Security Engineer Network
Resume:
Tejeswar Bobba
*************@*****.***•
Senior Network Security Engineer
Summary
As a Senior Network Security Engineer with 7+ years of experience, expertise in fortifying and managing network infrastructures. Understanding security protocols, firewall and intrusions, adeptly architect and implement robust security frameworks. Proficient in a spectrum of networking from Cisco routers and switches to advanced security appliances like Palo Alto and Fortinet firewalls in safeguarding against cyber threats.
Technical skills:
Firewall
Fortinet (FortiGate) Firewall, Palo Alto, Cisco, Checkpoint, ASA and Juniper SRX series
Switches
Nexus 2k, 5k, 7k, Catalyst switches, Juniper switches and arista switches.
Networking
TCP/IP, OSI Model, LAN/WAN, Switches and Routers, IPV4/IPV6,DNS,DHCP
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
Network infrastructure
VLAN, W-LAN, WAN, LAN, Inter VLAN, Spine and Leaf architecture
Load Balancers
F5 Networks (Big-IP) LTM, Viprion. Wireless Networks (WLAN’s)
SD-WAN Technology
SD-WAN Viptela, Micro segmentation
Cloud Services
AWS (VPC, Direct connect, cloud front, Route53), Azure
PROFESSIONAL EXPERIENCE
UNITED AIRLINES, CHICAGO, IL
Sr. Network security Engineer, Aug 2023 – Present
Experience in installation, and maintenance of the Palo Alto PA-7080, PA-5280, and PA-3260 firewall rules were focused on achieving strict conformity to health requirements and implementing link safety.
Improved safety protocols, continuous company activity, and the development and deployment of Palo Alto Networks Next-Generation Firewalls in a multi-site setting were ensured.
Monitored firewall logs attentively and installed the Palo Alto firewall to guarantee peak performance, and utilizing Panorama for safety surveillance.
Maintained a comprehensive database of FortiGate configurations, policies, and practices Knowledge is a crucial tool for simplifying tasks linked to audits.
Experience in setting up Palo Alto Networks Globally safe VPN hardware for offering consumers and staff with safe internet access.
Monitor user information recognition, the Cisco ISE architecture now has extra safety safeguards in place.
Installation, administration, and safety monitoring expertise with Fortinet FortiGate firewalls for IPv4 and IPv6 networks.
Maintaining bandwidth allocation and prioritizing essential tasks might be facilitated by establishing monitoring client policies for the FortiGate 4200F, 1000F, 3700F, and 2600F firewalls.
Configure the Cisco Firewall 3110 and 3105 routers to provide the best possible protection against attacks and effective access control.
Designed and implemented Data Loss Prevention (DLP) strategies to protect sensitive data and prevent unauthorized access or leakage.
Member of team responsible for onsite LAN/WAN support deployment and configuration of routers, Switches and wireless voice and firewalls and related to LAN/WAN technologies.
Improved connectedness to setup SD-WAN systems based on the vEdge router and Viptela software.
Installed Cisco ISE to work well with current credentials and domains for the purpose to provide reliable support and security.
Applying for authorization to reroute data for thorough activity screening and safety protocols via application routes on the Cisco Nexus 9300, 9400, 9500 and 9800 switches.
Experienced in creating and implementing comprehensive guidelines and protocols for Juniper SRX 1600 and SRX 2300, ensuring regulatory compliance and seamless information exchange.
Experience in working on the Quarterly maintenance windows for failover, reboot of Palo Alto firewalls, as well as other security devices.
Developed team ties across Palo Alto firewalls made it possible to transition from a Checkpoint networks to a Palo Alto global systems.
Deployed and managed Silver Peak SD-WAN solutions to enhance network performance, improve WAN efficiency, and reduce costs for multi-site environments.
Integrated IDs to Active Directory to utilizing of resources and communication between networks and enterprises.
Optimized Arista, Cisco and Juniper network routers support with Netmiko in managing network settings.
I implemented file transfer systems using FTP, NFS, and SSH (SCP) in a Linux environment.
Improved security and compliance with CIS guidelines will be implemented in Cisco router ISR 1101, 1109, 111X, and 1120 units.
I’m responsible for onsite LAN/WAN support deployment and configurations of routers and switches for LAN/WAN technology.
Responsible for Configuring SITE TO SITE VPN on Cisco ASA 5500 series firewall between Head office and Branch office.
Designed and configured Azure Virtual Networks (VNets), subnets, Azure network settings, DHCP address blocks, DNS settings, security policies and routing.
Strong understanding of networking protocols (TCP/IP, DNS, DHCP) and network architecture to support secure and efficient network design.
Designed ACI Spine and Leaf fabric with consideration for fault tolerance, load balancing and non-blocking architecture to guarantee uninterrupted network operations.
Implemented site-to-site VPN tunnels using Cisco Meraki MX devices for communication B/W user locations and headquarters.
Used Viptela VPN links for SD-WAN to integrate company servers and distant locations, enabling safe interaction and easy utilization of integrated applications.
Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.
Monitored and optimized network performance using advanced Windows Server tools and third-party solutions, identifying and resolving bottlenecks.
Installed, configured, and maintained chassis-based F5 Viprion 4800, 4100, and 4300N systems to improve network security and boost application efficiency.
Deployed Azure IaaS virtual machines (VMs) and Cloud services (PaaS role instances) into secure VNets and subnets.
Troubleshoot on various communication TCP/IP protocols like FTP, FTPs, SFTP, HTTP and HTTPS.
Assistance with the more modern WAN routers' Infoblox installation, DNS configuration, and provisioning of SSH and admin IP links.
Development of Python extensions for reading and assessing protected log data from devices has resulted for forensic analysis and recovery attempts.
Maintaining compliance with administrative and legal safety concerns, the Azure Policy guidelines control asset name and labelling methods.
Implementing strict security measures and controlling Cisco router firewall rules and authorization classes (ACLs) to stop unwanted access.
Associated with Aruba User Interface Data (UXI) devices to monitor and handle network security and effectiveness issues on a constant basis.
Monitoring DNS system using Infoblox software, we were able to identify security vulnerabilities and hazards associated with DNS disputes.
Used routing protocols such as RIP, OSPF, BGP, EIGRP and manipulated routing updates using route-map, distribute list and administrative distance.
I applied security techniques and Cisco IOS protections, including Auto Secure, while leveraging web-based tools to perform regular safety checks and diagnose Cisco router issues.
Configured and BGP and OSPF, within the SD-WAN Viptela and implemented HA solutions to uninterrupted.
TOYOTA MOTORS, PLANO, TX
Sr. Network security Engineer, April 2021 – June 2023
Monitored the effectiveness of several Palo Alto safeguards using the business's Panorama tracking platform.
Experienced at using Palo Alto Panorama's user interface and exercise connection capabilities to quickly and effectively analyse potentially hazardous situations.
Maintaining the corporate network against breaches and illegal access by creating, configuring, and managing the Fortinet FortiGate 7121F, 6500F, and 4400F firewalls.
Added OSPF and BGP, two sophisticated routing protocols, to Cisco Nexus switches to improve networking capacity and flexible routing features.
I maintained and created scripts in Python that assisted in pulling the data into splunk to meet adult and reporting requirements.
Implemented Cisco Nexus 9300, 9400, and 9500 series switches to enable software-defined networking (SDN) and enhance automated networking and flexibility
Set up Cisco Nexus switches Quality of Service (QoS) settings to give priority to important apps, therefore lowering latency and guaranteeing dependable performance.
Added protection enhancements to Cisco routers to recognize and halt malicious activities at the network's borders. Responsible for Cisco ASA firewall administration across our global networks.
In order to verify a seamless transfer and minimal downtime for critical operations, a redundant system was developed using extra Cisco ISR 111X, 1120, 1131, and 1160 routers.
I Implemented standardized network equipment by combining Cisco routers with wireless access points, switches, and firewalls.
I implemented frame relay point to point and multi-point WAN links between sites to establish connectivity between 4 sites.
Experienced in utilizing ERO to define explicit routing paths in MPLS and Segment Routing environments.
I mitigated users from the global protect VPN to Zscaler ZPA to improve VPN performance.
Performed IOS Software upgrades on switches 6500, 3750 and 4500s and Cisco ASR for compatibility.
Configured and maintained AAA protocols, such as RADIUS and TACACS+, to control user access and permissions on network devices.
Configured and managed F5 VIPRION Advanced Firewall Manager (AFM) for layer 4-7 protection against DDoS attacks and other security threats.
Maintained the creation of the Arista Cloud setup which provides VXLAN for design and tracking.
Worked on Cisco based Routing and Switching environment with Rapid Spanning tree and using Routing Protocols such as BGP and OSPF.
Designed and developed locals networks LANs and wide area network WAN.
Implement approved guidelines in the Cisco Firepower 1140 and 1150 control canters, and monitor each to make sure that its protections are being implemented appropriately.
I migrated our networks WAN to an Ethernet based MAN which resulted in savings of over the performance increase throughout our system of 12 user locations.
Utilized Azure AD limited access services in conjunction with Azure Multi-Factor Authentication (MFA) improves security and privacy for cloud-based resources.
Configure the Cisco Secure Firewall 3120 and 3130's versatile monitoring options, which allow for fast policy modification and monitoring of all connected devices.
Improved connectedness to setup SD-WAN systems based on the vEdge router and Viptela software.
Set up network designs on Juniper SRX 4700 and SRX 4300 devices to monitor and control assured service-layer connections.
Implemented Mobile Device Management (MDM) with Cisco ISE to enforce security policies on mobile devices.
Configured and maintained Citrix NetScaler, ensuring reliable and secure access to applications and services for end-users.
Implemented advanced security measures on Windows Server, including BitLocker, IPsec, and NAP (Network Access Protection).
Conducted regular security audits and performance tuning on PAN FW, Cisco ASA/FTD, F5 LB, and Citrix NetScaler, ensuring alignment with best practices and compliance standards.
Managed and optimized application traffic through advanced routing policies, QoS, and load balancing.
Monitored and analysed network performance using AWS Cloud Watch, VPC Flow Logs, and AWS Cloud Trail for real-time insights and troubleshooting.
Developed and executed automation, working with teams from divisions that integrate Meraki MX series routers with modern security protocols.
Coordinated with Security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
Worked on the project of F5 LTM and GTM code upgrade project, doing couple of them every week.
Implemented AWS Web Application Firewall (WAF) and AWS Shield to protect web applications from common web exploits and DDoS attacks.
DTCC, BOSTON, MA
Network Security Engineer, Nov 2019 – Mar 2021
Expertise in system management, data security, and related technical fields; familiarity with the Palo Alto firewall PA-3220, PA-1420, PA-850, and PA-460 series.
Applying VLAN design, routing, and layout techniques to the installation and maintenance of Cisco safety devices, such as the ASA 5500, 5540, and 5515/PIX.
Managed and analysed Cisco Router 1900, 2900, and 3900 in accordance with business goals by collaborating to managerial connection administrator.
Configured and managed Cisco Firepower Threat Defense (FTD) devices to enhance network security and monitor network traffic.
I have used Python libraries like Netmiko and Napalm to automate the VALN configuration of Cisco switches and Juniper routers.
Implemented advanced threat protection solutions using Cisco FTD, including intrusion prevention systems (IPS) and malware defense.
I optimized the performance of the WAN network consisting of Cisco 3550/4500/6500 switches by configuring VLANs.
Working Knowledge and demonstrated experience on the Cisco Juniper switches & Routers.
Heavily involved with data center migration from Cisco to Juniper with minimal downtime utilizing VxLAN.
Configured STP for loop prevention and VTP for Inter-VLAN Routing.
Provided Tier1 technical support; assist users facing network problems. Perform advanced troubleshooting, diagnostics and provide tier/level-1 solutions to network failures.
I have Python to do net configuration sessions to get data models from Arista switches using client libraries.
I’m expertise in the implementation of analysis and troubleshooting of LAN/WAN network systems and worked on WAN infrastructure running OSPF as a core routing protocol.
Actively involved in switching technology Administration including creating and managing VLANS, Port security - 802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009.
Developed and implemented security-related solutions in accordance with Terraform requirements, such as VPNs, security software, and client monitoring.
Designed, deployed, and maintained robust Linux-based network infrastructures, ensuring high availability and scalability.
Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF on Cisco Routers 7613, 7201, and 3945E.
SMART RECON, INDIA
Network Support Engineer, Nov 2017 – Oct 2019
Install and support various MPLS/BGP, Metro Ethernet deployments and configure routing and switching platforms Solutions.
Done troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
Configured RSTP, MST and used VTP with 802.1q trunk encapsulation provided port binding and port security wherever required provided router redundancy through HSRP.
Created, set up, and refined server DNS expertise for the modification, maintenance, and setup of DNS architecture.
Implementing a range of transportation computations, such as OSPF, BGP, RIP, and EIGRP, to create and oversee intricate LAN/WAN systems.
Configuring and troubleshooting wide- and regional-area systems (ISDN, Frame Relay, DDR, NAT, DHCP, and TCP/IP).
Contact this candidate