Network Engineer Security
Resume:
Kalpana Kakarla
Network Engineer
Atlanta, GA 334-***-**** ****************@*****.*** https://www.linkedin.com/in/kalpanakakarla/ SUMMARY
Network Engineer with extensive experience in designing, deploying, and supporting worldwide enterprise network infrastructures. Experienced in routing and switching technologies including BGP, OSPF, MPLS, VxLAN, and STP implementations to deliver best-in-class network performance and scalability. Proven track record of maximizing network security with next-generation firewalls such as Palo Alto, Cisco ASA, and Fortinet, with regulatory compliance mandates like HIPAA and NIST. Proficient in network automation and Python, Ansible, and YAML scripting to ease configurations and reduce operations overhead. Experienced in leveraging cloud networking, load balancers (F5 LTM/GTM), and monitoring utilities like SolarWinds and Wireshark to achieve high availability and reduced downtime. SKILLS
Networking Technologies: LAN/WAN, TCP/IP, IP Subnetting, NAT, PAT, VPN (IPSec/SSL), VLANs, VTP, STP, RSTP, PVST+, MSTP, VxLAN, Multicast
Routing Protocols: RIP v1/v2, EIGRP, OSPF, BGP, MPLS (LDP, RSVP), PBR, IS-IS Switching: VLANs, Dot1Q, Port Security, STP Variants (PVST, RPVST, MSTP) Security Technologies & Firewalls: Palo Alto (Next-Gen), Cisco ASA, Juniper SRX, Fortinet, Checkpoint, Zscaler, Blue Coat; AAA (TACACS+, RADIUS), Cisco ISE, Aruba ClearPass Load Balancers: F5 LTM/GTM (VIPs, Pools, Monitors, SNAT, SSL Offload), A10, NetScaler, Cisco ACE, Global Load Balancing
SD-WAN: Viptela, Versa, VMware VeloCloud, MPLS
Monitoring & Tools: SolarWinds, CA Spectrum, HPNA, Infoblox, Wireshark, NetBrain, Gigamon, IXIA Scripting & Automation: Python, Ansible, YAML, GIT Hardware: Cisco Catalyst (2960–6500), Nexus (2K–9K), ASR 9K; Juniper EX, M, T Series; Arista 7000 Series Simulation & Labs: GNS3, Packet Tracer, EVE-NG, Cisco Modeling Labs (CML) Operating Systems: Cisco IOS, NX-OS, Windows, Linux EDUCATION
Masters: Management Information Systems Dec 2023 Auburn University – AL, USA
EXPERIENCE
Mastercard – USA
Network Automation Engineer Feb 2024 – Present
Deployed global network infrastructure supporting Microsoft ExpressRoute services for both brownfield and greenfield projects, ensuring scalability and reliability.
Collaborated with clients to identify and resolve design, failover, and latency issues using BGP, IS-IS, and MPLS (LDP, RSVP) routing protocols.
Planned and coordinated router upgrades across the Azure WAN/Core network, maintaining zero downtime for clients and services.
Deployed new Cisco ASR 9K and Arista 7000 Series routers to horizontally expand capacity and upgrade uplinks from 200G to 800G.
Configured MacSec encryption and Everflow for enhanced security and telemetry on ExpressRoute devices.
Collaborated with operations to review and approve change management and GIT pull requests; acted as an escalation point for client troubleshooting.
Participated in on-call rotations, resolving critical issues across the Azure Network, including troubleshooting hardware, VxLAN, IS-IS, BGP, MPLS, LDP, RSVP, and Segment Routing problems.
Analyzed incident ticket patterns using Kusto DB queries, developed auto-mitigation solutions, and created detailed troubleshooting guides for the operations team.
Built custom dashboards, analyzed telemetry data, and tracked project metrics using Kusto.
Automated network changes and configurations through Python, YAML workflows, and GIT, enabling efficient and consistent deployments.
Designed and maintained lab environments using EVE-NG, GNS3, and Cisco Modeling Labs (CML) to test and document new features before production rollout.
Tech Mahindra – INDIA
Network Engineer May 2020 – Nov 2021
Tailored and administered next-generation firewalls including Cisco ASA, Palo Alto PA3000/PA5000, and Juniper SRX to secure the healthcare network infrastructure, ensuring strict HIPAA compliance and safeguarding sensitive patient data.
Executed a successful migration from legacy Checkpoint firewalls to Palo Alto appliances, enhancing the organization’s security posture and reducing exposure to cyber threats by 30%.
Configured IPSec and SSL VPNs on Palo Alto firewalls, enabling secure remote access for staff and physicians across distributed healthcare facilities. Implemented zone-based firewall policies to optimize telemedicine application performance.
Improved network performance by configuring QoS policies for VoIP and critical healthcare applications, and segmented traffic using dedicated VLANs for voice, reducing latency by 20%.
Migrated from Cisco CSS to F5 BigIP LTM/GTM appliances, optimizing load balancing for applications like Cerner and Vizient, and improving uptime and application response times by 25%.
Managed dynamic routing protocols such as OSPF and BGP, and optimized MPLS circuits for secure, high-bandwidth interconnectivity between hospital locations to support telehealth and real-time patient monitoring systems.
Leveraged cloud networking by provisioning AWS S3 buckets, configuring Route 53 for DNS management, and establishing IPSec VPN tunnels between AWS VPCs and on-premises network devices, increasing data transfer efficiency by 30%.
Monitored network health and traffic using tools such as Wireshark, Gigamon, and SolarWinds, resulting in a 15% reduction in downtime and ensuring the continuous availability of critical healthcare services.
Designed and deployed VXLAN overlays for advanced network segmentation, improving infrastructure scalability by 40% and streamlining multicast traffic management across core and edge layers.
Maintained accurate and compliant network documentation, aligning with NIST standards and internal security policies. Utilized Infoblox for IP address management (IPAM) and HPNA for network configuration auditing and automation, achieving a 25% reduction in operational overhead.
CGI – INDIA
Junior Network Engineer Sept 2018 – Apr 2020
Configured remote site installations across various deployment models, including single-site solutions, backbone-only architectures, and fully managed network environments.
Ensured network, system, and data availability through proactive preventative maintenance, scheduled firmware upgrades, and patch management across client networks.
Managed and resolved service request tickets involving complex troubleshooting, system upgrades, patches, and ongoing technical support throughout all lifecycle phases.
Led and participated in Disaster Recovery (DR) exercises, from single-client recovery scenarios to full-scale FIS Core DR simulations, ensuring business continuity.
Provided 24x7 Tier-3 on-call support for client and FIS network issues, working in rotation with team members and engaging directly with Cisco TAC and Juniper J-TAC to resolve critical and complex issues.
Interacted with multiple service providers including AT&T, Verizon, Sprint, TWTC, Comcast, and CenturyLink for circuit provisioning, maintenance, and circuit troubleshooting.
Supported various MPLS circuit types such as PPP, Frame Relay, and Ethernet, as well as legacy ATM/IMA environments.
Designed and implemented site-to-site VPNs, GRE tunnels, IPSec VPNs, co-managed VPNs, and utilized ISDN for backup connectivity.
Configured dynamic and static routing protocols including RIP v1/v2, EIGRP, OSPF, BGP, and MPLS, including Policy-Based Routing
(PBR), route filtering with route maps, and route redistribution based on network requirements.
Built and maintained multi-VLAN environments, implementing inter-VLAN routing, ISL/Dot1Q trunks, EtherChannel, STP, and Port Security for robust Layer 2 segmentation.
Installed and maintained various Cisco Catalyst and Juniper M Series routers and switches across diverse network topologies.
Conducted configuration and troubleshooting of Juniper M Series routers, ensuring optimal performance in production environments.
Utilized Checkpoint, Juniper Security Threat Manager, and Envision platforms for accurate diagnosis and resolution of firewall- related issues.
Developed and maintained up-to-date network documentation and topology diagrams for all major Data Centers and operational sites.
Implemented AAA security policies using TACACS+ and RADIUS across various router platforms to ensure secure access control and authentication.
Contact this candidate