Security Engineer Network
Resume:
Ramakanth Modem
Network Security Engineer
• +1-612-***-**** • *****************@*****.***
SUMMARY:
5.2 years of experience in testing, troubleshooting, implementing and maintaining enterprise data network and service provider system. Skilled in configuring Palo Alto Networks firewalls across various models, including PA-2K, PA-3K, and PA-5K series. Developed and enforced customized security policies on FortiGate 7081F and 7121F firewalls, ensuring compliance with industry best practices and organizational security requirements. Designed and implemented Cisco network architectures utilizing Nexus 7K, 5K, and 2K series switches, with a strong understanding of Nexus hardware and inter-module traffic flow. Configured and maintained Juniper devices, including MX-80, MX-480, SRX-100, SRX-110, SRX-550, and EX-4200 series. Extensive experience in designing, deploying, and troubleshooting LAN and WAN environments, including Frame-Relay, EtherChannel, and IP routing protocols such as RIPV2, OSPF, EIGRP, and BGP, along with implementing ACLs, VLANs, STP, VTP, HSRP, and GLBP.
Technical Skills:
Firewalls
Palo Alto, Fortinet, Juniper Cisco ASA & Checkpoint and Cisco Firepower.
Cloud Platform
AWS, EC2, S3, RDS, Elastic Load Balancing, SWF, SQS
Routers & Switches
Routers (MX7200, 5840, 4330, 3921, 3800, 2800, 2100) and Switches (EX6500, 5850, 4900, 3750, 3700, 2960, 2900) and Nexus 9k, 7k, 5k and 3k data center switches & Aruba wireless (2960, IE-1000/2930F POE & Non-POE and 6300F) switches
Routing Protocols
RIP, IGRP, EIGRP, OSPF, BGP, HSRP, VRRP & GLBP, Network Management NCM, Wireshark.
Load Balancers Citrix NetScaler Load balancer Gateway
F5 BIG-IP 10200v, Load Balancing HSRP, VRRP and GLBP, FS5 LTM 10.x, 11.x version, Code upgrades from 11.4.0 to 11.5.1 HF8.
Educational Details:
Bachelors in Electrical and Electronic Engineering, Swarna Bharathi Institution of Science and Technology, 2021, India.
Master's Degree in Information Technology and Management (ITM), Concordia University St Paul, 2024, Minnesota.
PROFESIONAL EXPERIENCE:
Network Security Engineer CVS Caremark, Providence, RI Nov 2023 – Present
Responsibilities:
Successfully migrated Cisco ACLs to Palo Alto security policies while minimizing disturbance to network operations. Conducted post-migration monitoring and analysis to verify Palo Alto devices handled network traffic and security efficiently.
Successfully upgraded and migrated multiple high-availability SSL VPN clusters, ensuring minimal downtime and seamless transitions.
Configured firewall rules, access controls, and security profiles for PA-7050 and PA-7000 to fulfil dynamic network security requirements. Used AWS security groups and Palo Alto firewall policies to enforce application and user-specific security constraints.
Managed and configured network devices using GUI-based tools such as Cisco ASDM, Fortinet's Fortimanager, and Palo Alto's Panorama.
Forescout offers a security platform that helps organizations monitor and control network traffic and connected devices in real-times.
Implemented and managed Cloudflare services including CDN, WAF, DDoS protection, and DNS security to enhance application performance and resilience.
Configured Cloudflare Access for Zero Trust security, enabling secure access to internal applications without VPN.
Extensive experience working within Fortinet environments, including FortiGate, Fortimanager, and Forti Proxies.
Led efforts to consolidate multiple SSL VPN clusters into a unified, scalable infrastructure, improving performance and simplifying management.
Automated routine tasks using shell scripting, reducing manual workload by up to 60%.
Extensive experience in Linux/Unix command-line tools for advanced system administration, including managing services, users, and permissions across multiple environments.
Proficient in utilizing command-line tools to analyze system performance, monitor logs, and troubleshoot complex issues, ensuring high availability and optimal system health
Implemented load balancing to distribute traffic evenly across multiple Pulse Secure appliances, enhancing performance and scalability.
Forescout helps identify security risks, vulnerabilities, and compliance gaps by continuously monitoring network activity and device behaviour.
Design and implement network topologies using Zscaler’s cloud-based security model.
Integrating Zscaler solutions with existing network infrastructures to optimize security and performance.
Conducted real-time monitoring and logging using FortiAnalyzer to identify and mitigate security threats.
Applied critical thinking to evaluate firewall configurations and provided recommendations on rule setups, such as using secure versus insecure ports for enhanced security.
Architect and deliver scalable, customized automation solutions to solve complex network challenges.
Extensive experience in configuring, deploying, and managing Cisco Catalyst Switches across large-scale enterprise networks, ensuring secure and optimized connectivity.
Utilized GUI interfaces for monitoring and analysing network traffic, identifying potential security threats, and optimizing performance.
Designed and implemented Cisco ACI solutions, providing centralized policy-based automation and orchestration for data center networks.
Designed and implemented scalable Cisco Meraki network solutions across multiple locations, optimizing network performance and security.
Managed and monitored high-availability SSL VPN clusters, ensuring optimal performance, redundancy, and failover capability for continuous access to secure resources.
Extensive experience in designing and implementing network automation solutions using Ansible.
Proven experience as a Network Automation Engineer, with expertise in automating network processes and enhancing operational efficiency.
Configured and optimized Akamai CDN for global content delivery, reducing latency and improving end-user experience.
Expertise in Microsoft Azure Cloud Services (PaaS & IaaS), Application Insights, Document DB, Internet of Things (IoT), Azure Monitoring, Key Vault, Visual Studio Online (VSO) and SQL Azure.
Strong understanding of networking protocols (TCP/IP, DNS, DHCP) and network architecture to support secure and efficient network design.
Deployed and configured Meraki MR Access Points to provide robust and seamless wireless connectivity.
Configured Meraki MX security appliances, including site-to-site and client VPNs, firewall rules, and content filtering for enhanced network security.
Applied ACI security policies such as micro-segmentation, firewalls, and access control to enhance data center security.
Integrated Pulse Secure VPN logs with SIEM systems (e.g., Splunk) for enhanced security monitoring, auditing, and incident response.
Expert in advanced switch features such as VLANs, Spanning Tree Protocol (STP), Ether Channel, and Quality of Service (QoS) to enhance network segmentation, redundancy, and performance.
Proficient in big data and monitoring solutions such as Elastic Search, Grafana, Kibana, Prometheus, and Splunk, leveraging these tools for advanced data analysis and visualization.
Designed, implemented, and managed virtualized environments using VMware vSphere to optimize server resource utilization and increase operational efficiency.
Analyzed VMS data to identify trends, patterns, and areas for improvement, driving informed decision-making.
Configured and maintained VMware ESXi hosts and vCenter Server, ensuring high availability, performance, and scalability of virtual infrastructure.
Administered Akamai Edge Security Solutions including Kona Site Defender and Bot Manager to protect web applications from OWASP Top 10 threats.
Designed and configured routing protocols such as OSPF, BGP, and MPLS to ensure efficient data traffic routing.
Deployed and managed Silver Peak SD-WAN solutions to enhance network performance, improve WAN efficiency, and reduce costs for multi-site environments.
Deployed and configured Zscaler Internet Access (ZIA) to secure web traffic and enforce security policies, ensuring compliance and reducing attack surfaces.
Network Engineer Hilmar Cheese, Dalhart, TX May 2021 – July 2023
Responsibilities:
Implemented a shared-services architecture in Cisco ACI to facilitate communication across multiple VRFs (Virtual Routing and Forwarding), improving network efficiency.
Configured VMM domains within ACI to enable seamless dynamic policy enforcement in virtualized environments.
Defined and enforced security policies in Cisco ACI, ensuring compliance with predefined security controls.
Deployed and managed Fortimanager for streamlined policy enforcement and administration of a multi-site network with FortiGate 7081F and 7121F firewalls.
Secured wireless connectivity by integrating FortiAP access points with FortiGate firewalls, ensuring a robust and protected wireless network.
Worked on FortiAnalyzer for in-depth security log analysis, generating actionable reports to proactively detect and mitigate security threats.
Implemented Fortinet's threat prevention mechanisms, including intrusion prevention, antivirus, and application control, for enhanced security posture.
Stayed up to date with Cisco Nexus software updates and features, integrating them seamlessly into network designs to enhance performance and security.
Configured advanced networking protocols such as OSPF, BGP, and VXLAN on Cisco Nexus switches, ensuring optimized routing and alignment with modern data center standards.
Implemented HSRP on dual Cisco 7206 routers to enable high availability and hot standby routing.
Led incident response initiatives using Cisco Firepower SM-56, investigating and mitigating security breaches through advanced threat detection and forensic analysis.
Monitored and applied security updates for Cisco Secure Firewall 3105, ensuring protection against emerging cyber threats.
Collaborated with teams to analyze Palo Alto firewall logs and reports, resolving complex network security challenges.
Reviewed and optimized Palo Alto firewall security policies, eliminating unnecessary rules to improve lookup efficiency.
Performed regular network scans using ISEC tools (or vulnerability scanners) to proactively identify and remediate security weaknesses.
Monitored Cisco ISE reports and audits, coordinating with security teams to authorize or secure unauthorized devices detected on the network.
Strengthened incident response strategies using Infoblox Threat Intelligence, swiftly detecting and mitigating potential DNS-related security threats.
Ensured compliance with industry standards by integrating security controls within Active Directory, maintaining regulatory adherence.
Designed and deployed Leaf-Spine topologies using Arista switches, creating a high-bandwidth, low-latency network infrastructure for data centers.
Designed and implemented hybrid WAN connectivity via Viptela SD-WAN, seamlessly integrating MPLS, broadband, and LTE transport links.
Established BGP peering between an on-site data center in Newark and AWS cloud, ensuring efficient interconnectivity.
Configured AWS network architecture, including VPC, subnets, Internet Gateway, NAT, and Route Tables, to enable secure and scalable cloud operations.
Implemented AWS networking components, such as subnets, Access Control Lists (ACLs), peering connections, and VPN tunnels, supporting EC2, VPCs, S3, and Route 53.
Extensive experience in deploying, configuring, and troubleshooting Cisco Meraki Layer 2 and Layer 3 switches, including MS225, MS250, and MS350 models.
Involved in maintaining F5 BIG-IP GTM for DNS-based traffic distribution, ensuring high availability and optimal performance across geographically dispersed data centers.
Deployed and managed high availability (HA) clusters using F5 BIG-IP i7000 series devices to ensure seamless failover and minimize downtime.
Network Support Engineer Vsion Technologies, India March 2020 – April 2021
Responsibilities:
Upgraded and patched Checkpoint R77.30 and R81.10 firewalls to the latest firmware versions to address security vulnerabilities and enhance performance.
Deployed and managed Palo Alto Next-Generation Firewalls in enterprise on-prem and cloud environments.
Designed and deployed a Cisco Identity Services Engine (ISE) solution (Wired, wireless, and VPN users) for a commercial client with converged access switches and cisco ASA firewalls.
Troubleshooting and Configuration of Cisco 5580, 5540, FWSM, firewalls for all the agencies connecting.
Set up logging and reporting using Cisco ADSM (Adaptive Security Device Manager) to provide insights into network activity, security events, and compliance, allowing for immediate response and informed decision-making.
Primary responsibility is to design and deploy various network security & High Availability products like Checkpoint Secure Platform, JUNOS, and other security products.
Deployed F5 BIG-IP 1500 Series (1600 and 1600S) for global load balancing and disaster recovery solutions.
Monitored network bandwidth usage and traffic patterns using SolarWinds to optimize network resource allocation and detect anomalies.
Implemented INFOBLOX DNS appliance and run scripts as needed.
Created and configured service profiles within Cisco ACI to define the characteristics and behaviour of shared services, allowing for customization and adaptability.
Worked on Cisco Nexus 7K, 5K, 2K, Cisco ASA firewalls, Catalyst switches (6000 and 8000), Cisco ASR & ISR routers (1000, 2900, 3945, 4500, 7200, 7600).
Worked with Cisco routers such as CISCO-GSR-XR, CRS-16/S and, CRS-8/S.
Used DHCP to automatically assign reusable IP addresses to DHCP clients via INFOBLOX IPAM.
Worked on RSA authentication manager and Cisco NSA (Network Admission control) to authenticate users and devices to the network.
Analyzed network traffic patterns and utilized SD-WAN VIPTELA’s analytics to make data-driven decisions for network optimization.
Configured F5 Wide IP, Pool Load Balancing Methods, Probers and monitors recreating HTTP and HTTPS.
Managing and administering Juniper SRX at various zones including DMZ, Extranet (Various Business Partners) and ASZ and internal.
Contact this candidate