Security Engineer Palo Alto

Pranavi B

Senior Network Security Engineer

***************@*****.*** +1-573-***-**** www.linkedin.com/in/pranavibkot

SUMMARY:

Over 8+ years of experience in networking, with practical involvement in routing, switching, security, and cloud technologies.

Experience in using centralized management systems like Panorama to oversee expansive deployments of Palo Alto PA-5410 and PA-7050 series firewalls.

Designing, implementing and troubleshooting Cisco 800, 2800, 2600, 3800, 7600 using static, RIP, IGRP, OSPF, EIGRP & experience with cisco PIX & ASA devices.

Experience with FortiGate Firewall 6500F, 6300F, 4800F and 4200F series policy provisioning experience with firewall Administration, Rule Analysis, and Rule Modification.

Experienced in deploying and configuring Cisco ACI fabric, including the Application Policy Infrastructure Controller (APIC).

Experience in handling Cisco Nexus switches, including the 9k, 7k, 5k, and 2k models, along with expertise in configuring Virtual Port Channels.

Worked on designing and deploying Viptela SD-WAN & Network migration from legacy WAN, also optimize and troubleshoot the SD-WAN networks for our users.

In-depth knowledge in implementing and configuring F5 Big-IP LTM 3600, 4200, 6950 and 8950 Load balancers.

Experience on cisco wireless Management system, Cisco Meraki products, and PCI standards.

TECHNICAL SKILLS:

Load Balancers: F5 Networks (Big-IP) LTM 6400, Viprion.

Network Management Tools: Wire shark, Net flow Analyser Net Scout, SNMP, Cisco Prime, Ethereal, HP open view.

Wireless: Cisco Meraki, Aruba wireless.

LAN Technologies: SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.

Firewall: Fortinet (FortiGate) Firewall, Palo Alto PA-5410, PA-7050, PA-3220 Checkpoint, ASA and Juniper SRX series.

LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.

CERTIFICATION: Cisco certified network associate (CCNA)

PROFESSIONAL EXPERIENCE:

Fiserv, Berkeley Heights, NJ June 2023 - Present

Sr. Network security Engineer

Responsibilities:

Developed in managing PA-7000-100G-NPC-A, PA-5450, and PA-3440 series running PAN OS-7.x, 8.x, series firewalls through Panorama, ensuring efficient operation and security.

Maintained detailed documentation on configurations, policies, and operational procedures pertaining to Palo Alto Panorama deployment.

Configured the implementation and rollout of functionalities such as user identification, security profiles, and tailored reports across Palo Alto firewalls.

Implemented Palo Alto firewalls globally from Panorama as a designated administrator, managing multiple sites simultaneously.

Added configuration options to FortiGate devices for logging and reporting, which made it easier to monitor network activity, analyse security events, and create compliance reports.

Monitored and preserved the safety and efficiency of the Fortinet FortiGate 3700F and 3500F firewalls, as well as Forti Manager and Forti Analyzer, to guarantee maximum efficiency.

Improved threat identification features by proactively protecting against emerging threats by linking security information feeds with FortiGate firewalls.

Set up the FortiGate firewall structures by coordinating devices from the 4200F and 4400F series with network representations and privacy regulations.

Implemented secure connectivity via SD-WAN by leveraging Viptela's encryption and segmentation features.

Configured and synchronized policies within Viptela's SD-WAN, prioritizing traffic according to specific application requirements.

Deployed Viptela's centralized management for SD-WAN to simplify policy enforcement, providing extensive control over traffic flows and enhancing the network's security.

Deployed Cisco ACI-based Cisco Validated Designs for enterprises and service providers, facilitating the transition from traditional 3-layer architecture to ACI-based Spine and Leaf architecture.

Using Cisco ACI's Taboo feature to control communication between critical segments of the network, such as segregating production and development environments.

Implemented and optimized the APIC controller to facilitate centralized management, policy enforcement, and live monitoring within Cisco ACI setups.

Deployed and supervised Virtual Device Contexts on Cisco Nexus switches, establishing logical network partitions within physical switches to enhance network segmentation.

Integrated NX-OS upgrades across Nexus 9500, 7018, 7009 switches, streamlining a multi-tiered environment into a dual Nexus 7000 setup using VPC & VRF.

Configured in troubleshooting and resolving network issues related to Cisco Nexus switches, ensuring uninterrupted network services.

Installed antivirus and malware detection software on Juniper SRX 5800, SRX 5400, and SRX 4600 devices to create extensive multiple-layer defences.

Designed and oversaw the Infoblox Grid hardware to ensure superior network security and accessibility for DNS and DHCP assistance.

Using Illumio, integrated extensive security controls into the data centre’s architecture to guarantee general security and thwart threats.

Working on Cisco Secure Firewall models 4245, 3120, and 3130 were developed, maintained, and supervised to enable enhanced network safety against a variety of threats.

Setting up and updating the software on the Cisco Firepower 4125, 1150, and 4100 structures to guarantee that the equipment satisfies the great majority of modern security regulations.

Using BGP peering sessions on Cisco routers, multiple connections with ISPs were set up and preserved, improving internet reliability and access.

Added IP SLAs (Service Level Agreements) to Cisco routers in order to monitor service-related metrics, gauge network uptime, and ensure SLA observance.

Created and implemented to enable MPLS interactions between multiple endpoint routers, particularly the Cisco ASR 9922, 9912, and 9910, and remote customers.

Developed and conducted in-depth training sessions on ISEC tool usage, guaranteeing IT teams became proficient in their application.

Using Cisco ISE and Fore Scout CounterACT to establish and set up network access restriction features.

Developed Python-based appliances for real-time system monitoring, log analysis, and anomaly identification, which increased the ability to respond quickly to network issues.

Implementing Aruba networks with already-installed security infrastructure, like firewalls and SIEMs, will enhance access and detection of risks in both wireless and wired environments.

Working with connected architects, establishing safe network architectures using Arista switches, primarily the 7170, 7500R, and 7280R3.

Implemented configuration drift detection and remediation using Netmiko, ensuring network devices remain compliant with baseline configurations.

Worked in configuring and implementing VIPs, High availability (A/S), virtual servers, and iRules on F5 devices.

Deployed and optimized F5 VIPRION for load balancing, enhancing performance and reliability by efficiently distributing network traffic.

Configured Static, Dynamic Load Balancing, and priority-based pool-member activation on F5 Big-IP LTM Load Balancers to manage server loads effectively.

Using centralized technologies management, merged Ansible Tower facilitates role-based notification, job declaring, and network maintenance scheduling.

Integrated AWS ALB/NLB with Auto Scaling to dynamically scale resources based on traffic demand, ensuring optimal performance and cost efficiency.

Deployed AWS Transit Gateway to centralize and simplify routing between multiple VPCs, on-premises networks, and AWS regions, enabling efficient, scalable networking.

Designed and deployed AWS VPC architectures, including subnets, route tables, internet gateways, and NAT gateways, to establish secure, scalable cloud networks.

Granite Telecommunications, Atlanta, GA Aug 2022 - May 2023

Sr. Network security Engineer

Responsibilities:

Deploying network security policies using Palo Alto PA-5450, PA-3260, and PA-7080 firewalls to shield against diverse cyber threats and unauthorized access attempts.

Using Panorama for centralized monitoring, logging, and reporting, elevating visibility and control over the entire network security infrastructure.

Integrated the setup of IPsec VPNs and performed updates and password recovery procedures on Palo Alto devices, guaranteeing secure and dependable network connections.

Worked together with Palo Alto Networks' security data feeds to improve Wildfire's ability to recognize and stop novel and complex threats.

Developed and customized management reports and dashboards using Fortinet and FortiGate manager for efficient monitoring and analysis of network activities.

Implemented timely firmware updates and conducted routine maintenance tasks on FortiGate firewalls to incorporate the latest features, security patches, and maintain peak performance.

Configured and provided technical support for diverse Fortinet models like FortiGate 3700F, 4200F, and 4400F Firewalls, enhancing their capabilities to uphold secure and streamlined network operations.

Involved in deployment and implementation of FortiGate devices (200 and 1500D) in various network segments, such as DMZs and internal networks, to create layered security defenses.

Worked with team on FortiGate’s SNMP monitoring and alerting capabilities to proactively manage and respond to network events.

Deployed and improved vEdge routers to create a secure and scalable connectivity framework within the Viptela SD-WAN architecture.

Managed SD-WAN Viptela vSmart controllers, aligning routing decisions to ensure the most efficient traffic paths and utilization of network resources.

Implemented the vManage orchestrator to establish centralized management, real-time monitoring, and effective policy enforcement across the Viptela SD-WAN infrastructure.

Managed Cisco ACI filters to control and restrict traffic flow based on specified criteria, reinforcing network security and ensuring policy enforcement.

Implemented and optimized contracts in Cisco ACI, defining communication policies between application components to achieve efficient segmentation and enhanced security.

Deployed and configured Point of Delivery in Cisco ACI, improving the delivery of network services and strengthening overall security posture.

Increased operational productivity device installations, setup restores, firmware updates, and other common network tasks can now be automated with the help of Ansible standards.

Using Juniper SRX 1600 and SRX 2300, the centralized management platforms were set up to facilitate policy execution and provide device accessibility.

Implemented and managed Illumio's Adaptive Security Platform (ASP) to enhance network safety and enforce tiny segments in multi-cloud and hybrid infrastructures.

Configured and maintained the Illumio separation rules to control east-west internet traffic and reduce the possibility of attacks in cloud services and data center systems.

Developing advanced features and testing procedures in collaboration with Cisco TAC to quickly identify and fix complex network problems impacting Cisco Nexus switches.

Using the Cisco Nexus 9300, 9400, and 9500 switches to create and monitor backup plans that will minimize the impact of connectivity problems.

Set up IPsec VPN structures with Cisco routers to allow secure remote control of sites and protect data from unwanted access.

Develop adaptable and efficient network designs with Cisco routers 8100, 8200, and 8600 to guarantee seamless interaction with the organization's primary frameworks.

Created Python scripts to streamline SIEM tool log parsing, which resulted in a 40% improvement in safety incident verification and resolutions.

Working with user authentication, network separation, Cisco ISE, Radius, device targeting, device posture check, and device adherence.

Assisted IP address spaces, tracked subnet usage, and effectively used Infoblox IPAM for preparing for network expansion.

Configured and supervised virtual interfaces on AWS Direct Connect, ensuring private and secure connectivity for workloads requiring low-latency access to AWS.

Implemented AWS WAF (Web Application Firewall) to protect web applications from common web exploits, ensuring the integrity of content delivery.

Deployed and optimized AWS Cloud Front distributions, leveraging features such as signed URLs and cookies to maintain secure and regulated access to content.

Using thorough risk assessments and procedures to handle, evaluate, and report security events involving Cisco Firepower 4112 and 4115.

Set up and configured the Cisco Secure 3105, 3110, and 3120 firewalls, boosting network security and cutting down on unauthorized access efforts by 50%.

Working on the Cisco Meraki devices MX65, MX64, and MX68, routing and safety measures were executed this resulted in preferred programs and higher bandwidth usage.

Increased coordination and visibility across the safety ecosystem through the integration of ISEC with other safety protocols and administrative frameworks.

Gigamon, Santa Clara, CA Feb 2019 - July 2022

Network security Engineer

Responsibilities:

Implemented threat prevention features such as intrusion prevention system (IPS), antivirus, and anti-bot protection on Check Point firewalls to detect and mitigate security threats.

Configured Cisco ASA 5500-X firewall to filter traffic based on defined security policies, ensuring protection against unauthorized access and cyber threats.

Managed, deployed and Upgraded Endpoint Security (SEP, FireEye, CyberArk, McAfee), deployed and upgraded client to improve the security of all workstations.

Deployed Blue Coat ProxySG in transparent proxy mode to intercept and filter web traffic.

Experience in configuring and troubleshooting of Palo Alto PA-1410, PA-1420, and PA-3220 firewalls and their implementation experience in site-to-site and remote access.

Configured VPC (Virtual Port Channel), VDC (Virtual Device Context) in Nexus 9k, 7k/5k devices.

Worked on Great exposure to SDN and Network virtualization technologies like Cisco ACI.

Experienced on build out and manage the Windows/VMware Virtual and Cloud Infrastructures and integrate them with Cisco ACI.

Helped the team to configured and installed Viptela SD-WAN solution.

Helped the team to configure and install Meraki wireless switches devices.

Experienced in designing, coding, and troubleshooting iRules Executed the F5 LTM to deal with high traffic volume for L7 traffic on 2250 blade while Thunder 6630 using LTM chassis.

Worked on Configuration and Implementation of F5 Load Balance and F5 BIG-IP i7000 series / 1RU.

Configured DNS load balancing using Infoblox to distribute traffic across multiple servers and data centers by improving application availability and performance.

Developed and maintained ISec documentation, including policies, standards, procedures, and incident response plans.

Installation and configuration tasks for diverse router models including 800, 1600, 2500, and 2600 series, as well as the setup of various Cisco switch models such as 2960 and 3560.

Responsible for configuring IPsec VPN tunnels, IP communication and routing OSPF, EIGRP, BGP.

Configured Citrix NetScaler ADC to load balance web servers, distribute incoming traffic evenly, and enhance application performance.

Configured Solar Winds NPM to monitor network bandwidth utilization, alerting on network congestion and capacity issues before they impact user experience.

Conducted packet-level analysis in Wireshark to troubleshoot security incidents and detect potential threats such as malware infections and unauthorized access attempts.

In-depth understanding in implementing and configuring F5 Big-IP LTM 3600, 4200, 6950 and 8950 Load Balancers.

Integrated Cisco TrustSec with Cisco ISE to enforce access policies based on user identity, device type, and location, ensuring compliance with security policies.

Deloitte, India July 2016 - Jan 2019

Network Support Engineer

Responsibilities:

Integrated Cisco Security Manager with Cisco ACS Server 4.1, Bluecoat Cisco SSL VPN, Clean Access and ACS.

Worked on designed, configured, implemented site-site VPN between Cisco ASA 5500 firewall and Palo Alto Firewall.

Experienced on Implemented Site to Site VPN that involved IPSEC protocol between Cisco PIX, ASA, Routers, VPN Concentrators and other IPSEC compliant security devices.

Experienced for Configuration and troubleshooting of Firewalls.

Working experienced for Migration of Firewalls from PIX to ASA

Configuring and Troubleshooting Cisco PIX & Cisco ASA.

Worked on configuration and Administration of Cisco Routers 800, 1700 and Switches 2900, 3500

Experienced in Research and troubleshooting compatibility issues of Cisco devices with other Vendor products.

Experience in configuring and troubleshooting of static and dynamic routing protocols such as RIP v1/v2, EIGRP, OSPF, IS - IS BGP and MPLS.

Implement LAN protocols like STP, RSTP, VTP, VLAN and WAN protocols like Frame relay, PPP, port channels protocols like LACP, PAGP.

Contact this candidate