Palo Alto Security Engineer
Resume:
KRISHNA KANTH MANDAVA
Senior Network Security Engineer
********.*********@*****.*** Phone: 470-***-****
SUMMARY:
8.9 years of experience in IT as Network Engineer with focus of design, implementation, troubleshooting and documentation of LAN/WAN systems in global and Data Center Environment.
Manage multiple Palo Alto PA-5450, PA-5280, PA-3260 firewalls centrally through the Palo Alto Panorama M-500 centralized Management appliance.
Implemented technical expertise and guidance on FortiGate 100E, 200E, 500E 1800F products, assisting in the selection and integration of appropriate firewall solutions based on business requirements.
Designed, deployed, and managed Aruba Wireless networks, ensuring high-performance and secure wireless connectivity across the organization.
Experience in leveraging AWS Cloud Front, a content delivery network (CDN), to accelerate the delivery of web content, videos, and APIs with low latency and high data transfer speeds.
Working with Cisco Nexus Platform including 5K, 7K and 9K Switches as well as Cisco Meraki MS250, MS350 Series Switches.
Experience in Designing & setting up networks including Configuration and troubleshooting on EIGRP, OSPF, VLAN, WAN, LAYERS.
TECHNICAL SKILLS:
Switches
Nexus, Arista switches 7800, 7300, 7170 Catalyst switches and Juniper switches.
Wireless
Cisco Meraki, Aruba wireless.
Firewall
Fortinet (FortiGate) Firewall, Palo Alto, ASA 5555, 5540 and Juniper SRX series, Checkpoint R80, R81.
Cloud Services
AWS Cloud (EC2, VPC, Route53) Direct connect
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering and Static Routing
Load Balancers
F5 Networks (Big-IP) LTM, Viprion
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
Network Management tools
Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime
Professional Experience:
Fidelity Investments, NC
Sr. Network security Engineer March 2024 - Present
Responsibilities:
Setting up device designs, networks, and business and company standards-compliant policies for Palo Alto Networks PA-5420, PA-3430, and PA-3260 firewalls in online websites.
Configured in creating flexible, constantly-changing screens tailored to specific security scenarios and company demands utilizing Palo Alto Networks firewall system controls.
Installed and care of safety devices are sped up by the ability to get developing Palo Alto Networks VM-Series online assets through AWS Shopping utilizing pre-existing layouts.
Integrated Palo Alto Networks' level technique to the firewalls, which reduced setup problems and ensured a continuous safety record throughout several locations.
Using controlled affecting traffic rules for important uses has increased bandwidth utilization on the FortiGate 100E, 500E, 1800F and 3200F firewalls.
Configured in streamlining audit-related tasks by overseeing the management of FortiGate setup, guidelines, and knowledge interpretation.
Seamlessly integrated low-latency Viptela SD-WAN with the existing network infrastructure, optimizing low-latency connections and ensuring maximum efficiency across remote offices with minimal disruption.
Configured custom dashboards and widgets in FMC for tailored monitoring and reporting.
Integrated FTD with third-party SIEM tools like Splunk and QRadar for advanced analytics.
Implemented SD-WAN policies created and applied data, application-aware, and security policies to optimize traffic flow and enforce compliance.
Integrated SD-WAN with existing network infrastructure seamlessly incorporated Viptela SD-WAN into existing enterprise networks, ensuring minimal disruption and maximum efficiency.
Developed centralized control via Viptela vManage utilized vManage to monitor, configure, and maintain SD-WAN network components and policies.
Working the development, implementation, and upkeep of the Cisco ACI fabric by helping with regulated, policy-based network administration and preparation.
Configure Cisco ACI across application- and infrastructure centric architectures to efficiently incorporate and deploy existing network technologies.
Integrated the security, quality of service, and software connectivity while regulating network operation, industry-centric regulations are being defined using the Cisco ACI Rule Framework.
Implemented scheduled repairs and ensured customer satisfaction by monitoring and analyzing materials transit records and Azure data.
Improving Layer 2 and Layer 3 connectivity and providing lag-free data transfer were the main goals of the Cisco Nexus Switch design.
Improved low-latency Layer 2 and Layer 3 connectivity by optimizing Cisco Nexus 7010, 7018, 5548, and 5600 series switches, ensuring efficient, lag-free data transfers and low-latency in high-performance environments.
Adding to safety measures by carrying out complete service modules (ISM) connectivity analyses and assessments for the Cisco Nexus 7010, 7018, 5548 and 5600 series.
Integrated support for troubleshooting issues related to Cisco Nexus switch deployment, connectivity, and performance.
Install security updates and modify Cisco router equipment to address problems and follow regulations.
Integrating Cisco routers ISR 1100, 1160, and 1131 into a multi-site functional design, users can set up safe links across corporate and local sites that safeguard private data.
Improved networking and connection efficacy through the detection and resolution of Cisco router monitoring query issues, such as method, monitored, and display interactions.
Developed guidelines and policies for Juniper SRX 1600 and SRX 2300, ensuring legal compliance and encouraging information sharing.
Involved in Infoblox for Systems Tool Management included creating the requirements for efficiently handling and tracking local DNS and DHCP configurations.
Integrating safety measures for all employees using Ansible and firewalls, switches, and additional network-related equipment.
Configuring Cisco Secure Firewall 3105 and 3110 access restrictions, maintain updated on online activities, and guarded against unwanted access to critical resources.
Developing links between firewalls, Cisco ISE-secured terminals, and locations that handle private data in order to link them to additional security measures.
Increased security procedures and ensured outstanding efficacy by helping several teams integrate ISEC into the overall design with ease.
Added cutting-edge functionality, such Aruba Dynamic absence, to provide controlled, safe access to policy-based web pages.
Optimized low-latency Cisco router performance by resolving issues related to network queries, ensuring stable, low-latency connections between corporate sites and remote offices.
Integrated SSL/TLS encryption and certificate management on F5 BIG-IP appliances, ensuring compliance with PCI DSS and GDPR standards.
Implemented application-layer security with F5 iRules to block malicious traffic, including SQL injection and cross-site scripting (XSS) attacks.
Configured of Active Directory, the main administrative center for optimizing authentication requirements and automating security processes.
Applying Python scripts and design guidelines, helped divide and confine automated operations to better code maintenance and usage in massive installations.
Implemented of Meraki security abilities utilizing contemporary features like risk assessment, entrance oversight, and data filtering to improve overall system security.
Configured AWS Global Accelerator optimized network performance for global applications by routing traffic to the nearest AWS edge location.
Utilized AWS Firewall Manager centralized the management and maintenance of firewall rules across multiple AWS accounts and resources.
Deployed AWS WAF (Web Application Firewall) protected web applications from common web exploits and attacks.
Charter Communications, CO
Sr. Network security Engineer Aug 2022 – Feb 2024
Responsibilities:
Implemented management and differentiation with the addition of safety borders and integration with Palo Alto firewalls, such as the PA-5000 Series.
Using managing monitors and maintaining Palo Alto's scanning equipment, IPsec VPN links will remain secure and efficient.
Installed the Palo Alto PA-5430, PAN-PA-5400-DPC-A, and PA-5280 broadband gateway range Panorama needed central administration.
Configured in multiple Palo Alto Panorama complete company administration connectivity administration, assessment, and assessment.
Developed and overseen to provide simple setup and secure wireless access, the FortiAP router and FortiGate firewall models 100E, 200E, 1800F, and 3200F.
Using FortiGate firewalls, setting up and managing IPsec and SSL VPN tunnels between multiple websites to provide secure web access.
Deployed FTD 2100 in hybrid environments with seamless integration across on-premises and cloud networks.
Integrated FMC with Cisco SecureX for enhanced threat correlation and streamlined incident response.
Developed and installed a complete SD-WAN system for a multinational organization covering multiple locations, leveraging the Viptela topology.
Utilized Palo Alto firewalls to manage IPsec VPN links, maintaining low-latency and secure communication for high-performance connections.
Implemented guidelines allow the Viptela SD-WAN infrastructure to adapt to fluctuating connection situations by providing changeable input allocation.
Working with Viptela SD-WAN has been implemented with wireless computer systems to provide secure and reliable communication.
Involved in adaptability and security throughout the Cisco ACI fabric; a POD architecture was developed to provide consistent policy-based management for network building and usage.
Develop tenant-only virtual reserved areas (VRFs) for buildings, linked Cisco ACI to other networks, and built online domains with specialized protection.
Set up connectivity for the Cisco ACI Bridge Domain (BD), accelerate supply and route division, improve performance, and assign unique URLs and groups to suitable service layers.
Developed and deployed in accordance with ISP service standards utilizing connected devices, specifically Cisco Nexus switches.
Increased efficiency through the use of the Cisco Nexus system bases, with a focus on the widely used Cisco Nexus routers from the 9300, 9400, 9500, and 9800 series, that have remarkable robustness and adaptability.
Managed the lifecycle of network security certificates, ensuring timely renewal, proper storage, and seamless rotation of certificates to prevent security risks.
Using Cisco Nexus switches equipped with layer network virtualized and Locator/ID isolation technologies will simplify corporate and knowledge processes.
Implementing Cisco Embedded Event Manager (EEM) functionality on Cisco routers in the ASR 9001, 9006, 9010, and 9901 series can improve security-related duties and replies.
Assisted in issues with Cisco router installation were discovered and resolved when performing spyware diagnosis and evaluation.
Improved reliability and validity of the system, newly designed Cisco routers include encrypted connections and strong, distinctive verification techniques.
Manage recovery following catastrophes and generate security events, Cisco Secure Firewall 4245, 4225, and 4215 are connected with Cisco Threat Response (CTR).
Implement the Infoblox DNS Router with security controls enforced at the DNS layer to thwart identity theft efforts and prohibit access to dangerous websites.
Develop Cisco ISE rules according to relevant data, including device kinds, client groupings, and policies, control, authorize, and authenticate actions and objects.
Assisted in resolving low-latency network issues on Cisco routers, performing spyware diagnosis and enhancing performance by addressing connectivity bottlenecks.
Maintaining informed about the processing and assessment of specific application-layer data using the Juniper SRX 4300 and SRX 4700 layer portals.
Applied and turned on the monitoring elements of Ivanti security measures ISEC to prevent the installation or usage of unwanted software on endpoints.
Integrating and upgrading VXLAN protocols on Arista switches (5000, 7060X, 7050X3, and 750), encrypted networks are now supported, and routing reliability is enhanced.
Implementing F5 iRules, which was developed on Viprion, users can quickly route requests to the right location that is setup and provide ongoing client support.
Deployed F5 BIG-IP LTM (Local Traffic Manager) for load balancing critical web applications, improving application uptime.
Monitored and maintained the integration of new telco applications, addressing integration challenges and optimizing performance in a production environment.
Implemented F5 GTM (Global Traffic Manager) to distribute traffic across geographically dispersed data centers, ensuring high availability and disaster recovery.
Configured in gathering information for proactive protocols and routine Ansible Tower security assessments of endpoints with internet access.
Enhanced performance and low-latency routing through the use of Cisco ACI Bridge Domain (BD), accelerating supply routes and improving service layer efficiency.
Set up specialized Python scripts to collect and examine web browsing logs, allowing for the early identification of security risks and possibly hazardous activity.
Used AWS Security Groups and Network ACLs implemented robust network security controls to manage inbound and outbound traffic.
Monitored network performance using AWS Cloud Watch set up alerts and dashboards to monitor network traffic and troubleshoot issues in real-time.
Implemented AWS Elastic Load Balancing (ELB) distributed incoming application traffic across multiple targets to enhance application fault tolerance.
Maintain and establish networks simultaneously while building multithreaded software applications with Netmiko, which significantly increases output and efficiency.
Added a second single sign-on (SSO) framework that makes use of Active Directory and SAML to handle dependable and straightforward authentication and ongoing web browsing utilization.
Increased connectivity between Azure VPN Gateway's unique architecture and information screening, allowing for incredibly precise traffic management across linked applications.
Improved efficacy through assistance in locating and resolving connection problems related to Aruba and Airwave servicing.
DXC Technologies, India
Network Security Engineer Sep 2019 – April 2022
Responsibilities:
Improved administration and policy security were guaranteed by applying Panorama programming for setting up standard safety measures and procedures to PA-2200, PA-850, PA-440, and PA-460 Series routers installed in sites.
Developed and implemented comprehensive rule leadership, cuttings, and monitoring for Checkpoint firewalls 21k, 13k, 12k, and R75.40VS to protect data and networking centers.
Configure networks with Cisco routers 1900, 2900, and 3900, and setting up LAN-based wireless connection.
Working with several teams, we designed and deployed systems division strategies, such as VLAN tagging and Protected Levels, using the Cisco ASA 5500, 5510, 5580, and 5585 firewalls.
Integrated NetScaler with application delivery controllers (ADCs) seamlessly integrated NetScaler with other ADCs to enhance application delivery and performance.
Configure applications such as Checkpoint Monitoring and assign responsibilities to F5 BIG IP devices in the 4000r, 5000r, and 12000 rSeries to confirm the reliability of the firewall.
Utilized Terraform Cloud and Enterprise features leveraged Terraform Cloud and Enterprise capabilities for remote state management, collaboration, and governance.
Implementation with Website Manager from Blue Coat, which blocks access to URLs and offers that are presently deemed unsafe or inappropriate due to their duration and connectivity performance.
Managed the possibility that hackers might go off course by dividing web traffic based on endpoint kinds, client responsibilities, and company demands using TrustSec regulations.
Expertise in establishing and managing routing protocols, including RIP, EIGRP, OSPF, and BGP, for efficient data transfer.
Performed network segmentation and isolation used Tetration to design and implement network segmentation strategies, enhancing overall network security and performance.
Experienced in identifying designs, cable innovations, and as-built data with accuracy and precision offers comprehensive advice for impending maintenance and repair jobs.
Developed oversaw, and conducted research on the Solar Winds Internet Systems Administration Framework, that monitors each connection and appliances and sounds an alert when necessary.
Installed and maintained safety surveillance in Azure System Gateway to guarantee backend uptime and dependability.
Hands on experience using diagnosis tools like TCPDUMP, Wireshark for analyzing the real time statistics during the packet flow.
Sonata Software, india
Network Support Engineer April 2016 – Aug 2019
Responsibilities:
Developed and maintained DNS architecture that connected websites into router locations, facilitating easy communication between infrastructure and online resources.
Experience with TCP/IP internet protocols, including Transmission Control Protocol (TCP), to provide stable and long-lasting data transport in commercial networks.
Use Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess and pinpoint networking issues causing service disruption.
Configured various Router interfaces like ATM interface, T3 & Channelized T1 interfaces.
Developed an optimum IP Addressing schemes, VLAN tables, and network documentation and diagrams (Visio).
Contact this candidate