Network Security Engineer
Resume:
Sudheer
Senior Network Security Engineer
************@*****.***
SUMMARY:
Network Security Professional with over 7+ years of experience in designing, implementing and maintaining robust network security solutions.
Extensively worked using AWS services along with wide and in depth understanding of each one of them.
Configuration of Palo Alto PA-7050, PA-5450, PA-3440 firewalls, access policies, Application & URL filtering, Security Profiles, Global Protect VPN, Data filtering and file blocking.
Experienced with Juniper devices (MX, SRX, QFX, PTX series) and configuring routing, switching, and security policies using JUNOS CLI.
Skilled in using testing tools like Spirent, Agilent N2X, Ixia for stress testing and troubleshooting.
Managed F5 Big IP LTM appliances to load balance server traffic in critical serval access silos Planning/Implementation of the Cisco VPN clients to Cisco AnyConnect.
Create and set up firewall rules for the FortiGate 1000F, 2600F, and 3200F firewalls to stop illegal users from getting into vital systems that handle records and data.
Designing, deploying and supporting Zscaler Cloud based Infrastructure across various Data Centres and Disaster Recovery environments. using network monitoring tools including SNMP, Syslog, Grafana, Wireshark.
Experiencing Bluecoat Proxy systems spread around the firm's places, along with support complaints, requests, and projects asking for customer-facing proxy software testing.
Involved in Checkpoint R77.30, R75.10, and R80.30 design and installation which includes Application and URL filtering Threat and Data Filtering.
TECHNICAL SKILLS:
Firewalls
Palo Alto PA-3060, PA-5060, PA-7050, PA-7080 series, Fortigate 5000, 3000, 800, 500 series and ASA 5500 series firewalls
Routers & Switches
Juniper Routers (MX960, MX480, MX2020) and SRX Firewalls (SRX240, SRX550); Cisco routers (800, 1700, 2500, 2600, 3601, and 4000 series); and 2900, 2950, 3500 series switches.
Data Center Switches
Nexus 9k, 7k, 5k, 3k, 2k series switches
Wireless Devices
Meraki Wireless process, Aruba ClearPass, Airwave
SD-WAN
Viptela
Cloud Platform
AWS,Azure and Gcp Cloud Platform
Load Balancers
F5 BIG-IP 5000, 6000 series LTM, GTM and Load Balancers
Protocols
BGP, OSPF, EIGRP, VPN, QoS, STP, RSTP, VLANs, LACP, MPLS, SNMP
Automation
Ansible, Terraform, Python( Scripting for Network Automation)
Junos.
Security Tools
Cisco ISE, InfobloxDDI, Wireshark, FireEye MPS, Nitro SIEM
Professional Experience:
Fidelity Investments, NC
Sr. Network security Engineer Oct 2023 - Present
Responsibilities:
Monitored rule hit counts to identify with high traffic volume in Palo Alto and consider optimizing or consolidating them for better performance.
Used built-in rule optimization tools provided by Palo Alto Networks, such as Rule Usage Statistics, to identify unused or rarely matched rules for removal or consolidation.
Used Palo Alto PA-7050, PA-7000, PA-5450, PA-5420, PA-3450 threat prevention IPS, antivirus, anti-spyware, and URL filtering, to protect the unknown threats.
Migrated security policies, NAT rules, and VPN configuration from PA-5000 to PA-7000 series firewalls.
Supported design and planning of Juniper PTX, QFX network routing products and associated solutions
Deployed and configured F5 VIPRION chassis for high-availability load balancing and application traffic management in large-scale enterprise networks.
Implemented advanced iRules to provide granular control over traffic management, including traffic redirection, persistence, and security policies.
Used CI/CD pipelines to automate the deployment of network configurations and validate changes in test environments before production.
Deployed automation tools to monitor network performance, enabling proactive detection of issues using Syslog, NetFlow, and observability platforms like Grafana and Elastic Stack.
Configured and managed Cisco network devices including Nexus (5K, 7K, 9K), Catalyst, and ASR routers, ensuring optimized routing and switching for enterprise networks.
Implemented advanced routing protocols like EIGRP, OSPF, and BGP across WAN/LAN environments, including secure VPNs and QoS for traffic prioritization.
Integrated Cisco security products (Firepower, ASA, ISE) into network architecture to ensure compliance with security policies and regulations.
Troubleshooted complex Layer 2/Layer 3 networking issues, performing root cause analysis and applying corrective actions for rapid resolution.
Configured cloud-native load balancers such as AWS Elastic Load Balancing (ELB), Azure Load Balancer, and GCP Network Load Balancer, ensuring high availability for cloud-hosted services.
Deployed virtual F5 solutions within AWS, Azure, and GCP environments to balance traffic between hybrid cloud resources and on-prem infrastructure.
Optimized performance of cloud-hosted services using auto-scaling and dynamic resource allocation to handle varying traffic loads.
Utilized network automation tools (Ansible, Terraform) to streamline the deployment and configuration of cloud-based network components.
Implemented version control practices within Panorama, allowing for the tracking and management of policy changes and revisions, which is essential for auditing and change management.
Worked closely with Palo Alto Networks and vendor teams to integrate security solutions into the network infrastructure, optimizing security capabilities.
Troubleshoot and diagnostics for Fortigate VPN connectivity issues, identifying and resolving connectivity problems promptly.
Integrated FortiGate with Fortinet Security Fabric, enabling coordinated threat intelligence sharing and automated threat response across Fortinet solutions.
Managed logs and event data from Fortinet devices, including FortiGate firewalls, FortiSwitch, and FortiAP wireless access points.
Implemented WAN link load balancing on FortiGate 60 firewalls to optimize network traffic distribution across multiple internet connections.
Played an active role in real-time incident response, leveraging FortiGate 1000 series features to quickly identify and contain security incidents, limiting potential damage.
Developed event-scripts for automated fabric healing for SIBs and FPCs, enhancing network resilience and reliability.
Conducted protocol stress testing using Spirent, Agilent N2X, and Ixia to ensure optimal performance and stability of network infrastructure.
Used Cisco ACI 96 architecture to build a spine-leaf fabric topology with 96 leaf switches, providing optimal east-west traffic flow and minimized latency.
Implemented Spine-Leaf networks with Cisco ACI’s policy-based automation, allowing for dynamic provisioning and rapid adaptation.
Worked on monitoring, logging, and diagnostic tools within Cisco ACI to promptly identify and resolve network incidents and anomalies related to Bridge Domains and Subnets.
Integrated security features such as firewalls and threat detection, into SD-WAN VIPTELA deployments to enhance network security.
Designed and implemented secure VPCs (Virtual Private Clouds), including configuration of subnets, route tables, internet gateways, NAT gateways, and VPC endpoints for hybrid cloud solutions.
Configured AWS Direct Connect to establish a high-speed, low-latency connection between on-premises data centers and AWS cloud environments.
Deployed AWS Transit Gateway to simplify and scale connectivity between multiple VPCs and on-premises networks.
Managed private IP addressing for VPCs and optimized routing for multi-region deployments. Reduced server load by implementing SSL offloading on Netscaler, managing certificates and encryption to secure data transmission across enterprise networks
Deep understanding of server configuration, RAID configuration, Active directory, server installation, windows OS 2008, windows OS 2013, ADS, DNS, DHCP, DHCP Relay, WDS, handling authorization and permissions.
Proficient in configuring and managing RAID arrays to optimize storage redundancy, performance, and fault tolerance in network environments.
experienced in implementing RAID levels that offer data redundancy to prevent data loss and ensure high availability during disk failures, critical for minimizing network downtime and maintaining service reliability.
Strong understanding of RAID's role in data protection strategies, incorporating RAID arrays into broader backup and disaster recovery plans to safeguard critical network infrastructure data.
Integrated Prisma with SD-WAN solutions to enhance application performance and provide direct-to-cloud access secure
Implemented firewall policies on Palo Alto devices to control inbound and outbound traffic, ensuring compliance with security standards and protecting the network from unauthorized access.
Implemented and optimized security policies, threat prevention profiles, and decryption capabilities on PAN-PA-7000-100G-NPC-A and PAN-PA-7000-DPC-A, PA-5000 and PA-3000 series.
Configured and managed Cisco routers and switches using IOS, ensuring optimal routing protocols such as OSPF, EIGRP, and BGP for efficient network performance
Automated the provisioning of AWS resources using Infrastructure as Code (IaC) tools like Terraform and CloudFormation, reducing deployment time
Developed Python scripts to monitor AWS resource utilization and implement auto-scaling, achieving cost reduction while maintaining application performance.
Automated AWS security checks using tools like AWS Config and Lambda functions, ensuring adherence to industry best practices and minimizing audit risks
Designed and implemented an automated backup solution leveraging AWS S3, Glacier, and Lifecycle Policies, achieving seamless disaster recovery for critical data
AT&T, NJ
Sr. Network security Engineer July 2022 – Sep 2023
Responsibilities:
Installed Palo Alto virtual firewall images for evaluation and verification, making sure that modifications satisfied safety and efficiency requirements prior to launch.
Configured of secure and precise techniques for setting IPsec private communication channels and protocols on Palo Alto firewalls, including PA-3220, PA-5430, and PA-5220 hardware.
Using Cisco Firepower's SM-56 and 3xSM-56 skills, network architecture needed for protecting an expanded cloud setting was developed and executed.
Developed distinction methodologies and user-rule-based management to provide secure connection limits on Cisco Nexus switches.
Adding Nexus products, including those in the 7010, 7018, and 5548 series, might simplify the process of picking up basic routing and layer 2 and layer 3 switches.
Configuring Cisco Nexus switches for effective ISSU and upgrading the software to minimize delay and maintain peak performance.
Designed procedures to assess the adaptability and stability of Cisco routers in order to identify and fix security flaws.
Developed and implemented Cisco routers to improve availability, boost connectivity, and provide reconfigurable routing.
Installed and supported Cisco routers; resolved problems at different OSI layers; and performed periodic repairs on router types belonging to the ISR 1160, 1131, and 1120 series.
Integrity and safety were improved when configuring and maintaining the routers, switches, and antivirus software for the Palo Alto PA-7020, PA-3410, and PA-5450 devices.
Managed complicated safety concerns by utilizing a variety of regions and a large amount of information and log analysis from Palo Alto firewalls.
Improving the evaluation of privacy and security requirements to enhance the Palo Alto firewall's configuration and the discovery and removal of unnecessary data.
Setting up firewall teams, discussions, and distracting methods at Palo Alto Networks to contravene directives and allow linked connectivity and IPv4 and IPv6 protocols.
Applying Viptela SD-WAN with cloud-based services, the advantages of SD-WAN for web browsing and applications were improved.
Installed and configured several transport networks (MPLS), internet connections, Viptela SD-WAN, and LTE before.
Utilize multi-factor authentication and IPsec encryption in the encrypted connections, this includes the features of the SD-WAN architecture from Viptela.
Implemented routine system assessments, effectively identifying and resolving security flaws with antivirus other ISEC-related technologies.
Assistance in developing Cisco ISE analyzes and warnings, authorized or defended unusual equipment discovered online, and configured monitors in collaboration with the security group.
Monitoring and blocking undesirable IP addresses, DNS requests, and locations, applying Infoblox security research enhances its hazard awareness capacities.
Additionally, following the business's ethical requirements and using Active Directory appropriately are necessary to stay in accordance with legal requirements.
Expertise in setting up and overseeing Arista switches 7170, 7170B, 7130, and 7280 to provide safe and efficient connection setups for commercial settings.
Maintaining complex authorization controls and virtual private networks (VPNs) that are modified for S3 documents, Route 53, EC2 frameworks, and other AWS connectivity features.
Configuring connecting devices, configuring VPCs, carrying out NAT, maintaining succeeding states, and establishing an online server on AWS are all essential.
Utilizing state-of-the-art Python the internet, accurate security actions were created, internet usage tracking was expedited, and possible hazards were discovered.
Using Splunk in tandem with the Aruba AP65, AP70, and AP12 Clear Pass to track identity and offer immediate entry for handling emergencies and reactive security.
Improved automation's general efficacy setting and management of SSH network interacting with, application generation, and Netmiko script errors were performed.
Added more Ansible roles that strengthen protocols for trustworthiness checking and increase gadget security.
Improved safety measures on the F5 Viprion 2400, 4480, and 4300 to continuously monitor network performance and reroute data from devices that isn't appropriate.
Set up the system with F5 iRules to gain full authority across the connections between applications, allowing for effective traffic scheduling and adherence to privacy norms.
Increased dependability and effectiveness through the use of Azure Load Balancer to distribute incoming web requests among several virtual machines (VMs) or services.
Accenture, India July 2021 to June 2022
Network Support Engineer
Responsibilities:
Worked on the deployment and configuration of Palo Alto Networks' PA-3430, PA-3440, PA-1420, and PA-1410 series firewalls.
Experienced in integrating Palo Alto Networks firewalls with SIEM systems, endpoint protection platforms, and identity management solutions.
Deployed and configured Check Point firewall solutions across various models, including the Check Point 3100 and 3200 series.
Managed and maintained security policies and rulebases on Check Point firewalls to adapt to evolving security requirements and business needs.
Worked with the ASA 5580 series, providing high-performance firewall and VPN services, including models ASA 5580-20, ASA 5580-40, and ASA 5580-40.
Configured firewall policies, access control lists (ACLs), network address translation (NAT), and VPN tunnels on Cisco ASA devices to enforce security policies and control network traffic effectively.
Deployed and managed Cisco Nexus switches, including the Nexus 5000 and Nexus 3000 series.
Implemented fabric extenders (FEX) with Cisco Nexus 2000 series switches to provide scalable and simplified access layer connectivity in data center environments.
Integrated Python-based network automation workflows with version control systems and continuous integration/continuous deployment (CI/CD) pipelines for improved collaboration and efficiency.
Polaris, India
Network security Engineer Oct 2018 – June 2021
Responsibilities:
Improved security issues provided more connectivity and increased the quantity of operational places on Palo Alto firewalls, across the PA-820, PA-460, PA-3250, and PA-1000 series.
Implementing numerous routing on Cisco routers 1900, 2900, and 3900 series, the transmission of online video in addition to broadcast packets was enhanced.
Developed detailed documentation and runbooks for Terraform scripts and processes to facilitate knowledge sharing and onboarding.
Configured Solar Winds Firewall Security Manager to manage and audit firewall policies, enhancing network security.
Worked in and conducted analyses of major network issues concerning the whole VISA method's BGP, OSPF, RIP, and EIGRP protocols.
Integrated NetScaler with other network and security solutions to provide a comprehensive and secure network infrastructure.
Assisted teams locate and resolve complex network issues by moving Wireshark data captures and performing outcome analyses.
Developed, configured, and managed Cisco TrustSec solutions that offer numerous, adaptable secure network features for usage by the whole company.
Set up and managed Blue Coat’s authentication mechanisms, integrating with LDAP and Active Directory for user authentication and access control.
Monitored and analyzed network traffic using F5 BIG-IP’s 5000i, 7000i, and 10000i iSeries, Built-in analytics and logging tools to identify and resolve performance bottlenecks.
Utilizing an extensive comprehension of information flows, software linkages, and traffic architecture with Tetration's behavior-based coding abilities.
Working with computer engineers and developers to create and apply efficient cabling specification enhancements.
Monitored, maintained and implemented the network topology design and troubleshoot to maximize the network availability and minimizing latency.
Configure and manage intricate LAN/WAN infrastructures with BGP, RIP, OSPF, and EIGRP routing protocols, among others.
Contact this candidate