Security Engineer Data Center
Resume:
AMULYA KUNCHALA
SENIOR NETWORK SECURITY ENGINEER
***********@*****.***
SUMMARY:-
•6 years of IT experience in Network engineer role including configuring, implementing and troubleshooting of
Firewalls, routers, switches and load balancers.
•Proficient in managing firewall platforms including Palo Alto (PA-7000, 5000, 3000 series), Fortinet FortiGate, Cisco ASA, and Checkpoint, implementing advanced threat prevention, NAT, URL filtering, IPS/IDS, and HA configurations.
•Worked on Palo Alto PA-7k, PA-5k, PA-3k devices and implemented security policies, URL filtering, advanced threat detection, and IDS.
•Worked on FortiGate IPS to identify and block suspicious network traffic patterns, effectively mitigating potential threats before they could harm the network.
•Migrate and implementation of Cisco Nexus 9k, 7k, 5k and 3k core data center switches from OS version 5.2 to 7.0.
•Involved in monitoring and installation of Juniper MX-10008, MX-9800, MX-9200, MX-7600, and MX6300 and MX-4500 routers.
•Configuring & Managing LAN, WAN, VPN and Firewall of Juniper MX Routers for End Users and VLAN on Juniper EX series switch 2500, 4500.
•Experienced in worked on plan, build, deploy, and maintain ACI data center lab utilized by internal parties.
•Deployed and supported SD-WAN architectures using Cisco vManage, Viptela, and Silver Peak, improving cloud performance and simplifying multi-site WAN connectivity.
•Created and managed DNS zones in Azure, including public and private DNS zones to support various networking and application requirements.
•Experienced in F5 Load balancers such as a BIG-IP LTM and GTM modules.
•Implemented Zscaler Private Access (ZPA) to replace traditional VPNs and enable zero-trust access to internal applications.
Certifications:
• Cisco Certified Network Associate (CCNA)
• Cisco Certified Network Professional (CCNP)
TECHNICAL SKILLS: -
Firewalls
Palo Alto PA–7k (7050, 7000), 5k (5555, 5525, 5000), 3k, 2700, 1200, 800 & Checkpoint R – 81.20.M, 80.20.M2, 80.30, 77.30, 71, 70
LAN Technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, VLANs, VTP, STP, Cisco Prime
Communication Protocols
OSI Model, TCP/IP, OSPF, EIGRP, BGP, ARP, UDP, HDLC
Switching Protocols
LAN, VLAN, VTP, STP, RSTP, Ether-Channel, HSRP, L3 Switch and Inter-Vlan Routing & multi-layer switch
Security
ACL, NAT, VPN, Port Security
Routing Protocols
OSPF, EIGRP, BGP, Router Filtering, Static Routing
Juniper routers & switches
MX-10008, MX-9800, MX-9200, MX-7600, MX-6300 MX-4500 routers & EX-8400, EX 7100, EX-6600, EX-5300, EX-3600,EX-2100 switches
Operating System
Windows XP/7/10, Mac OS, Linux
PROFESSIONAL EXPERIENCE: -
General Motors, Detroit, Michigan March 2024 - Present Sr. Network Security Engineer
Responsibilities:
Planned and implemented new infrastructure in Data Center Implementing Security Solutions using Palo Alto PA-5000 (PAN-PA-5400-DPC-A, PA-5260) and PA-3000 (PA-3410, PA-3420 and PA3440 series).
Work for implemented URL filtering, Threat Prevention, User-ID, App-ID for inbound and outbound traffic on Palo Alto Firewalls.
Configured and managed Cisco Firepower Threat Defense (FTD) devices for next-generation firewall (NGFW) functionality, including traffic inspection, intrusion prevention, and URL filtering.
Designed and implemented VMware NSX for network virtualization, including micro-segmentation, DFW, and logical routing.
Integrated Aruba security solutions with cloud-based services (e.g., Aruba ClearPass Policy Manager) for advanced endpoint protection and policy compliance.
Integrated Terraform with version control systems (Git) and CI/CD pipelines for Infrastructure as Code (IaC) deployments.
Deployed and managed Viptela SD-WAN fabric to securely connect branch offices, data centers, and cloud environments.
Troubleshot and resolved issues related to ACI fabric, spanning-tree, routing, and policy enforcement using Cisco's diagnostic tools and telemetry data.
Designed and maintained Microsoft Azure and AWS cloud networking, including VPC, VNets, security groups, and cloud firewalls.
Integrated ACI with VMware vCenter to automate network provisioning and improve virtualization capabilities within the data center.
Implemented redundant LAN topologies with Layer 2/3 switching and routing to ensure high availability and fault tolerance.
Integrated Panorama with SIEM platforms (e.g., Splunk, QRadar) for enhanced visibility and incident response across the network.
Implemented high availability (HA) and load balancing configurations on FortiGate firewalls, ensuring continuous network security and minimal downtime in the event of hardware failures.
Configuring and managing Fortinet firewalls to establish secure connectivity between remote sites and external partners.
Worked with the configuration and monitoring of Juniper MX-10008, MX-9200, MX-7600, and MX-4500 series infrastructure.
Integrated Cisco ISE with Cisco ASA and VPN infrastructure to enforce user identity and access policies for remote access users.
Developed and maintained Terraform modules to manage cloud networking components (VPCs, subnets, route tables, security groups) in AWS and Azure.
Configured vSmart, vBond, and vManage controllers for orchestration, control, and management of SD-WAN infrastructure.
Deployed and supported SD-WAN solutions using Silver Peak and Cisco vManage, optimizing network traffic for cloud applications.
Configured posture assessments and compliance checks using Cisco ISE to ensure endpoint health before granting network access.
Implemented policy-driven automation using Cisco ACI's application profiles, ensuring simplified network provisioning and consistency across environments.
Configured and maintained ACI multi-site architecture to ensure seamless inter-site connectivity and high availability.
Developed and maintained automation scripts using JSON for data exchange and configuration management.
Resolved Router and Viptela SD-WAN tickets, focusing on agenda comprehension and performing PE and switch configurations as needed.
Coordinated with Infoblox and other vendors to manage support, software updates, and hardware procurement for Infoblox systems.
Implemented centralized logging and reporting via the Panorama log collector, enabling detailed analysis of security events and trends.
Utilized Python with Netmiko, Paramiko, and NAPALM libraries for remote device access, configuration management, and network diagnostics.
Managed and optimized F5 Load Balancers for application delivery and traffic distribution.
Involved in implementing Cisco ACI Spine and Leaf network that cater to the dynamic needs of modern data centers.
Played a key role in configuring and maintaining Cisco ISE profiling and endpoint identity services using Cisco Catalyst 9300 series switches for accurate device identification.
Worked on content compression techniques on F5 BIG-IP 4000 devices to reduce bandwidth consumption and accelerate content delivery.
Configured AWS CloudWatch, including EC2 and S3 services, and set up notifications for alarms triggered by defined events.
Managed AWS MFA (Multi-Factor Authentication) servers and Phone Factor solutions to enhance twostep security.
Involved in implementing Ansible playbooks for configuration management tasks, ensuring uniform configurations across network devices.
Implemented site-to-site and remote-access VPNs using Cisco ASA, enabling secure connectivity for remote users and branch offices.
Deployed and optimized Firepower Management Center (FMC) for centralized policy management, reporting, and event correlation across multiple Firepower devices.
Integrated VMware environments with network storage (iSCSI/NFS/SAN) and performed vMotion and Storage vMotion migrations with minimal downtime.
Deployed and managed Cisco ISE for network access control, implementing 802.1X authentication across wired and wireless infrastructures.
Implemented High Availability (HA) failover configuration on Cisco ASA to ensure firewall resilience and zero downtime during outages.
Implemented security policies and access controls using BIG-IP Access Policy Manager (APM) to authenticate users, enforce authorization rules, and protect applications from unauthorized access and attacks.
Monitored and assessed the internet-based efficiency of Cisco ISR 4221, 4331, and 4431 series routers using Cisco Prime Devices, proactive catching and fixing any possible issues.
Implemented segmentation using VPN instances in Viptela to isolate traffic between departments and ensure security compliance.
Integrated Python automation scripts with APIs of tools like Cisco DNA Center, vManage, and Nexus for dynamic policy updates and device inventory management.
Configured and managed Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zero Trust security frameworks.
MAXISIQ, Round Rock, Texas Sep 2022 – Feb 2024
Senior Network Engineer
Responsibilities:
Implemented robust authentication methods, including pre-shared keys (PSKs) and digital certificates, for IPsec VPN setups to ensure secure real-time user authentication and authorization.
Designed and optimized LAN/WAN architecture for high-performance and resilient connectivity.
Possess hands-on expertise in network protocols and technologies such as VLANs, BGP, OSPF, EIGRP, and QoS.
Managed Palo Alto Networks firewalls, including PA-3000, PA-5050, and PA-7050 series, to secure diverse network environments.
Configured and managed Infoblox DHCP scopes, DNS zones, and IP address spaces to support scalable enterprise network growth.
Configured Firepower NAT policies, routing protocols, and VPN tunnels (IPSec, SSL) to support secure remote access and branch-to-data center connectivity.
Designed, deployed, and managed Cisco ACI fabric to optimize network performance, scalability, and security across data centers.
Integrated Zscaler with identity providers (e.g., Azure AD, Okta) for SAML-based authentication and user policy enforcement.
Developed Python scripts to automate network device configuration, backup, and compliance checks across multi-vendor environments (Cisco, Juniper, Fortinet).
Deployed and managed Aruba ClearPass for network access control (NAC), including device authentication, role-based access, and policy enforcement.
Integrated Cisco ISE with Active Directory and LDAP for centralized identity management and role-based access control (RBAC).
Designed, configured, and maintained LAN and WAN infrastructures to support enterprise connectivity and application delivery across multiple sites.
Integrated Viptela SD-WAN with Cisco Umbrella and Zscaler for secure internet access and threat protection.
Developed and maintained custom security policies and rules on Palo Alto firewalls (PA-7000, PA5000, and PA-3000 series) aligned with organizational needs and industry standards.
Deployed and managed Palo Alto Networks Threat Prevention features, including IPS, antivirus, and URL filtering, to safeguard against advanced threats.
Contributed to strategic planning for network security using Palo Alto Networks technologies, aligning with business objectives and regulatory requirements.
Troubleshot SD-WAN overlays using vManage tools, including application-aware routing and control connection health diagnostics.
Deployed and maintained Panorama in both on-prem and virtualized environments for scalable firewall administration.
Deployed and maintained Fortinet firewalls (FortiGate 60, 100, and 1000 series) to ensure comprehensive network perimeter security.
Troubleshot complex network security issues related to Fortinet devices, ensuring high availability and minimal disruption.
Applied advanced subnetting, IP address planning, and TCP/IP stack configuration, ensuring seamless traffic flow and protocol interoperability across network segments.
Managed and configured Cisco Nexus 9000 series switches within ACI environments, ensuring optimal performance and reliability.
Configured and maintained Aruba Mobility Controllers and Access Points (APs) to provide secure, high-performance wireless networks across enterprise campuses.
Developed and enforced network security policies using ACI's micro-segmentation capabilities, isolating sensitive applications and mitigating potential threats.
Implemented and troubleshot Palo Alto Firewalls with Panorama for centralized management and security policy enforcement.
Configured and optimized Cloudflare Proxy/DNS for enhanced security and performance of web applications.
Managed and centralized firewall policies, objects, and configurations across multiple Palo Alto firewalls using Panorama.
Worked on configuring and managing DHCP (Dynamic Host Configuration Protocol) services using Infoblox, ensuring efficient IP address allocation and management.
Deployed and automated infrastructure using VMware for virtual networking, vSphere, and NSX configurations.
Monitored and analyzed network performance using tools like SolarWinds, Wireshark, and SNMP-based platforms, resolving latency, jitter, and routing anomalies.
Deploy and maintain enterprise class security, network and systems management applications within an AWS environment.
Administered Fortinet FortiGate firewalls and FortiManager for policy automation and enhanced security postures.
Worked extensively on F5 LTM sessions and manipulating session using iRule and configuring and maintaining Webtops and Portal Access.
Installing Juniper SRX 5800, SRX 5400, and SRX 4700 series firewalls will help businesses by providing total defense against intrusions and safeguarding countries.
Designed and managed Ansible roles and playbooks to streamline network device set up and administration, resulting for additional reliable and quickly configurations.
Configured, deployed, and managed Cisco Catalyst, Nexus, WLC, DNA, ISE, ASA, ACI, vManage, and IOS-XR for enterprise networks.
Configured, troubleshooted and resolved complex network issues within Arista switches 7300, 7368, and 7388 infrastructures, minimizing downtime and ensuring optimal network availability.
Hexagon, India Nov 2019 – July 2022
Network Engineer
Responsibilities:
Experience in Customer Support and new Customer Network & Link Implementation.
Experience in planning, implementation activities & maintenance activities.
Experienced for troubleshooting and timely resolution of faults/issues in an infrastructure network. Provide 24x7 operational supports for infrastructure networks.
Worked on managing & configuring Cisco Routers – 886, 1800, 1900, 2900, 3800, Series and Switch series 2950, 2960.
Deploying Terraform modules and scripts to achieve efficient and replicable infrastructure deployments.
Integrated the data from SOAR to Service Now, and captured that data in Service Now by creating a table.
Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture to have successful interaction with event sources to design, develop, and implement the solution
Experienced in Monitoring all the Links through Solar winds monitoring tools.
Worked on Routing Protocols such as BGP, IGRP, EIGRP OSPF and Routed Protocols such as TCP/IP.
Experience indifferent vendor coordination (Device vendors & ISP) Proper Documentation and Prepare a network diagram.
Education: Master of Science in Computer Science, SUNY University at Albany, NY
Contact this candidate