Network Security Engineer
Resume:
Sai Krishna MAMILLAPALLI
Senior Network Security Engineer
Email ID: ***************@*****.***
SUMMARY:
8+ years of experience in Network and Security Engineering, Routing, Switching, Firewall Technologies of complex network systems, Enterprise network security, Capacity Management and Network growth.
Integrated FortiGate 500E, 200E and 1800F firewalls with FortiManager for centralized policy management, logging, and reporting, streamlining administration across the network.
Implemented zero-trust safety measures on Palo Alto PA-5220, PA-3410, and PA-5430 Networks NGFW, which reduced forward movement in the system by 50%.
Integrated DNS with directory services like Active Directory to support dynamic updates and improve network resource management.
Configured and managed dynamic routing protocols such as OSPF, EIGRP, and BGP, ensuring efficient routing and load balancing across TCP/IP networks.
Developed Python scripts to visualize network performance and security metrics, providing actionable insights to improve network operations.
Configured and managed Cisco routers 8100, 3900, 2900 across multiple sites, ensuring secure and reliable network connectivity for thousands of users. TECHNICAL SKILLS:
Professional Experience:
Ally Finacial,NYC
Sr. Network security Engineer Jan 2024 - Present
Responsibilities:
Routing RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.
Cloud Technology Microsoft Azure, AWS, GCP
Load Balancers F5 Networks (Big-IP) LTM, Viprion, Global Load Balancing using Azure Front Door, Traffic Manager, and Application Gateway routing rules Firewall Fortinet (FortiGate) Firewall, Palo Alto, Checkpoint, Cisco Firepower, ASA, Juniper SRX series.
Protocols TCP/IP, UDP, POP3, IMAP, SMTP, NTP, FTP. Switches Nexus 5k, 7k, 9k Arista switches, Catalyst switches and Juniper switches.
Used Palo Alto Networks dashboard to generate comprehensive security reports and analyze network traffic patterns, leading to improved threat detection and response.
Implemented redundant firewall configurations with Palo Alto high-availability pairs, ensuring seamless failover and zero downtime during maintenance or outages.
Configured and deployed Palo Alto PA-5220, PA-5430, PA-3220 firewalls to secure enterprise network perimeters, resulting in a 40% decrease in unauthorized access incidents.
Installed and enhanced Palo Alto's intrusion detection system to detect and stop network-related threats and offer strong defense against expert online attacks.
Configured and repaired FortiGate firewalls in accordance with specific safety requirements and business standards.
Implementing up VPN networks with IPsec between sites applying FortiManager 300D and FortiGate devices, such as the 1800F, 3200F, and 500E series.
Deployed SOPs and configuration templates for FTD deployment and management, ensuring consistency across projects.
Configured FMC database optimization to improve query performance and reduce latency in event retrieval.
Integrated Cisco Secure Firewall 4215, 3140 with Cisco Umbrella and SecureX for enhanced threat intelligence and automated security responses.
Developed and deployed Viptela SD-WAN solutions for a global enterprise, optimizing network performance and reducing WAN costs by 35%.
Configured and managed Viptela vEdge devices across multiple sites, enhancing network reliability and ensuring consistent application performance.
Implemented dynamic path control and application-aware routing using Viptela SD-WAN, resulting in a 40% improvement in application performance and reduced latency.
Implemented routine maintenance and software updates on Cisco ACI networks to guarantee their safe and up-to-date operation.
Working with Cisco ACI's efficient and complicated categories to integrate relations methods with present and organization goals.
Integrated multi-tenant features to Cisco ACI to ensure separate networks and secure zones could be provided for different customers or business divisions.
Improved and secured detailed network problems pertaining to Cisco Nexus 7010, 7018, 5600, and 5548 switches, reducing downtime and preserving optimal network efficiency.
Implemented networks utilizing Cisco Nexus switches in collaboration with various departments, maintain in mind the objectives and needs of the company.
Configured and oversaw the ASR 9903, 9904, and 9906 series of Cisco routers for a range of network configurations, involving service provider and corporation settings.
Created and implemented VLANs and VRFs on Cisco routers to implement network separation strategies that increase network utilization and protection.
Working on Juniper SRX 5800, SRX 5400, and SRX 4700 series firewalls will assist industries by providing total defense against intrusions and secure borders.
Implementing stringent security controls and managing access by making use of Cisco ISE's rules collection affect and software verification features.
Configured and enhanced ISEC procedures and policies to uphold industry regulations and the company's safety standards while enforcing safety precautions and reducing network risks.
Developed and documented procedures and guidelines for handling and deploying Infoblox, for future reference and team development.
Implemented and managed Ansible roles and playbooks to streamline network device administration and setup, resulting in faster and more reliable installations.
Set up and maintained redundant protocols and virtual port channels, among other high reliability capabilities, on Arista 7300, 7368, and 7388 switches to guarantee network dependability.
Increased network security through the installation and upkeep of intelligent threat mitigation and data screening on Cisco Meraki MX67, MX68, and MX84 security devices.
Led the configuration and optimization of Fastly CDN and WAF for high-traffic platforms, including custom VCL rules to improve cache efficiency, reduce latency, and mitigate OWASP Top 10 threats at the edge.
Collaborated closely with DevOps teams to integrate Fastly edge security into CI/CD pipelines using GitHub Actions and Terraform, enabling automated deployment of CDN and WAF configurations with version control and auditability.
Implemented real-time edge security monitoring using Fastly’s logging and alerting features, integrated with Datadog and Splunk to enhance visibility, detect anomalies, and support rapid incident response.
Developed and enforced API protection strategies through Fastly’s WAF, securing RESTful and GraphQL endpoints against abuse, and reducing attack surface at the edge without compromising performance.
Designed and deployed multi-layer edge caching and traffic routing rules to optimize global content delivery, resulting in improved TTFB (Time To First Byte) and reduced backend load by 30%.
Participated in security incident response and DDoS mitigation efforts, leveraging Fastly’s real-time controls to dynamically block malicious traffic and maintain service availability during volumetric attacks.
Managing Azure Networking, including NICs, public/private IPs, subnets, NSGs, and UDRs.
Configured and maintained all Azure Load Balancers (Basic & Standard), Application Gateway, and Traffic Manager for global traffic routing and high availability.
Implemented and supported Azure Private Endpoints, Service Endpoints, and Azure Bastion for secure internal access.
Enforced data security using encryption at rest and in transit, and integrated security at the Azure Active Directory (AAD) level.
Managed Azure Web Application Firewall (WAF) and Azure DDoS Protection for enterprise-grade security.
Conducted network troubleshooting using Azure Network Watcher, IP Flow Verify, and Connection Troubleshoot tools.
Utilized Application Security Groups (ASGs) for granular traffic control within VNets.
Administered Azure DNS Zones for internal and external name resolution.
Provided support for Disaster Recovery (DR) drills and ensured High Availability (HA) across Azure cloud and on-premises environments.
Used Linux-based systems to monitor and troubleshoot network issues using commands such as ifconfig, ip, netstat, ss, ping, traceroute, and tcpdump.
Deployed and maintained stateful and stateless firewalls, ensuring appropriate traffic flow and segmentation.
Configured AWS Transit Gateway, Site-to-Site VPN, and Direct Connect for scalable hybrid connectivity.
Used Elastic Load Balancing (ELB) and AWS Global Accelerator to improve application availability and performance.
Configured Private Link, VPC Peering, and VPC Endpoints for secure, private connectivity to AWS services.
Troubleshot network issues using VPC Flow Logs, Reachability Analyzer, and CloudWatch metrics
Configured and managed AWS VPCs with public and private subnets, security groups, NAT Gate ways and route tables, ensuring secure and efficient network segmentation and traffic flow.
Deployed and maintained AWS Direct Connect connections, establishing reliable and high-bandwidth links between on-premises infrastructure and AWS, reducing latency and improving data transfer speeds.
Used AWS Cloud Formation to automate the deployment of network resources, including VPCs, subnets, and security groups, reducing manual configuration errors and speeding up deployment times.
Set up and managed VPC networks, subnets, and firewall rules in Google Cloud Platform.
Configured Cloud VPN, Cloud Interconnect, and Shared VPC for secure and scalable enterprise connectivity.
Deployed Google Cloud Load Balancing (Global and Regional) for HTTP(S), TCP/UDP-based traffic distribution.
Managed Cloud DNS for internal and external DNS resolution across GCP workloads.
Integrated Private Google Access and VPC Service Controls to protect sensitive resources.
Monitored and debugged network traffic using VPC Flow Logs, Network Intelligence Center, and Packet Mirroring.
Worked on F5 BIG-IP Cloud Edition has been set up for managing application resources in both private and public cloud settings.
Developed the availability and service uptime by implementing F5 LTM and GTM 7000, 10000 logs and analytics for thorough solving issues for software bottlenecks.
Developed and executed Active Directory expansion plans to guarantee data consistency and accessibility among various network devices and websites.
Integrated easily with network administration platforms such as Cisco DNA Center and Juniper Contrail by using Python for API-driven control of networks.
Implementing Arista's 7388, 7368, and 7300 series authentication includes with outside safety measures, created and implemented network safety policies.
Integrated Netmiko with network monitoring tools, automating real-time configuration checks and compliance audits, leading to a 40% reduction in configuration drift. United Airlines, Atlanta, GA
Sr. Network security Engineer March 2023 – Jan 2024 Responsibilities:
Implemented network safety and prevented unwanted access by configuring and managing Palo Alto Networks PA-7050, PA-3220, and PA-5450 firewalls.
Installed intrusion mitigation, antivirus, and URL screening as additional threat safeguards utilizing Palo Alto Networks safety functions.
Developed and monitored current safety regulations and guidelines on Palo Alto firewalls based on company demands.
Using the Panorama administration platform from Palo Alto to track network activity and examine safety issues.
Developed and fine-tuned Akamai WAF policies to block malicious traffic and reduce false positives without impacting application performance.
Deployed Akamai Bot Manager to differentiate legitimate user behavior from malicious bot activity, blocking credential-stuffing attacks on login pages.
Configured Akamai WAF to enforce strict API authentication rules, protecting financial transaction APIs from unauthorized access and abuse.
Using devices upgrades, traffic strategy optimization, and setting modifications to optimize the speed and capacity of Cisco Secure 3105, 3110, and 4200 Firewall deployments.
Integrated Viptela SD-WAN with existing network infrastructure, including MPLS and broadband connections, to create a hybrid WAN environment that improved redundancy and scalability.
Monitored and analyzed network traffic using Viptela’s vManage dashboard, providing actionable insights that led to a 20% reduction in network congestion and improved overall network health.
Developed and enforced security policies within the Viptela SD-WAN framework, including encryption and secure tunnelling, enhancing data protection and compliance across remote and branch offices.
Set up and safeguarded Bridge Domain (BD) network segments in Cisco ACI to facilitate effective traffic distribution and network division.
Developed and implemented safety agreements in Cisco ACI to regulate interaction between and within tenants and guarantee safe usage relations.
Configured and managed tenant-based network segmentation in Cisco ACI, providing enhanced security and isolation for multiple business units within a shared infrastructure.
Developed and managed Python programs that evaluate network efficiency automatically, ensuring service quality by measuring latency, connectivity, and packet damage.
Monitored and analyzed network traffic with Illumio, identifying and mitigating security risks in real- time, which led to a 30% reduction in security incidents.
Implemented VDC to divide networks and improve security, and setup and installed Cisco Nexus 9800, 9500, and 9400 series switches to build a secure data centre.
Using Cisco Nexus switches and VXLAN, flexible multi-tenant settings were supported, allowing for effective network division and flexible workload adaptability.
Improved efficiency and connection with external devices and apps, unique Ansible variations and services were added.
Installed multi-layer validation and Active Directory as additional security measures and improved methods of user authentication for online transactions.
Monitored and analyzed the network efficiency of Cisco ISR 4221, 4331, and 4431 series routers using Cisco Prime Systems, proactively recognizing and fixing possible issues.
Implemented Cisco routers with other network components and services to guarantee smooth network performance and connectivity.
Using Cisco routers, rescue strategies were created and put into action, guaranteeing network resilience and consistency in the event of unplanned outages.
Implementing Juniper networks beyond more than 500 routers to include multiple SRX 4100, SRX 3800, SRX 1600, and SRX 550 items.
Used Netmiko to automate failover testing for high-availability pairs of network devices, ensuring consistent failover behavior and reducing the time required for manual testing by 60%.
Configured and deployed Ivanti Security control ISEC to ensure compliance with security policies and regulations, leading to successful internal and external audits with zero critical findings.
Developed and maintained IP address management databases within Infoblox, ensuring accurate tracking and allocation of IP addresses across the organization.
Configured Infoblox DNS Firewall to block malicious domains based on real-time threat intelligence, which decreased the number of successful phishing attacks by 40%.
Developed and enforced network security policies using Aruba’s built-in security features, including segmentation and firewall rules, to protect sensitive data and prevent unauthorized access.
Configured AWS Security Groups and Network ACLs to enforce strict access controls and protect resources from unauthorized access, enhancing overall security posture.
Monitored and analyzed network performance using AWS Cloud Watch and VPC Flow Logs, identifying and resolving performance bottlenecks and improving network efficiency. TCS,India
Network Security Engineer Oct 2018 – Jan 2023
Responsibilities:
Setting up the Palo Alto PA-1410, PA-3250, and PA-5450 firewall sites to model IPsec activity in order to control collaboration and build networks.
Configuring and maintaining firewalls, providing security alerts Web Proxy, ACLs, VPNs, and R80.10, R80.20, and R77.30 IDS/IPS checkpoints.
Set up and managed online access and VPNs between sites on Cisco ASA 5585, 5580, 5540, firewalls to safeguard private information while it's being transmitted.
Developing and configuration of the F5 BIG-IP 6400-6800 series systems, applying interaction, security, and software performance has been developed.
Developed and oversaw Security Group Tags and Cisco TrustSec safety zones to impose fine-grained internet access oversight.
Implementing Silver Peak's integrated assessment and analysis features, such as data tracking and maintaining on connectivity and safety, to guarantee that problems are quickly found and fixed.
Developed special Solar Winds data visualizations and reports to monitor and analyze network performance in real time.
Deployed and managed Blue Coat web security gateways, enhancing web traffic security and protecting against malicious content and threats.
Developed to utilize the advantage of additional space in NetScaler installation to optimize the speed, reliability, and adaptability of vital procedures and offerings.
Using Cisco Tetration, extensive data visualizations were created to provide information about software activity and network usage.
Deployed and managed Check Point security gateways, optimizing performance and ensuring secure traffic inspection at network boundaries.
Implemented and overseen the installation of structured cabling systems, encompassing both copper and fiber-optic cables, to facilitate dependable and efficient data transmission.
Integrated Terraform with CI/CD pipelines to automate infrastructure provisioning and updates, achieving faster and more reliable deployments while reducing manual intervention by 50%.
Developed and implemented custom Wireshark filters to streamline analysis of specific traffic types and protocols, enhancing the efficiency of network troubleshooting and monitoring tasks. Providence,India
Network Engineer Nov 2016 – Sep 2018
Responsibilities:
Implementing the Access list on day to day basis as per customer's Develop and maintain standard operating procedures, processes and guidelines for firewall operations, support and maintenance.
Involved in large firewall configuration, deployments, and implantation rollouts for several company’s security needs including SSL VPN tunnels.
Working configuration of new VLANs and extension of existing VLANs on/to the necessary equipment to have connectivity between two different data centres.
Integrating of HTTP, FTP, and SMTP with the network's systems, as well as other TCP/IP-based programs and services.
Improved redundancy, ensured effective data routing, and optimized network utilization by configuring and managing routing protocols like OSPF, BGP, RIP, and EIGRP.
Maintained understanding of IP Addressing (Class A, B, C) and implemented efficient subnetting strategies.
Configured and monitored critical ports: 80 (HTTP), 443 (HTTPS), 22 (SSH), 3389 (RDP), 1433 (SQL Server), 8080 (custom apps).
Contact this candidate