Network Engineer Data Center
Resume:
Praharshini Vemula
Senior Network Engineer
**************@*****.***
SUMMARY:
Having 5.2 years of experience in Networking, firewall, routers, switches and protocols.
Experienced in managing multi-vendor firewalls (FortiGate, Cisco, Palo Alto), including security policy creation, NAT configuration, and subnet additions within existing object groups.
Proficient in implementing, configuring, and troubleshooting SD-WAN solutions across platforms such as Meraki, Palo Alto, and Silver Peak.
Configured and maintained enterprise-level routing and switching architectures using Cisco Catalyst, Nexus, and Arista platforms across LAN and data center environments.
Hands-on experience with Wireless LAN Controllers (WLC), including Aruba 7200 series and Cisco 5000 and 3000 series, as well as routers (Juniper J2320, SRX300, SRX320, SRX340, and Cisco ASR/ISR) and Cisco Catalyst switches (3850, 3560, 3650, and 9300).
Collaborated with vendors to manage RMAs, TAC cases, and troubleshoot WAN/LAN issues, ensuring prompt issue resolution and clear communication.
Designed and deployed Cisco ACI spine-and-leaf architecture to enhance data center virtualization and network efficiency.
Designed and implemented APM policies. Deployed F5 GTM/DNS. Configured Wide IPs, pools, and load balancing methods to optimize DNS resolution. Integrated GTM with DNSSEC to enhance security and mitigate DNS spoofing attacks.
Configured and optimized routing protocols such as BGP and OSPF within SD-WAN Viptela environments for improved network performance.
Managed IP addressing and subnet allocation (both static and DHCP), including scope creation, MAC binding, and DNS record management for network devices.
Well-versed in routing protocols, including RIP, EIGRP, OSPF, and BGP.
Utilized Python for data validation and automation, streamlining network operations and improving data accuracy.
Assisted in managing and deploying iRules on F5 BIG-IP devices (BIG-IP 5400, 7400, and 10400), tailoring traffic flow to meet application-specific requirements.
TECHNICAL SKILLS:
Firewalls (CISCO, Palo Alto, Cloudflare and Fortinet)
Fortinet (FortiGate) Firewall (1000F, 2600F, 1800F) Palo Alto (PA-850, PA-3420, PA-5260), Cloudflare, Cisco Firepower, ASA’S and Juniper SRX series.
Routing & Switching
Juniper EX2200, EX2900, EX3300, EX3550, EX4500, EX6200, EX6509 EX8550, EX9250 switches and MX1600, MX2600, MX2800, MX3600, MX4400, MX6400, MX7300, MX9600, MX 10008 routers and Cisco ISR 1101, 1109 and ASR 1001, 1006
Data Center Switches
Nexus 9k, 7k, 5k, 3k with ACI fabric
SD-WAN
Viptela SD-WAN, V-Manage, V-Smart, V-Bond & V-Edge
Cloud Platform
Azure, VPC, RDS could security
Load Balancer
F5 BIG-IP 4200 LTM to 5250 VCMP, APM, AFM,LTM, GTM, v.11.4.1 to v.11.5.3 and VIPRION 2100 (A109), Chassis 4400
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.
Network Management
SolarWinds, Wireshark, SNMP and Tcpdump.
Professional Experience:
BNY Mellon, NY Dec 2023 - Present
Sr. Network Engineer
Responsibilities:
Worked on specifying the criteria for traffic matching in Palo Alto, including source and destination IP addresses, ports, protocols, and more.
Configured and managed Palo Alto PA-7k, PA-5K and PA-3k devices and implemented features like custom threat signatures, URL filtering, QoS (Quality of Service) policies, and identity-based policies to enhance security and network performance.
Conducted testing and validation of the new PA-5000, PA-3000 series firewalls, verifying that security policies, NAT rules, and VPN configurations were fully operational and met performance expectations.
Implemented load balancing policies for both Layer 4 and Layer 7 applications using advanced monitoring techniques, including health checks, custom monitors, and priority-based failover.
Applied network security best practices by configuring SSL profiles, DoS protection, and traffic inspection policies on F5 devices to safeguard internal and external applications.
Configured and managed F5 BIG-IP LTM and DNS (GTM) appliances in enterprise environments to ensure high availability, global traffic distribution, and optimized application performance.
Configured and optimized LTM policies, virtual servers, pools, and health monitors to ensure high availability and load balancing.
Deployed and maintained F5 GTM/DNS to enable global traffic distraction and ensure redundancy across multiple data centers.
Integrated APM with Active Directory (AD), RADIUS, and SAML authentication for centralized user access management.
Implemented change management processes within Panorama to track, document, and approve firewall policy modifications.
Configured WildFire WF-500 to analyze incoming files for advanced threats, improving detection rates for malware, ransomware, and zero-day exploits.
Configured automated threat responses in PAN-OS 10.2, reducing incident detection and response times by 40%.
Supported Aruba switching and wireless solutions, optimizing wireless coverage and integrating with RADIUS for secure enterprise authentication.
Deployed and managed Silver Peak SD-WAN infrastructure to enable intelligent path control, application-aware routing, and improved WAN performance across distributed sites.
Optimized application delivery over wide area networks by implementing and maintaining Riverbed WAN Accelerators, reducing latency and improving throughput for cloud and on-prem applications.
Led troubleshooting and performance tuning of core WAN and LAN connections, using routing protocols such as OSPF, BGP, and EIGRP to maintain high availability.
Developed custom scripts and automation workflows to provision, scale, and manage Cisco ACI Spine and Leaf components as per evolving business requirements.
Implemented Leaf-Spine topologies with Cisco ACI to provide low-latency, high-bandwidth connectivity for data center workloads, supporting virtualization and cloud integration.
Worked on integrating solutions such as firewalls, IDS/IPS and SIEM platforms with Cisco ACI 96 architecture, ensuring threat protection and compliance enforcement.
Worked on escalations and activates new turn up for new clients and advance troubleshooting for the SDWAN deployment in both ISP and network infrastructure on both versa and cisco viptela SDWAN Solution.
Configured and managed SIEM solutions to correlate, analyze and respond to security incidence.
Deployed and turned F5 Advanced WAF to protect web applications. Integrated WAF logging and event monitoring with SIEM tools for proactive security analytics and incident responses.
Configured F5 AFM to enforce network firewall rules, DDoS mitigation, and rate-limiting policies to protect against volumetric effects.
Worked on New Product Development team and responsible for User Acceptance Testing (UAT), SDWAN, Viptela, versa and Meraki.
Proficient in AWS services like VPC, EC2, S3, ELB, Auto Scaling Groups (ASG), EBS, RDS, IAM, Cloud Formation, Route 53, Cloud Watch, Cloud Front, Cloud Trail.
Converted to BGP WAN routing. Which will be used to convert WAN routing from OSPF to BGP OSPF is used for local routing only which involves new wan links.
Worked on OSPF, BGP DHCP Profile, HSRP, IPV6, Bundle Ethernet implementation on ASR 9k redundant pair.
Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network.
Configured edge routing policies on SD-WAN vEdge1000 and vEdge2000 devices, ensuring efficient traffic routing based on application type, quality of service (QoS).
Optimized network connectivity by leveraging SD-WAN Viptela technologies, enhancing the performance and reliability.
Used VIPTELA’s SD-WAN features to prioritize critical applications and improve the overall user experience.
Configured and maintained Cisco router models (ASR 902, 907, 914 and ISR 1120 and 1131) series.
Worked on OSI network protocols and layers, including Ethernet, OSPF, EIGRP, BGP, DNS, DHCP, GTP, HTTP, SSH, SNMP and Frame Relay.
Configured MFA for AWS IAM users and enhanced the security by adding an additional layer of authentication.
Designed and managed security groups and network access control lists (NACLs) to control inbound and outbound traffic to EC2 instances.
Integrated proxy servers with various authentication methods, including LDAP, Active Directory, or RADIUS and enforced user-specific web access policies and track user activity.
Worked on Administering Active Directory services, including user and group management, ensuring proper access control and authentication.
Deployed Cisco ISE for comprehensive network access control and policy enforcement.
Involved and implemented INFOBLOX DNS security solutions to protect the network against DNS-based threats.
Deployed security features such as MAC limiting, DHCP snooping, and Dynamic ARP inspection (DAI) to fortify network security on Juniper EX switches.
Worked on Ivanti Pulse Secure’s (ISEC) NAC capabilities to enforce security compliance for endpoints connecting to the network
Worked on scripting and automation of routine tasks using shell scripts in Bash, Python, or other languages
Used Python for log analysis, parsing log files, and extracting relevant data for security incident investigation.
Involved in working on developing and managing security policies using Illumio.
Integrated containerization technologies like Docker and Kubernetes (K8s) into the CI/CD pipeline, enabling the deployment of network management tools as containerized applications.
Developed Ansible playbooks to periodically back up network device configurations, enabling quick restoration.
Contributed to the development and documentation of best practices and standard operating procedures for the configuration and management of F5 BIG-IP i2000 series devices.
CVS Health, RI Jan 2022 – Nov 2023
Network Engineer
Responsibilities:
Configured and managed GlobalProtect VPN on PA-5060 and PA-3060 firewalls, ensuring secure remote access while maintaining confidentiality and integrity. Partnered with the Security Operations Center (SOC) to analyze and respond to security incidents using Palo Alto Networks' logging and reporting tools.
Deployed and maintained vulnerability assessment tools like Tenable Nessus, Qualys, Rapid7 for proactive identification of security weakness.
Performed firewall software upgrades and patch management on the PA-5060, ensuring the firewall was consistently updated with the latest security features.
Conducted post-deployment testing and validation to assess the effectiveness of security policies and identify optimization opportunities. Created comprehensive documentation detailing the PA-5060 deployment process, configurations, and maintenance procedures.
Used Prisma SD-WAN SASE’s security features, such as SSL decryption, threat prevention, and data loss prevention, to safeguard sensitive information.
Implemented scaling strategies and optimizations within Prisma Access and Panorama, ensuring efficient use of resources and optimal performance across distributed networks.
Worked with FortiGate 2600, 1800 firewalls, implementing and fine-tuning security policies on the FortiGate 6300F to balance robust security with optimal network performance.
Enhanced network security on Cisco Nexus switches by implementing Access Control Lists (ACLs) and port security measures. Provided IT staff with training and documentation on Cisco Nexus switch configurations, best practices, and troubleshooting.
Troubleshot complex application delivery issues by analyzing logs, statistics, and session persistence behavior, reducing MTTR and improving service reliability.
Managed Cisco Nexus 7700 and 7000 series modular chassis, leveraging features like Virtual Device Context (VDC) and support for Data Center Interconnect (DCI) solutions for high-speed switching and network virtualization.
Configured DNS forwarding and resolution policies in Infoblox to optimize DNS query performance and ensure reliable name resolution.
Installed, deployed, and configured Nexus 5k and 7k switches in data centers.
Configured VLANs on multiple Catalyst switches and provided troubleshooting for TCP/IP network issues. Administered Frame-Relay networks and other network infrastructures.
Automated routine network tasks, such as VLAN provisioning, ACL updates, and device backups, using Ansible modules and playbooks. Integrated Ansible with network APIs to streamline communication and data exchange between Ansible scripts and network devices.
Integrated Azure DDoS Protection with Azure Application Gateway to safeguard applications from distributed denial-of-service attacks, ensuring availability and performance.
Implemented and managed authentication and authorization mechanisms using Active Directory, including Single sign-on (SSO) and multi-factor authentication (MFA).
Worked in optimizing DNS and DHCP performance using Infoblox features such as caching, performance tuning, and load balancing, ensuring efficient and reliable service delivery.
Configured, managed ISEC security devices and implemented access control mechanisms, including user authentication, authorization, and role-based access control (RBAC), to ensure secure network access.
Used Splunk Search Processing Language (SPL) and Regular expressions to filter Firewall logs AIX TCP/IP DCT team works on Security Vulnerability issues, customer reported PMRs, internal defects and features on TCP components. Work on new enhancements includes FRS, Design Doc and coding.
Designed ZTNA and cloud IAM policies to enforce least privilege access and secure hybrid/milti-cloud environments.
Deployed security features such as MAC limiting, DHCP snooping, and Dynamic ARP inspection (DAI) to fortify network security on Juniper EX switches.
Configured and managed Juniper EX Series switches for enterprise networks.
Implemented and maintained VLANs, spanning tree protocols (STP, RSTP, MSTP), link aggregation (LACP), and virtual chassis setups.
Implemented Quality of Service (QoS) policies on Cisco routers to prioritize critical applications and optimize bandwidth usage.
Involved in developing custom dashboards and reports using F5 BIG-IQ Centralized Management Platform to provide real-time visibility into VIPRION performance metrics, application traffic patterns, and security events.
DXC Technologies, India Dec 2019 – Nov 2021
Jr. Network Engineer
Responsibilities:
Resolved Checkpoint issues related to Site-to-Site VPNs and performed upgrades on all IP series firewalls from R70 to R71.
Optimized Check Point firewall performance by identifying and eliminating redundant security policies to enhance policy lookup efficiency.
Deployed and administered Cisco ASA firewalls, including the Cisco ASA 5500-X Series (5506-X, 5508-X), to establish secure network environments.
Led the migration of traditional remote sites to Viptela SD-WAN using ISR routers, enabling resilient connectivity via MPLS and the internet.
Implemented cloud security controls for AWS, Azure, and GCP to protect workloads, data and access.
Integrated IPS logs with SIEM for advanced correlated and real time threat monitorings.
Hands-on experience with Cisco routers (3600, 3800, ASR 1002, 1006) and Cisco Catalyst switches (2900, 3570, 4500).
Provided technical leadership on network architecture best practices, AWS services, and integration methodologies to drive organizational collaboration.
Conducted network packet analysis using Wireshark, Ethereal, and Sniffer for troubleshooting and performance optimization.
Installed and maintained Cisco 7500 and 7200 backbone routers, incorporating HSRP and routing protocols like EIGRP and OSPF.
Troubleshot network connectivity issues using PING and Trace Route for effective diagnostics.
Worked extensively with networking concepts and routing protocols, including RIP, BGP, EIGRP, OSPF, and LAN/WAN technologies.
Leveraged Netscout and Wireshark for enterprise network monitoring and configured F5 BIG-IQ, BIG-IP Application Security Manager, Advanced Firewall Manager, and BIG-IP DNS, GTM/LTM, ASM, AFM, and HTTPS for F5 BIG-IP 3900 and 6900 platforms.
Education:-
Masters in Concordia University Saint Paul, Minnesota, 2023
Bachelor in Computer Science, 2019 - INDIA
Contact this candidate