Network Engineer Palo Alto

Sr. Network Engineer

Name: Srikanth Thota

Email : ***.*******@*****.***

Phone : +1-860-***-****

Certification : CCNA, CCNP, PCNSC, ACMP.

PROFESSIONAL SUMMARY:

Extensive knowledge in configuring and troubleshooting Layer 3 Interior and Exterior Gateway Routing protocols such as OSPF, EIGRP and BGP.

Hands on Experience on Cisco 2960, 3650, 3750, 3850, Cat 4500X, Cat 6500, Cat 6880, Cat 9k series switches in Enterprise environment. Experience Installing, configuring and troubleshooting Nexus 2k, 3K, 5K, 7K, 9K in Datacenter

Extensively worked on TCP/IP networks, LAN/WAN Technology, messaging services and Internet Services (DNS, SMTP, POP3/IMAP4, Send mail, Web, Proxy, Radius).

Monitored and triaged over 500 security events daily using SIEM tools in a 24x7 financial SOC.

Application Deployments, Orchestration, Automation using Ansible.

Experience working with Cisco IOS, IOS-XR, NX-OS for configuration troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS.

Led shift handovers and RCA meetings for high-priority incidents, ensuring continuous SOC efficiency.

Thorough experience in configuring Virtual Local Area Networks (VLAN) with IEEE 802.1Q, VLAN trunking protocol (VTP), shortest path bridging, Multiple VLAN Registration Protocol and VLAN Cross Connect (CC).

Strong hands-on experience on Cisco Catalyst (series 3850, 3560, 4500, 6500), Cisco Nexus (series 2K, 5K, 7K), Cisco Routers (series 7300, 4000, 3800, ASR 9000), Firepower (4100), Load Balancers (Citrix NetScaler, Cisco ACE, F5 BIG-IP LTM/GTM, IDS/IPS (HIDS, NIDS, NIPS, HIPS), Fire eye, Splunk, Palo Alto Networks Firewalls (PA-820, series PA-3K, 5K), Checkpoint IP Appliances (NXG R60, R70, 3100, 5900), FortiGate (7060E and 7030E)

Experience in working with Cisco Nexus Switches like 5000, 7000 and 9000 series and configuring VDC, VPC, VRF, and OTV on the Nexus switches.

Experience on writing playbooks for Ansible and deploying applications using Ansible.

Experience in installing, configuring, and troubleshooting of Checkpoint Firewall Confidential ASA Palo Alto Juniper SSG series.

Expertise in design, configuring, supporting and administrating Data Centers, Cisco routers, switches, Nexus switches, Load balancers and F5 Suite, Firewalls, Proxy, VPN’s, IPsec, NAT.

Demonstrated ability to collaborate across teams, ensuring successful project delivery in mission-critical environments.

Experience implementing large Data Center infrastructures with Cisco ACI, Cisco N9K, N7K, N5K, N3K, Cisco Cat 9500/9300, 6500, 4500/4900, Cisco ISR 4451, Cisco ASR1001.

Experienced in Monitoring tools like HP Tools Suite, SolarWinds and Service - Now.

Experienced in configuration, IP address management using Infoblox and SolarWinds IPAM Tools.

Experience on EVPN, MLAG, Symmetric and Asymmetric routing in Spine Leaf, VXLAN, VTEPS, VNI, MAC flood lists updates using BGP Route distinguishers, RT1,2,3 and 5 updates.

Installed, configured, deployed Network Virtualization (NSX) VMware platform for the software defined data center.

I am proficient in monitoring and managing networks using SolarWinds NetFlow Traffic Analyzer, Network Performance Monitor (NPM), Network Configuration Manager (NCM); SAM, IP Address Manager, Additional Polling Engine, Cisco Prime, Security Device Manager (SDM), Cisco Works; Infoblox, HP OpenView, and Wireshark.

Expertise in physical installation and configuration of network equipment, including racking and stacking of switches, routers, and servers to optimize space and improve accessibility.

Knowledge and configuration of redundant router protocols like HSRP, VRRP, and GLBP.

Experience in testing Cisco routers and switches in lab scenarios and deploy on site for production.

In-Depth Knowledge and experience of various wireless 802.11 standards, controllers, Access Points, Wi-Fi analytics from various vendors (Cisco Meraki, HPE, D-Link and Net gear).

Proficient in using IXIA/SPIRENT traffic generators and hands-on experience with Cisco and non-Cisco routers.

Solid hands-on experience with packet sniffing and traffic generating tools such as IXIA, Wireshark, and Opnet.

Helping the cloud architecture with next steps on proof of concept with AWS, Open stack, MS Azure, CISCO ACI, Juniper Contrail SDN/ NFV. Selecting the appropriate AWS stack.

Experience using Network management equipment’s such as IXIA, Packet Analyzer OPNET and Wireshark and Wan Optimization tools Like Riverbed

Experienced in deploying cutting-edge security technologies and staying ahead of emerging threats.

Implemented and maintained Sourcefire intrusion detection/ prevention (IDS/IPS) system and hardened protection standards, IDS/IPS signatures on Firewall for Fine-tuning of TCP and UDP services.

Worked on Cisco Firewalls Cisco ASA 5500(5510/5540) Series. Migrated from ASA to Palo Alto 5000 Series. Experience in NAT/PAT, Policies, SSL Forward proxy, Decryption, URL Filtering on PA firewalls.

TECHNICAL SKILLS:

Routers & Switches

Cisco Routers (3800, 2800, 2500, 2400 Series), Cisco Switches (6500, 4500, 2960, 2950, 2924, 3700, 3500), Juniper EX43XX, Juniper hardware (MX, EX, SRX, PTX series), QFX1XXX series, Cisco Nexus 9k,7k,5k,3k ISR, CRS, GRS, and ASR, DWDM, BGP, OSPF, ISIS, MPLS, QoS, BGP PIC, BGP LU, F5 Load, EDFA, ROADM, FOADM

Protocols:

TCP/IP, ISIS, EIGRP, BGP, HSRP, IPsec, VPN, DMVPN, QoS, Multicast, dot1q, STP, VLANS, VTP, WLAN, DNS, DHCP, ARP, SNMP, NetFlow, TACACS+, VRF, Cisco VPC, Ethernet

Operating Systems:

Windows 2000/2003/2008/12 Servers, Linux, IOS

AAA Architecture:

TACACS+, RADIUS, LDAP, Cisco ACS

Firewalls & VPN:

Checkpoint Firewall UTM Series, IPSEC and SSL VPN, Cisco 5500 Series ASAs, Fire Power, Palo Alto firewall, IXIA, SPIRENT

Cloud Technologies:

AWS, GCP, Azure.

Wireless Equipment:

Cisco Wireless LAN Controllers (WLC) 4400 Series (4402 & 4404) 5500 Series (5508), Cisco Aironet Wireless Access Points (1200 3500 Series) (Aruba, Arista), Ciena, Infinera, 802.11.

SD-WAN Technologies:

SilverPeak, Viptella, VeloCloud, Versa, Meraki SD-WAN,CloudGenix.

Applications:

MS Office 2003/2007- Word, Excel, Power Point, MS Outlook, Outlook Express, Opnet, Bluecoat, Riverbed, Net Brain.

Security:

Checkpoint Firewall UTM/NGX Series and Cisco PIX 500 Series and Cisco 5500 Series ASA, ISE, IPS, IDP Palo Alto, F5, A10.

Automation:

Ansible, Python, Terraform.

Management software: Cisco works, Solar winds, QIP DNS, Infoblox, Netdata, Statseeker, Alterpoint, Infoblox

AT&T. Martinez, CA MAY 2024-Till date

Senior Cisco Engineer

Responsibilities:

Participated in CISO-led strategy workshops to assess which platform to decommission.

On-site deployment, Operation and integration, Installation, and Configuration using Meraki Platform and Cisco Switches. Troubleshoot to bring the site up and running for the production workload and smooth Transition of overall cut.

Regularly engaged with MSSP to enhance threat intelligence feeds for higher fidelity alerting.

Served as the subject matter expert in configuring, managing, and troubleshooting Juniper devices including MX, EX, SRX, and PTX series.

Working experience on the Cisco Catalyst 2960, 3750, 3850, Cat 9K, Cat 4500X, Cat 6500 switches; Nexus 2k, 3k, 5k, 7k, and 9k series switches.

Conducting Layer 2/3 protocol testing for BGP, OSPF, ISIS, and MPLS networks, ensuring reliable and scalable performance.

Collaborated with DevOps to introduce real-time monitoring for new clinical app deployments.

Installation and Configuration of Cisco Catalyst switches 6500, 3850 & 2960, 9300 series and configured routing protocol OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design Document and followed the change process as per IT policy it also includes the configuration of port channel between core switches and server distribution switches

Experience with upgrading NX-OS to version 6.1 on the cisco Nexus 7010

Developed and implemented automation scripts for configuration management across multiple Juniper devices, enhancing network scalability.

Used SOAR tools to automate triage workflows and response playbooks across clients.

Designing and maintaining DWDM networks to support high-capacity, long-haul transmission. Configured DWDM systems for multi-channel signal multiplexing, enabling the efficient utilization of fiber bandwidth for enterprise and telecommunications clients.

Designing and implementation of scalable and reliable network infrastructure for enterprise-level voice, video, and data services.

Managing and troubleshooting Infoblox DDI environment, ensuring DNS, DHCP, and IP address management services are optimized.

Directing multiple security initiatives, including threat modeling, vulnerability management, and risk assessments for critical systems and applications.

Built custom dashboards for client-specific KPIs like MTTR and detection-to-resolution time.

Installation, migration, and decommissioning of F5 Load Balancing technologies, enhancing network performance and reliability.

Supported the security lead in aligning SOC procedures with NIST CSF standards.

Automated the cloud deployments using Ansible, Python (Boto & Fabric) and AWS Cloud Formation Templates.

Configuring cisco switches with NX-OS and IOS-XE& implementing VLANs

Configuring rules and maintaining Palo Alto Firewall & Analysis of firewall logs, Configured TCP/IP Ethernet interface, Created Virtual Router and Verify Network Connectivity.

WAN/LAN designs, TCP/IP configuration, IP addressing and sub-netting, Routers and Ethernet switch configuration.

Testing and analyzing the status and performance of all components of network facilities including troubleshooting all layers of the TCP/IP Protocol Suite.

Implementing and managing Palo Alto firewalls, ensuring robust security for all network communications.

Monitor performance of network appliances and WAN utilizing using network analyzers like Riverbed, Wireshark, Solar Wind.

Collaborating with cross-functional teams to define requirements and develop comprehensive network architectures that align with business goals.

Performing software upgrades for large-scale optical networks, ensuring minimal downtime and adhering to ITIL processes.

Analysis and network topologies using various tools like NS3, Wireshark, SolarWinds etc.

Deploying and managing security technologies including firewalls, intrusion detection systems (IDS/IPS), and encryption protocols, significantly improving network security posture.

I am actively responsible for upgrades and network refresh projects and Troubleshooting, IOS Security Configurations, IPsec VPN Implementation on Checkpoint firewalls.

Tested JUNOS images on juniper MX router platforms covering various protocols and technologies like OSPF, BGP, LDP, MPLS, Layer3 VPNs and Cisco IOS and NXOS configuration for routers, switches, ASAs etc.

Optimized network security by configuring Juniper's firewall filters and security policies, enhancing protection against potential threats. Implemented VLANs and QoS on Cisco Catalyst 9K switches to improve traffic flow and prioritize key applications, leading to a more efficient and responsive network.

STP and RSTP have been configured in the Access Layer Switches to prevent loops. Configured port security and private VLANs to maintain a loop-free and secure environment.

Conducted regular audits and maintenance of wireless networks, ensuring adherence to 802.11 standards.

Supported network security measures, including AAA and TACACS+, to safeguard sensitive information.

Documented network configurations and troubleshooting procedures to streamline operations.

Upgrade industry knowledge on SD-WAN solutions, Cloud resources, and firewalls for enterprises and service providers to meet customer and ISP expectations.

Migration of existing IPSEC VPN tunnels from pre-shared key to Certificate Authority for purpose of scaling.

Exposure to VPNs, WAN Accelerators, Intrusion Prevention Systems (IPS), Virtual Private Networks.

Setting up a VPN using Cisco AnyConnect Secure Mobility Client to allow employees to have secure access to the network enterprise from any device, at any time, in any location.

The organization's 350 sites were migrated from a classic hub-and-spoke WAN network to an SD-WAN with star topology and virtual firewalls at remote locations.

Upgrading Palo Alto Firewalls, Cisco Routers, Nexus Switches, F5 Load Balancers and Bluecoat proxy devices.

Developing detailed implementation plans and timelines for network setup.

Coordinating with stakeholders to ensure all requirements are met before deployment.

Wells Fargo Bank. Pinellas Park, FL May 2023-Mar 2024

Senior Network Engineer

Responsibilities:

Developed 50+ custom correlation rules in Rapid7 InsightIDR tailored to detect data exfiltration risks.

Performed on-site deployment, operation, integration, installation, and configuration of Meraki Platform and Cisco switches. Troubleshoot to get the site up and running for the production workload and a smooth transition of the entire cut.

Cross-trained SOC analysts to handle vertical-specific threats (e.g., retail PoS attacks).

Ability to build deployment, build scripts and automated solutions using Ansible.

Design and implement Catalyst/ASA Firewall Service Module for various LAN’s.

Securing network systems by enforcing policies and monitoring access using intrusion detection systems Wireshark, SNMP, Syslog.

Supported the maintenance and troubleshooting of VPN solutions including site-to-site and point-to-site configurations.

Configured Cisco and non-Cisco routers to simulate real-world traffic conditions, validating network designs.

Performed scale testing in a lab environment, identifying potential performance bottlenecks and addressing them before deployment.

Experience in Configuring, upgrading and verifying the NX-OS operation system

Supported the deployment and management of network infrastructure, including legacy A10 Load Balancers.

Monitored network performance, identifying and resolving issues to ensure high availability.

Developed and maintained iRules to optimize traffic management and application performance.

Administered Infoblox DNS/DHCP/IPAM solutions, ensuring efficient IP address management and domain name resolution.

Performed in-depth analysis and troubleshooting of OSNR, optimizing the balance between amplification (EDFA/RAMAN) and signal distortion (ASE noise). Ensured high signal fidelity through precise OSNR measurement and amplifier settings.

Configuring GLBP, VLAN Trunking 802.1Q, STP, Port security on Catalyst 9300 switches.

Configured and maintained routing protocols (OSPF, BGP) to ensure optimal data flow and network redundancy.

Involved in LAN, WAN development (including IP address planning, designing, installation, configuration, testing, maintenance etc.).

Expertly managed the configuration and deployment of Arista switches in data center environments, including VLANs, IP addressing, and routing protocols.

Integrated Juniper's advanced analytics and telemetry features to gain deeper insights into network performance and proactively address issues.

Worked on large scale implementation and maintenance for SSH (Secure Shell), PKI/SSH, VPN, IPSEC Satan, ISS, TCP/IP Monitoring.

Performing network monitoring, providing analysis and network topologies using various tools like NS3, Wireshark, SolarWinds etc.

Redundancy & Management HSRP, VRRP, Wireshark, SolarWinds, SNMP, CISCO Works, GNS3, Riverbed.

Created dynamic access policies on the ASA’s for the offshore vendors to be able to VPN in and access the resources they needed for their testing purposes.

Configured Client VPN technologies including Cisco's VPN client via IPSEC.

Ensured the stability and reliability of the data center network by performing routine maintenance, firmware upgrades, and applying best practices for network design and optimization

Spearheaded the design and implementation of a scalable network infrastructure using Cisco Catalyst 9K series switches, enhancing overall network performance and reliability.

Worked on Cisco Multisite ACI configuring BDs and EPGs to migrate VMs and provisioned VPCs.

Configure and deployed Palo Alto firewalls on AWS Cloud Environment

Design of primary and redundant data centers with Next Gen Firewalls, IPS/IDS sensors, Switching and routing.

Upgrade the Firmware of Meraki Security Appliance and Cisco Catalyst 9000 line of product switches to its recommended versions. Cisco Meraki SD-WAN Solutions, for zero-touch cloud provisioning.

Successfully designed and delivered secure cloud solutions for some of the Major organizations on AWS Cloud.

Dynamic Routing Protocols (OSPF, EIGRP, BGP) Configuration and troubleshooting.

Orchestrated the integration of Cisco Catalyst 9K and Nexus 9K series switches into the existing network architecture, enhancing overall performance and scalability.

Worked with SOC team to align alert severities with internal risk register.

Designed & Deployed Cisco ISE 1.2/1.3 for Enterprise RADIUS Authentication with Active Directory,

Performed technical problem resolution including analysis, trouble isolation, and repair on SD-WAN devices.

Exposed Virtual machine in cloud services in the V Nets today Internet using Azure External Load Balancer.

Subnetting, Routing, Radius servers, NTP Servers, STP, Ether Channel Configuration on Switches (C2960X, C2960S, C9300, C9200, C4500X). IP addressing and Subnetting schemas are necessary to build local area networks.

High level experience with F5 LTM, GTM and APM modules. Experience with load balancing internal and external applications.

Worked on F5 load balancer to troubleshoot and monitor DNS issues and traffic related to DNS.

Designed and worked on VxLAN BGP-EVPN Cisco N9K and Extended Leaf in Cisco ACI.

Perform active/passive site survey using Ekahau and Air Magnet. Designing Wireless Local Network using Ekahau.

Troubleshot WI-FI and Computer issues and resolved problems accurately and efficiently.

American Express. Frankfort, KY Jan 2022 - Feb 2023

Senior Network Security Engineer

Responsibilities:

Migration of the company’s 200 sites from legacy hub and spoke legacy WAN network to SD-WAN to support a star topology with virtual firewalls at the remote sites.

Daily Monitoring Topology and Logical Network devices through Cisco SolarWinds Orion.

Create and test Cisco router and switching operations using OSPF routing protocol, ASA 5500 Firewalls, and MPLS switching for stable VPNs.

Migrated alert logic from LogRhythm to Rapid7 ensuring alert parity and continuity.

Implemented custom alert logic based on unique client infrastructure and risk appetite.

Developed extensive Ansible scripts to automate installation, configuration, and security of Red Hat and Cent OS systems for both AWS and VMWare environments. VPC, EC2, S3, Develop Ansible scripts to ensure systems and applications complied with security requirements and best practices.

Designed and implemented VLAN using Cisco switch catalyst 1900, 2900, 5000, 6000, and 9000 series.

Managed cloud networking solutions in Azure, successfully migrating [specific services or systems] to improve scalability.

Configured and maintained Cisco wireless networks, enhancing connectivity for [number] users across [locations].

Conducted network assessments and capacity planning to support business growth and evolving IT demands.

Troubleshooting OSPF, Cisco ACI, OTV, Cisco ISR 4431, L2/L3 DCI issues, Layer 2 issues, MPLS.

Assisting in the architecture, evaluation and recommendations related to purchasing and installing hardware, software related to IPv4 and IPv6 Networking.

Helped the SOC team prioritize alerts via severity, asset value, and attack phase.

Assisted in the deployment and maintenance of network infrastructure, including F5 Load Balancers and firewall systems.

Implemented and maintained security protocols on the Catalyst 9K series switches, enhancing network resilience against potential threats.

Working on Cisco NAC ISE to authorize users based on protocols PEAP and EAP-TLS, also manage and monitor user's access privileges.

Diagnosed and resolved network issues including connectivity problems, latency issues, and hardware/software failures using diagnostic tools and methodologies.

Providing Load Balancer expertise on F5 Big-IP LTM and GTM devices like 7050 and 2200 and Troubleshoot application slowness.

Conducted penetration testing, identifying and resolving vulnerabilities that enhanced overall security by 30%.

Designed and worked on migrating Cat 6500s to Cisco ACI, Cisco N9Ks, N5Ks, Python script.

Performing Nexus In-Line Service upgrades and deployed advanced nexus features VPC and VDC.

Working on the configuration of Cisco router ASR 1k, ISR 44XX, 7000, 3800, 2800 series. Configurations involved routing protocols like OSPF, BGP, and EIGRP.

Implemented Cisco’s BPs, Cisco ACI, NX-OS, find NX-OS issues on Cisco N9Ks, N7Ks, N5Ks.

Installing and configuring Palo Alto firewall devices on the network.

Troubleshooting and configuring access lists on Palo Alto firewall.

Implemented VXLAN on Cisco Nexus switches, facilitating seamless communication between data center resources and improving overall network flexibility.

Used Cloud Vision insights to identify and address network inefficiencies, leading to improved performance and reduced operational costs.

Mapped Cat 6500, Cat 4500 settings, Data Center migration to Cisco ACI, Cisco Nexus N9K, N7K.

Adding Trunks, Spanning Tree protocol, Port-Security, VLAN-MAPs and DOT1X for Switches and Wireless.

Worked on creating EC2, IAM, and CDN tools in AWS cloud environment.

Troubleshoot issues with Wireless Access points (Cisco 3502) and configure SSID’s on 5520 Wireless LAN Controllers.

Working on the Design, implementation, and operational support of routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q etc.

Responsible for Palo Alto firewall management and operations across our corporate networks.

Experience working with Cisco Nexus 2148 Fabric Extender and Nexus 5000 series to provide a Flexible Access Solution for data center access architecture.

Created and documented troubleshooting procedures for common network issues, improving response times and resolution efficiency.

Configuring, making policy’s, troubleshoot and upgraded ASA, Palo Alto, Checkpoint Firewalls for clients

Troubleshooting WAN, ISP, BGP, VPC, Cisco ACI, Cisco 4900/4500, Cisco N7K, N5K.

Involved in switching technology administration such as creation and management of VLANS, Port security, trunking, RPVST+, Inter-VLAN routing, LAN security etc.

Implemented VLANs and QoS on Cisco Catalyst 9K switches to optimize traffic flow and prioritize critical applications, resulting in a more efficient and responsive network.

Configured STP, RSTP in the Access Layer Switches (2950, 2960, 3750 and 3550) as a loop prevention mechanism. Configured Port-security, Private-VLANS for maintaining loop free and secure environment.

Provided proper documentation to maintain accountability and priority of installation during the migration. Ensured proper documentation was delivered to Change Management team, Incident Management.

Experience in working with F5 BIG-IP LTM load balancing technologies.

Worked on Riverbed network and application performance monitoring tools.

Worked on ASA Firewall rule management as part of network operations to take care of Firewall ACL requests.

Client: Act Fibernet, Andhra Pradesh. April 2019 -Nov 2021

Role: Jr. Network Engineer

Responsibilities:

Installation, configuration & troubleshooting of Microsoft Operating Systems (Windows XP, Win 7, Win 2003 server, Win 2008 Server).

Installation and configuration of CISCO Routers.

Proficient in Network Monitoring using What sup Gold Software.

Front line support technician for end users and delivering the support via e-mail, telephone, and desk-side visits.

Implementing and deploying windows XP.

Installation & maintenance of Windows XP/2003/2008/ Win 7.

Installing and configuring network printers and scanners.

Ports enabling and disabling.

Establishing Telnet sessions with remote Routers and Switches.

Configure SNMP on devices to allow network management.

Enabling Static and dynamic routing.

Perform configuration and maintenance of LAN\WAN technologies such as Ethernet and Fast Ethernet.

Installed and managed Cisco Catalyst 3500XL, &2960 series Switches and Cisco 1800, 3900 series routers.

User management and creating user accounts on Windows Active directory.

Participating in disaster recovery testing, maintaining system documentation logs, and assisting in troubleshooting and diagnosis of system problems.

Maintain and configure Cisco core and access layer switches in production environment.

Addressed technical issues and questions regarding Cisco ISE including troubleshooting and feature changes and modifications.

Assisting in the architecture, evaluation and recommendations related to purchasing and installing hardware, software related to IPv4 and IPv6 Networking.

Working on the configuration of Cisco router ASR 1k, ISR 44XX, 7000, 3800, 2800 series. Configurations involved routing protocols like OSPF, BGP, and EIGRP.

Implemented Cisco’s BPs, Cisco ACI, NX-OS, find NX-OS issues on Cisco N9Ks, N7Ks, N5Ks.

Provided 24x7 support and participated in on-call rotation, ensuring high availability of critical network services.

Contact this candidate