Security Engineer Palo Alto
Resume:
Maneesha Vasa
********.*****@*****.***
Senior Network Security Engineer
SUMMARY:
7+ year’s professional experience in Network Designing, Deployment, Configuring, Troubleshooting of Network Infrastructure and Testing of Networking System.
Managed multiple Palo Alto devices (PA-7000, PA-5000, PA-3000 series) firewalls and implemented threat prevention systems.
Working on FortiGate firewalls 7121F, 3200F, and 6300F, web filters policies were put into place to control web content, restrict access to dangerous websites, and enforce acceptable use guidelines.
Configured and managed DHCP services using Infoblox, ensuring efficient IP address allocation and management.
Experienced in various AWS Services (Elastic Load Balancing, Amazon Route 53, S3, EC2, and traffic routing).
Worked on designing and deploying Viptela SD-WAN & Network migration from legacy WAN, also optimize and troubleshoot the SD-WAN networks for our users.
Configure and modify Cisco Nexus 9400, 7010, and 5548 switches to enhance network policy enforcement, traffic administration, and overall connection.
Working Knowledge with monitoring tools like Solar Winds and Network packet capture tools like Wireshark.
Technical Skills
LAN Technologies
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
Network Management Tools
Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view
Load Balancers
F5 Networks (Big-IP) LTM 6400
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
Firewall
Fortinet Firewall (60, 100, 1500D, 2000, 2500) Palo Alto (PA-500, PA-3060, PA-5060, PA-7050, PA-7080), Cisco Firepower, ASAS and Juniper SRX series
Programming languages
C, C, C, ASSEMBLY, ASP, .NET, HTML, Visual Basic, Java and Perl Script.
Operating systems
Windows XP/7/8/10, Windows Server 2003/2008, Mac OS and Linux.
Professional Experience
Delta Airlines, Atlanta, Georgia Oct 2023 to Present
Sr. Network security Engineer
Responsibilities:
Configured granular policies on Palo Alto firewalls based on application-specific behaviors and risks, ensuring precise detection and regulation of potential threats.
Installed and configured Palo Alto Networks firewall series (PA-5280, PA-5260, PA-7050) for application control, threat prevention, and perimeter security, enhancing the overall network defense strategy.
Analyzed firewall logs and refined policies using various tools, reinforcing the security posture by ensuring Palo Alto firewall policies are effective and up-to-date.
Developed and managed Palo Alto 7000 Series firewall configurations, bolstering network security frameworks to safeguard critical infrastructure.
Led the design and deployment of a comprehensive network security architecture, including firewalls, IDS/IPS, and VPNs, to secure both on-premise and remote access to critical infrastructure.
Integrated intrusion prevention, web filtering, application control, and antivirus capabilities into FortiGate firewalls as part of the UTM (Unified Threat Management) setup, ensuring comprehensive security coverage.
Configured, monitored, and maintained SevOne platform for real-time network performance monitoring and reporting, ensuring minimal downtime and optimal network health.
New Networking Concepts POC and Production Deployment- Cisco ACI, Cisco SDA, Palo Alto SASE, Palo Alto Prisma Configuration and Testing.
Implemented and maintained VPN configurations (IPsec, SSL VPN) on FortiGate firewalls, enabling secure site-to-site connections and remote management.
Administered and optimized Cisco voice applications including VXML gateways, VVBs, SIP proxies, and CUCM to support enterprise communication needs.
Managed the deployment and integration of Cisco UCCE for enterprise contact centers, designing and configuring routing scripts, IVR systems, and agent desktop interfaces (Finesse/CTIOS) to streamline customer service processes and enhance agent productivity.
Configured and managed Fortinet FortiGate series (4200F, 6500F, 7081F) for application control, threat mitigation, firewall security, and VPN services, aligning with enterprise security policies.
Enhanced FortiGate's IDS/IPS by developing signature-based detection and network attack mitigation strategies, ensuring real-time threat prevention.
Optimized cloud security frameworks by configuring cloud proxies to monitor and filter traffic in real-time, ensuring protection against malware and phishing threats in cloud environments.
Configured and optimized Viptela SD-WAN policies for traffic prioritization and application performance, ensuring alignment with organizational objectives and SLAs.
Led the deployment of SD-WAN solutions in new branch offices, facilitating a smooth transition to the Viptela SD-WAN environment with minimal disruption.
Integrated cloud proxy solutions such as Zscaler to provide secure internet access for remote employees while maintaining consistent security policies across hybrid and cloud environments.
Implemented proxy servers to safeguard enterprise networks by controlling web traffic, blocking access to malicious websites, and enforcing secure browsing policies across multiple regions.
Developed high-performance networking applications using Go, C, and C++ to optimize data throughput and minimize latency in Verizon's large-scale wireless network.
Implemented Zero Trust Network Access (ZTNA) principles within SD-WAN architecture, ensuring authentication and authorization of users and devices.
Worked on incident response and security monitoring, rapidly identifying and mitigating internal and external network threats, minimizing downtime and data breaches.
Designed and deployed Cisco ACI fabric, automating network provisioning and management, reducing new application deployment times by 40%.
Collaborated with cross-functional teams to troubleshoot and resolve network-related issues by utilizing SevOne’s advanced diagnostic features, significantly reducing incident resolution times.
Integrated third-party applications such as Appspace, eGain, Avaloque, and Calabrio with Cisco collaboration solutions to enhance functionality and user experience.
Configured application profiles and policies in Cisco ACI, ensuring consistent network behavior across data centers, which enhanced application performance.
Engage the Cisco A2Q team in designing the UCCE solutions for the customers based on their business requirements and made sure design adhere to Cisco best practices.
Configured cloud-based firewalls and proxy servers to filter web traffic and mitigate security risks, ensuring secure browsing for employees accessing cloud-hosted applications.
Managed Cisco ACI tenants, VRFs, and bridge domains, optimizing network segmentation and improving security within the enterprise environment.
Upgraded Cisco 4500 to Cisco 3850 and documented the network diagram using MS Visio and design plan.
Worked on migration and implementation of Palo Alto Next-Generation Firewall series PA-7080,PA-7050,PA-5060, PA-3060, PA-500.
Deployed AWS WAF in conjunction with Palo Alto firewalls to protect web applications from common web attacks.
Collaborated with cross-functional teams to troubleshoot and resolve network performance issues, employing C/C++ for low-level systems programming to improve service reliability.
Implemented AWS Direct Connect and VPN connections for secure, high-bandwidth connectivity between on-premises infrastructure and AWS environments.
Configured AWS Security Groups and NACLs, strengthening cloud resource protection and application security.
Enhanced security on Cisco Meraki devices (MR18, MR20, MR26) by implementing user authorization measures, preventing unauthorized access.
Designed and implemented database schemas, queries, and stored procedures to support efficient data management and integration with network monitoring and analysis systems.
Supported the design, integration, and lifecycle management of Unified Cisco Contact Center Enterprise (UCCE) solutions, ensuring optimal performance and seamless infrastructure upgrades.
Automated bulk user administration using PowerShell scripts, improving directory management efficiency and accuracy.
Developed and managed F5 iRules, enabling customized traffic management and security solutions tailored to specific network needs.
Worked on Cisco Secure Firewalls (4245, 4215) to manage VPN connections and secure customer and vendor web access.
Configured and managed DNS, DHCP, routers, switches, and corporate firewalls to ensure network stability and security.
Implemented Microsoft Hyper-V virtual machines and managed Windows Deployment Services (WDS) and WSUS for streamlined software updates and system deployments.
Managed and optimized MariaDB/MySQL databases, including performance tuning, backup, and recovery, ensuring reliable data availability for network monitoring tools.
Integrated SD-WAN with cloud security platforms like Zscaler and Palo Alto Networks Prisma Access to ensure uniform security enforcement for branch-to-cloud and branch-to-internet traffic.
Migrated remote branch sites Palo alto firewalls to Prisma cloud for increasing the flexibility and reducing the operational life cycle management.
Deployed Zscaler Internet Access (ZIA) to streamline secure internet access for remote employees, enforcing real-time threat protection and seamless user experience across distributed locations.
Configured Zscaler ZDX to monitor end-user experience and performance across critical cloud applications, providing valuable insights that enabled better application optimization and troubleshooting.
Administered Linux-based servers, ensuring high availability, security, and performance for critical network infrastructure services and applications.
Verizon, Dallas, TX Aug 2022 to Sep 2023
Sr. Network security Engineer
Responsibilities:
Integrated Palo Alto firewalls with Cortex XDR to enhance endpoint security and unified security detection, reducing incident handling time by 25%.
Developed and maintained standardized procedures for deploying and managing Palo Alto firewalls, ensuring reliable and secure network operations.
Configured Palo Alto firewalls (PA-7080, PA-5410, PA-3430) with App-ID to manage application usage, reducing bandwidth consumption by 50% for non-business-critical apps.
Monitored network traffic and mitigated security risks using Palo Alto Firewall management tools.
Configured FortiGate devices for data collection and analysis to investigate security incidents, provide compliance audits, and streamline network monitoring.
Regularly updated FortiGate firewalls (7121F, 2600F, 1000F, and 3200F) with risk-assessment techniques to protect against emerging threats.
Conducted network performance monitoring and resolved connectivity issues to maintain seamless operations.
Deployed robust cybersecurity protocols, including user account management and access permissions, to secure critical resources.
Developed and maintained technical documentation for IT processes, policies, and troubleshooting guidelines.
Integrated FortiGuard services with automated security updates and real-time threat analysis, enhancing the firewall's ability to detect and prevent new threats.
Implemented Fortinet Security Fabric on FortiGate firewalls for centralized management, visibility, and coordinated threat response across the network.
Monitored and analyzed Viptela SD-WAN performance metrics to ensure optimal operation and identify areas for network improvement.
Enhanced security by integrating Viptela SD-WAN with existing security solutions like firewalls and SIEM systems, streamlining threat management.
Executed SD-WAN deployment plans for new branch offices, ensuring smooth transitions and minimal disruptions in the Viptela SD-WAN environment.
Developed and implemented cloud security architecture leveraging cloud proxy solutions (e.g., Zscaler ZIA) to manage secure, scalable internet access for a global workforce.
Developed custom dashboards and reports to provide insights into network traffic, performance metrics, and SLA adherence, supporting proactive network management and troubleshooting.
Acted as an escalation point for complex production support incidents, resolving hardware and software issues and ensuring system uptime through effective troubleshooting.
Analyzed Cisco ACI telemetry to identify bottlenecks and optimize traffic flow for critical applications.
Enhanced security by implementing micro-segmentation policies within Cisco ACI to control east-west traffic in the data center.
Integrated Cisco ACI with legacy systems, enabling seamless communication across the entire network infrastructure.
Delivered proxy and network security solutions for securing e-commerce platforms, ensuring secure data transfer and safeguarding customer information through encryption and advanced security measures.
Configured AWS CloudWatch to monitor and gather data from various AWS services, providing real-time insights into network performance.
Designed and configured cloud proxy services to secure communications between on-premise data centers and cloud platforms like AWS and Azure, maintaining high availability and reliability.
Managed and maintained Cisco Unified Contact Center Enterprise (UCCE), CVP, CTIOS, Finesse, and CUIC, ensuring high availability and reliability of contact center operations.
Established secure and reliable connectivity between enterprise networks and AWS using AWS Direct Connect.
Provided advanced technical support and troubleshooting for iOS, macOS, and Windows devices, ensuring timely resolution of issues.
Designed and implemented IT infrastructure solutions to align with organizational needs, including disaster recovery plans.
Developed and maintained standard procedures for AWS CloudFront, including caching, data integrity, and necessary updates.
Migrated from legacy security appliances to Zscaler ZIA, ensuring granular policy enforcement, deployed Blue Coat proxies for web security, and utilized NGINX for API management, securing backend services with rate-limiting, access controls, and Web Application Firewall (WAF) for protection against cyber threats.
Enhanced network reliability by implementing new monitoring features on Cisco ASR 9901, 9902, and 9903 routers, improving proactive issue resolution.
Managed routine system administration tasks, including OS and application patching, upgrades, and backups, ensuring system stability and compliance.
Configured IPv6 on Cisco routers to ensure seamless dual-stack operations, securing network architecture to handle both IPv4 and IPv6 traffic.
Configured and setup Prisma tunnels for enabling the local internet break out for remote sites.
Worked with panorama for managing the Palo alto firewalls, and Prisma tunnels.
Designed and optimized firewall policies and VPN solutions to ensure secure communication between on-premise data centers and remote locations, while complying with industry standards such as PCI-DSS.
Configured and monitored backup and recovery solutions to safeguard data integrity and minimize downtime.
Audit complex UCCE solutions and recommend best practice remediation.
Deployed low-latency, high-performance networks in data centers and offices using Arista 7000, 7800, and 7300 switches.
Configured and maintained network services such as DNS, DHCP, and VPN on Linux servers, ensuring seamless connectivity and secure access to network resources.
Led a team in managing and securing the corporate network by identifying vulnerabilities and implementing mitigation strategies, improving the overall security posture.
Automated security audits and software updates using Netmiko scripts, ensuring compliance with PCI DSS and CIS standards.
Collaborated with cross-functional teams to align network initiatives with organizational goals, providing technical insights during critical projects.
Conducted user training sessions on cybersecurity best practices and hardware/software utilization to improve system efficiency and user proficiency.
Developed comprehensive network documentation, including configuration and design guidelines for Cisco Nexus deployments.
Resolved security issues with minimal disruption using specialized tools and techniques on Cisco Nexus 9300, 9500, and 9800 switches.
Enhanced network visibility and control by classifying devices and optimizing network access through Cisco ISE research.
Performed database migrations, upgrades, and patching to ensure the continued security and performance of MariaDB/MySQL instances in a high-demand network environment.
Wells Fargo, NYC, NY Oct 2020 to June 2022
Network security Engineer
Responsibilities:
Developing the accuracy of the structure's detection of safety and network-related issues requires regular configuration of the Palo Alto PA-5410, PA-3060, and PA-1410 tracking and analyzing devices.
Involved in the team of Data Center operations to perform duties like administration and deployment of Cisco Routers 1900, 2900, 3900 and Switches per the organization requirements.
Monitored the storage and purchasing of cabling, making ensured that premium supplies and elements were available and reducing expenses and delays.
Using automated failover capacity, Terraform scripts were developed to ensure high reliability and rescue efforts across areas in Google Cloud multi-region system systems.
Improve the user interface and software productivity, custom NetScaler iRules are created to adjust traffic handling and routing according to certain application demands.
Developing the risk evaluation and management capabilities of the Cisco ASA 5515, 5580, and 5540 could help strengthen safeguards against external attacks.
Collaborated with stakeholders on hybrid cloud solutions to ensure redundancy and compliance with company policies and HIPAA regulations.
Implemented understanding of a broad spectrum of digital and internet-based systems, including connections switching, TCP/IP, HTTP, HTTPS, UDP, and IPSEC.
Configured intrusion prevention and detection systems (IPS/IDS) on Cisco Meraki MX security appliances to protect the network from external threats and attacks.
Worked on Juniper routers, including the Juniper MX series (Juniper MX240, Juniper MX480, Juniper MX960) and Juniper SRX series (Juniper SRX300, Juniper SRX550).
Worked on Python with security information and event management (SIEM) systems for real-time analysis and alerting of security incidents.
Configured Zscaler ZIA for secure, cloud-delivered internet access, implemented Symantec Blue Coat proxies for advanced filtering and policy enforcement, and optimized web application performance with NGINX as a reverse proxy and load balancer, ensuring compliance with security standards and enhancing user experience.
Experience in migrating the conventional remote sites with ISR routers with Viptela SD WAN and achieved elastic network connection through internet.
Developed and maintained Silver Peak deployment documentation and best practices, facilitating smooth installations and efficient network operations.
Utilized Solar Winds' NetFlow Traffic Analyzer to analyze network traffic patterns, identify bottlenecks, and optimize bandwidth utilization.
Developed and oversaw a thorough record of the F5 BIG-IP 4000, 4100, and 4200 series' structures, regulations, and data.
Managed and configured enterprise-wide security solutions, including proxy servers, IDS/IPS, and next-gen firewalls, to ensure strong perimeter defense and protect against sophisticated cyberattacks.
Developed and executed incident response plans for security breaches, ensuring HIPAA notification and reporting requirements were met in the event of a data breach involving PHI.
Implemented cloud-based proxy servers to support secure browsing and application access, while ensuring compliance with global data protection regulations.
Configured SSL/TLS offloading and termination and F5 devices, including BIG-IP 5200 and 7200 and enhanced performance and security.
Collaborated with security teams to implement access control policies and ensured network security on Cisco Nexus and Catalyst switches.
Configured and managed firewalls, intrusion detection systems (IDS), and encryption protocols to ensure secure transmission of Protected Health Information (PHI) in compliance with HIPAA requirements.
spearheaded network security audits to evaluate existing security policies, resulting in the identification and remediation of critical vulnerabilities.
Provided support on the Client VPN Prisma Access and legacy Global Protect on Prem. VPN Issues.
Increased security and compliance through the incorporation of Cisco TrustSec into the present network framework to establish policy-based and separated access control.
Channel - Soft Inc, India April 2017 to Sept 2020
Network Support Engineer
Responsibilities:
Deploying, assessing, and selecting different routing protocols, including RIP, OSPF, EIGRP, and BGP ability to identify and resolve difficult network database issues.
Using Splunk to create a DNS reaction tracking system and search for patterns that might indicate malware attacks or command-and-control (C2) operations taking place on web pages.
Developed and maintained TCP/IP network documentation, including addressing schemes, subnet masks, and routing protocols, ensuring accurate and up-to-date network configurations.
Deployed and managed Varonis specifically Data Governance, Data Advantage and Data Alert modules in complex environments.
Work on Physical site Inventory verification, gather information of various Cisco Network devices and Security Devices to develop Run book and Spec Book.
Integrated internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Education:
Bachelors in Electronics and Communication, India.
Certifications:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Cybersecurity Fundamentals
Palo Alto Certified Network Security Engineer (PCNSE)
Cloud Fundamentals Certifications
Contact this candidate