intranet Networking Protocols and Services.
Experience in handling and resolving tickets and strong hands-on experience on ticketing tools such as BMC remedy, Service Request and Open View.
Excellent client/customer management, problem solving and troubleshooting skills with good communication skills.
TECHNICAL SKILLS:
Load Balancers
F5 (LTM, GTM), Cisco ACE 4710 Load balancers, NetScaler
Load Balancing Concepts
Layer 4 and Layer 7 load balancing, Virtual Server, Pool, Node, SNAT
Persistence Mechanisms
Source IP, SSL, Cookie
F5 GTM
DNS, Global-level load balancing, Wide IPs, Prober Pools, Delegation
Zscaler Internet Access (ZIA)
Migration from Cisco IronPort proxies, GRE tunnels, URL categories, SSL inspection, ZCC/ZAPP, ZPA, User-based policies
Documentation
Platform documentation (Nexus 7k, ASR9k, ASR1k), Deployment documentation
Cisco Networking
Nexus 2000 Fabric Extender (FEX), ACS, ISE, MPLS Layer 3 VPN, BGP routing
Cloud Technologies
AWS, GCP, Azure platform design, contributing to new architecture
Voice and Video Technologies
QoS, SIP, H.323, RTP, SCCP, Session Border Controllers, Cisco Telepresence Infrastructure
Firewall Technologies
Palo Alto, Checkpoint (Cluster XL), Juniper, Cisco ASA
Wireless Networking
Aruba wireless controllers, Cisco ISE for wireless authentication, Cisco Wireless LAN Controllers
PROFESSIONAL EXPERIENCE:
UC Davis, CA. Jan 2023 – Present
Senior Network Engineer
Responsibilities:
●Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering).
●Configured rules and maintained Palo Alto Firewalls & analysis of firewall logs using various tools.
●Configuration of Fabric path and connectivity between Nexus 5K and Nexus 7k.
●Migration from Cisco ASA firewalls to Palo Alto firewalls platforms PA-5220 and PA 1410 and PA- 850 firewalls network technologies.
● Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
● Designed and implemented Cisco ACI fabric architecture to streamline data center operations and enhance application performance.
● Configured ACI fabric components, including APIC controllers, leaf, and spine switches.
●Managed and automated network policies, application profiles, and endpoint groups using Cisco APIC.
Implemented security policies within ACI, including micro-segmentation and endpoint security.
●Created detailed documentation for ACI deployment, configuration, and troubleshooting procedures.
●Planned and executed data center migrations to Cisco ACI, minimizing downtime and ensuring business continuity.
● Integrated Cisco ACI with existing network infrastructure, enhancing network flexibility and security.
●Establish AWS technical credibility with customers and external parties. Help customers build scalable, resilient, and high-performance applications and services on AWS.
●Created, tracked, and resolved incidents, service requests, and change tickets using ServiceNow, ensuring timely resolution and minimal business impact.
●Integrated ServiceNow with monitoring tools with SolarWinds, Splunk to automatically generate incidents for system alerts, enhancing proactive incident response
●Provided detailed reports and analytics using ServiceNow dashboards to track ticket trends, resolution times, and compliance with SLAs.
●Experience in Network Security that includes perimeter security for Internet, Extranet, DMZ, Internal Server farms, Web-traffic security with Proxies, Web Application firewalls.
●Worked and migrated multi-vendor equipment and Next generation firewall technologies.
●Working knowledge and demonstrated experience on the PAN-OS 9.1, 10.2, and 11.0 versions: PA 850, PA 1410, PA-5220 firewalls.
●Configured and optimized Velocloud SD-WAN solutions to enhance network reliability and application performance.
●Deployed Velocloud Edge devices across multiple branch locations, ensuring seamless connectivity and failover.
●Integrated Velocloud Orchestrator with existing network infrastructure for centralized policy management and monitoring
●. Integrated ITOM with other management platforms to streamline workflow automation and improve incident response time.
●Leveraged SCOM for centralized monitoring of UC Davis' servers and applications, ensuring operational health and identifying potential failures before they affected end users.
●Created custom alerts and monitoring rules to track specific performance metrics relevant to UC Davis' diverse academic and research environments.
●Employed vROPS to provide deep insights into system behavior, enabling data-driven decisions for scaling and resource allocation.
●Used APC Struxureware to monitor and manage power and environmental conditions in UC Davis' data centers, ensuring optimal conditions for critical IT equipment.
●Implemented AWS networking services Amazon VPC for Private/Public Cloud, EC2 instances, IAM, and S3.
●Completed basic configurations on the F5 Big-IP LTMs and GTM load balancer on existing network to split traffic on webservers. Expert in design, configuration, and deployment of F5 Solutions with extensive experience working with APM and ASM technologies.
●Creating, configuring and Troubleshooting VIP's for (EBL & EFL Extranet networks) on F5/A10networks.
●Configured and Created wireless sites using the Cisco Meraki System dashboard. Implemented site to site VPN on Cisco Meraki MX64, MX65, MC84, and MX400.
●Proficiently deployed and managed Bluecoat proxy solutions to optimize network performance and ensure secure web traffic for users.
●Explored Wi-Fi 7's multi-band operation, enabling simultaneous operation in both 2.4 GHz and 5 GHz bands, while also ensuring backward compatibility with earlier standards.
●Collaborated with SD-WAN teams to seamlessly integrate Cisco Umbrella SASE into the network architecture, implemented DNS-layer security controls using Cisco Umbrella, enhancing the performance of cloud applications while maintaining robust security.
●Configured and maintained Zscaler Internet Access (ZIA) policies, including web filtering, SSL inspection, and data loss prevention (DLP), to enforce corporate security policies and protect against advanced threats.
●Configured routers and access points to support various protocols, such as 802.11ac and 802.11ax (Wi-Fi 6), to provide faster and more efficient wireless experiences.
●Experienced in configuring and managing Citrix NetScaler ADC for efficient load balancing and traffic distribution across web servers, ensuring high availability and scalability.
●Participated in change advisory board (CAB) meetings to review and approve network changes, maintaining alignment with ITIL change control procedures.
●Configured Global Protect and site to site VPNs on Palo Alto. Configured URL filtering, threat prevention, DDOS and zone protection across Palo Altos.
●Configured Panorama M500 from scratch in HA pair as centralized management for all Palo Altos and migrated all standalone Palo Altos to Panorama.
●Worked on the URL filtering and upgradation of Palo Alto firewall from PAN-OS 7.1 to PAN-OS 8.0.
● Proficient in deploying and configuring Viptela SD-WAN solutions to optimize and manage WAN connections across multiple locations, improving network performance and reliability.
Comcast. CA. Jan 2021 – Dec 2022
Network Engineer
Responsibilities:
●Established IPSEC VPN tunnels with ASA 5500 series Firewall between some branch offices & headquarters.
●Successfully Design and installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/ switches/ firewalls.
●Migration from Cisco firewalls to Palo Alto firewalls platforms PA 4000 and PA 500 and PA- 200 firewalls network technologies.
●Worked extensively in Configuring, Monitoring and Troubleshooting Cisco’s ASA 5500 security appliance, DMZ zoning configuring VLANs/Routing/NATing with the firewalls as per design.
●Installed and configured Cisco Firewalls ASA NGFW 5500 (5508/5516) Series and Cisco Firepower(FTDs).
●Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall.
●Implemented robust Wi-Fi security measures, including WPA2/WPA3 encryption, MAC filtering, and intrusion detection systems, to safeguard network integrity and user data.
●Deliver Solution to improve Cloud architecture, deployment for AWS, GCP and Azure clouds.
●Engineered HSIA networks to meet specific bandwidth requirements, considering factors like user density, peak usage times, and quality of service (QoS) needs.
●Ensured compliance with industry standards and regulations related to HSIA network security and data protection.
●Played a key role in developing and fine-tuning security policies and rulesets for IDS/IPS systems to protect the organization from various cyber threats.
●Ability to utilize Check Point API functionalities for policy orchestration, providing an efficient and centralized method for managing network security policies across distributed environments.
●Migrated the whole infrastructure from ASA to Palo Altos Firewalls.
●Configured Palo Alto 7080 (chassis-version), 5450, 5260, 5280, 3220 across the data centers, central offices, and remote offices. Configured APP-ID rules, virtual systems, virtual routers, routing on Palo Altos.
●Deployed and managed Zscaler Private Access (ZPA) for secure remote access to internal applications, enabling secure access for remote users and third-party without exposing the corporate network to potential threats.
●Configured Palo Alto in virtual wire, Layer 2/3 and Layer 3 mode. Configured Palo Alto’s vsys across different DMZ’s, Integrated Palo Alto with ISE for radius.
●Implemented SNMPv3 monitoring for proactive network performance tracking and fault detection.
●Configured SPAN/Mirror ports for packet analysis using Wireshark and TCPdump.
●Developed automated alerting and trend analysis dashboards for network health monitoring using SolarWinds and Splunk.
●Ensured seamless interoperability between legacy WiFi standards (802.11a/b/g/n/ac) and WiFi 6E, allowing diverse devices to connect and benefit from improved performance.
●Implemented and configured Meraki switches, including the setup of VLANs, port configurations, and stacking for enhanced network performance and manageability.
●Focused on working with Cisco Channel partners to build practices around Cisco ACI.
●Expert in troubleshooting production issues and resolving incidents and change tickets related to Cisco ACI.
●Integrated Cisco Duo with Single Sign-On solutions to streamline user access management and enhance the overall authentication experience.
●Configured and maintained Bluecoat policies, rules, and filtering mechanisms to enforce acceptable use policies and prevent unauthorized access.
●Maintenance and Network control with secure DNS, DHCP and IPAM using Infoblox.
●Developed /capture/document architectural best practices for building systems on AWS. Created Azure virtual machines in Azure and AWS, Set up domain controllers in Azure and AWS.
●Demonstrated expertise in securing GCP environments by setting up firewall rules, leveraging Identity and Access Management (IAM) controls.
●Skilled in deploying and managing GCP load balancers, including HTTP(S), Network, and TCP/UDP load balancing, for efficient traffic distribution and high availability of services.
●Configured Policies on Juniper Net screen and SRX firewalls and Palo alto as well.
●Installing, Maintaining and Troubleshooting of Cisco ASR 1K, 7200, 3925E and 2951E Routers and Cisco 6500, 4510, 4500-X, 4948, 3560X, 3750X and 2960S Switches for deployment on production.
●Configuration and management of network routers (Cisco 6500, 7K; Juniper MX) and switches (Cisco 3850, 3750X, 3750, 3550; Juniper EX).
●Collaborated with incident response teams to analyze and mitigate security incidents detected by IDS/IPS, ensuring rapid containment and recovery.
●Led the migration from traditional firewall solutions to Cisco Firepower Threat Defense (FTD) for advanced threat detection and prevention, leveraging features such as intrusion prevention system (IPS), advanced malware protection (AMP), and application visibility and control (AVC).
●Proficiently worked with IEEE 802.11 standards, ensuring compatibility and adherence to the latest WiFi technologies for enhanced speed and reliability.
●Utilized Cisco DNA Center's Application Policy Infrastructure Controller (APIC) to achieve granular visibility into application traffic and enforce policies for optimal performance and security.
●Responsibilities include software upgrade, license activation, configuring/installing new GSR router 7000,12000, Nexus switch 9000, 5000,3000, 9504, 9300, 3200, 2308, F5-5050 and maintaining network documentation.
●Experience in implementing and managing centralized network policies, control, and monitoring through the Viptela SD-WAN manage controller for consistent application performance across the network.
●Skilled in setting up SSL VPN and remote access solutions using NetScaler Gateway, providing secure remote connectivity for employees and clients.
●Configured and managed Bluecoat's SSL VPN solution to provide secure remote access for off-site employees, enabling seamless connectivity and maintaining data integrity.
●Monitored EVPN connectivity and troubleshooted remote access issues using Bluecoat's administrative tools, ensuring uninterrupted business operations.
●Proficient in configuring and managing various Check Point firewall models, including installation, policy implementation, and ongoing maintenance.
●Proficiency in leveraging Check Point APIs to automate routine tasks, manage firewall policies, and streamline network security configurations using Python or other scripting languages.
●Involved in troubleshooting of DNS, DHCP and other IP conflict problems. Configured DNS and DHCP for servers using Infoblox.
●Performed site refreshes on Cisco switching and Aruba wireless infrastructure. Experience with LAN protocols like VSS, STP, RSTP, MST, VTP, VLAN.
RD systems, Bangalore INDIA. Oct 2019 – Oct 2020
Network Engineer
Responsibilities:
•Managing Cisco Routers, Firewalls, Cloud Meraki Products, IPTV, Chromecast inroom, NOC activities.
•NOC Monitoring for the global sites, hands on infrastructure for the networks.
•Cisco, HP, Ruckus switch configuration in particular VLAN configuration, troubleshooting. Monitoring alerts of network equipment, interact to clients.
•Configuration, Troubleshooting of Nomadix (Access Gateway),WAN Controller of sites over global sites.
•Configuration, Managing, troubleshooting of router, switches, Access points, PCs, Printers, Scanners.
•Administering & designing LANs, WANs internet/intranet, and voice networks.
•Responsible for communication protocols, configuration, integration & security. Investigating, diagnosing and resolve all network problems software Maintaining pre-packaged applications on the LAN.
•Provide online support to remote user, onsite user and vpn networks.
Environment: Cisco routers 1601,1721, 1841, 2505, 7507 and 7513; Cisco Switches 2926, 3750, and 6509 series, OSPF, MPLS, EIGRP & RIP, AWS
Contact this candidate