Network Engineer Palo Alto
Resume:
Moukthika
Network Engineer
PH: +1-737-***-****
LinkedIn: https://www.linkedin.com/in/moukthikaa
Email: **********@*****.***
PROFESSIONAL SUMMARY:
Experienced Network Engineer with a proven track record of designing, deploying, and managing complex network infrastructures using the latest cutting-edge technologies. Skilled in multi-vendor environments and adept at integrating modern networking solutions to ensure high performance, security, and scalability.
SD-WAN Deployment: Skilled in deploying solutions such as Cisco Viptela, Versa Networks, and Silver Peak Unity Edge Connect to enhance branch performance, application prioritization, and WAN traffic control.
Routing & Switching Expertise: Proficient in configuring BGP (with route policies), OSPFv3, and EIGRP across complex enterprise environments; implemented VXLAN, STP, and VLAN segmentation on Cisco Catalyst 9000 and Nexus 9500 platforms.
Firewall Management: Hands-on experience with Palo Alto Networks (PA-3k/5k/7k), Cisco ASA, Fortinet 6000 series, and Check Point firewalls; managed advanced threat policies, NAT, SSL/IPsec VPNs, and zone-based security segmentation.
Cloud & Virtualization: Integrated cloud-native services like AWS Transit Gateway, Azure Traffic Manager, and GCP VPC Firewall to secure and scale hybrid cloud networks; supported VMware NSX and vSphere environments.
Wireless Networking: Designed and supported Wi-Fi 6 enterprise wireless infrastructure using Cisco WLC and Aruba APs; implemented ClearPass for identity-based access control and secure 802.1X authentication.
Security & Proxy Solutions: Configured cloud-based proxy and SASE frameworks using Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Cisco Umbrella to secure user access and enhance cloud traffic inspection.
Load Balancing & Traffic Optimization: Deployed and maintained F5 BIG-IP LTM/GTM/ASM and Citrix NetScaler ADC appliances for application delivery, GSLB, SSL offloading, and WAF protection.
Data Center Technologies: Experienced in deploying Cisco ACI fabrics with APIC, BGP underlay, VXLAN EVPN overlay, and integrating Terraform automation modules for scalable multi-site infrastructure.
Automation Expertise: Automated repetitive configuration tasks using Ansible, Python, and Terraform; reduced deployment errors by 50% through version-controlled, reusable code modules.
Comprehensive Network Monitoring: Used tools such as SolarWinds NTA/NPM, Splunk, NetScout, Cisco DNA Center, and Wireshark for proactive network performance analysis and troubleshooting.
VPN Solutions: Configured and supported Global akami Protect, IPsec/SSL VPNs, DMVPN, and AnyConnect across distributed environments for secure and scalable remote access.
AWS & Azure Integration: Built inter-VPC connectivity using Transit Gateway, Direct Connect, and integrated Azure AD SAML with security solutions for seamless cloud authentication.
High Availability Architectures: Implemented redundancy using HSRP, VRRP, GLBP, and Fortinet HA clusters, improving uptime and eliminating single points of failure.
Network Management: Proficient with platforms like Infoblox, Cisco Prime, and SolarWinds NCM/IPAM for automated provisioning, DNS/DHCP management, and change tracking.
Multi-Vendor Operations: Experienced in managing and integrating devices across Cisco, Palo Alto, F5, Juniper, Aruba, Fortinet, and Arista ecosystems, ensuring interoperability and performance optimization.
CERTIFICATION:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Checkpoint (CCSE)
Palo Alto Certified Network Security Engineer (PCNSE)
EDUCATION DETAILS:
Bachelor’ s in computer science, Vignan University, India
Master’ s in computer science, University of Massachusetts Lowell, USA
TECHNICAL SKILLS:
Networking Protocols
RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, RADIUS, AAA, SNMP, VPC, VDC, MLAG
Switches
Cisco Catalyst Series (9400, 9300, 9200, 8500, 8300, 8200), Cisco Nexus Series (9500, 9300, 3000, 5000, 7700 [7706, 7710, 7718]), Cisco Meraki Series (MS390, MS250-48P), Arista 7000 Series (Cloud-grade switches).
Routers
Catalyst 8300 and 8200 Series Edge Platforms, ASR 9000 Series (9006, 9010,920), Juniper MX960, Arista 7800R Series, Cisco ISR 4000 Series, IR 809 and IR 1101.
Wireless
Cisco WLC, 802.11 a/b/g/n/ac/ax, 802.1X Authentication, EAP/PEAP, Aruba ClearPass, Ekahau, Cisco ISE, Air Magnet, AirWatch (VMware Workspace ONE), Aruba Central, Cisco DNA Spaces.
Firewalls
Palo Alto Networks (PA-2K, PA-3K, PA-5K, PA-7K Series), Cisco (Firepower, ASA 5500 Series), Fortinet (FortiGate 6000 Series), Symantec Blue Coat (ProxySG), Check Point Firewalls.
Load Balancers
F5 Networks (BIG-IP LTM, BIG-IP GTM), Citrix NetScaler ADC, Cisco (CSM, ACE), A10 Networks ADC, Azure Load Balancer (Cloud-native).
WAN technologies
MPLS, SD-WAN, PPP, OC3, SONET, L2VPN, L3VPN, VPLS.
LAN technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, 40 & 100 GBE, Port- channel, VLANs, VTP, STP, RSTP, MST, 802.1Q
Security Protocols
IKE, IPSEC, SSL-VPN, ACL, NAT, PAT, URL Filtering, SSL Forward Proxy, Blocklists, VPN, Port-Security, SSH, AAA, Prefix-Lists, Zone-Based Firewalls, HIPAA Standards, Ingress & Egress Firewalls, Content Filtering, Load Balancing, IDS/IPS, SNMP Trap.
Cloud & Virtualization Technologies
AWS (Transit Gateway, Direct Connect, Network Load Balancer), Microsoft Azure (Traffic Manager, DDoS Protection, Load Balancer), Zscaler (ZIA, ZPA), VMware (vSphere, NSX, ESXi), Citrix ADC, Cisco ACI, and Cisco Nexus Cloud.
Operating Systems
CAT IOS, IOS XE, XR, NX-OS, Junos, PANOS, F5 BIG-IP OS, Linux, Windows
Network Monitoring & Management Tools
Wireshark, Splunk, SolarWinds (NPM, NCM, SAM), Cisco DNA Center, NetScout, Thousand Eyes, Nagios, Zabbix, Infoblox, ManageEngine OpManager, Dynatrace, Datadog, Logic Monitor, Grafana, Prometheus, PRTG Network Monitor.
PROFESSIONAL EXPERIENCE:
Client: LCRA (Lower Colorado River Authority) Aug 2024 - Present
Location: Austin, TX
Role: Network Engineer
Responsibilities:
Deployed Cisco ACI in a spine-leaf topology using Nexus 9500 and 9300 series switches, configured BGP underlay and VXLAN EVPN overlay with APIC controllers for centralized policy enforcement.
Implemented multi-site ACI fabric with MSO, application network profiles (ANPs), bridge domains, EPGs, and Layer 2/3 external integrations for scalable data center automation.
Integrated Dell EMC Unity XT storage with ACI fabric, enabling application-aware connectivity and improved east-west traffic performance.
Configured and managed Cisco SD-WAN using Viptela with ISR 1000 and Catalyst 8000 routers; designed centralized policy templates via vManage with Azure cloud integration.
Migrating from DMVPN to SD-WAN solution using Versa and Viptela solution. Worked on Versa Director and Cisco Viptela.
Utilized vManage, Versa Director, and Silver Peak Orchestrator for unified SD-WAN policy monitoring, troubleshooting, and application prioritization.
Designed and implemented SD-Access using Catalyst 9000 switches, enabling scalable segmentation and TrustSec policies for user/device access control.
Migrated firewall infrastructure from Cisco ASA to Palo Alto (PA-3K/5K/7K), integrating Panorama, enabling SSL decryption, WildFire analysis, and role-based access.
Integrated Palo Alto PA-7050 firewalls with Active Directory and LDAP for user-based policies and threat visibility.
Deployed FortiGate 6000 series NGFWs with FortiClient integration, creating centralized endpoint control and security posture compliance.
Developed and implemented security policy around the Cisco ACS (Authentication Control System), with RADIUS and TACACS authentication support against an Active Directory database, including device management, wireless and VPN applications.
Deployed Citrix NetScaler ADC for VDI and internal application delivery, optimizing load balancing and SSO authentication mechanisms.
Integrated Zscaler ZIA and ZPA with Azure AD SAML, configured SSL inspection, GRE tunnels, URL filtering, and traffic forwarding to Zcloud for secure remote access.
Migrated web proxy infrastructure from Blue Coat to Zscaler, streamlining cloud security and user experience across remote and hybrid environments.
Migrated legacy Cisco switches to Aruba CX 8320/8400 with AOS-CX automation, reducing operational overhead and licensing costs.
Deployed Aruba ClearPass and Mobility Controllers for Wi-Fi 6 deployment; supported 1,500+ endpoint devices across high-density enterprise environments.
Configured STP mitigation (BPDU Guard, Root Guard), VTP MD5 auth, port security, and Layer 2/Layer 3 switching tasks across Catalyst platforms.
Installed and configured Cisco Meraki MX85 and MS250 switches, integrated with Cisco Umbrella for DNS-level security and threat intelligence.
Maintained VMware vSphere/ESXi clusters for virtualized workloads and high availability; monitored with vCenter.
Used ServiceNow for incident tracking, change control, and configuration audits across the network landscape.
Developed Terraform modules and Ansible playbooks for ACI, firewall, and cloud provisioning tasks; implemented CI/CD version control for consistency.
Created a dedicated SDN test lab using Cisco Nexus Cloud and virtual routers to simulate migrations and validate configurations pre-deployment.
Configured Infoblox for DNS/DHCP management and IPAM; used APIs and Ansible automation to reduce provisioning errors by 40%.
Installed and configured Cisco ISE (v3.x) with Catalyst 9300 switches to enforce 802.1X authentication and role-based NAC across the enterprise.
Used SolarWinds NetFlow Analyzer, Log & Event Manager (LEM), and NCM for real-time monitoring, event correlation, and backup automation.
Captured and analyzed traffic with Wireshark to resolve routing anomalies and firewall packet drops; documented network flow paths using Draw.io.
Configured AWS Transit Gateway and Direct Connect to support low-latency cloud routing across multiple VPCs and regions.
Deployed Azure Traffic Manager for global DNS-based load balancing and Azure DDoS Protection for critical app services.
Built hybrid connectivity across GCP using custom firewall rules, DNS forwarding zones, and hierarchical IAM policies.
Designed BGP (eBGP, iBGP), OSPFv3, and EIGRP topologies with route summarization and redistribution on Juniper MX960, Arista 7800R, and Cisco ASR 9000 platforms.
Client: Verizon July 2023 – July 2024
Location: Boston, MA
Role: Network Security Engineer
Responsibilities:
Integrated Palo Alto Networks PA-850 firewalls with Splunk SIEM, leveraging Python automation for log management and real-time threat detection.
Managed Palo Alto Firewalls (PA-220, PA-3200, PA-5200) through Panorama, implementing centralized security policies, firewall rule management, and VPN configurations.
Configured Cisco ASA 5500-X (9.14) firewalls, deploying advanced security policies, IPS, VPN services, and traffic filtering.
Executed migration from Check Point to Cisco ASA, ensuring secure and efficient VPN policy transitions.
Implemented A10 Thunder TPS for DDoS protection, configuring advanced threat detection and mitigation technologies.
Deployed Symantec Blue Coat ProxySG as a Secure Web Gateway (SWG), integrating web filtering, SSL inspection, and malware protection.
Integrated Cisco ISE with Active Directory and RSA SecurID, enabling multi-factor authentication for critical network access.
Configured Aruba ClearPass with RADIUS authentication, enforcing secure and efficient user authentication for wired and wireless networks.
Deployed Cisco ACI in a multi-site environment, configuring APIC controllers and fabric switches for application-based networking and centralized management.
Monitored Cisco ACI health scores to track network performance, detect faults, and optimize policy enforcement.
Configured Silver Peak Unity EdgeConnect for SD-WAN, leveraging dynamic path control and WAN optimization for improved application performance.
Implemented Viptela SD-WAN on vEdge routers, establishing secure, scalable WAN fabric for distributed sites.
Provisioned Versa Networks SD-WAN and Secure Access Service Edge (SASE) solutions, enhancing branch connectivity and security.
Designed and implemented LAN/WAN architectures, utilizing MPLS, Ethernet, and broadband technologies for optimal connectivity.
Configured BGP (EBGP, IBGP) on Cisco ASR 9000 Series routers, optimizing route selection and high availability.
Implemented OSPF sham-links on ASR 9000 to support MPLS VPNs and maintain routing integrity.
Deployed AWS Direct Connect, establishing high-bandwidth, low-latency connectivity between on-premises networks and AWS.
Configured Google Cloud VPCs, implementing secure segmentation, firewall rules, and route tables for efficient cloud networking.
Optimized AWS Network Load Balancer (NLB) and Route 53 policies, ensuring high availability and fault tolerance across cloud environments.
Administered F5 BIG-IP LTM/GTM, performing licensing, provisioning, firmware upgrades, and health monitoring.
Executed migration from A10 to F5 load balancers, implementing advanced traffic steering and SSL offloading.
Developed F5 iRules for traffic redirection, security enhancements, and custom filtering policies.
Configured Akamai CDN for optimized content delivery, caching policies, and latency reduction.
Implemented Akamai Kona Site Defender for WAF protection, tuning security policies to mitigate OWASP Top 10 threats and DDoS attacks.
Deployed Akamai API Gateway, enforcing rate limiting, authentication, and SIEM integration for real-time threat monitoring.
Automated SSL/TLS certificate deployment across F5 and Akamai, ensuring secure communication and compliance.
Configured Splunk Enterprise for real-time log analysis, developing custom dashboards and alerts for network security events.
Monitored OSPF neighbor relationships using SolarWinds NCM, proactively identifying routing issues.
Automated firewall and network device configurations with Ansible and Python, reducing manual efforts.
Integrated ServiceNow for incident, change, and configuration management, streamlining IT workflows.
Managed Aruba 300 Series (802.11ac) and 500 Series (802.11ax) wireless access points, ensuring high-performance connectivity in enterprise environments.
Deployed Aruba Wireless LAN Controllers (WLCs), optimizing AP performance, user density handling, and security policies.
Integrated Aruba ClearPass for network access control, enabling policy-based user authentication.
Implemented and managed Zero Trust Network Access (ZTNA) solutions to enforce identity-based access control, ensuring secure remote access to applications without exposing internal networks.
Client: Bank of Montreal Oct 2022 – June 2023
Location: Chicago, IL Remote
Network Engineer
Managed Palo Alto firewalls (PA-220, PA-3200, PA-5200) using Panorama for centralized policy deployment, threat inspection, SSL decryption, and VPN configuration.
Installed, configured, and monitored IPsec and SSL VPNs on Palo Alto and Cisco ASA firewalls, including access rules, NAT, user-groups, and advanced security profiles.
Migrated VPN policies and configurations from Check Point to Cisco ASA, ensuring encryption consistency, ACL translation, and business continuity during cutover.
Configured site-to-site VPNs on ASA using 3DES and AES-256 protocols and enforced firewall rules for secure inter-site communication.
Deployed Blue Coat ProxySG as a secure web gateway (SWG) for URL filtering, malware scanning, SSL inspection, and bandwidth usage control; integrated with Blue Coat Reporter for compliance and audit reports.
Installed and configured F5 BIG-IP appliances (LTM), executing a seamless migration from A10 to F5; created iRules, SSL profiles, and performed firmware upgrades.
Tuned health monitors and load balancing algorithms on F5 to optimize application delivery, maintain high availability, and minimize latency.
Implemented Versa SD-WAN and Cisco Meraki MX80 with auto-VPN failover as part of hybrid WAN strategy; configured centralized policy templates and monitored via respective dashboards.
Developed automation scripts using Python and Ansible for firewall configuration backups, device health monitoring, and ACL management, reducing manual errors.
Built custom dashboards and alerts in Splunk Enterprise to monitor firewall logs, VPN activity, DNS queries, and endpoint access behaviors for anomaly detection.
Configured Cisco ACI fabric policies including application profiles and service graphs to enforce tenant-based segmentation and performance optimization.
Integrated Cisco ISE with Active Directory and RSA SecurID for wired/wireless multi-factor authentication and RADIUS-based access control.
Deployed Cisco Meraki APs (MR66, MR74, MR84) across warehouse locations and configured Aruba 300/500 series APs with WLCs for secure high-performance Wi-Fi 6 connectivity.
Enabled RADIUS authentication using Aruba ClearPass and Cisco ISE to enforce dynamic VLANs and 802.1X policies across access layers.
Built and secured Google Cloud VPCs with custom firewall rules, subnets, and route tables; used IAM roles and service accounts for cloud access control.
Deployed AWS NLB with Route 53 Alias records for fault-tolerant traffic distribution; configured routing policies for latency optimization across multi-region workloads.
Implemented BGP route control on Juniper MX960 using route maps and community attributes for path selection and inbound filtering.
Applied OSPF summarization on Cisco ASR 1000 Series routers and implemented EIGRP stub routing on Catalyst 4500 switches to reduce convergence time and control update propagation.
Worked with Avaya and Cisco VOIP systems to configure VOICE VLANs, troubleshoot call quality issues, and apply QoS using DSCP marking strategies.
Used Cisco DNA Center for topology visualization, policy audits, and network assurance; detected misconfigurations and improved service health.
Performed post-migration validation using Wireshark captures and Splunk logs to verify session continuity, VPN tunnel status, and firewall rule matches.
Used ServiceNow for incident tracking, change control, and CMDB documentation across all deployed security, routing, and wireless assets.
Client: HP Enterprise Solutions Jul 2019 – Jul 2022
Location: India
Role: Network Support Engineer/ Technical Analyst
Responsibilities:
Managed VLANs, inter-VLAN routing, and trunking (802.1Q) on Cisco Catalyst 3560, 3750, and 4500 Series switches, optimizing network segmentation and security.
Configured Layer 2 technologies, including VLAN Trunks, EtherChannel, and Spanning Tree Protocol (STP) to prevent loops and enhance LAN performance.
Performed Cisco IOS upgrades, password recovery, and TFTP-based configurations, ensuring secure and updated switch firmware.
Implemented routing protocols such as EIGRP, OSPF, RIPv2, and static routes on Cisco routers (2800, 3800, 7200 Series) for optimized path selection and network stability.
Troubleshot WAN connectivity issues, including BGP route reflectors on Nexus 7000 switches and DMVPN solutions for secure site-to-site communication.
Configured Cisco ASA 5500 series firewalls, deploying SSL VPN and IPSec VPNs for secure remote connectivity.
Implemented NAT, Access Control Lists (ACLs), and firewall logging, ensuring secure resource access and network monitoring.
Utilized SolarWinds and Wireshark for real-time network monitoring, detecting anomalies and security threats.
Configured AWS Security Groups, Network ACLs, and Azure Traffic Manager, ensuring secure and efficient cloud connectivity.
Assisted in VMware vSphere and NSX to support virtualized networking environments, including cloud-based VPN solutions.
Configured Citrix NetScaler Gateway for VPN services and multi-factor authentication, troubleshooting traffic distribution issues.
Managed enterprise wireless networks, troubleshooting 2.4 GHz/5 GHz connectivity, and configuring EAP and PEAP authentication for secure access.
Monitored networking protocols (OSPF, RSTP, EIGRP, BGP) using SolarWinds NCM, proactively identifying and resolving connectivity issues.
Utilized Wireshark and Splunk for protocol analysis and traffic flow monitoring, identifying performance bottlenecks.
Provided hands-on technical support, including network installations, racking, stacking, and cabling, ensuring efficient LAN/WAN administration.
Contact this candidate