Network Security Engineer
Resume:
Sujisha Devineni
Senior Network Security Engineer
*******.****@*****.***
SUMMARY:
Over 8+ years of experience in Networking and security, widely in Network Security products and Firewalls.
Experience in configuring policies for the FortiGate firewall 4800F, customizing them to fulfill unique security needs, and verifying compliance with industry benchmarks.
Configured and fine-tuned firewall policies on Palo Alto PA-7050, PA-5420, PA-3260 devices, incorporating application and user-based rules for granular control.
Experience in Cisco ISR 1160, 1131, and 1120 routers, Cisco 2800, 3700 series switches, Physical cabling, IP addressing, Wide Area Network configurations (Frame-relay and ATM).
Possessing expertise in routing and switching protocols, with foundational knowledge of Nexus switches 7010, 9300, 9500, and 5600.
Implemented and managed Fortinet security solutions to enhance network security and protect against cyber threats.
Set up AWS VPC utilizing services such as AWS Direct Connect, AWS IAM, and AWS ACLs.
Implemented security policies within Viptela SD-WAN environments, safeguarding against potential threats and vulnerabilities.
Experience with configuring Virtual Server and Configuring Load balancing methods in F5 LTM.
TECHNICAL SKILLS:
Switches
Nexus Switches, Arista switches, Catalyst switches and Juniper switches.
Routing Protocols
OSPF, EIGRP, BGP, RIPv2, IS-IS, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.
Firewall
Fortinet (FortiGate) Firewall, Palo Alto Cisco Firepower, Checkpoint, ASA and Juniper SRX series.
Load Balancers
F5 Networks (Big-IP) and Viprion.
Wireless
Cisco Meraki, Aruba wireless.
Cloud Services
AWS Cloud (EC2, VPC, Route53) Direct connect.
Certifications:
Cisco certified Network Associate (CCNA)
Professional Experience
DTE Energy, MI Dec 2023 – Present
Sr. Network security Engineer
Responsibilities:
Configured and fine-tuned firewall policies on Palo Alto devices, incorporating application and user-based rules for granular control.
Deployed and optimized Wildfire, Palo Alto's advanced threat intelligence service, to identify and analyze unknown and malicious files.
Deployed IPsec VPN tunnels between multiple office locations and created secured channel over public channels and configured policies with AES encryption and Perfect Forward Secrecy (PFS) to maintain confidentiality.
Used Panorama, Palo Alto's centralized management tool, to streamline the configuration and monitoring of multiple Palo Alto firewalls PA-7080, PA-5250, and PA-3430 series from a single interface.
Configured and optimized Fortinet firewall policies to ensure secure data traffic management and improve network performance.
Utilized debugging tools and logs to troubleshoot and resolve issues with iRules, ensuring proper functionality and minimal impact on network performance.
Designed hybrid cloud architectures by connecting on-premises networks with Azure using VPN Gateway and ExpressRoute for secure, high-performance connections.
Proficient in using Unix tools like ping, traceroute, nslookup, and dig to diagnose connectivity issues.
Integrated Cisco ISE with various network infrastructure components such as switches, routers, and firewalls, ensuring seamless policy application and user authentication.
Developed and maintained adherence to company regulations and guidelines by using Palo Alto dashboards to track and maximize the efficacy of safety measures.
Developed Perl scripts to automate repetitive networking tasks, such as device configuration and management.
Integrated Fortinet products with existing IT infrastructure, reducing security risks and improving network reliability.
Led the development and deployment of secure and scalable payment solutions for digital transactions under NPC guidelines, enhancing payment efficiency.
Deployed and managed FortiGate Next-Generation Firewalls (NGFW) to provide comprehensive security for corporate networks.
Designed and executed comprehensive test cases for application and network-level vulnerabilities using tools like Nessus and Metasploit.
Configured and maintained Infoblox DNS and DHCP services to optimize network performance and reliability for internal and external applications.
Managed on-premises Palo Alto firewalls, ensuring optimal configuration and security.
Netmiko supports a variety of network devices from different vendors (Cisco, Juniper, Arista, etc.), making it versatile for multi-vendor environments.
Managed DNS records and DHCP scopes to streamline IP address allocation and ensure proper domain resolution.
Managed and maintained network device configurations using Ansible's version control features.
Configured troubleshooting and resolution of issues related to FortiGate firewalls, including models such as 4400F, 4200F, and 124D, in live environments to maintain uninterrupted operations.
Implemented Virtual LANs (VLANs) on FortiGate devices to effectively segregate and secure network traffic, optimizing overall network performance.
Developed scripts to automate the configuration of routers, switches, and firewalls.
Experienced with converting Cisco ASA VPN rules over to the FortiGate solution, Migration with both FortiGate and Cisco ASA VPN experience.
Familiar with dynamic routing protocols such as OSPF and BGP, having implemented OSPF in a multi-site network for efficient routing.
Implemented SSL offloading on Citrix ADC for secure application delivery, reducing server CPU load by 40% and improving response times.
Monitored network security logs and alerts to identify vulnerabilities and respond promptly using Fortinet solutions.
Designed and developed RESTful APIs for both internal and external services, following best practices for resource modeling, HTTP methods (GET, POST, PUT, DELETE), and status codes.
iControl APIs enable programmatic access to F5 devices, allowing for automation of configuration and management tasks.
Designed and implemented Azure Virtual Networks (VNets) to create secure, isolated environments for cloud-based applications and services.
Ensured all payment systems and processes adhered to NPCI's regulatory standards, including security protocols, compliance measures, and data privacy laws.
Utilized FortiCloud for centralized management and reporting for Fortinet devices.
Proficient in the layers of the TCP/IP model, including application, transport, internet, and link layers.
Hands-on experience in implementing layer 3 security through IPSEC tunneling, Access lists, NAT, PAT and preventing the layer 2 attacks like Mac flooding, VLAN hopping and DHCP snooping.
Integrated addressing issues in real-time scenarios, specializing in troubleshooting FortiGate firewalls to maintain continuous and reliable network operations.
Performed penetration testing and vulnerability assessments on network infrastructure to identify weaknesses (e.g., using Nmap, Metasploit).
Configured and maintained FortiGate security policies, including VPN, IDS/IPS, and web filtering, to protect against advanced threats.
Set up of FortiAnalyzer has been developed to provide proactively detection and response to safety-related incidents and dangers.
Paramiko allows for secure SSH connections to network devices, enabling remote command execution without manual intervention.
Conducted bandwidth, latency, packet loss, and throughput tests to assess network performance using tools like Wireshark, iPerf, and SolarWinds.
Managed hybrid WAN deployments by integrating MPLS, broadband, and LTE connectivity into the Viptela SD-WAN framework, ensuring reliability and security across varied network paths.
Configuring and optimizing vManage for centralized management of SD-WAN policies, templates, and configurations across distributed networks.
Worked on enhancing security features and encryption protocols for secure, real-time payment processing on NPCI platforms.
Utilized Perl’s powerful text processing capabilities to parse and analyze network logs for performance metrics and security events.
Developed a suite of shell scripts that facilitate the automated deployment of network devices and configurations.
Configured and managed site-to-site VPNs between on-premises environments and Azure using VPN Gateway for secure, encrypted connections.
Implemented authentication mechanisms such as OAuth2, JWT (JSON Web Tokens), and API keys to secure RESTful APIs.
Configured and deployed Cisco ASA 5540 firewall for internet Access requests for servers, Protocol Handling, Object Grouping.
Automated network device compliance checks and security audits using Ansible playbooks to ensure devices adhere to corporate security standards.
Implemented FortiAnalyzer for centralized log management and security event analysis across multiple devices in the network.
Worked with AWS to deploy and optimize SD-WAN Viptela solutions, crafting network infrastructure specifically designed for distributed cloud deployments.
Setup the administration of Bridge Domains in Cisco ACI, organizing and segregating endpoint devices logically within the network for improved security and streamlined traffic management.
Used F5 VIPRION's load balancing and traffic optimization functionalities to enhance user experience, reduce latency, and optimize application responsiveness.
Implemented iRules on F5 VIPRION platforms, customizing the behavior of the Application Delivery Controller to address particular needs effectively.
iControl can be integrated with other Python libraries and tools for enhanced functionality, such as logging, reporting, and notification systems.
Developed a comprehensive troubleshooting guide for common network issues on Unix systems, enhancing team response times.
Managed and optimized payment network operations to ensure smooth functioning of NPCI platforms, resulting in reduced transaction failures and faster processing times.
Transitioned to a hybrid environment integrating on-premises and cloud-based (Palo Alto SASE) firewall solutions.
Experience with VTP for VLAN configuration distribution across multiple switches.
Used iControl REST API along with scripting languages like Tcl or Python to automate regular tasks, simplifying F5 VIPRION setups and improving operational efficiency.
Implemented shell scripts to parse and analyze network logs for security auditing and performance troubleshooting.
Conducted network traffic analysis using FortiGate to optimize performance and mitigate security risks.
Configured a High Availability (HA) pair of Citrix NetScaler appliances to ensure continuous application availability, achieving 99.99% uptime during critical business operations.
Paramiko handles multiple sessions efficiently, allowing engineers to run commands on several devices concurrently.
Successfully deployed Citrix ADC in a hybrid cloud environment, ensuring seamless integration between on-premises and cloud-based applications.
Experience in configuring TCP/IP settings on routers and switches; for instance, set up VLANs to segment network traffic and enhance performance.
Integrated third-party RESTful APIs into existing applications, enabling seamless data exchange and functionality between systems.
Utilized FortiAnalyzer to generate actionable security reports and identify potential security incidents.
Implemented network automation workflows using Python and Ansible, streamlining repetitive tasks such as device provisioning, configuration management, and software updates.
Designed and managed VPN solutions with Cisco Secure 4225 and 3105 firewalls, ensuring secure internet-based for users from multiple locations.
Coordinated with banks, fintech companies, and regulatory bodies to drive innovation and ensure the smooth operation of NPCI products and services.
Kaiser Permanente, CA Aug 2022 – Nov 2023
Sr. Network security Engineer
Responsibilities:
Deployed and managed Palo Alto Network physical/virtual firewalls across private and public cloud infrastructures, as well as within data centers.
Integrated Palo Alto Wildfire to enhance advanced threat detection and analysis capabilities, bolstering the organization's response to sophisticated cyber threats.
Working with the Palo Alto PA-7020, PA-3410, and PA-5450 networks requires installing and maintaining firewalls, rules, and centrally managed security and reliability structures.
Configured FortiAnalyzer for real-time log monitoring, helping to detect and respond to threats proactively.
Developed and oversaw safety protocols on FortiGate firewalls, models 7081F, 6500F, and 4800F, to guarantee that safety protocols were followed and that threats were neutralized.
Implementing a thorough safety structure by combining Fortinet firewalls with DLP, safety procedures, and IDS/IPS systems.
Used FortiGate and other Fortinet tools to implement network segmentation and VLANs for better security and performance.
Deployed and configured Azure Load Balancer to distribute inbound and outbound traffic across virtual machines and services, improving availability and fault tolerance.
Automated firewall rule updates and audits through shell scripting to maintain security compliance.
There is a wealth of community resources and examples available for using iControl with Python, making it easier to get started and troubleshoot.
Set up FortiAnalyzer's track maintenance procedures to make sure that internal security policies and legal deadlines are followed.
Developed unit and integration tests for RESTful APIs using frameworks like Postman, JUnit, or Mocha/Chai to ensure functionality and reliability.
Managed traffic distribution between HA nodes, ensuring optimal load balancing and redundancy that improved overall application performance by 25%.
Paramiko can be integrated with other Python libraries and frameworks, enhancing its capabilities for network management and automation.
Configure FortiManager to monitor reviews and send out adherence upgrades that follow safety guidelines and requirements.
Implemented maintenance protocols for the Cisco ACI fabric to minimize downtime and maintain operational excellence.
Expertise in automating network tasks using orchestration tools like Heat, Ansible, and Terraform to streamline network provisioning, scaling, and management across cloud environments.
Developed encryption policies on Cisco ACI to secure data in transit and prevent unauthorized access to sensitive information.
Tested and validated TCP/IP, UDP, HTTP, DNS, FTP, and other network protocols to ensure proper communication and data transfer.
Deployed and managed Azure Firewall to filter and control traffic at the network perimeter, integrating it with threat intelligence feeds to block malicious traffic.
Utilized Cisco ISE's monitoring and reporting capabilities to track user activity, identify security incidents, and ensure compliance with corporate security policies.
Managed the deployment and administration of vEdge routers and vSmart controllers in the Cisco SD-WAN Viptela setup, guaranteeing efficient traffic management and dynamic path selection.
Configured and maintained policies on the Cisco SD-WAN Viptela platform, optimizing traffic prioritization based on application needs to enhance network performance.
Integrated training sessions to end-users on common SD-WAN challenges and recommended practices, leading to a decrease in support ticket frequency.
Configured performance tuning and optimization on F5 VIPRION models such as 2400, 4400, and 4800 to improve throughput and reduce latency for critical applications.
Integrated iRules with F5 Global Traffic Manager to deploy global server load balancing and DNS-based traffic steering solutions.
Administered Citrix NetScaler SDX platforms to deliver application services, improving resource utilization across multiple tenants and reducing overhead costs by 20%.
Integrated ACI with Cisco ASA and Firepower services for enhanced security, providing granular firewall and threat detection capabilities.
Implemented subnets, network hierarchies, and address blocks in Infoblox IPAM to improve visibility and control over network infrastructure.
Using F5 Viprion Load balancer in providing worldwide data and file sharing, continuous internet connectivity, optimized web performance.
Developed device data in actual time and produced reports using Netmiko, enabling proactive network administration and tracking.
Proficient in Azure Policy, Cost Management, and Azure Management Groups to govern, track, and optimize Azure resources.
Integrated FortiAnalyzer with FortiGate devices for streamlined network security visibility and incident management.
Improved network versatility and effective traffic control were made possible by the setup and deployment of MPLS systems using Juniper routers (MX104, MX240).
Configured and operated the Information Security Enforcement Console (ISEC), ensuring that safety rules were applied throughout the system right away.
It provides robust error handling, making it easier to manage exceptions and troubleshoot connection issues.
Provided support and troubleshooting for Cisco ISE-related issues, including user authentication failures, network access issues, and policy compliance checks.
Improving the safety of devices and enhancing the approaches to assessing robustness through increased Ansible responsibility.
Configured AWS CloudWatch alarms and metrics to monitor the performance and health of various AWS resources.
Performed protocol compliance testing using network analyzers to identify misconfigurations and security vulnerabilities.
Experience with Azure Virtual Machines (VMs), Azure App Services, Azure Functions, and Azure Kubernetes Service (AKS).
Used AWS Elastic Load Balancer to evenly distribute incoming traffic across multiple instances, improving application availability and fault tolerance.
Managed security groups to govern inbound and outbound traffic for AWS instances within Virtual Private Clouds.
Created and maintained comprehensive documentation for Infoblox deployment, configuration, and troubleshooting procedures.
Designed and implemented IPSec B2B VPN solutions to secure inter-organizational communication.
Setting up and maintaining Cisco Application Centric Systems and Cisco Nexus switches, which enable policy-based hardware and streamlined network administration.
Proficiency in configuring and managing Aruba OS and Instant AP environments, including setting up SSIDs, VLANs, and security policies.
Added cutting-edge safety precautions like URL filtering, AMP, and IPS to the Cisco Secure Firewall 3105 and 3110 to better defend against proficient online threats.
Created and implemented strict security measures for Cisco Firepower, SM-56, and 3xSM-56, which strengthened the network's defenses against numerous cyberattacks.
Developed to provide effective and secure connect frameworks in business settings by managing and configuring Arista switches 7170, 7170B, 7130, and 7280.
Integrating strategies to evaluate Cisco routers' adaptability and dependability in order to find and address security vulnerabilities.
Designed and executed the Cisco routers in the ISR 1160, 1131, and 1120 series, offering enhanced connectivity, enhanced routing, and enhanced dependability.
Verizon, NJ July 2020 – June 2022
Network Security Engineer
Responsibilities:
Experience in working with designing, installing and troubleshooting of Palo Alto firewalls PA-3220, PA-3250, and PA-3260.
Expertise in working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a flexible Access Solution for a datacenter access architecture.
Implementing Firewall Administration, Rule Analysis and Rule Modification using Checkpoint R71.
Configuring and maintaining Cisco ASA 5580-20, ASA 5540, ASA 5520, and ASA 5510 series firewalls.
Executed IOS upgrades on Catalyst 1900, 2900, and 3500 series switches, as well as 2500, 2600, and 3600 series routers.
Experience in Cisco-based routing and switching, adeptly utilizing routing protocols including BGP, OSPF, and RIP.
Experienced on working in panorama, Palo Alto user interface version 8.0.2 and VM-300 series firewalls.
Created and modified Firewall rules on Palo Alto VM-300 and Juniper SRX-240 devices.
Worked on configure and support Nexus 5548, 5596, 5010, 2020 and 9372 switches in a Fex based architecture.
Proficiency in configuring Virtual Networks (VNet), Load Balancers, Network Security Groups (NSG), Azure DNS, and VPN Gateway configurations.
Worked on Juniper routers, including the MX series (Juniper MX240, Juniper MX480, Juniper MX960) and Juniper SRX series (Juniper SRX 300, Juniper SRX550).
Worked in for the NextGen Datacenter Cloud Architecture, using Cisco ACI and Nexus 9K.
Working for Cisco ACI, NXOS and IOS, QoS, data center network design, cloud infrastructure design and management, OSPF, BGP, VLAN Trunking.
Netmiko helps automate configuration changes, reducing the risk of human error and saving time.
Configured and tested the ACI, distribute-list, prefix-list and route-map for on demand routing and use of sub-optimal timers and link aggregation for failover providers.
Configured and implemented Viptela devices and creating device and feature templates on vManage required for SD-WAN.
Implemented ISEC (Intelligent Security) solutions within the network infrastructure to enhance overall security posture.
Implemented and managed Infoblox DNS, DHCP, and IPAM (DDI) solutions to enhance network security and reliability.
Experience with migrating workloads to Azure using Azure Migrate, and managing hybrid cloud infrastructure.
Configured and maintained IPSec VPNs for secure communication between remote sites and central data centers.
Worked on AWS Security Hub and AWS Guard Duty to continuously monitor and detect security threats and vulnerabilities in AWS environments.
Worked on OSI network Protocol/layer; Ethernet, OSPF, EIGRP, IPv4, IPv6, TCP, IP, DNS, DHCP and SNMP.
Experience with using GTM, APM & LTM F5 component to provide 24*7 access to applications.
Capgemini, India. May 2017 – June 2020
Network Engineer
Responsibilities:
Maintained and Troubleshoot IP connectivity problems using PING, and Trace route utilities and packet capture tools such as Wireshark.
Configured and administrated Cisco routers 7200/3900/2900 as well as Cisco Switches 6500/3750/3550.
Configuring various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
Experienced in converting Cisco ACE load balancer to F5 LTM load balancer in data center environment.
Maintained secure connection using SSH and making MD5, Plain text in routing protocols like EIGRP, OSPF, RIP, HSRP, VRRP, GLBP.
Monitored Real-time network devices using Solarwinds Network monitoring tools orion.
Worked on PHP, Perl, Python, Shell scripting, Cisco Internetwork Operating Systems (IOS) and Red Hat/centos/Kali.
Designing and installing new branch Network systems. Resolving Network issues, running test scripts and preparing Network documentation.
Involved in design and implementation of Data Center Migration, worked on implementation strategies for the expansion of the MPLS VPN networks.
Expertise in Migration of Firewalls from Nortel Connectivity to ASA, ASA to Checkpoint, Checkpoint to Palo alto and Vice Versa.
Managed network connectivity and network SSL Security, between Head offices and Branch office.
Having experience in Bluecoat proxy server’s firmware upgrade, URL filtering and content filtering.
Education
Bachelors in Computer Science CRR College of Engineering - India.
Master’s in Computer Science Kennesaw State University.
Contact this candidate