Security Engineer Network
Resume:
Sandeep Kumar Bommagani
Network Security Engineer
***********************@*****.***
SUMMARY:
6.2 years of experience in routing, switching, firewall technologies, systems administration, and troubleshooting.
Working experience in configuring and deployment of Palo Alto PA 7k, 5k, 4k, 3k, and 2k series firewalls.
Experience in installation and support of Nexus 9k (9504 & 9300), Nexus 5k (5455 & 5283), Nexus 3k (3200) and 2308 series data center switches.
Experience with configuring and troubleshooting Viptela SD-WAN devices on Vmanage, Vbond, Vsmart, and Vedges required for SD-WAN implementation.
Worked on installing, deploying, and configuring CISCO 5000, 6700, 7000, 8600, 9k, 10016, and 12000 routers with OSPF, EIGRP, BGP, MP-BGP, MPLS-VPN, DMVPN environments.
Experienced in troubleshooting and installing CISCO 3000, 4500, 6850, 7668, and 9000 switches along with VLAN, VTP, STP, NTP, SYSLOG, SSH, AAA, and HSRP switching concepts.
Designing and troubleshooting tasks concerning routers and switches, including Cisco routers 2600, 2800, 3800, 7200, and 7600 series, as well as Cisco Catalyst 2960, 3750, 4500, and 6500 series.
Working on experience in scripting Python and Ansible playbooks to enable automation.
Working in deployed and Administration on AWS Services CLI, EC2, VPC, S3, ELB Glacier, Route S3, Cloudtrail, IAM, and Trusted Advisor services & folders backups on Windows and Linux operating systems using Recovery Services Vault in AWS Resource Manager.
Worked on designing and developing network infrastructure with Silver Peak and calculated throughput, latency, and drop rate and experienced Meraki wireless device concepts.
TECHNICAL SKILLS:
CISCO Routers
920, 2900, 3668, 4500, 5k, 7668, 9k’s, 100016, 12000, OSPF, EIGRP, BGP, MP-8GP, MPLS-VPN, DMVPN
CISCO Switches
2960, 3750, 4500, 6500, 7668, 9k & Nexus 9504, 9300, 9000, 5000, 3000, 3200, 2308
Palo Alto Firewall
PA7k, 5k, 4k, 3k and 2k series firewalls, Configuration, Routing Configuration, App-ID, Content-ID, Decryption, User-ID, Site-to-Site VPN, HSRP, Security Profiles
Cisco ASA Firewall
ASA 5510, ASA 5512-X, 5550 Firewall Rules Configuration Using Cisco security Manager Client (CSM) create, modify, delete, and disable the rule based on the CRF
Cisco WSA (Proxy)
URL Whitelisting, Monitoring the Web traffic. Updating of white listing and black listing domains, Patches and signature updates, Cisco SMA
Cisco ISE
Add/remove network devices from the TACACS+ server, Create a username, and assign roles (read, read/write)
Switching Concepts
VLAN, VTP, STP, NTP, SYSLOG, SSH, AAA, HSRP
Professional Experience
Ohio Health, Columbus, OH Nov 2024 - Present
Sr. Network Security Engineer
Responsibilities:
Configured and maintained Palo Alto NGFWs (PA-2K, PA-3K, PA-5K, PA-7K series) for enterprise-level perimeter and internal security.
Implemented advanced Palo Alto firewall features (PA-5k, PA-3k, PA-500) such as User-ID, App-ID, and Content-ID for secure traffic management.
Experience in working with IPsec VPN, IDS/IPS, DLP, Application, and URL filtering on checkpoint firewall modules.
Configured Decryption Policies for SSL traffic to enable visibility and threat inspection of encrypted traffic.
Utilized Threat Prevention modules to detect and block malware, exploits, and C2 traffic across the network.
Implemented URL Filtering, Data Filtering, and Wildfire sandbox analysis to protect against phishing and zero-day threats.
Deployed, configured, and managed Fortinet firewall solutions, including FortiGate series (60, 200, 500, and 1000), ensuring robust security across network environments.
Configured advanced Fortinet firewall security features like IPS, application control, web filtering, and DLP to enforce security policies and minimize threats.
Analyzed and optimized Fortinet firewall rules to enhance performance, simplify rule structures, and align with security best practices.
Configured Cisco routers to function as DNS servers, delivering domain name resolution services to internal network devices.
Optimized the process of adding 41 network devices on SolarWinds and 22 network devices on PTRG to remotely monitor devices for providing quality service and status updates on new customers
Implementing and managing WDS, WSUS, DFS, NLB, RADIUS, DNS, DHCP, Active Directory, and VMware vSphere.
Worked on Zero Trust Expert (NSG’s, MS ATF, Guard core, Illumino, Palo Alto, Cisco, Pulse Secure, and VMware NSX) for On-Premise and Cloud digital Assets.
Integrated Panorama with firewall devices for centralized URL filtering and threat intelligence, improving efficiency across Palo Alto deployments.
Deployed Cisco routers with features like Network Address Translation (NAT) to provide IP address translation and enhance security by hiding internal network structures.
Configured Panorama’s Log Forwarding and External Services interfaces for seamless SIEM integration, enhancing threat detection and response.
Developed rollback plans to ensure secure reversion to prior Panorama 9.0 configurations if needed, supporting operational stability.
Experienced in configuring SolarWinds components such as Network Performance Monitor (NPM), Server & Application Monitor (SAM), and Network Configuration Manager (NCM) to monitor network health and manage configuration changes.
Configured and managed Netskope GRE and IPsec tunnels for optimized traffic redirection and secure cloud access across multiple branch locations.
Used Palo Alto templates to maintain consistent device configurations, reducing errors and supporting policy uniformity.
Worked alongside network design teams to deploy Cisco routers, with a focus on WAN connectivity, utilizing series such as Cisco 7600, 7200, 3800, and 2800 for remote branch locations.
Deployed and configured Aruba ClearPass virtual appliances (500, 5k, and 25k) for secure network access and user authentication.
Experienced in developing test scripts using Python and assorted proprietary software tools.
Monitored network traffic on Cisco Nexus switches (9000, 7000, 5000, 3000) using NetFlow and SPAN to enhance threat visibility and response.
Secured networks with Juniper SRX Series firewalls (SRX3400, SRX5400), protecting against unauthorized access and security threats.
Prepare capacity planning reports for bandwidth utilization on WAN interfaces using SolarWinds NTA.
Linked Cisco ISE with Active Directory and LDAP for streamlined user authentication and centralized identity management.
Integrated Cisco ACI with Virtual Machine Manager (VMM) domains like VMware vSphere or Microsoft Hyper-V, automating network provisioning and management workflows.
Building configuration for Juniper MX 2010 and MX 2020 routers with features like port security VLANS, VTP, and PVST+.
Set up monitoring tools and configured alerts for critical Active Directory events, ensuring proactive issue resolution.
Managed and enforced network and security policies across SD-WAN VIPTELA deployments, ensuring policy consistency and compliance.
Configured QoS policies in VIPTELA SD-WAN to prioritize bandwidth for critical applications, improving network performance.
Managed setup, configuration, testing, and monitoring of Cisco routers (800, 900, 1000, and 4000 series) and Catalyst switches (6000, 8000, and 9000 series).
Set up hybrid WAN in SD-WAN VIPTELA using multiple transport methods (Broadband, 4G/LTE) to optimize cost, performance, and resiliency.
Analyzed traffic patterns and addressed network issues in Cisco ACI using features like Application Network Profiles (ANPs) and Contracts.
Utilized Cisco ACI SDN architecture to reduce costs and automate IT tasks, enhancing scalability and visibility in data centers.
Integrated Cisco ACI with Layer 4-7 services (load balancers, firewalls, ADCs) to optimize network services and traffic.
Supported DNS, DHCP, and IP address management using Infoblox appliances, ensuring seamless IP management.
Maintained detailed network security documentation, including security policies, configurations, and audit reports.
Used Ansible to document all infrastructures into version control.
Developed custom scripts with Netmiko, Nmap, and Scapy to scan networks and identify potential security vulnerabilities.
Enabled access logging on AWS CloudTrail S3 buckets to monitor access requests and detect potential unauthorized access.
Conducted security assessments and vulnerability scans on AWS resources with AWS Security Hub and AWS Config, identifying and addressing risks.
Configured routing protocols (OSPF, BGP, EIGRP) and utilized route maps, distribute lists, and administrative distance for optimized routing.
Implemented router filters, ACLs, and prefix lists to control routing updates, enhancing network security.
Created Ansible playbooks for automated network configuration, reducing manual errors and supporting network consistency.
Developed Python scripts to automate troubleshooting, manage VLANs, update ACLs, and establish SSH connections with network devices.
Involved in several projects setting up builds using Jenkins, Ansible, Puppet, and Chef.
Employed Python for data encryption and decryption processes, supporting secure data transmission and storage across the network.
Charter Communications, Stamford, CT Feb2023 – Oct 2024
Sr. Network Security Engineer
Responsibilities:
Worked with Palo Alto Panorama's dynamic address groups and security rules to configure automated threat responses and adapt to real-time changes in network conditions.
Developed and implemented access control lists (ACLs) and firewall policies on Cisco routers to enforce robust network security measures and mitigate potential threats.
Configured, administered, and troubleshoot Palo Alto 5000 series firewalls and Panorama M100 management server.
Monitoring WAN traffic on router WAN interfaces using SolarWinds NetFlow Analyzer (NTA).
Experienced in handling and installing Palo Alto Firewalls and Integrated Palo Alto next-gen firewalls with overlay VMware NSX SDN network.
Designed & Integrated cloud networks using VMware NSX, VMware distributed firewall, HPC7000 chassis, Cisco Nexus 9Ks, and Brocade VDX platforms.
Developed security policies on the PA-5200 Firewall to control traffic between zones, specifying source, destination, services, and actions.
Established secure management access, including HTTPS, SSH, and user authentication, on the PA-5200 Firewall.
Creating/maintaining Network maps using SolarWinds Network Topology Mapper.
Configured and resolved issues with Cisco routers, spanning models 800, 2800, 2600, 3800, and 7600, employing protocols such as Static RIP, IGRP, OSPF, EIGRP, and BGP, and demonstrating proficiency in managing Cisco PIX devices.
Worked with Cisco ACI fabric networks, including Python automation. Worked on Great exposure to SDN and Network virtualization technologies like Cisco ACI
Involved in configuring and overseeing FortiGate firewalls, including policy creation, threat prevention mechanisms, and integration with security tools to enhance visibility.
Interacted with the team to deploy advanced security components on FortiGate Firewalls, including Intrusion Prevention Systems (IPS), Virtual Private Networks (VPN), and Web Application Firewalls (WAF), to fortify network asset protection.
Writing scripts to automate redundant network tasks on multiple network devices using SolarWinds Network Configuration Manager (NCM).
Managed FortiGate3000 series for carrier-grade security and implemented threat intelligence integration to stay ahead of emerging threats and vulnerabilities.
Integrated FortiGate3000, and FortiGate5000 series with other security solutions, such as FortiSandbox for advanced threat analysis, to bolster security posture and enhance threat detection capabilities.
Monitor, support, and implement virtualized environments and disaster recovery procedures for hosted applications and on-premises infrastructure-based VMware, utilizing resources such as Nimble, Netapp, Cisco Nexus, and SDwan devices.
Worked on AWS services like VPC, EC2 S3, ELB, Auto Scaling Groups (ASG), EBS, RDS, IAM, Cloud Formation, Route 53, Cloud Watch, Cloud Front, and Cloud Trail.
Involved in the implementation of data classification and tagging strategies to identify sensitive data within S3 buckets and apply appropriate security controls.
Maintaining network subnets (creating/modifying) using SolarWinds IP Address Manager (IPAM).
Helped in creating BDs in Cisco ACI that are mapped to Vlans in ‘Network’ centric migrations.
Orchestrated DNS migration projects using Infoblox, centralizing and standardizing multiple DNS environments to improve efficiency.
Wrote Python Code using Ansible Python API to Automate the Cloud Deployment Process for networking and CI/CD.
Implemented and configured various protocols on Cisco routers, including models such as 2800, 2900, 3600, 3900, and 7200 series, to optimize network performance.
Developed Python Modules for Ansible Customizations.
Used Ansible Playbooks to set up Continuous Delivery Pipeline. Deployed microservices, including provisioning AWS and Azure environments using Ansible Playbooks.
Maintained and created scripts in Python that assisted in pulling in the necessary data into Splunk to meet audit and reporting requirements
Supported team to implement IPsec's Perfect Forward Secrecy (PFS) to enhance encryption security by generating unique session keys for each session.
Experienced in QFX 5100, SRX 1500, 5400, and MX 480, EX 4300 Series Routers and Switches, Aruba wireless 7200 series and more.
Used Cisco ISE's TACACS+ (Terminal Access Controller Access Control Systems Plus) integration to provide centralized authentication and authorization for network administrators.
Collaborated with the team to automate network provisioning, configuration changes, and repetitive tasks on Arista switches (Secondary Datacenter) through scripting and APIs.
Leveraged the Cisco Application Policy Infrastructure Controller (APIC) to centralize policy management and orchestration for Cisco Nexus 9000 Series devices.
Provided support to establish optimized connections with third-party cloud providers using Cisco SD-WAN Viptela Cloud OnRamp, enhancing application performance for cloud-hosted resources.
Worked on the centralized Viptela vSmart controller to intelligently route traffic across the WAN, making it more efficient and cost-effective.
Utilized SD-WAN Viptela’s traffic engineering capabilities to prioritize critical applications and ensure Quality of Service (QoS) across the network.
Operated Cisco Nexus data center infrastructure, including 5000 and 7000 series switches.
Configured and deployed Cisco routers to perform functions at the Access, Distribution, and Core layers.
Experience in skillful deployment of Layer-2 technologies like VLANS, VTP, STP, RSTP, Inter-VLAN routing, VLAN Trunking, Ether Channels, VLAN access maps, and port security.
Review and ensure compliance with customer security policies and requirements for enterprise-levelnetworks specifically Firewall DMZ, ACL, VPN, IPSec, and several others.
Worked on Cisco Nexus data center infrastructure with 5000 and 7000 series switches (5548, 7010) including CISCO NEXUS Fabric Extender (2223, 2248).
Configured various advanced features (Profiles, monitors, iRules, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital certificates, executed various migration/upgrade projects across F5 and hands-on with F5 BIG-IP LTMs/EM.
Obtained knowledge while working on F5 BIG-IP devices to detect and mitigate distributed denial of service (DDoS) attacks, safeguarding network resources and application availability.
Implemented F5 BIG-IP 5000 series traffic management features (Content-based routing, SSL offloading, and connection pooling) to optimize the delivery of applications.
Developed Python scripts with APIs to gather network data and perform automated actions, such as retrieving device information and configuring firewall rules
ADP, Roseland, NJ Jan 2021 – Nov 2022
Network Engineer
Responsibilities:
Worked on centralized management of Cisco ASA (5506-X, 5508-X, 5516-X Series) Firewalls using Cisco Security Manager (CSM) or Cisco Firepower Management Centre (FMC).
Worked on Palo Alto PA-5050 series and installation (Application and URL filtering, Threat Prevention, Data Filtering).
Strong experience with Ansible for network configuration automation and management using built-in libraries.
Hands-on configuration and experience in setting up Cisco routers to perform functions at the Access. Distribution, and Core layers.
Worked on Ansible scripting to perform Network Automation in the infrastructure of Overlake Hospital.
Experienced in Palo Alto firewalls like PA-500, PA-3k, and PA-5k series firewalls and manage them via Panorama.
Monitor resource performance of network devices using SolarWinds Network Performance Monitor (NPM)
Managed Cisco ACI Tenants to provide isolated network environments within the ACI fabric, ensuring secure and efficient application deployment.
Used Cisco ACI’s traffic management features (QoS and bandwidth allocation), to prioritize critical applications and optimize network performance.
Utilized VLANs and firewalls to control traffic flow between segments, enhancing security controls and optimizing performance across diverse network environments.
In-depth knowledge of routing protocols and network security design and implementations for BGP, OSPF, EIGRP, MPLS, IDS/IPS, NAT/PAT, DNAT, SNAT, IPsec tunnels, VPN, Zscaler, FHRP, STP, PVST, RSTP, split tunneling, underlay and overlay routing, etc.
Worked on configuring Nexus 2000 Fabric Extender FEX which acts as a remote line card module for the Nexus 5000.
Integrated Palo Alto next-gen firewalls with overlay VMware NSX SDN network.
Wrote Python applications to allow users to query into Network and Load balancer devices without engaging the NOC or Network Engineering group and automated firewall upgrades to improve upgrades' accuracy, speed, and success.
Upgraded fast Ethernet, Layer 3 switched/routed LAN infrastructure by transitioning from Cisco 364 to Cisco 2811 ISR routers and migrating access level switches to 2950 and 3550 models.
Implemented advanced security features like content filtering, anti-virus scanning, and advanced malware protection on Cisco Meraki devices to enhance network security.
Experience leveraging SolarWinds tools to enhance network security, monitor traffic, and detect suspicious activities.
ADP, India Oct 2018 – Dec 2020
Network Analyst
Responsibilities:
Configure virtual interfaces to run multiple websites on a single host, and configure Apache on standard and non-standard TCP ports.
Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall
Involved in deploying and configuring Citrix NetScaler Load Balancer (intranet, internet) for public websites and provided support as necessary.
Coordinated with the security team to work on SIEM tools like Symantec end-to-end point for threat analysis and malware detection.
Provided technical assistance for LAN/WAN management & troubleshooting and complex customer issues.
Education:
Masters in Cyber Engineering/ May 2024/ University of Cumberland’s/ Kentucky
Contact this candidate