Security Engineer Palo Alto

Vikas Varka

Sr. Network and Security Engineer *+ Years of Experience

Phone: 612-***-**** Email: ************@*****.***

PROFESSIONAL SUMMARY

Extensive hands-on experience (7+ years) in designing, implementing, and managing advanced network and security infrastructures, ensuring high availability and reliability across complex environments.

Expert in safeguarding networks, systems, and applications from cyber threats, with proficiency in vulnerability management, threat detection, incident response, and security operations.

Deep experience with industry-leading firewalls such as Palo Alto, Fortinet, and Cisco, including firewall design, deployment, configuration, and administration.

Strong experience working with load balancers such as F5, NetScaler, A10, and VMware AVI, including configuration, troubleshooting, and optimization.

Expertise in working with Datacenter Switches such as Nexus 2K, 5K, and 7K, providing seamless connectivity and security across enterprise environments.

Excellent working knowledge of TCP/IP protocol suite and OSI layers, with the ability to diagnose and resolve complex network issues efficiently.

Proficient in Firewall Administration, Rule Analysis, Rule Modification, and implementing traffic filters using Standard, Extended, and Named access-lists.

Experience in configuring and troubleshooting IPSEC site-to-site VPN solutions, ensuring secure and reliable connectivity across remote sites.

Adept at deploying and configuring a wide range of security technologies, including firewalls (Palo Alto, Fortinet, Cisco), SIEM systems (Splunk, QRadar), IDS/IPS solutions, endpoint security, and cloud security platforms (Zscaler, AWS, Azure).

Proven experience in leading network and security migration projects, ensuring minimal downtime and a smooth transition.

Skilled in conducting risk assessments, vulnerability assessments, and security audits, ensuring compliance with industry regulations such as PCI-DSS, GDPR, and HIPAA.

Proven track record of leveraging security automation and orchestration (SOAR) platforms to improve efficiency and streamline incident response processes.

Extensive experience in managing and configuring firewalls and intrusion prevention systems (IPS), including products from Palo Alto, Cisco, and Fortinet, optimizing systems for performance and security.

Worked on vulnerability management and continuous monitoring of IT systems, leading teams to deploy and integrate tools like Nessus, Qualys, and Rapid7 for regular vulnerability scanning, patch management, and remediation.

In-depth knowledge of network protocols, cloud security, identity & access management (IAM), and advanced threat protection, ensuring that systems are designed to mitigate emerging threats.

Expertise in provisioning, trusted/target reconciliation, user/roles management, requests, adapters, scheduled jobs, Application instances, and design console for seamless security operations.

Hands-on experience working with Relational Database Management Systems, including Oracle, SQL Server, and PL/SQL, ensuring the integrity and security of critical data.

Expertly managed and configured Palo Alto Panorama for centralized administration of multiple Palo Alto Networks firewalls across large-scale enterprise environments, improving efficiency and policy consistency.

Designed, deployed, and maintained security policies across distributed firewalls using Panorama, streamlining policy deployment while ensuring compliance with corporate security standards.

Developed and maintained device groups and templates in Panorama, allowing scalable management of global configurations and ensuring standardized security posture across all network environments.

Proven ability to serve as the primary technical point of contact during project engagements, acting as a trusted advisor to clients while ensuring project deliverables and customer success.

Experienced in providing detailed documentation, including network diagrams, as-built configurations, and project deliverables.

Strong communication and collaboration skills, with the ability to manage multiple priorities in a fast-paced environment, maintaining a high level of professionalism and technical expertise.

Certifications:

CCNA (Routing & switching)

CCNP (Routing, Switching & Troubleshooting)

Palo Alto Certified Network Security Engineer (PCNSE)

F5 101

TECHNICAL SKILLS

Vulnerability Management:

Qualys, Nessus, OpenVAS, Rapid7 Nexpose

Security Tools:

Wireshark, MBSA, MS Visio, Apache, VMWare ESXi 3.5, VMware Server, Encase

SIEM

Splunk, Q Radar, LogRhythm

Firewall Solutions:

Palo Alto Networks (NGFW), Fortinet FortiGate, Cisco ASA, Cisco Firepower

Load balancer & Proxies

F5 BIG-IP, Citrix Net scaler, Zscaler proxies

Operating Systems

Ubuntu Linux, Red Hat Linux, Cisco IOS and Windows 7

Networking Protocols

TCP/IP, DNS, DHCP, HTTP, HTTPS, SMTP, SNMP, FTP, SFTP, SSH

IDM Product

Oracle Identity Manager (OIM) 11g

PROFESSIONAL EXPERIENCE:

Sr. Network and Security Engineer

Deloitte – US Jan 2023 – Present

Responsibilities:

Collaborated with application owners, network teams, DNS teams, and firewall teams to migrate applications from legacy NetScaler Load Balancer to F5 BIG-IP Local Traffic Manager (LTM), ensuring minimal downtime and smooth migration while adhering to best practices.

Designed, configured, and deployed virtual servers, pools, iRules, profiles, persistence, and monitors on F5 BIG-IP to match existing configurations from NetScaler, ensuring optimal performance and security.

Led the migration from BIG-IP 3600 to vCMP 5200v, utilizing Infoblox IPAM for dynamic assignment of reusable IP addresses, resolving address conflicts, and improving network management efficiency.

Successfully oversaw the design, implementation, and management of both on-premise and cloud-based network infrastructures (including Azure and AWS), ensuring high availability, scalability, and peak performance to support dynamic business environments.

Implemented fine-grained role-based access control (RBAC) on Panorama to manage administrative permissions, ensuring secure and auditable access to firewall configurations.

Configured and monitored Global Protect VPN settings via Panorama for remote user access, ensuring seamless connectivity and robust security for remote workforce operations.

Leveraged Panorama’s centralized logging capabilities to monitor, Analyze, and report on network traffic patterns, threats, and incidents across all managed firewalls.

Integrated Panorama logs with leading SIEM solutions (e.g., Splunk, QRadar) for enhanced threat detection, correlation, and compliance reporting.

Conducted regular audits of firewall policies using Panorama to identify redundant rules, optimize rule base, and ensure adherence to internal security standards and regulatory compliance (e.g., SOC 2, PCI-DSS).

Administered and maintained critical network devices including gateways, switches, firewalls, wireless access points, IDS/IPS systems, and IPSec VPN tunnels, ensuring security, stability, and compliance across global network environments.

Actively collaborated with cross-functional teams, including solutions architects and project managers, to influence and contribute to decisions regarding network technology strategies, hardware/software upgrades, and optimizations to meet customer requirements.

Conducted in-depth research into emerging technologies (SD-WAN, cloud security, AI-powered network management tools), evaluating their feasibility and impact on enhancing overall network performance, security, and resiliency for clients.

Engineered and configured secure hybrid cloud environments using Azure Virtual Networks (VNets), ExpressRoute, VPN Gateway, and load balancing solutions to enable seamless integration between on-premises and cloud environments, improving client operational efficiency.

Applied best practices in network security by configuring Azure Network Security Groups (NSGs), Application Security Groups (ASGs), Azure Firewall, and DDoS Protection to secure cloud resources and improve system performance.

Configured and managed Palo Alto NGFWs, FortiGate Firewalls, and F5 BIG-IP systems, optimizing firewall policies and traffic management to protect critical network infrastructure and mitigate security risks for clients.

Conducted regular vulnerability assessments using tools like Nessus, Qualys, and Rapid7 to identify, assess, and remediate security vulnerabilities across systems and networks, ensuring continuous monitoring and protection.

Utilized SIEM platforms (Splunk, QRadar) to enhance threat detection, collect log data from multiple security devices, and perform proactive incident response for client environments.

Led migrations from Cisco to Palo Alto and FortiGate firewalls, optimizing configurations and improving network security, ensuring minimal downtime and maintaining client satisfaction.

Led the implementation of security policies based on frameworks such as DIACAP, NIST, ISO27001, PCI-DSS, and HIPAA, ensuring compliance with industry standards, and worked with clients to meet regulatory requirements.

Acted as the primary escalation point for all network-related incidents, ensuring swift resolution of high-priority technical issues, including network outages, security incidents, and performance degradation.

Led the technical response to critical network events, managing incident communications with stakeholders, minimizing service downtime, and restoring operations in a timely manner, maintaining customer satisfaction.

Managed F5 BIG-IP modules for advanced traffic management, SSL offloading, and optimization of application delivery, ensuring seamless integration across systems.

Played an instrumental role in the successful implementation and maintenance of ISMS frameworks, supporting ISO 27001 and SOC 2 compliance for enterprise-level clients.

Configured and optimized Infoblox DDI (DNS, DHCP, IPAM) solutions, improving network security, domain resolution, and IP address management for customers.

Conducted security assessments and vulnerability scans, generating reports and providing recommendations for risk mitigation and compliance adherence, ensuring clients' environments remained secure and resilient.

Installed, configured, and managed Check Point security appliances (e.g., 1400, 1500, 5000, and 6000 series) to secure enterprise network environments, enhancing overall network security posture.

Configured and managed Check Point Security Policies and NAT rules via SmartCenter, ensuring secure communication between network segments and effective policy enforcement.

Configured Check Point VPNs, including site-to-site and remote access VPNs, using IPsec and SSL VPN technologies, ensuring secure communication across various geographies and cloud environments.

Implemented Check Point Threat Prevention Solutions such as Antivirus, Anti-Bot, IPS, and Application Control to proactively detect and mitigate threats across internal and external networks.

Ensured customer satisfaction by maintaining a high standard of professionalism, responsiveness, and technical expertise throughout engagement, acting as the primary technical point of contact for clients.

Led the implementation and migration of network security solutions, providing detailed documentation, including network diagrams, as-built configurations, and project deliverables to clients.

Stayed up to date with emerging technologies and trends in network security, leveraging new tools to provide strategic recommendations for improving customer environments and Mainline’s success.

Security Analyst

Infosys Ltd / Telstra Corp. Feb 2018 – Nov 2022

Responsibilities:

Provided advanced technical support for the configuration, troubleshooting, and optimization of network security devices, including F5 LTM and APM systems, ensuring robust perimeter defense and high availability.

Led vulnerability scanning and remediation efforts using tools like Nessus and OpenVAS, identifying critical vulnerabilities across the infrastructure, performing risk analysis, and applying necessary patches to mitigate security threats.

Integrated external threat intelligence feeds into SIEM platforms (Splunk, QRadar), enhancing threat detection and incident response, ensuring timely analysis of security events across the network.

Conducted comprehensive network security assessments and implemented corrective actions based on findings, ensuring compliance with industry standards such as PCI-DSS, HIPAA, and GDPR.

Managed firewall configurations (FortiGate, Cisco ASA, Firepower), including NAT/PAT, VPNs, and ACLs, ensuring the security of the organization's perimeter and internal networks.

Delivered expert-level troubleshooting and incident resolution for network security issues, minimizing downtime and restoring security services after high-priority security incidents.

Developed and maintained security policies and procedures for network security devices and firewalls, ensuring consistency and alignment with industry best practices and regulatory requirements.

Provided post-production support for identity governance solutions like Oracle Identity Manager (OIM) and SailPoint, ensuring the ongoing security and compliance of identity management systems.

Administered and monitored security solutions across on-premises and cloud environments, optimizing security posture and ensuring secure communication between hybrid network resources.

Led incident response for critical security events, investigating and resolving network breaches and security incidents, including working closely with internal and external stakeholders to mitigate risks.

Conducted regular security audits to assess network security vulnerabilities, delivering actionable recommendations for improving security frameworks, policies, and procedures.

Managed security device logs, event correlation, and conducted detailed analysis of security incidents using SIEM platforms to enhance proactive threat detection and risk mitigation efforts.

Collaborated with cross-functional teams to implement security automation solutions, increasing the efficiency and effectiveness of incident detection, analysis, and remediation.

Engaged in continuous learning about emerging threats, vulnerabilities, and security technologies, ensuring a proactive approach to cybersecurity risks and recommending innovative solutions to enhance security posture.

Supported the implementation of security frameworks (ISO27001, NIST) and provided guidance on security compliance during audits, ensuring that all organizational policies and procedures met security best practices.

Managed network access controls, ensuring that appropriate security policies were enforced across the network and that access to sensitive systems and data was restricted to authorized personnel only.

Contact this candidate