Post Job Free
Sign in

Security Network engineer

Location:
Hicksville, NY
Salary:
65/Hr
Posted:
May 10, 2025

Contact this candidate

Resume:

Shivaram T

Sr. Network Security Engineer

********.*****@*****.***

+1-516-***-****

Professional Summary:

Dynamic and detail-oriented Network Security Engineer with 9+ years of hands-on experience delivering enterprise-grade perimeter security across telecom, financial, and public sector environments. I specialize in firewall re-architecture, Juniper and F5 migration, PCI-DSS compliance, and secure hybrid cloud implementations. Adept at managing complex firewall infrastructures (Juniper Net Screen/Junos OS, Palo Alto, Fortinet, Cisco ASA) and optimizing F5 BIG-IP LTM/GTM systems to ensure high availability, scalability, and application-layer security. Proven track record in Zero Trust policy design, Azure security integration, and automation using Python and Ansible.

Configured Fortinet FortiGate v7 VPNs, high-availability clusters, deep inspection profiles, and web filtering. Performed SSL decryption, session timeouts, and redundancy testing.

Integrated Juniper MX480 and SRX320 platforms for MPLS v3, EVPN, and IPSec termination. Managed route filtering, prefix lists, IDP signatures, and Netconf/PyEZ automation.

Developed Python scripts for BGP/OSPF neighbor health monitoring, SNMPv3 trap parsing, and REST API Integration v3 to push alerts to Splunk and Slack.

Managed DNS, DHCP, and IPAM using Infoblox v8.3 with dynamic record creation, failover delegation, and integration with Terraform and Ansible automation.

Conducted DR/HA testing using F5 BIG-IP v14.1, Citrix ADC v13, ASA 5525-X, and FortiGate v7. Validated BGP failover, tunnel re-establishment, and I Rules session persistence.

Supported DNS, DHCP, and DDI using Blue Cat, Microsoft DNS, and Infoblox v8.3. Reduced resolution latency across multi-site deployments using zone delegation.

Enforced Zero Trust v3 with Armis, Cisco ISE v3.0, and FortiGate v7 across OT/IoT and ICS devices. Applied asset fingerprinting, network zoning, and agentless segmentation.

Delivered IT/OT security using Cisco Cyber Vision, Nozomi Networks, Armis, and Juniper SRX firewalls. Built policies to protect medical, manufacturing, and critical control systems.

Configured application-aware DLP and data protection using Microsoft Purview, Proofpoint, and Venafi. Supported PCI-DSS, HIPAA, NIST, and FFIEC compliance with logging and audit trails.

Deployed cloud-native networking in AWS (Transit Gateway, Direct Connect), Azure (VNet Peering, NSGs), and GCP (VPC Peering, Interconnect) while capping cloud tool mentions to 4 per platform.

Applied SASE frameworks using Zscaler, Prisma Access, and Cato Networks for secure edge delivery. Integrated Zero Trust v3 policies with user/device posture.

Built automation pipelines in Jenkins and Git with rollback versions for Terraform v1.1 and Ansible v2.9. Validated configs pre-deployment using dry-run and template audit steps.

Designed multicast environments with PIM, IGMP snooping, and low latency tuning for 5G edge, IoT devices, and broadcast streaming workloads.

Familiar with Forward Networks, Net Brain, and Gluware for policy compliance, network intent validation, and DR topology visualization.

Delivered public safety solutions including E911 routing, ANI/ALI, ACD, and NG9-1-1 infrastructure. Enabled QoS v6.1 for voice/video call priority over MPLS v3.

Enforced firewall protocols with Cisco ASA, Palo Alto, FortiGate, and Checkpoint across TCP/UDP ports 443, 22, and 161 for remote access and SNMP/Syslog.

Mentored junior engineers, led RCA sessions, and participated in architecture reviews across network security and compliance zones.

Created documentation including Visio diagrams, cable layouts, subnet allocations, and runbooks for all major environments. Maintained Git-based version history.

Technical Skills:

Category

Skills and Technologies

Network Architecture and Design

High-availability network infrastructures, VPC, F5 Big-IP load balancing, SD-WAN (Cisco Viptela, Silver Peak), MPLS, VPN (IPSec, SSL), VXLAN, PBR, QoS, BGP, OSPF, EIGRP

Cloud Technologies

AWS (Direct Connect, Transit Gateway, WAF), Security Groups, NACLs, VMware NSX-T, Cisco ACI, Azure Virtual Network (VNet), ExpressRoute, Cloud-based failover

Network Security

Palo Alto, Fortinet, Cisco Firepower, Juniper Net Screen & Junos OS, Palo Alto PA-series, Fortinet FortiGate v7, Cisco ASA, Checkpoint R80.30

Zero Trust Security Framework, Cisco ISE, NAC, MFA, IPS, IDS, Network Security Audits

Routing Protocols

BGP, OSPF, EIGRP, MPLS, VLANs, STP, Port Security, Nexus/Catalyst

Automation and Scripting

Python, Ansible, Terraform, Network Automation, Configuration Management, Compliance Enforcement

Network Monitoring and Troubleshooting

Splunk, SolarWinds, PRTG, Wireshark, Kentik, Thousand Eyes, Network Traffic Analysis, Performance Tuning, Microsoft sentinel, SNMPv3, NetFlow

Compliance and Regulations

PCI-DSS, ISO 27001, NIST

Disaster Recovery and High Availability

BGP Failover, Dual-homed ISPs, Cloud-based failover, High-availability Configurations, Load Balancing, Disaster Recovery Planning

Load Balancing and Traffic Optimization

F5 Big-IP (LTM, GTM), Citrix ADC, QoS, Traffic Distribution, Global Load Balancing, I Rules, SNAT, SSL offloading

Wireless Networking

Cisco WLC, Aruba ClearPass, Wireless Access Points, RF Optimization, Hybrid Workforce Connectivity

Network Segmentation

VLANs, Micro segmentation (VMware NSX, Illumio), Network Segmentation Strategies

Cloud Services and Integration

AWS (Direct Connect, Transit Gateway, WAF), Security Groups, Azure (VNets, ExpressRoute), Cloud-hosted Applications

Collaboration and Support

Cross-functional Collaboration, IT Security Teams, Network Issue Troubleshooting, Junior Engineer Mentorship

API and Third-party Integration

API Connections, Integration with Third-party Services (Cloud-based APIs, Security Integrations)

Network Device Management

Cisco (Nexus, Catalyst, ASA), Juniper, Palo Alto, Fortinet, F5 Big-IP, Cisco WLC, Aruba ClearPass, Citrix ADC, Cisco AnyConnect, Zscaler ZPA

Performance Optimization

F5 Big-IP, QoS, VPN Optimization, Site-to-Site Connectivity, Traffic Flow Management

Certifications:

CCNA (Cisco certified network Associate)

Professional Experience:

DTCC (Depository Trust & Clearing Corporation), Jersey City, NJ Apr 2023 – Till Date

Sr. Network Security Engineer

Responsibilities:

Engineered low-latency trading networks with BGP v4 (RFC 4271 / Protocol 179), OSPF v2 (RFC 2328 / Protocol 89), and MPLS v3 routing over Cisco Nexus v9k and ASR 1001-X devices.

Configured Fortinet FortiGate v7 firewalls in active-active clusters. Deployed IPSec v3 tunnels (RFC 6071 / Protocols 50, 51) using IKEv2 and SSL inspection across TCP/UDP ports 22, 80, 443.

Managed Cisco ASA 5525-X firewall platforms and upgraded to Firepower FTD v6.2 with FMC. Created policy-based NAT rules and dynamic ACLs for IPv4/IPv6 DMZ segmentation.

Enforced security using Palo Alto PA-5220 in HA mode with App-ID, Wildfire, URL filtering, and centralized management via Panorama. Enabled SSL decryption and DoS protection.

Used Linux systems to troubleshoot firewall log parsing and file permission errors related to syslog exports.

Integrated Checkpoint R80.30 firewalls (Cluster XL) using Smart Console, SmartView, and log streaming to Splunk. Optimized NAT, rule base performance, and audit workflows.

Managed cron jobs on Linux servers to automate daily firewall config backups and SCP transfers.

Led PCI-DSS-driven redesign of perimeter firewall architecture including rule optimization and segmentation audits.

Migrated Juniper Net Screen OS to Junos OS on SRX/MX platforms for enhanced performance and security compliance.

Created high-level firewall architecture and design diagrams and Visio blueprints for audit trails.

Integrated PowerShell scripting into Windows-based firewall audit workflows to pull rule base metrics.

Used PowerShell scripting to automate bulk object creation in Cisco FMC and Checkpoint SmartConsole.

Tuned firewall-related services on Linux, including rsyslog, iptables, and SNMP daemons for compliance.

Managed F5 BIG-IP upgrade and consolidation from legacy appliances, applying SNAT, I Rules, and SSL termination.

Enforced perimeter control policies via Palo Alto, Fortinet, and Checkpoint in compliance with audit mandates.

Developed SOPs and Visio diagrams for firewall lifecycle management including patching, change control, and DR.

Integrated Azure VNets and NSGs into on-prem security posture; created firewall policies aligned with access tier

Tuned QoS v6.1 for DSCP 46 (voice) and DSCP 34 (video) using class maps and shaping on WAN routers. Applied queuing to preserve financial app traffic.

Used bash and Python scripting on Linux for interface monitoring and rulebase change detection.

Defined firewall architecture and design principles aligning with Zero Trust segmentation.

Managed SSL termination and L7 traffic balancing via F5 BIG-IP v14.1 with I Rules, cookie persistence, SNAT automapping, and fallback pools for high-availability.

Deployed Citrix ADC v13 for SSL VPN, HA clustering, and TCP optimization. Applied SAML authentication and HTTP header rewrites for compliance zones.

Developed PowerShell scripting modules to generate change control documentation from firewall logs.

Configured IP SLA on SD-WAN tunnels (Viptela/Silver Peak v9) and dual-ISP failover paths. Enabled jitter monitoring and route convergence testing.

Applied Smart Event correlation in Checkpoint R80.30 to track high-risk threats. Created automated rule base cleanup for unused and shadowed objects.

Standardized firewall architecture and design templates for FTD, ASA, and Checkpoint platforms.

Enforced Zero Trust v3 policies across firewalls and cloud access. Used Cisco ISE v3.0 for profiling and Prisma Access for user session enforcement.

Automated firewall backup and export tasks via PowerShell scripting with task scheduler integration.

Conducted DR testing of Fortinet FortiGate v7, ASA 5525-X, and PA-5220 HA clusters. Verified zero RTO/RPO with failover scenarios and PCAP validation.

Collaborated with solution architects to align firewall architecture and design with application tiers.

Configured interface tracking, route injection, and crypto ACLs for IPSec v3 tunnels on Cisco ASA, Fortinet, and Palo Alto platforms.

Developed REST API Integration v3 scripts to trigger DNS failover, monitor interface flaps, and push alerts to Teams and Slack via webhook.

Leveraged PowerShell scripting to monitor rule hits and unused policies on Cisco ASA and FTD.

Reviewed and optimized firewall architecture and design to support PCI-DSS audit findings.

Tuned firewall session limits, app control, and Web Filtering policies on Fortinet FortiGate v7 to maintain <5ms inspection latency during peak trades.

Enhanced Wireshark v4.0 filters to capture ports 443, 22, 161, and 514. Traced application drops and validated NAT translation flows across zones.

Enabled BGP v4 policy control with AS path prepending, MED tuning, and route-map filtering across Juniper and Cisco edge routers.

Conducted performance tuning of Linux-based log servers to handle 10K+ events per second from firewalls.

Implemented change reviews for firewall architecture and design during firewall migrations.

Audited SolarWinds v2023 dashboards for CPU, memory, and tunnel interface metrics. Enabled SNMPv3-based alert thresholds and NetFlow telemetry.

Used PowerShell scripting with REST API to pull statistics from FMC and push alerts to Teams.

Hardened Cisco Nexus v9k switching fabric with port-channel monitoring, storm control, and BPDU Guard. Verified compliance with PCI-DSS and ISO 27001.

Built PowerShell scripting logic for auto-remediation of non-compliant firewall rules based on CIS benchmarks.

Trained junior engineers on Fortinet v7, Cisco ISE v3.0, and terraform v1.1. Delivered RCA sessions using Splunk, Wireshark v4.0, and SolarWinds v2023.

Environment: Cisco ASA 5525-X, Cisco ISE v3.0, Cisco Catalyst 9300, Cisco Nexus v9k, Cisco Viptela SD-WAN, Palo Alto PA-5220, Fortinet FortiGate v7, Checkpoint R80.30, F5 BIG-IP v14.1, Citrix ADC v13, Silver Peak SD-WAN v9, Infoblox v8.3, SolarWinds v2023, Wireshark v4.0, Ansible v2.9, Terraform v1.1, Python, Panorama, Prisma Access, Zscaler ZPA, SNMPv3, NetFlow, VLANs 10/20/30/40/50, IPv6 (2001:db8::/64), BGP v4 (RFC 4271 / Protocol 179), OSPF v2 (RFC 2328 / Protocol 89), OSPFv3, MPLS v3, IPSec v3 (RFC 6071 / Protocols 50/51), QoS v6.1, REST API Integration v3, NAC v7.5, Zero Trust v3, MFA, SAML, Git, Jenkins, Juniper SRX/MX, Storm Control, Port Security, MAC Filtering, High Availability, Disaster Recovery.

Goldman Sachs, Jersey City, NJ Jun 2021 – Mar 2023

Network Security Engineer

Responsibilities:

Designed hybrid payment network architecture using Cisco ACI (v2.7), SD-WAN (Viptela, Silver Peak v9), and AWS Transit Gateway. Enabled BGP v4 (RFC 4271 / Protocol 179) and IPSec v3 (RFC 6071 / Protocols 50/51) failover.

Deployed Palo Alto PA-5220 firewalls in HA mode with App-ID, Wildfire, and URL filtering for payment gateway segmentation. Integrated with Panorama and REST API Integration v3.

Upgraded F5 BIG-IP environments for LTM/GTM load balancing and DR resilience across PCI-regulated networks.

Tuned Juniper SRX security policies and NAT rules to support multi-domain segmentation.

Configured Palo Alto HA clusters with URL filtering, Wildfire, and SSL decryption for secure remote access.

Collaborated with Azure team to align firewall access lists with Network Security Groups (NSGs).

Maintained Jumpboxes and firewalls hosted on Linux, applying iptables rules and SSH hardening.

Performed firewall audits and policy cleanup using Checkpoint, ASA, and Fortinet systems.

Deployed and managed F5 BIG-IP v14.1 appliances (LTM/GTM) for SSL offloading, cookie persistence, and L7 HTTP header rewrites. Tuned SNAT pools and fallback groups.

Configured Citrix ADC v13 for HA SSL VPN, TCP optimization, and GSLB. Tuned wide IPs, Prober Pools, and session persistence with adaptive SAML-based access.

Scheduled Linux cron jobs to check VPN tunnel status and send alerts via webhook integrations.

Used PowerShell scripting to monitor firewall service status and send alerts via SNMP traps.

Tuned QoS v6.1 with DSCP 46/34 policies across WAN/MPLS v3 interfaces. Enabled queueing, shaping, and jitter buffers for payment app priority.

Built IPv6 dual stack addressing (2001:db8: :/64) for critical transaction networks. Enabled OSPFv3 routing and ACL enforcement on Cisco ASA and Fortinet v7.

Used Wireshark v4.0 and SolarWinds v2023 to analyze packet loss, asymmetric flows, and firewall inspection latency. Exported PCAPs for incident forensics.

Applied storm control (10% threshold) on Catalyst 9300 switches for VLAN 30. Prevented broadcast storms during payment reconciliation spikes.

Built Ansible playbooks that performed rulebase audits on Linux systems running FMC and Panorama.

Configured SNMP, rsyslog, and NetFlow agents on Linux hosts for centralized firewall monitoring.

Automated user-based policy reporting in FMC using PowerShell scripting and CSV templates.

Deployed MAC filtering and DHCP snooping on access layer ports. Reduced spoofing and rogue device connections across financial departments.

Configured AWS Direct Connect and Transit Gateway to link payment systems with AWS-hosted risk analytics. Enabled route summarization and failover.

Implemented BGP v4 with route maps, AS path prepending, and MED tuning for ingress control with cloud providers and ISPs. Reduced convergence time by 40%.

Deployed Prisma Access and Zscaler ZPA for Zero Trust v3 access to APIs and developer tools. Integrated with SAML and Azure MFA for contextual access.

Tuned buffer sizes and max open files on Linux firewalls to improve inspection performance.

Provided detailed assessments on legacy vs. modern firewall architecture and design during audits.

Deployed PowerShell scripting for auto-cleanup of stale rules in Checkpoint SmartConsole.

Managed Citrix ADC v13 and F5 BIG-IP v14.1 firmware upgrades. Applied I Rules, SSL enforcement, and load balancing logic for DR readiness testing.

Maintained Palo Alto PA-5220 and Fortinet v7 devices for IPSec v3 and SSL VPNs. Validated failover using IP SLA and crypto ACLs on ASA 5525-X.

Built monitoring dashboards using NetFlow, SNMPv3, SolarWinds v2023, and PRTG. Tracked CPU usage, BGP flap logs, interface drops, and TCP sessions.

Migrated zone-based security models as part of revised firewall architecture and design rollout.

Integrated PowerShell scripting with Splunk forwarders for faster incident traceability.

Tuned REST API Integration v3 with Slack and Teams for alerting. Triggered dynamic DNS updates and interface health reports from Ansible playbooks.

Introduced traffic baselining tools to validate assumptions in proposed firewall architecture and design.

Enforced NAC v7.5 posture profiles and dynamic VLANs (IDs 10, 20, 30) via Cisco ISE v3.0. Applied SGT-based segmentation and RBAC tagging.

Supported Juniper SRX and MX routers for MPLS v3 and BGP peering. Tuned route reflectors, OSPFv2 (RFC 2328 / Protocol 89), and RSVP LSPs.

Hardened Zero Trust v3 posture using Cisco ISE v3.0 and Fortinet v7. Isolated traffic via tagging and enforced least-privilege for OT/IT traffic zones.

Enabled session persistence, SNAT automapping, and fallback pools for F5 BIG-IP v14.1 during DR failover testing across active-active clusters.

Conducted firewall rule base audits on Fortinet v7, PA-5220, ASA 5525-X, and Checkpoint R80.30. Removed stale objects and tuned rule hit counts.

Trained junior engineers on Terraform v1.1, Ansible v2.9, and Git workflows. Delivered RCA training using Wireshark v4.0 and SolarWinds dashboards.

Cisco CCNP Certified Earning a CCNP Enterprise certification demonstrates your ability to scale and maintain enterprise networks to meet growing demands.

Environment:

Cisco ASA, Cisco ISE, Cisco Catalyst, Cisco Nexus, Cisco ACI, Cisco Viptela SD-WAN, Silver Peak SD-WAN, Palo Alto, Fortinet FortiGate, Checkpoint, F5 BIG-IP, Citrix ADC, Infoblox, SolarWinds, Wireshark, Ansible, Terraform, Python, REST API Integration, IPv6, VLANs, QoS, BGP, OSPF, MPLS, IPSec VPN, NetFlow, SNMP, Zero Trust, NAC, MAC Filtering, Port Security, Storm Control, Git, Jenkins, Zscaler, Prisma Access, Active Directory, DNS, DHCP, SAML, MFA, High Availability, Disaster Recovery, Juniper, SDN, VMware NSX-T,CCNP.

AT&T, Alpharetta GA Mar 2019 - May 2021

Network Security Engineer

Responsibilities:

Deployed SD-WAN using Cisco Viptela and Silver Peak v9 to enable DIA breakout, SLA monitoring, and zero-touch provisioning across 100+ retail and branch offices.

Configured Fortinet FortiGate v7 in HA mode with IPS, deep inspection, and IPSec v3 (RFC 6071 / Protocols 50, 51). Tuned IKEv2 timers and crypto maps for tunnel resiliency.

Maintained and upgraded Cisco ASA 5525-X across POPs and branches. Implemented policy NAT, access lists, and remote access VPN on ports 443 and 500.

Integrated Palo Alto PA-5220 with Panorama to deploy App-ID, URL filtering, threat prevention, and Global Protect VPN. Maintained HA pair sync across active/passive clusters.

Built dynamic VLAN segmentation using IDs 10, 20, and 30 via Cisco ISE v3.0. Enabled 802.1X, NAC v7.5, and SGT-based posture assessments for secure access.

Automated Fortinet and ASA firewall configuration backups using shell scripts and cron jobs on Linux systems

Managed SNMP and NetFlow collectors on Linux servers to monitor real-time firewall traffic patterns.

Monitored MPLS v3 circuits using BGP v4 (RFC 4271 / Protocol 179) and OSPF v2 (RFC 2328 / Protocol 89). Tuned VRFs and redistributed routes between domains.

Implemented QoS v6.1 for DSCP 46 and 34 traffic across WAN/MPLS. Applied shaping, queueing, and policing for voice, video, and real-time E911 applications.

Automated switch and firewall tasks using Ansible v2.9 and terraform v1.1. Pushed VLAN templates, SNMPv3 configs, and ACL updates through Jenkins pipelines.

Tuned iptables rules and SELinux policies on Linux hosts integrated with Cisco ISE and Fortinet for AAA services.

Audited firewall rule based on Fortinet v7, Checkpoint R80.30, and ASA 5525-X. Removed shadowed rules, tuned object groups, and ensured logging compliance.

Built and tested Python automation scripts on Linux virtual machines for pushing ACL and NAT rule updates.

Configured and managed Aruba 300 Series and Cisco WLC v9800 for secure wireless access. Tuned client load balancing and WPA3 profiles.

Supported NAC integration with Cisco ISE v3.0 across wired and wireless. Enabled MAC filtering, port security, and dynamic VLANs based on posture.

Implemented F5 BIG-IP configurations for LTM, cookie persistence, and I Rules for regional data centers.

Supported Juniper and Fortinet firewalls during remote site integrations and policy tuning.

Used Linux-based Jumpboxes to securely access firewall and network devices during critical change windows.

Automated ACL deployment and NAT config changes across Palo Alto and ASA via Ansible playbooks.

Maintained FMC and Panorama management consoles running on hardened Linux platforms with limited user access.

Designed secure VPN tunnels and remote access setups using Fortinet and Cisco ASA for national coverage.

Created migration runbooks and rollback procedures for firewall upgrades and patching windows.

Integrated SD-WAN with Azure VNet and ExpressRoute. Tuned BGP metrics and prefix filters to optimize cloud app pathing.

Implemented Zero Trust v3 policies using Cisco ISE v3.0, Fortinet v7, and Zscaler ZPA. Enforced least privilege, device profiling, and adaptive access.

Worked closely with NOC and SOC teams to capture RCA for outages using Wireshark v4.0, PRTG, and SolarWinds v2023. Documented findings for leadership.

Supported public safety and emergency networks (E911, ANI/ALI) by tuning latency and prioritization policies across BGP/MPLS links and SD-WAN paths.

Got certified with Cisco CCNA and started preparation for higher end certifications i.e., CCNP.

Environment: Cisco ASA, Cisco ISE, Cisco Catalyst, Cisco Nexus, Cisco ACI, Cisco Viptela SD-WAN, Silver Peak SD-WAN, Palo Alto, Fortinet FortiGate, Checkpoint, F5 BIG-IP, Citrix ADC, Infoblox, SolarWinds, Wireshark, Ansible, Terraform, Python, REST API Integration, VLANs, IPv6, QoS, BGP, OSPF, OSPFv3, MPLS, IPSec VPN, SDN, Port Security, MAC Filtering, Storm Control, NAC, DNS, DHCP, NetFlow, SNMP, Jenkins, Git, Zscaler ZPA, Prisma Access, High Availability, Disaster Recovery, Aruba, Azure VNet, Azure Express Route, CCNA .

Mphasis, India Jan 2017- Feb 2019

Network Engineer

Responsibilities:

Deployed Cisco ASA 5525-X, Fortinet FortiGate v7, and Palo Alto PA-5220 firewalls. Applied NAT, ACLs, and IPSec v3 (RFC 6071) VPNs with IKEv2, ports 500/4500 across WAN links.

Configured VLANs 10/20/30 and STP/RSTP across Catalyst switches. Enabled BPDU Guard, Port Security, and DHCP snooping to mitigate L2 loop and rogue device threats.

Supported routing with BGP v4 (RFC 4271 / Protocol 179) and OSPF v2 (RFC 2328 / Protocol 89) between data centers and branches. Tuned prefix lists and cost metrics for convergence.

Deployed and migrated Juniper Net Screen OS to Junos OS on SRX firewalls; validated all policies post-migration.

Maintained HA firewalls and F5 BIG-IP appliances for load-balanced access to enterprise apps.

Wrote Python scripts for SNMP monitoring, ACL diff checks, and Slack alerting during rule changes.

Created technical documentation and SOPs for change management and DR plans.

Enabled SSL VPN and DNS load balancing with Citrix ADC v13. Tuned TCP profiles and HA sync for multi-region user access.

Used SolarWinds v2023 and Wireshark v4.0 to monitor SNMPv3 traps, NetFlow traffic, and perform deep packet inspection. Isolated jitter and retransmissions on key interfaces (Gi1/0/5–Gi1/0/10).

Wrote Ansible v2.9 playbooks to automate VLAN provisioning, SNMP configs, and NetFlow exports. Synced Git-managed templates across staging/prod.

Maintained Infoblox v8.3 DNS/DHCP/IPAM. Automated record creation, zone transfer scripts, and IP range allocations (10.100.10.0/24, 172.16.30.0/24).

Enabled dual-stack IPv6 (2001:db8: :/64) and OSPFv3 routing. Tuned RA advertisements and verified ACL enforcement across ASA and SRX edge devices.

Upgraded F5 BIG-IP v14.1 and Checkpoint R80.30 firmware with HA sync. Monitored failover logs and validated SNAT pool behavior under load.

Managed Citrix ADC v13 for SSL offloading, TCP optimization, and load balancing internal APIs with DNS-based wide IPs.

Supported Palo Alto PA-5220 threat prevention tuning: App-ID, Wildfire integration, and log forwarding to SIEM. Validated against ports 22, 443, and 3389.

Used Juniper MX104 with MPLS v3 for L3 VPNs. Applied route targets, RSVP TE tunnels, and verified label stack with Junos CLI.

Configured multicast routing using PIM-SM and IGMP snooping on Catalyst and Juniper devices to support video distribution and real-time alerts.

Administered Aruba ClearPass for guest Wi-Fi isolation and device profiling. Integrated with Cisco ISE v3.0 for centralized RADIUS and SGT tagging.

Collaborated on Zero Trust v3 enforcement across Fortinet, ASA, and Citrix ADC v13. Applied micro segmentation and port filtering (TCP 22, 3389, 8443).

Developed Wireshark v4.0 capture filters to analyze fragmented packets and retransmissions on MPLS tunnels (label 3001–3010), improving SLA compliance.

Maintained full documentation of network diagrams, policy sheets, ACL audits, and rollback procedures using versioned Git repositories.

Environment: Cisco ASA 5525-X, Fortinet FortiGate v7, Palo Alto PA-5220, Checkpoint R80.30, Juniper SRX/MX, Cisco ISE v3.0, Aruba APs, Aruba ClearPass, F5 BIG-IP v14.1, Citrix ADC v13, SD-WAN (Viptela, Silver Peak v9), Wireshark v4.0, SolarWinds v2023, Infoblox v8.3, Ansible v2.9, Terraform v1.1, Python, REST API Integration v3, IPv6, VLANs, OSPF v2, OSPFv3, BGP v4, MPLS v3, IPSec v3, NetFlow, SNMPv3, QoS v6.1, NAC, Zero Trust v3, High Availability, Disaster Recovery

Sify Technologies, India Nov 2015 – Dec 2016

Network Engineer

Responsibilities:

Configured Checkpoint R80.30 with Cluster XL for HA firewall pairs. Managed rule base creation, policy NAT, and SmartView logging for VLANs 10, 20, and 30.

Administered Palo Alto PA-5220 firewalls with App-ID, SSL decryption, and dynamic groups. Integrated with Panorama to push security profiles to branch sites.

Deployed Cisco ASA 5525-X in remote offices. Enabled VPN (IPSec v3 – RFC 6071), IKEv2 with crypto ACLs, and TCP/UDP ports 443, 500, 22 for secure remote access.

Implemented Fortinet FortiGate v7 in HA active-passive mode. Applied deep inspection profiles, SSL VPN, and Web filtering for internal segmentation.

Segmented networks with Cisco Catalyst switches using VLANs 10/20/30. Configured trunk ports on Gi0/1 to Gi0/24, enabled port-security and BPDU Guard.

Built Python scripts to monitor BGP v4 (RFC 4271, Protocol 179) peer health and interface errors. Integrated alerts with REST API Integration v3.

Used Terraform v1.1 for firewall ACL provisioning and S3-backed state locking. Applied version-controlled changes with rollback checks.

Configured and supported Checkpoint, ASA, Fortinet firewalls ensuring consistent perimeter control.

Conducted policy audits and interface-level monitoring using SolarWinds and Wireshark.

Enabled Zero Trust enforcement across firewalls using Cisco ISE and Zscaler.

Assisted in F5 BIG-IP HA pair firmware upgrades and failover tests.

Tuned SNMPv3 and NetFlow export to SolarWinds v2023. Built dashboards to track CPU, bandwidth, and interface drops across edge firewalls.

Applied Zero Trust v3 across Cisco ISE v3.0, Fortinet v7, and Zscaler ZPA. Enforced least privilege access and MFA integration via SAML.

Enforced NAC v7.5 using Cisco ISE v3.0. Mapped dynamic VLANs to posture-compliant devices and used RADIUS for role-based assignment.

Rolled out IPv6 (2001:db8: :/64) dual-stack support across core and edge. Enabled OSPFv3 and ACLs to secure native and tunneled traffic.

Conducted firewall audits on Checkpoint R80.30, Palo Alto PA-5220, and ASA 5525-X. Removed unused objects, shadow rules, and optimized logs.

Coordinated firmware upgrades on Fortinet v7, F5 BIG-IP v14.1, and Citrix ADC v13. Validated HA sync, session persistence, and rollback readiness.

Preparing for CCNA by applying my onsite network experience onto certifications

Environment: Cisco ASA, Fortinet FortiGate, Palo Alto, Checkpoint, Cisco Catalyst, Cisco WLC, Aruba APs, F5 BIG-IP, Citrix ADC, SolarWinds, Wireshark, PRTG, Ansible, Python, Infoblox, VLAN, OSPF, BGP, EIGRP, IPSec VPN, IPv6, DNS, DHCP, SNMP, NAC, NetFlow, API Integration, Zero Trust, High Availability, Disaster Recovery, CCNA

Technical Enhancements & Projects

Designed and deployed SD-WAN solutions to optimize branch connectivity and reduce MPLS dependency.

Implemented network automation using Ansible and Python to streamline configuration management.

Integrated cloud networking components in AWS and Azure, enabling hybrid cloud environments.

Configured and managed Palo Alto firewalls including policy creation, NAT rules, and Panorama integration.

Administered load balancers such as F5 and NGINX for application delivery and traffic optimization.

Education:

BTech-Electronics and Communication engineering (Mahatma Gandhi University, Nalgonda, India-2015)



Contact this candidate