Network Security Engineer

Sangeetha Reddy

Email:*****************@*****.***

Phone: 515-***-****

Senior Network Security Engineer

SUMMARY:

7.5 years of experience in testing, troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems.

Designed and executed migration plans for transitioning from legacy firewalls to Palo Alto PA-5220, PA-5450, and PA-3440 Networks NGFW, ensuring minimal downtime and seamless integration.

Configured and oversaw the Fortinet FortiGate 1800F, 200E and 3200F firewall systems, protecting company networks from cutting-edge intrusions.

Configured and managed F5 BIG-IP Local Traffic Manager (LTM) to optimize application delivery and enhance network performance.

Implemented Ivanti ISEC for patch testing and validation in a controlled environment, ensuring stability and compatibility before deploying updates to production systems.

Developed and documented best practices for Cisco ACI deployment and maintenance, ensuring consistent and reliable network security operations.

Configured and managed Cisco Nexus 9000, 7000, 5000 series switches to support advanced data centre operations.

Deployed Infoblox DNS Firewall to block access to known malicious domains, enhancing network security and reducing the risk of data breaches.

TECHNICAL SKILLS:

Firewall

Palo Alto, Cisco Firepower, ASA, Juniper SRX series, Checkpoint Firewall, Fortinet (FortiGate) Firewall.

Routing

RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.

Access Point

Aruba 305, Ruckus zf7982, R500, R600 & RAD MAX 360/400

Switches

Nexus, Arista switches, Catalyst switches and Juniper switches.

Load Balancers

F5 Networks (Big-IP) LTM, GTM.

Security Protocols

IKE, IPSec, SSL, AAA, Access-list, Prefix-lists.

AWS Cloud

EC2, S3, ELB, EBS, RDS, IAM, Cloud Formation, Cloud Watch, Cloud Front, Cloud Trail.

Professional Experience:

Delta Airlines, Albany, NY

Sr. Network security Engineer Sep 2023 - Present

Responsibilities:

Implement personalized interaction with service suppliers, establish passwords, and identify people throughout all Palo Alto PA-5260, PA-5430, and PA-3250 firewalls.

Working with threat intelligence and analysis using Palo Alto Networks focusing to create an additional proactive and knowledgeable security plan.

Developed and executed migration plans for transitioning from legacy firewalls to Palo Alto Networks NGFW, ensuring minimal downtime and seamless integration.

Configured Cloudflare DNS settings to ensure reliable and quick connectivity by enhancing resilience and decreasing resolution times.

Set up thorough analytics and logging to track Cloudflare WAF activity, facilitating quick reaction to incidents and ongoing development.

Integrated Cloudflare’s threat intelligence feeds to automatically update and adjust WAF configurations in response to emerging threats.

Configure the Cisco Firepower 1010, 1120, and 1150 to deploy virtual private networks (VPNs) that give employees and client’s accessibility to data.

Integrating the potent AMP and IPS solutions of the Cisco Secure Firewall 3140 and 3130 series, employees were protected against sophisticated attacks.

Configured SD-WAN Viptela to support dynamic path selection, ensuring optimal routing of traffic based on real-time network conditions and improving overall network reliability.

Deployed SD-WAN Viptela to enhance connectivity for remote and branch offices, reducing latency and improving access to centralized resources by 25%.

Developed and documented best practices and standard operating procedures for deploying and managing SD-WAN Viptela, ensuring consistent and reliable network operations.

Implementing the use of the Taboo feature of Cisco ACI, that manages physical access to essential network components like research and manufacturing sites.

Working with the Cisco ACI device configuration to provide APIC administration for efficient rule control, continuous assessment, and support.

Improved and newly authorized ACI-based features by Cisco that allowed a standard three-layer design to be replaced with an ACI-based Spine and Leaf structure.

Improving interaction among Amazon S3 and EC2 and AWS Cloud Front, two essential AWS services, to provide fast and affordable internet access.

Designing and overseeing the Cloud Trail, an integrated view that combines AWS activities from multiple platforms and places for effective analysis and surveillance.

Developed in concert with AWS Auto Scaling, Cloud Watch enabled managers adapt staffing to evaluations for enhanced management.

Configured in centralized control options, including Arista Cloud Vision, to improve switch design and administration on Arista 7020R, 7260X, and 7170 appliances.

Set up the Cisco Meraki MR18, MR20, and MR26 wireless devices to offer users reliable, safe connection under a range of circumstances.

Improved assistance for services and knowledge from Active Directory to facilitate quick reorganization in the case of an internet hacking or system failure.

Working on Networks powered by Python were set up along with a variety of topologies and concepts put into practice in actual situations.

Configured and oversee apps for the internet with unmatched sturdiness (A/S), such as VIPs, in addition to F5 iRules.

Developed and configured F5 BIG-IP 4000, 5000, 7000 virtual servers, pools, and nodes, optimizing application performance and minimizing response time.

Designed Ansible rules to achieve always-secure networks and constantly push out safety updates among multiple programs.

Improved the network's efficiency, values are regularly modified based on traffic dynamics and business metrics adopting Ansible-based methodologies.

Installing and configuring Cisco routers with Cisco IOS-XR administration features, such as those from the ASR 9001, 9006, and 9010 series.

Implemented in troubleshooting network problems by examining relations, associated access processes, and routing configurations on Cisco routers, including IPv4 and IPv6 connection failures.

Develop a functional network architecture, Cisco routers require the installation of additional security measures like firewalls and safety symbols.

Configure the Juniper SRX5600 and SRX5800 firewalls to provide safety measures that are adaptable to user demands and activities.

Implementing links between the two sets of computers in order to Cisco ISE can verify setup and convince firewalls to use 802.1x procedures.

Set up Infoblox DNS Firewall, abide by DNS security guidelines, block links to dubious websites, and maintain updated out for attempts to infect machines with malware.

Configure Cisco Nexus 7010, 7018, 5548, and 5600 switches with networking and EPG division to limit connection between different application zones.

Setting up VRF webpages on Cisco Nexus switches, which let businesses to keep independent subdivisions.

Integrating automation business concepts into the reorganized structure of the Cisco Nexus switch architecture by including virtual splits for improved network safety.

Huntington Bank, Cincinnati, OH

Network security Engineer March 2020 – July 2023

Responsibilities:

Developed and oversaw the Palo Alto PA-5430, PA-5420, PA-5450, and PA-7080 network-based firewalls, which guard business networks toward cutting-edge attacks.

Set up and managed complex safety measures, such as intrusion prevention systems, URL filtration, NAT and VPN security, and spyware removal programs.

Integrating productivity and lowering risk by regularly reviewing and fine-tuning Palo Alto firewall rules.

Using Palo Alto's Panorama and additional surveillance technologies to track and examine online activity in order to detect and reduce security risks.

Integrated FortiGate firewalls 1800F, 200E, 100E with SIEM solutions for enhanced security event correlation and incident response, improving threat detection and response times by 40%.

Implemented and managed FortiGate’s sandboxing features to analyse and contain suspicious files, reducing the risk of advanced persistent threats and zero-day attacks.

Deployed SOPs and configuration templates for FTD deployment and management, ensuring consistency across projects.

Configured FMC database optimization to improve query performance and reduce latency in event retrieval.

Using the Cisco Shields in conjunction with the extra Cisco Secure Firewalls 4215 and 4225 to create a comprehensive and well-organized security framework.

Configured and managed SD-WAN Viptela edge devices to ensure secure and reliable connectivity across multiple branch locations, improving application performance by 30%.

Using SD-WAN Viptela traffic steering policies to prioritize critical business applications, enhancing user experience and productivity by 25%.

Deployed SD-WAN Viptela solutions to support seamless cloud connectivity, enabling a 50% increase in cloud application adoption and usage.

Working with cross-functional teams to integrate Cisco ACI with existing network and security solutions, enhancing overall infrastructure resilience.

Developed and documented best practices for Cisco ACI deployment and maintenance, ensuring consistent and reliable network security operations.

Implemented Cisco ACI's built-in features and data to monitor and resolve security and connection concerns, which reduced network outages by 25%.

Improve the reliability of Arista switches 7358, 7368X4, 7280R3, 7170, and 7358X4, use safe detection/prevention and access mechanisms.

Set up and examined use trends using VPC Flow Logs and AWS Cloud Trail to collect data for resource management and security evaluations.

Installing AWS methods to guarantee outstanding reliability and performance to ensure uninterrupted activities, can assist with education and safeguard procedures.

Working on Infoblox DNSSEC was utilized to increase the precision and reliability of DNS responses while safeguarding DNS transfers and preventing exposure-related cache attacks.

Deployed Ivanti ISEC to manage endpoint configurations, ensuring adherence to security policies and reducing configuration drift by 40%.

Worked on F5 BIG-IP Cloud Edition has been set up for managing application resources in both private and public cloud settings.

Developed the availability and service uptime by implementing F5 LTM and GTM logs and analytics for thorough solving issues for software bottlenecks.

Integrated Ansible with version control systems to manage network configuration changes, ensuring traceability and control over network modifications.

Developed custom Ansible modules to extend automation capabilities for unique network requirements, improving flexibility and adaptability of automation solutions.

Implemented Python-based solutions for log aggregation and analysis, providing centralized log management and improving incident response times.

Developed Python scripts to automate the collection and reporting of compliance data, ensuring adherence to industry standards and regulatory requirements.

Developing controlling, updating, and tracking IPv4 and IPv6 rules, it becomes simpler to integrate and transition across the latest and older versions of Cisco routers.

Setting up Cisco Safety Management and Tenable Nessus, as well as frequently inspecting Cisco routers for flaws and security issues.

Improved capability to identify and stop unwanted activity on network devices increased risk precautions are included with Cisco routers in the ISR 1160, 1131, and 1120 series.

Designed to diagnose and resolve safety-related problems with Cisco Nexus switches, such as disputes with security policies, abnormalities in traffic, and login breaches.

Implementing complex safety network setups by working with multiple divisions and connecting Cisco Nexus switches.

Designed to identify and address network problems and guarantee proper Cisco Nexus 9300, 9400, 9500, and 9800 switch functionality and interface.

Zolon Tech, India

Network Engineer Sep 2017 – Feb 2020

Responsibilities:

Setting up Access Control Lists on Cisco 5520, 5555, and 5554 ASA firewalls to manage resources, networking monitoring, and system management.

Implemented the functionality of the R81, 13k, and R80.30 firewall series and helped the staff of Checkpoints TAC address issues related to software and hardware problems.

Implementing connections with the current safety facilities, which includes firewalls, SIEM structures, and anti-virus programs, in order to formulate a cohesive security plan.

Installed and adjusted Silver Peak wide-area networking equipment to lower latency and improve application reliability.

Using Wireshark to track the packet-level info in order to search for security holes and potential dangers such as spyware infections and external attacks.

Setting up BGP, EIGRP, RIP, MPLS, VPN, and OSPF protocol architectures in order to handle routing problems following uploads and increased user connections.

Developed custom Terraform providers to extend support for specific network devices and services, enhancing automation capabilities.

Using DHCP and DNS server configurations to control domain name verification and website distribution.

Configuring TCP and UDP network assessment and control to provide a dependable and efficient network and application interaction.

Contact this candidate