Network Engineer Senior
Resume:
Manasa Rachuri
CCNP Certified Senior Network Engineer
Email-Id: ***************@*****.***
Phone: +1-512-***-****
LinkedIn: www.linkedin.com/in/manasa-rachuri
Professional Summary:
·Extensive hands-on experience in designing, deploying, and optimizing high-performance enterprise networks and data center networks using Cisco Catalyst 9000 series and Nexus 9000 series, including advanced configurations of VXLAN BGP EVPN.
·Highly experienced in configuring and managing Juniper Networks infrastructure, including EX/QFX switches, MX routers, and SRX firewalls, with expertise in Junos OS, EVPN-VXLAN, and Junos Automation, ensuring secure, high-performance, and scalable enterprise network solutions.
·Responsible for Check Point R81.x and Cisco ASA firewall administration across global networks.
·Implemented and managed enterprise-wide 802.1X authentication with RADIUS, ensuring secure network access control for users and devices. Optimized guest Wi-Fi authentication with seamless onboarding, captive portals, and role-based access policies.
·Led incident response activities for FortiGate related security breaches, working with internal and external teams to reduce risks and restore service.
·Experience in Cisco/Juniper Networking, Security which includes Designing, Deployment and Providing network support, installation, and analysis for a broad range of LAN / WAN protocols.
·Hands On experience with Cisco IOS/IOS-XR/NX-OS, Juniper JUNOS for configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, RIP.
·In-depth knowledge and hands-on experience in Tier II ISP Routing Policies, Network Architecture, IP Subnetting, VLSM, TCP/IP, NAT, DHCP, DNS and Firewalls.
·Strong knowledge of Palo Alto Firewalls and the Panorama Network Security Management Box.
·Configured and managed VoIP systems, ensuring high-quality voice communication and integration with existing network infrastructure.
·Led the deployment of cloud-based solutions, leveraging platforms such as AWS, Azure, or GCP to enhance business agility and scalability.
·Conducted regular vulnerability assessments using Nessus, identifying and remediating security weaknesses to protect network infrastructure.
·Configured, and optimized F5 BIG-IP Load Balancers (LTM, GTM, ASM) to enhance application availability, performance, and security, implementing advanced traffic management, SSL offloading, iRules automation, and DDoS mitigation for smoothness and resilient service delivery.
·Implemented and maintained Source fire intrusion detection/ prevention (IDS/IPS) system and hardened protection standards, IDS/IPS signatures on Firewall for Fine-tuning of TCP and UDP services.
·Configured and optimized Access Control Lists (ACLs) to enforce traffic filtering, enhance security, and prevent unauthorized access.
·Implemented and troubleshot complex Layer 2 technologies, including VLAN Trunks, VTP, EtherChannel, STP, RSTP, and MST, ensuring network stability, redundancy, and optimal traffic flow.
·Regularly upgrading and maintaining infrastructure, including Cisco Switches (9k series), Cisco Routers (4000, ASR 9K)
Juniper Routers and Firewalls, Nexus 9k, F5 BIG IP, Palo Alto Firewalls, Zscaler Proxy, and Versa SDWAN appliances.
·Deployed and optimized Cisco DNA Center for network automation, assurance, and policy-based management across enterprise networks.
·Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NAT with the firewalls as per the design.
·Deployed, Managed, monitored and supported Bluecoat Proxy for content filtering, internet access between sites and VPN client users.
·Deployed Riverbed Steelhead and App Response for WAN optimization and application performance monitoring and implemented Silver Peak SDWAN to enhance network performance and reduce costs.
Education:
Master’s in computer and information sciences, Western Illinois University, U.S.A
B. Tech in Computer Engineering, Indian Institute of Information Technology Design and Manufacturing (IIIT), India
Certifications:
(CCNP) – Cisco Certified Network Professional
(PCNSE) - Palo Alto Certified Network Security Engineer
(CCNA) – Cisco Certified Network Associate
(AWS)- Amazon Web Services Networking Specialty
Client: LAUSD Jan 2024 – Till date
Role: Sr. Network Engineer
Responsibilities
Configured and managed Cisco Catalyst 9500, 9300, 9200, and Nexus 9K/7K/5K series for core, distribution, and access layers.
Hands-on experience with Aruba CX switches, implementing VLANs, LACP, OSPF, ACLs, and QoS policies to ensure reliable wired and wireless backbone connectivity.
Configured and managed Arista switches, including setting up VLANs, routing protocols (OSPF, BGP, and EVPN-VXLAN), and network monitoring using Arista CloudVision and sFlow telemetry for real-time visibility.
Proficient in using Ekahau Pro and Sidekick for wireless site surveys, heat mapping, and predictive RF modeling to ensure optimal coverage and signal integrity in complex environments.
Designed and managed enterprise-grade DNS and DHCP services using Infoblox and BlueCat, including zone delegation, dynamic DNS updates, DHCP scopes, and failover configurations across multi-site environments.
Implemented centralized IP address management (IPAM) policies, streamlining IP allocations, reservations, and subnet usage tracking, ensuring accurate documentation and preventing IP conflicts in hybrid cloud/on-prem infrastructures.
Engineered and administered a global DNS/DHCP architecture using Infoblox Grid Master and member appliances, enabling zone replication, DHCP failover clustering, and DNS scavenging policies across over 500 subnets in a hybrid cloud environment.
Integrated Infoblox IPAM with ServiceNow and vRealize Automation via RESTful APIs, automating the provisioning and de-provisioning of IP addresses and DNS entries during VM lifecycle events across VMware and AWS environments.
Configured advanced DHCP options (Option 43, Option 82) and policy-based assignment to support VoIP deployments and PXE booting in multi-VLAN enterprise networks with Cisco and HPE switches.
Hardened DNS infrastructure with DNSSEC, rate limiting, and split-horizon DNS, ensuring zone integrity and preventing data leakage between internal and external-facing environments.
Designed, deployed, and maintained Azure Virtual Networks (VNets) with subnets, route tables, UDRs, and VNet peering, enabling secure, scalable multi-tier architectures across hybrid and cloud-native environments.
Implemented Azure VPN Gateways and ExpressRoute circuits to establish secure, high-performance connectivity between on-premises networks and Azure, ensuring low-latency access for enterprise workloads.
Configuring, managing, and troubleshooting enterprise network infrastructure using Cisco IOS and the Meraki Dashboard, supporting both wired and wireless deployments.
Extensive experience with WLAN technologies, including design, optimization, and support of Cisco Catalyst & Meraki MR series access points, WLAN controllers (WLCs), SSID policies, RF tuning, and client performance analysis.
Proficient in utilizing Cisco IOS CLI and the Meraki Dashboard to perform advanced diagnostics, enforce security policies, configure VLANs, manage wireless access points, and monitor client connectivity in real time.
Managed enterprise-wide IP address space using Infoblox IPAM, including creation of IP ranges, discovery of unmanaged subnets, DHCP lease tracking, and automated reclamation of stale IP addresses.
Configured SDWAN vSmart controllers to distribute centralized control policies including application-aware routing, TLOC/path selection, segmentation, and SLA-based traffic engineering.
Administered SDWAN vManage dashboard and CLI, managing device onboarding (ZTP/Bootstrap), feature templates, software upgrades, and real-time performance analytics across the SDWAN fabric.
Configured Infoblox DNS zones (authoritative and reverse), implemented record management (A, PTR, CNAME, TXT, SRV), and ensured proper zone delegation and replication across internal and external servers.
Developed custom F5 iRules and F5 Local Traffic Policies to manipulate HTTP/HTTPS traffic, enabling advanced functions such as header injection, URI redirection, and dynamic load distribution.
Optimized TCP and HTTP connections using F5 OneConnect and fine-tuned F5 HTTP/SSL profiles to maximize session reuse and application throughput in high-performance environments.
Supported and integrated Cisco UCS for compute infrastructure, Cisco ISE for network access control (802.1X, MAB, SGTs), and Duo for MFA, contributing to Zero Trust network initiatives.
Managed iBGP and eBGP configurations, implementing route policies using AS-PATH, Local Preference, and MED for optimized and resilient inter-domain routing.
Experience with VMware virtualization, including ESXi and vCenter, for provisioning virtualized infrastructure supporting network services, wireless controllers, and monitoring platforms.
Collaborated with security and infrastructure teams to enforce consistent WLAN policy compliance, secure guest and enterprise SSIDs, and implement seamless onboarding solutions using ISE and Duo.
Deployed SDWAN vBond Orchestrator to handle secure control-plane authentication and tunnel establishment for all SDWAN edge devices, ensuring integrity across overlay connections.
Applied Network Security Groups (NSGs) and Application Security Groups (ASGs) for granular control of east-west and north-south traffic flows, aligned with zero-trust security models.
Deployed, and optimized enterprise WLAN infrastructure using Cisco, Aruba, and Mist wireless platforms, including SSID provisioning, RF tuning, channel planning, and client load balancing.
Integrated Cisco 9800 WLC with Cisco DNA Center (DNAC) for wireless policy automation, AP provisioning, and assurance analytics to optimize client connectivity and performance.
Enforced identity-based WLAN access using Cisco ISE and Aruba ClearPass, enabling posture checks and dynamic VLAN assignment for BYOD and IoT devices.
Deployed 802.1X authentication, MAC Authentication Bypass (MAB), and guest access portals, leveraging RADIUS integration with Active Directory for secure wired and wireless onboarding.
Automated VM deployments and network provisioning using PowerCLI and Terraform, aligning with Infrastructure-as-Code (IaC) practices.
Automated provisioning of GCP infrastructure using Terraform with CI/CD pipelines, incorporating version control, change validation, and rollback capabilities for all network resources.
Configured Cloud Armor and Google Cloud CDN to protect and accelerate globally distributed applications, applying IP allowlists, rate limits, and geo-based access control.
Gained exposure to network monitoring tools and packet analyzers (e.g., Wireshark, tcpdump) to identify bottlenecks, latency issues, and misconfigured services.
Proficient in cloud-native network monitoring and performance visibility across platforms like AWS, Azure, and Google, ensuring uptime and policy compliance for cloud and hybrid deployments.
Hands-on experience deploying and managing Aruba EdgeConnect appliances, supporting secure and high-performance connectivity across branch and data center environments.
Implemented IAM roles, policies, and service accounts to enforce least-privilege access and integrate with centralized identity providers (e.g. Okta, Azure AD).
Deployed Cloud Load Balancers (ALB/NLB in AWS, GCP Load Balancing) to support scalable and resilient application delivery.
Set up CloudWatch (AWS) and Cloud Monitoring/Logging (GCP) to enable proactive alerting, resource utilization tracking, and real-time troubleshooting.
Client: Caterpillar Jan 2023– Dec 2023
Role: Network Engineer
Responsibilities
Conducted ongoing site surveys using tools like Ekahau analyzing RF data to identify coverage gaps and implementing optimizations for improve wireless performance.
Implemented detailed rollback and recovery plans using configuration backups, bootloader recovery modes, and remote console access (IPMI/LOM/Smart Out-of-Band tools).
Automated firewall rule updates, VLAN provisioning, and SNMP configurations using custom Ansible modules and Python-based REST API integrations with platforms like Palo Alto and Cisco.
Managed Azure Load Balancers (Standard/Internal) and Application Gateway with Web Application Firewall (WAF) to support scalable, resilient application delivery with SSL offloading and custom probes.
Implemented Private Link to securely access PaaS services (e.g., Storage, SQL, Key Vault) over Microsoft’s backbone, eliminating the need for public internet exposure.
Configured and supported Azure Traffic Manager and Azure DNS for intelligent traffic routing, global load distribution, and high-availability DNS resolution in multi-region deployments.
Configured and optimized advanced routing (BGP, ECMP) on Palo Alto NGFW (PAN-OS 9.x/10.x) and Cisco ASA 5500-X for high availability in hybrid cloud networks.
Integrated Aruba wireless networks with Active Directory, RADIUS, and guest access portals, supporting dynamic VLAN assignment, role-based access, and device profiling.
Deployed GKE (Google Kubernetes Engine) clusters for containerized workloads with Cloud Run and Anthos for hybrid Kubernetes orchestration.
Enforced security best practices using AWS Security Groups, Network ACLs, and AWS WAF for traffic filtering and threat mitigation.
Deployed and maintained Infoblox DHCP scopes and reservations, enabling dynamic and static IP allocation across branch offices, data centers environments.
Created and managed RF profiles, performed site surveys, and optimized channel utilization, transmit power, and client load balancing across Meraki and Cisco wireless environments to ensure optimal signal coverage and roaming performance.
Enforced DNS security policies using Infoblox DNS Firewall, RPZ (Response Policy Zones), and integration with threat intelligence feeds to prevent DNS tunneling and domain-based threats.
Configured and troubleshot 802.1X authentication, WPA2-Enterprise, RADIUS integration, and dynamic VLAN assignments using Cisco ISE and Meraki Access Policies for secure user onboarding.
Utilized Cisco IOS CLI to manage switchport configurations, enable port-security, apply QoS policies, and perform SPAN captures, enabling in-depth layer 2–3 diagnostics and traffic visibility.
Integrated F5 DNS/GTM (Global Traffic Manager) for intelligent global traffic distribution, using F5 Wide IPs, topology records, and load balancing pools across hybrid and multi-cloud architectures.
Integrated F5 logs and telemetry with SIEM platforms such as Splunk and QRadar for centralized monitoring, compliance reporting, and alert generation based on F5 policy violations.
Used Meraki APIs to automate device provisioning, monitor client behavior, and manage group policies programmatically, aligning with infrastructure-as-code principles.
Troubleshot WLAN-specific issues using Meraki RF Spectrum tools, Cisco WLC logs, and client association histories, resolving coverage gaps, authentication failures, and performance degradation.
Performed bulk device onboarding, firmware updates, and policy deployments through Cisco Meraki’s Systems Manager (MDM) and template-based configurations.
Managed hybrid environments with Cisco UCS hosting virtual controllers, authentication services, and monitoring tools like Prime Infrastructure, DNAC, and VMware vSphere platforms.
Participated in the deployment of Cisco NSO to abstract multi-vendor device configurations, enabling consistent service modeling and real-time synchronization across network nodes.
Integrated Viptela SDWAN with MPLS, Direct Internet Access (DIA), LTE/5G, and cloud providers for optimized traffic routing and cost-efficient WAN management.
Configured and managed Aruba Instant Access Points (IAPs) for controller-less wireless environments, supporting smooth roaming, SSID broadcasting, RF optimization, and secure user authentication.
Designed and implemented GCP Google VPCs, subnets, firewall rules, Cloud NAT, and Private Google Access for secure cloud networking.
Integrated Palo Alto Prisma Access with CloudGenix SDWAN for cloud-delivered security (SASE) and Zero Trust access enforcement.
Conducted site surveys and wireless network assessments using Ekahau, Cisco WLAN-PI, and Metageek tools to evaluate network health and identify areas for improvement.
Implemented Zero Trust security policies, Intrusion prevention systems (IPS), and role-based access controls (RBAC).
Configured Nexus 2300 Fabric Extender (FEX) to connect servers and storage devices with Nexus 9000 (NX-OS mode) as the parent switch, implementing vPC for high availability and LACP for optimized uplinks.
Deployed and maintained the availability of various security technologies including intrusion prevention systems (IPS), web application firewalls (WAF).
Optimized BGP Path Selection using attributes such as AS Path Prepending, Local Preference, and MED (Multi-Exit Discriminator) for traffic engineering and policy control.
Developed risk-based security policies within Zscaler ZIA/ZPA, ensuring compliance with industry standards such as HIPAA, HITRUST, and NIST 800-53.
Installation of Cisco Catalyst 9K series, Nexus 9K, Nexus 5K in FEX, Arista 7k Series Routers. Worked on Cisco ACI with VXLAN tunnelling.
Resolved Windows Server (2016, 2019, 2022) issues related to Active Directory (AD), Group Policy (GPO), and authentication failures.
Configured ISE Profiler to dynamically identify and classify network endpoints based on DHCP, SNMP, HTTP, and RADIUS probes.
Implemented FlexConnect and Local Mode APs for distributed branch WLAN deployments, ensuring uninterrupted connectivity.
Implemented Zero-Touch Provisioning (ZTP) and CVP (CloudVision Portal) for large-scale automated switch deployments.
Monitored OSPF convergence times and LSDB (Link-State Database) updates using Cisco DNA Center, Arista CloudVision, and Juniper Junos Space.
Experienced in configured VPC (Virtual Port Channel) and VDC (Virtual Device Context) on Nexus 7010/7018.
Implemented advanced network solutions using Dell EMC switches and routers.
Deploying Arista’s EOS (Extensible Operating System) to enhance network performance and reliability.
Automated Spine-Leaf deployments using Cisco ACI (Application Centric Infrastructure) and Ansible for consistent configuration and rapid scaling.
Deploying and managing Palo Alto Networks firewalls (PA-5000, PA-8000, PA-3200 series) with centralized management via Panorama, utilizing features like App-ID, User-ID, and SSL Decryption for advanced security.
Integrated Cisco ThousandEyes for advanced SDWAN performance visibility and synthetic monitoring.
Configured DMVPN using Cisco IOS, setting up GRE tunnels and integrating NHRP (Next Hop Resolution Protocol) to dynamically map public IPs to tunnel endpoints.
Designed and implemented Cisco ISE Guest Access Portal with self-registration, sponsor-based approvals, and time-based access controls.
Utilized Ansible playbooks and roles to streamline network device provisioning, configuration management, and compliance enforcement across routers, switches, and firewalls.
Deep expertise in implementing Aruba ClearPass for network access control, including configuring role-based access policies, 802.1X authentication, RADIUS, and MAC-based authentication.
Designed and deployed Spine-Leaf data center network architectures, enabling high-throughput, low-latency east-west traffic flow with ECMP routing, scalable fabric growth, and simplified Layer 3 connectivity.
Integrated Cisco ISE with Cisco Firepower NGFW, Palo Alto Networks, and Fortinet FortiGate for adaptive network security and automated policy enforcement.
Client: HTC Global Services May 2018 –Jul 2022
Role: Network Engineer
Location: India
Responsibilities
Configured OSPF, EIGRP, and BGP with route redistribution for optimized hybrid cloud routing on ISR 4431, ASR 1002X, Catalyst 9300.
Designed high-availability enterprise networks using ISR 4000, ASR 1001-X, and Catalyst 3850, 9500 for QoS and redundancy.
Analyzed Ekahau survey results to fine-tune AP placement, transmit power, and channel assignments, ensuring compliance with client performance SLAs and minimizing co-channel interference.
Optimized IP addressing (FLSM, VLSM, CIDR) for multi-site enterprises using Cisco ISR 4000, Catalyst 9300/9400.
Deployed MSTP (802.1s) with VLAN load balancing for Layer 2 fault tolerance on Catalyst 9500, and Nexus 9300.
Automated VLAN provisioning with VTPv3 on Catalyst 6500, 6800, and Nexus 9000, ensuring secure database synchronization.
Deployed and configured IPsec VPN tunnels on Juniper SRX Series Firewalls (SRX300, SRX320, SRX340, SRX1500, and SRX4100) for secure site-to-site and remote access connectivity, ensuring encrypted data transmission across enterprise locations.
Integrated Python and Ansible automation workflows with CI/CD pipelines for version-controlled, repeatable network infrastructure deployments.
Configured and managed ServiceNow ITSM modules, including Incident Management, Problem Management, Change Management, and Request Management, automating workflows to enhance ITIL service efficiency.
Installed, and troubleshot enterprise networks using OSPF, BGP, VPLS, MPLS, VPN, Multicast, and Traffic Engineering, ensuring scalable, low-latency, and high-availability routing architectures.
Configured MLAG (Multi-Chassis Link Aggregation) and VPC (Virtual Port Channel) on Leaf switches to enable redundant, high-availability Layer 2 topologies, preventing single points of failure in data center environments.
Collaborated with cross-functional teams to ensure FortiGate installations meet business objectives and security requirements, resulting in increased overall project success.
Configured and maintained Palo Alto Next-Generation Firewalls, implementing App-ID, URL filtering, threat prevention, and GlobalProtect VPN for comprehensive perimeter and remote access security.
Supported enterprise WAN transformation projects by migrating from legacy WAN (MPLS) to modern hybrid SDWAN infrastructure, aligning underlay routing (OSPF/BGP) with overlay segmentation and security policies.
Integrated Dell networking solutions with VMware NSX-T, implementing distributed firewalling, micro-segmentation, and overlay networking for software-defined data centers (SDDC).
Deployed IPsec VPN, GRE, and L2TP tunnels Juniper MX Routers (MX204, MX480) for secure and encrypted site-to-site communication, ensuring compliance with industry security standards (NIST, ISO 27001, PCI-DSS).
Performed deep packet inspection and root cause analysis using Wireshark, TCPDump, and NetFlow to resolve latency, packet loss, and security issues.
Troubleshot network connectivity using PING, Traceroute, Netstat, and SNMP tools, ensuring minimal downtime and optimized routing.
Upgraded and replaced critical network hardware (Cisco, Palo Alto, FortiGate, Juniper) to maintain stability and scalability across multi-vendor environments.
Executed enterprise-wide anti-virus updates, patching, and endpoint security hardening using Microsoft Defender ATP, CrowdStrike, and Symantec for compliance.
Implemented and maintained LAN infrastructures with VLAN segmentation, QoS, STP, and port security for optimized networking and secure user access.
Configured and managed Juniper SRX Firewalls (Branch & Data Center Models) for perimeter and internal security.
Deployed Aruba ClearPass for NAC (Network Access Control), AAA authentication, and endpoint profiling to secure wired and wireless networks.
Implemented Layer 2 security features, such as DHCP snooping, Dynamic ARP Inspection (DAI), and Port Security, to mitigate Layer 2 threats in mission-critical environments.
Contact this candidate