Post Job Free
Sign in

Network Engineer Security

Location:
Austin, TX
Posted:
April 24, 2025

Contact this candidate

Resume:

ANU SRI

Senior Network Security Engineer

Austin, TX 78641 +1-737-***-**** **.******.****@*****.***

PROFESSIONAL SUMMARY

Network Engineer with 9+ years of diverse experience in implementing, optimizing, maintaining and troubleshooting Enterprise Networks & Security infrastructures. Experience with multiple topologies and various clients. Extensive experience working with Firewalls, Switches, Routers, load balancers, VoIP and wireless technologies of different vendor hardware and software solutions. Deployment of Site-to-Site and Client-to-Site VPNs utilizing Checkpoint, Palo Alto and Fortinet (FortiGate, FortiAnalyzer) Firewalls. Implemented and maintained Sourcefire intrusion detection/ prevention (IDS/IPS) system and hardened protection standards on the firewall for enterprise network to protect sensitive corporate data and enabled IDS/IPS signatures on Firewall for Fine-tuning of TCP and UDP services. Experience with Bluecoat and Zscaler Proxies. Whitelisting, Blacklisting Policies, PAC file Logic for Internet, Extranet traffic flows. Experience in troubleshooting, maintaining, and integrating on F5 Big-IP LTM/GTM load balancing and Application Security Manager (ASM) Deployed, Managed, monitored, and supported Bluecoat Proxy for content filtering, internet access between sites and VPN client users, forward proxy scenario and reverse proxy scenario for security and worked on adding URLs in Bluecoat Proxy SG's for URL filtering. Proficient in monitoring and managing networks using SolarWinds NetFlow Traffic Analyzer, Network Performance Monitor (NPM), Network Configuration Manager (NCM); Cisco Prime, Security Device Manager (SDM), Cisco Works; Infoblox, HP OpenView and Wireshark. Developed Shell Scripts to run unit tests on various jobs on Jenkins. Hands-on experience in the development of utilities using shell and Python scripting to automate processes. Experience Arista Cloud Vision on a POC. Knowledge on Spine leaf Architecture in Datacenter. Worked on EVPN, VXLAN, VTEPS, Bridge Domains, MP-BGP, OSPF, MPLS, with solid background in high-scale Data Center and WAN architecture. A motivated dynamic team player with excellent communication skills, resiliency, and enthusiasm.

CERTIFICATIONS

CCNA, Cisco Certified Network Associate

CCNP, Cisco Certified Network Professional

WORK HISTORY

SENIOR NETWORK ENGINEER 11/2021 to Current

IPG Mediabrands,

Role – Part of the Deployment and Migration Teams.

Deployed Nexus 9K switches in ACI and Non ACI mode, Cisco Meraki wireless.

Migration from ASA to Palo Alto Firewalls.

Migration from Cisco ACE to F5 load balancers.

Migration from 3750 to 3850 and CAT9300 switches in Campus.

Worked on Building Cisco Viptela SD-WAN for remote sites.

Played a principle role in configuring and implementing composite Network models consisting of Cisco 7300, 4000, 3800, ASR 9000 series routers and Cisco catalyst 3850, 3560, 4500, 6500 series switches.

Designed and Implemented plan for migration from existing Catalyst switches to Nexus and configured NX-OS Virtual Port Channels, Nexus port profiles, Nexus VPC peer links on Nexus 5k and 7k.

Worked on Cisco ACE to F5 migration in DMZ and Internal.

Migrated over 500 applications externally and internally.

Worked on LTM, GTM and APM on BIGIP and VIPRION Chassis.

Implemented and upgraded Networks using OSPF and BGP based routing protocols and prepared flow charts and utilization monitoring reports.

Designed, implemented, and optimized AWS networking solutions, including VPCs, subnets, route tables, and security groups, to ensure secure and efficient communication between AWS resources.

Worked with Cisco ASA 5500-X with Firepower services, Firepower 4100 and Palo-alto Next-Gen PA-5000 Firewalls implementing and managing NAT, IPsec, site-to-site and remote VPNs, advanced inspection, anti-spoofing and AAA policies.

Experience on Palo Alto 5000 series.

Conducted threat intelligence analysis using Zscaler's cloud sandboxing and threat feeds for proactive threat mitigation.

Collaborated with Zscaler support and engineering teams for incident resolution and platform optimization.

Conducted firewall rule reviews and optimizations to ensure optimal traffic flow and security posture.

Utilized FortiAnalyzer for centralized logging and reporting, aiding in security event analysis and compliance audits.

Developed custom Splunk dashboards and reports to visualize network traffic patterns, bandwidth utilization and application performance metrics.

Worked with CrowdStrike's managed hunting service to proactively identify and respond to threats.

Implemented network security groups (NSGs) and security policies to control traffic flow and protect cloud resources.

Integrated Splunk with third-party security tools such as Palo Alto Networks, Cisco ASA and F5 BIG-IP to enhance network security posture.

Deploy and manage virtual networks using NSX-T to provide isolated and logically separate network segments.

Monitored, Managed and hardened security policies and rules on checkpoint NGX firewalls.

Worked with JunOS maintaining Juniper EX4600, EX3400, EX4300 series switches and ACX1000 router to maintain some sites and stations.

Deployed and configured AWS Elastic Load Balancers (ELB) and Application Load Balancers (ALB) to distribute incoming traffic across EC2 instances and improve application scalability and availability.

Used Python scripting for network sniffing and managed parameters for pool of servers and updated, automated and migrated different services and software by means of Ansible.

Maintained and Supported Multiprotocol Label Switching (MPLS) on WAN network.

DNS, DHCP & IPAM (DDI) protocols and security.

Worked with Host Master for shared web hosting and managed Web Application firewall (WAF), DNS and DHCP management using Infoblox and Analyzed networks using Wireshark.

Experience on monitoring, network diagnostic and network analytics tools (i.e

SolarWinds, PRTG, etc.).

Ideally expert in specific internet infrastructure technologies including DNS, DHCP, IPAM (especially experience with DDI appliances) and web caching (ideally with Squid) – or other deep exposure to HTTP.

Designed and implemented Splunk data models to categorize and correlate network-related events for better incident response.

Design and implement secure networking architectures within Google Cloud Platform (GCP).

Collaborate with the incident response team to use Zscaler's threat intelligence and advanced threat protection capabilities to detect and respond to security incidents promptly.

Configure Virtual Private Clouds (VPCs), subnets, firewall rules and network peering to establish controlled communication paths while ensuring data privacy and integrity.

Design and implement micro-segmentation using VMware NSX-T to isolate and secure different application workloads within virtual environments.

Define security groups, policies, and firewall rules to control communication between VMs.

Worked on F5 LTM and GTM modules.

Installed F5 LTM and GTM from scratch in DMZ and Internal environments.

Network Administrator with subject matter expertise to support implementation of SolarWinds, SCCM remote patching solution and MS Intune projects.

Intensive applications of Network automation tools and testing for network automation and configuration management using Ansible and Python scripting.

Performed Load balancing using F5 BIG-IP LTM ADC 6400, Cisco ACE 4710 Load balancers.

SENIOR NETWORK ENGINEER 04/2019 to 10/2021

Fannie Mae

Network Deployment and operations team member

Deployed Nexus gear in Data centers, Upgrades, Working on Operational issues related to F5 LTM, GTM and APM, Cisco catalyst switches, routing in ASR and Juniper MX series, Zscaler Cloud proxy migration from Cisco IronPorts.

Worked, managed, and maintained LAN networks, VLANs and database, Port Security on Nortel 5510, 5520; Cisco Catalyst 3850, 4500 and 6500 switches and implemented VDC, VPC, and OTV on Nexus 5k and 7k switches.

Responsible for deployment, Integration and Troubleshoot Cisco Core Routers (ASR-9922,9912,9010,1006,1004,1002,903, 920_i, 920_0 & 901) and Juniper MX series routers.

Worked on Multi center environment with BGP and OSPF mesh, Extranet connectivity, IPsec Tunnels.

Contributed in implementation and configuration of F5 BIG-IP LTM-6400 load balancers, redistribution into OSPF on the core ASA firewall.

Made security policies in F5 Application Security Manager (ASM) and made iRules in Local traffic manager.

Configured IP addressing scheme and coordinated with LAN/WAN engineers to develop and implement various security policies.

Worked with Juniper SRX550 and Palo-alto Next-Gen PA-5000 Firewalls implementing and managing NAT, IPsec, site-to-site and remote VPNs, advanced inspection, anti-spoofing, and AAA policies.

Designed and implemented Aruba wireless infrastructure to ensure full connectivity and continuous service.

Played an important role in a team by implementing and documenting Switching Topologies, VLAN management, Port security, Trucking protocols, STP configuration, Inter-VLAN routing, 802.1x portbased authentication, LAN security and preparing Microsoft Visio reports and designs.

Conducted network security assessments and audits utilizing AlgoSec's automated rule analysis to identify and mitigate misconfigurations and vulnerabilities.

Monitored network and provided analysis, improvement scopes and support using various monitoring tools such as Wireshark, SolarWinds Performance Monitor and coordinated with offshore support teams to ensure flawless operations.

Integrate Zscaler's cloud security solutions with network infrastructure to provide secure and scalable internet access for users.

Implemented firewall logging and monitoring solutions to generate actionable security alerts and facilitate incident response efforts.

Collaborated with cross-functional teams to design and implement disaster recovery solutions using AWS Route 53 for DNS failover and AWS Global Accelerator for traffic rerouting.

Leverage NSX-T's security features to integrate intrusion detection and prevention mechanisms into the virtual network.

Analyze suspicious traffic patterns, assess potential threats, and take appropriate mitigation actions

Set up and manage Virtual Private Networks (VPNs) using Fortigate devices to establish secure communication channels for remote users or branch offices.

Collaborated with application teams to integrate application logs into Splunk for centralized monitoring and troubleshooting.

Deployed SD-Access using DNAC to create a secure and segmented network environment.

Utilize the policy-based approach to control user access, manage device identities, and enforce network segmentation.

Experience Domain Name System/Dynamic Host Configuration Protocol/IP Access Management (DNS/DHCP/IPAM) appliances.

Integrated AlgoSec with Contra Costa Health Services' existing network infrastructure, including Cisco, Palo Alto Networks, and Check Point devices, to centralize security policy management.

Configure Arista network devices (switches and routers) to establish a secure and efficient network infrastructure.

Implement VLANs, access control lists (ACLs), and Quality of Service (QoS) settings to manage traffic flow and ensure network performance.

Integrated Python scripts with network orchestration platforms like Cisco DNA Center or Juniper Contrail to automate network provisioning and policy enforcement.

Conducted regular security assessments and penetration tests to evaluate the effectiveness of firewall configurations and identify potential vulnerabilities.

Developed custom Splunk queries and dashboards to monitor network traffic and identify potential security threats.

Coordinated with a team to upgrade network by changing primary routing protocol to OSPF from EIGRP and Participated in the modification of BGP from multiple MPLS powered router.

Documented and maintained accurate records of customer support interactions, including troubleshooting steps and resolutions, for future reference and analysis.

Developed custom reports and dashboards in AlgoSec to provide actionable insights into firewall rule utilization, compliance status and security policy effectiveness.

Developed Python scripts for network device inventory management, ensuring accurate asset tracking and compliance with regulatory requirements.

Conducted firewall performance tuning and capacity planning to accommodate growing network traffic and ensure optimal performance.

Conducted on-site visits to troubleshoot and resolve network-related issues reported by healthcare staff, maintaining high levels of customer satisfaction.

Implemented intrusion prevention system (IPS) and intrusion detection system (IDS) features on firewalls to detect and mitigate network threats in real-time.

Environment: Nortel 5510, 5520; Cisco Catalyst series 3850, 4500, 6500; Nexus 2k, 5k, 7k; VMware vSphere 6, cisco routers 2900, 3800, 4000; Juniper SRX550, Palo-alto Next-Gen PA-5000; Zscaler Pzens, Python, Routing Protocols EIGRP, OSPF, BGP; VPNs, MPLS, Avaya telephony, VoIP, Wireless APs, Big-IP F5 LTM 6400 Load Balancer & Application Security Manager, citrix NetScaler, Wireshark, SolarWinds, Infoblox, Splunk

NETWORK OPERATIONS ENGINEER 02/2018 to 03/2019

Caterpillar

Role – Worked in Operation team as a Level 3 escalations Engineer responsible for issues on Routers, switches, Campus and Data center networks, WAN, Application Delivery controllers, Firewalls, Wireless LAN Controllers.

Worked on multiple customer environments of Verizon.

Played an important role in migration to F5 LTM load Balancer from Cisco ACE load balancer in data center environment and performed basic and advanced F5 load balancer configurations including migrating configurations from Cisco ACE to F5, and testing and general troubleshooting of the F5 load balancers.

Successfully installed Palo Alto PA-3060 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls and Site-to-Site VPNs, 3DES, AES/AES-256.

Worked with Cisco Nexus 2148 Fabric Extenders and Nexus 7010, 5000 series switches to provide a Flexible Access Solution for datacenter access architecture.

Design and implement network segmentation strategies using Arista devices to isolate different departments, services, or security zones.

Employ Virtual Extensible LAN (VXLAN) or other segmentation techniques to enhance security and optimize network management.

Configured and managed AWS Direct Connect and VPN connections to establish secure, high-speed connectivity between on-premises data centers and AWS cloud environments.

Apply security best practices to harden Arista devices against potential threats

Disable unnecessary services, update firmware regularly and implement security features such as MACsec or Control Plane Policing to safeguard the network infrastructure.

Remediated IPSO Versions and Checkpoint SW to target version of IPSO 6.1 Build 38 from Checkpoint R65 Build 63 and implemented remediation in Running in Active/Active Cluster mode into VRRP High Availability environments.

Configure and manage ACI policies to ensure consistent application delivery and security across the data center.

Define application profiles, endpoint groups (EPGs), and contracts to control communication and enforce security policies.

Implement micro-segmentation within ACI to isolate application components and workloads.

Use group-based policies to define communication rules between EPGs, minimizing lateral movement and reducing attack surface.

Monitored and managed networks using Cisco Works tools and Wireshark.

Extended support on access layer, distribution layer and core layer device of IBM as assigned.

Worked on moving strategies for data centers between different locations, and from Cisco 6500 based data center to both Cisco 6500 & Nexus based data center.

Daily switching ticket resolving included VTP, ISL/ 802.1Q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP.

Managed network security by working on NAT/PAT, ACL, and ASA Firewalls.

Migration of existing IPSEC VPN tunnels from pre-Shared key to Certificate Authority for purpose of scaling and also worked with MP-BGP and MPLS LDP protocols.

Health check and automated IOS and script updates applied via voyance application.

Configured, Deployed, and Troubleshot Greenville Health System's Wireless Network utilizing Cisco WCS, wireless and conducted health check for Network devices involving upgrading IOS on every quarter after checking the vulnerability of IOS and reviewing the configurations.

Worked on NNMI, Infoblox, e-health monitoring tools.

Successfully implemented EOL project alias 'End of life equipment' assigned as per IBM guidelines in live environment.

Environment: Cisco ACE, cisco Nexus 2k/5k/7k, IPS/IDS, SolarWinds, CiscoWorks, cisco 6500/3700/7200 routers, PA- 3060 firewalls, VPN tunnels, OSPF, EIGRP, BGP, MPLS, LDP, Cloud based Pbx servers, Infoblox, EOL, windows server 2012R2, Active Directory

NETWORK SECURITY ENGINEER 11/2016 to 01/2018

Elanco

Role – Network Firewall security team to deploy, maintain, troubleshoot Firewall issues, Allowing policies on firewall requests

Work with application teams, network team and vendors on Site-to-site tunnels.

Security infrastructure engineering and worked on various platforms such as Microsoft Windows, UNIX, Juniper firewalls, Palo Alto firewalls, Bluecoat Proxies, Juniper Intrusion Prevention devices and wireless switch security management to maintain the network infrastructure.

Administered and evaluated firewall access control requests to ensure that requests are compliant with client's security standards and policies.

Configure and maintain optical transport equipment, such as transponders, mux/demux devices and optical amplifiers.

Developed and installed optical networking solutions, including DWDM and CWDM for high-capacity and long-distance communication.

Successfully installed Palo Alto PA-3060 firewall and configured and provided troubleshooting using CLI and worked with Panorama management tool to manage all Palo Alto firewall and network from central location.

Implemented Zone-Based Firewalls and Security Rules on the Palo Alto Firewalls and administered the same allowing and denying specific traffic and monitor user usage for malicious activity and future QoS standards.

Created and analyzed reports on firewall logs and made required changes.

Measured optical power and loss to assure signal integrity and conformance to industry requirements.

Maintained Checkpoint security policies including NAT, VPN and Secure Remote access, Configured IPSEC VPN (Site-Site to Remote Access) on SRX series firewalls.

Participated in Configuration of Palo Alto Next-Generation Firewall to create security profiles and VSYS based on client topologies and Palo Alto Networks 5050 application firewalls (NGFW).

Consulted in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering.

Maintained and updated Active Directory database for authentication and deployment purposes.

Participated in deployment of data center LAN and worked Nexus 7k, 5k, 2k switches.

Involved in migration projects, which involved replacing legacy devices to new Nexus devices and introduced VPCs in the new architecture.

To improve network stability and fault tolerance, measures for optical redundancy and protection were implemented.

Performed optical fiber characterization and documentation, including OTDR testing and fiber splicing.

Worked on Nexus platform 7k series, 5K series (5548, 5020 and 5010), 2248 and successfully implemented VSS on the Cisco catalyst switches for a client.

Used FireEye to detect attacks through common attack vectors such as emails and webs.

Learned and developed skills in working and planning migration to Check Point and Palo Alto next-generation firewalls from existing legacy firewalls.

Managed successful delivery of massive security response portfolio including Splunk and Cisco ISE.

Worked primarily as a part of the security team and daily tasks included firewall rule analysis, rule modification, and administration.

Environment: Netscreen, Juniper SRX5400, SRX5600, and SRX5800 and Palo Alto PA-3060 & 5050 Firewalls, Bluecoat Proxies, IDS/IPS, VoIP gateways, wireless Aps, Pbx servers, Fire eye, Juniper IPD, Juniper NSM, Panorama, Nexus 2K, 5K, 7K; Splunk, Cisco ISE, Websense, Solar Winds

NETWORK ADMIN 06/2015 to 10/2016

Virtusa, Hyderabad, India

Role – Worked on setting up IDF/MDF, Network monitoring tools, router configurations, DHCP, DNS servers

Operations in networking and Network security firewalls

Responsibilities:

Provided support to Cisco network consisting of a high speed, high availability core over five campuses with more than 2000 cisco devices by performing onsite installations, technical administration, upgrades, and troubleshooting.

Provided support for complex layer 2, layer 3 issues and other services (STP, VLAN, IPsec, VPN, NAT, MPLS, BGP, EIGRP, OSPF).

Participated in L2/L3 Switching Technology Administration, creating and managing VLANs, Port security, Trunking, STP, Inter-Vlan routing, LAN security and server management.

Worked on RADIUS, TACACS+ authentication servers and DNS, DHCP servers.

Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.

Monitored network for optimum traffic distribution and load balancing using Solar winds.

Completed service requests on IP readdressing, bandwidth upgrades, IOS/platform upgrades.

Worked on cisco routers series 7200, 6500, 4500, 1700, 2600 and 3500 series to perform bridging, switching, routing, Ethernet, NAT, and DHCP, customer LAN /WAN support.

Worked extensively on Cisco ASA 5500 (5510/5540) Series.

EDUCATION

Bachelors: 05/2014

JNTUK- India

.



Contact this candidate