Network Engineer Palo Alto
Resume:
SaiTeja
Sr. Network Engineer
Contact: +1-847-***-****
Email: *****************@*****.***
Professional Summary
Results-oriented Senior Network Engineer with 7+ years of hands-on experience designing, implementing, and supporting secure, scalable enterprise networks across Cisco, Palo Alto, and Check Point environments. Transitioned from ISP/NOC operations into enterprise infrastructure, bringing a deep foundation in routing/switching (OSPF, BGP, EIGRP), VPNs (IPSec, AnyConnect, GlobalProtect), and SD-WAN
(Cisco Viptela, Meraki).
Skilled in managing LAN/WAN topologies, VLAN segmentation, and high-availability firewall architectures, with a proven ability to drive uptime, performance, and security across distributed environments. Proficient in network monitoring and automation using Ansible, Python, SolarWinds, LogicMonitor, and Wireshark, enabling proactive troubleshooting and operational agility.Configured ZPA application segments and connectors to securely publish internal apps without exposing them to the internet.Experienced in hands-on datacenter work, including racking/stacking network devices, PoP deployments, uplink validation, structured cabling, and physical infrastructure readiness for branch and core locations.
Experienced in hybrid cloud connectivity (AWS, Azure, GCP), including VPN Gateway, Direct Connect, and cloud-integrated firewalling. Adept at supporting Zero Trust, SASE, and modern NAC models using Cisco ISE and RADIUS/TACACS integrations.
Strong documentation and process improvement advocate, with a consistent track record of developing runbooks, diagrams, SOPs, and cross-team workflows. Versatile in both project delivery and operational support, working closely with infrastructure, wireless, and security teams to execute migrations, upgrades, and network transformations aligned with business objectives. Monitored and troubleshooted Zscaler logs and analytics using Zscaler Nanolog Streaming Service (NSS) and integrated with SIEM solutions like Splunk or QRadar.
Certifications
: CCNA – Cisco Certified Network Associate
PCNSA - Palo Alto Networks Certified Network Security Associate Education: Master’s degree in Applied Computer Science – Lindsey Wilson College, USA
Technical Skills
Category Technologies & Tools
Routers Cisco ISR (1000, 4000), ASR (1000, 9000), Catalyst 8300/8200/8000, CRS-X; Juniper MX Series (MX304, MX10004/08/03, MX2020); Palo Alto VPN Gateways; Meraki MX; Arista
Routing Protocols OSPF, BGP, EIGRP, MP-BGP, Static Routing, Route Maps, Redistribution, Policy-Based Routing (PBR), VRF-Lite, HSRP, IP SLA, GRE, BFD Switches Cisco Catalyst (2960X, 3850, 9300, 9500), Nexus (2K, 5K, 7K, 9K), Juniper EX/QFX Series, Aruba CX (light), Meraki MS Series
Switching Technologies VLAN, STP, RSTP, MSTP, EtherChannel, LACP, Trunking (802.1Q), Native VLAN, Port Security, Inter-VLAN Routing, MAC Flap Protection, Loop Guard
Firewalls Palo Alto NGFW (PA-220, PA-3220, PA-5250, PA-7000 Series, VM-Series, Panorama), Check Point R80.x/R81.x (SmartConsole, MDS, VSX), Cisco ASA
(5506-X, 5516-X), Firepower FTD, Fortinet FortiGate (100F, 300E, 1500D) Security Protocols IPsec, SSL VPN, NAT/PAT, ACLs, App-ID, Content-ID, URL Filtering, User- ID, IDS/IPS, SSL Decryption, GlobalProtect, AnyConnect, Zone-Based Policies, MAC Auth Bypass, AAA (RADIUS, TACACS+), 802.1X Monitoring/Logging SolarWinds NPM/NCM, LogicMonitor, Splunk, Cisco DNA Center, Cisco Prime, AKIPS, NetFlow, Wireshark, LiveAction, PRTG, SNMP v2/v3, Syslog, NetBrain (basic), JunOS Telemetry
Load Balancing F5 BIG-IP LTM/GTM/WAF (CLI/GUI, iRules, Pools, Monitors, VIPs, SSL Offloading), Citrix NetScaler (basic), GSLB, TLS Inspection Protocols and Standards TCP/IP, ARP, ICMP, DHCP, DNS, NTP, FTP, HTTPS, MTU, SNMP v2/v3, VLAN Trunking, MAC Security, Port Channeling, Packet Capture & Analysis Operating Systems Cisco IOS, IOS-XE, NX-OS, PAN-OS, Check Point Gaia, Linux (Ubuntu, RHEL/CentOS), Windows Server 2016/2019
Cloud Networking AWS (VPC, VPN Gateway, Route Tables, TGW, Direct Connect, Security Groups), Azure (VNet, NSG, ExpressRoute, VPN Gateway), Prisma Access, Zscaler ZIA/ZPA
Scripting & Automation Python (Netmiko, Paramiko), Ansible (Playbooks, Templates, Inventory Audits), Terraform (firewall templates), Git, YAML, Jinja2 OS & Platforms to Ticketing &
Docs
Cisco IOS, IOS-XE, NX-OS, ASA OS, PAN-OS, FortiOS, JunOS, Check Point Gaia, Linux (Ubuntu, CentOS, RHEL), Windows Server (2016–2022) - ServiceNow (Incidents, Change Mgmt), Jira (Project & Task Tracking), Confluence (Runbooks, LLDs), SharePoint, Microsoft Visio (Network Diagrams), Excel (IP Schemas)
Professional Experience
Senior Network Engineer
United Airlines, IL Oct 2023 – Till Date
Responsibilities:
● Deployed and configured Cisco Catalyst 9300/9500 switches during enterprise refreshes, including VLANs, HSRP, EtherChannel, and inter-VLAN routing for scalable LAN infrastructure.
● Supported Cisco Viptela SD-WAN deployments, onboarding edge routers, applying policy templates, and validating OMP control plane and tunnel health.
● Configured and managed Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) to provide secure and seamless internet and application access for remote and on-prem users.
● Integrated Zscaler with identity providers (e.g., Okta, Azure AD) to enable SAML-based authentication and single sign-on for secure policy enforcement.
● Coordinated with datacenter teams to execute rack elevation planning, cable management, and patch panel labeling for new device installations.
● Assisted smart hands teams during PoP and remote branch deployments, performing rack/stack of firewalls, switches, and routers, validating cabling, console access, and initial power-up checks.
● Configured and upgraded Palo Alto PA-3220 firewalls via Panorama, performing App-ID tuning, NAT policies, and GlobalProtect VPN setup and troubleshooting.
● Diagnosed advanced issues on Palo Alto and ASA firewalls, resolving IPsec phase mismatches, NAT misbehavior, and access policy conflicts using CLI and packet captures.
● Created and validated IPsec/GRE tunnels from scratch, including IKE Gateway setup, crypto profiles, and BGP route propagation across vendors. Deployed and validated Meraki MX firewalls and MR wireless APs, including Auto-VPN configuration, SSID deployment, and client segmentation.
● Conducted physical network audits, documenting port utilization, power feed alignment, and airflow direction to ensure compliance with structured cabling and enterprise layout standards.
● Assisted in LoRaWAN backhaul integration, optimizing gateway placement and RF performance for industrial IoT devices.
● Provided L2/L3 troubleshooting including STP loops, VLAN mismatches, static route issues, and MAC flaps using CLI and SolarWinds.
● Performed firewall policy updates in Panorama, ensuring compliance with corporate standards and collaborating with InfoSec on change approvals.
● Conducted pre/post upgrade validation for firmware rollouts on Catalyst switches and Palo Alto firewalls, documenting HA state, image versions, and interface reachability.
● Delivered remote Tier 2 VPN support for GlobalProtect users, resolving SAML auth, LDAP group mismatch, and client-side connectivity issues.
● Used Wireshark, NetFlow, and debug tools to identify and resolve latency, traffic path inconsistencies, and performance bottlenecks.
● Monitored critical infrastructure using SolarWinds NPM, LogicMonitor, and SNMP-based alerting to detect interface errors, high CPU/memory, and path flaps.
● Supported F5 BIG-IP LTM/WAF platforms during escalations, validating VIP status, SSL cert bindings, and pool health monitors.
● Administered Infoblox DDI, handling DNS record creation, DHCP scope configuration, IPAM conflict resolution, and cleanup of orphaned leases.
● Implemented traffic forwarding methods including GRE tunnels, PAC files, and Zscaler Client Connector
(ZCC) for user traffic redirection to Zscaler cloud.
● Diagnosed DHCP-related wireless issues, including lease exhaustion, stale bindings, and mismatched gateway settings across AP VLANs.
● Participated in Zero Trust NAC enforcement via Cisco ISE 3.x, supporting 802.1X posture checks, MAB, and VLAN assignments for endpoints.
● Assisted smart hands with rack/stack, console validation, cabling, and config pushes during remote branch deployments.
● Documented LLDs, firewall flow maps, NAT schemas, and routing diagrams in Visio and Confluence for operational reference.
● Used Splunk to correlate logs from Palo Alto firewalls and switches, creating custom dashboards for threat, session, and performance tracking.
● Collaborated on CAB reviews, presenting network change proposals, rollback plans, and capturing audit trails in ServiceNow and Jira.
● Contributed to automation goals by updating network templates in Ansible, and performing read-only config audits via playbooks.
● Enforced security hardening best practices, including SSH-only access, SNMPv3 setup, banner messages, and login lockout thresholds across switches and firewalls.
● Created ACLs and zoning policies for user, guest, and IoT segmentation based on application requirements and security guidelines.
● Supported on-site and remote activities during office expansions and DC migrations, including uplink validation, port provisioning, and traffic cutovers.
● Tracked and resolved ServiceNow incidents and change requests, providing detailed resolution notes and aligning with ITIL practices.
● Created and enforced security policies using ZIA, including URL filtering, SSL inspection, advanced threat protection, and bandwidth control.
Network Engineer
Verizon, Richmond, VA
Aug 2021 – Oct 2023
Responsibilities:
● Delivered enterprise network support and implementation across campus and remote sites using Juniper MX/EX/SRX, Palo Alto NGFWs, and Check Point firewalls.
● Designed and supported site-to-site IPsec VPNs across Palo Alto (PA-3220), Check Point R81.x, and Juniper SRX, resolving tunnel phase issues and routing inconsistencies.
● Administered Infoblox DDI for DNS and DHCP services across multiple VLANs, validating DHCP scope health, IP reservations, and DNS propagation.
● Maintained documentation and knowledge base for Zscaler configurations, access policies, troubleshooting guides, and architectural diagrams.
● Executed IOS/JunOS/OS updates and configuration maintenance across Juniper SRX, Catalyst 3750/4500, and Nexus 5K/7K platforms for lifecycle management.
● Participated in HA firewall failover testing and upgrades on Check Point and Palo Alto firewalls, verifying state sync, NAT rules, and security policies post-change.
● Configured Juniper EX/QFX switching for multi-VLAN environments, trunk ports, SVIs, and STP enhancements including BPDU Guard, Root Guard, and PortFast equivalents.
● Designed and deployed Aruba Instant Access Points (IAP) and Meraki MR APs, configuring SSIDs, VLANs, and RADIUS authentication for seamless Wi-Fi coverage.
● Integrated Cisco ISE with Palo Alto and Aruba WLAN for 802.1X posture validation, guest access VLANs, and MAB fallback in high-security environments.
● Supported Cisco WLC 5508 for wireless coverage, troubleshooting DHCP relay failures, roaming issues, and AP onboarding.
● Assisted with deployment of F5 LTM appliances, validating pool member health, SSL certificate assignments, and application port mappings.
● Monitored and troubleshooted Zscaler logs and analytics using Zscaler Nanolog Streaming Service (NSS) and integrated with SIEM solutions like Splunk or QRadar.
● Participated in Zscaler ZIA/ZPA troubleshooting, validating traffic tunneling behaviour and split tunnel policies for remote users.
● Resolved L2/L3 network issues including VLAN mismatches, STP loop detection, routing table inconsistencies, and access port provisioning.
● Collaborated on BGP/OSPF redistribution projects between Juniper routers and Palo Alto NGFWs, applying route-maps and prefix-lists for traffic control.
● Performed firmware patching and security hardening of network devices, including SSH-only access, SNMPv3, role-based login enforcement, and system banners.
● Implemented GlobalProtect and AnyConnect VPN access, assisting in MFA integration, IP pool configuration, and troubleshooting LDAP group mapping errors.
● Used SolarWinds, NetFlow, and Wireshark for interface monitoring, latency analysis, and post- incident RCA documentation.
● Reviewed and updated Panorama-based policies, NAT rules, URL filtering profiles, and WildFire inspection in alignment with audit controls.
● Participated in change management cycles, writing MOPs, validating rollback strategies, and ensuring compliance with ITIL frameworks using ServiceNow.
● Supported network segmentation and access control using ACLs, security zones, and VLAN-based separation of production, dev, and guest networks.
● Documented LLDs, IP address schemas, and firewall policy flows using Visio and Confluence, ensuring handoff readiness for operations teams.
Network Support Engineer (Tier 2)
Disney, CA
June 2020 – July 2021
Responsibilities:
● Provided Tier 2 network support for enterprise infrastructure upgrades, cloud connectivity validation, and escalation-level troubleshooting.
● Assisted with the configuration and deployment of Cisco Catalyst 3850/9300 and Nexus 5K/7K switches, supporting VLAN creation, STP configuration, and HSRP redundancy during core upgrades.
● Worked with senior engineers to apply and validate security rules on Palo Alto PAN-OS, Cisco Firepower FTD, and Checkpoint R80.x, gaining experience in NAT, ACLs, and zone-based firewalling.
● Conducted basic Layer 2/3 diagnostics using CLI, Wireshark, and SolarWinds, helping troubleshoot VLAN mismatches, trunk port issues, and routing inconsistencies.
● Participated in structured racking and patching of network devices during office expansions and refresh cycles, following proper grounding, cable dressing, and airflow best practices.
● Supported deployment and labeling of PoP devices, ensuring uplink validation, device registration, and connectivity to core routers/switches.
● Supported onboarding of Cisco vEdge routers during Viptela SD-WAN rollouts, applying templates, validating tunnel states, and confirming control plane reachability.
● Responded to VPN-related incidents, resolving basic issues with Cisco AnyConnect and GlobalProtect, including authentication failures and split-tunnel validation.
● Shadowed cloud engineers to observe and assist with AWS Direct Connect and Azure VPN Gateway troubleshooting for hybrid routing and BGP propagation.
● Participated in health checks for F5 BIG-IP LTM/GTM, verifying VIP statuses, SSL cert mappings, and GSLB configurations alongside load balancing teams.
● Aided in scheduled firewall failover testing and upgrade procedures for Palo Alto, Cisco FTD, and Check Point platforms, ensuring HA state validation and traffic continuity.
● Created and updated network topology diagrams, runbooks, and configuration logs in Visio and Confluence for team use and operational documentation.
● Used SolarWinds NPM and NetFlow to monitor interface health, BGP peer status, and detect WAN path drops during site migrations or performance degradation.
● Collaborated with senior engineers during on-site visits to install Cisco Catalyst and Nexus gear, performing interface validation, port provisioning, and connection testing using console tools.
● Participated in remote deployments, validating console access, cabling, and config pushes with guidance from lead network engineers.
● Optimized performance and ensured compliance by conducting regular audits of Zscaler policies, SSL certificates, and policy hits.
● Worked closely with cross-functional teams and Zscaler support to resolve performance issues, policy conflicts, and integration challenges.
● Supported escalation teams in reviewing firewall traffic logs and session tables, identifying dropped traffic and policy misalignments.
● Documented peer-reviewed changes and rollback plans as part of internal change management workflows using ServiceNow.
● Worked with senior engineers on refining IP schemas, routing diagrams, and access policies to support upcoming branch expansions.
● Began developing foundational knowledge of SD-WAN policies, firewall architecture, and hybrid connectivity principles through active participation in project tasks. Network Engineer
PRAMATI Technologies, India August 2018 – May 2020 Responsibilities:
● Delivered Level 1 technical support for Virgin Media broadband customers, troubleshooting connectivity issues across wired/wireless networks, and improving customer satisfaction metrics.
● Diagnosed LAN/WLAN problems involving DHCP conflicts, DNS failures, and wireless authentication issues, supporting rapid restoration of home and small business services.
● Provided frontline configuration assistance for Cisco Catalyst switches (2900, 3560, 3750), including IOS upgrades, backup handling, and firmware compliance checks.
● Configured VLANs, 802.1Q trunk ports, and access ports to enable customer network segmentation and enforce basic traffic isolation policies.
● Participated in global rollout of Zscaler for remote workforce enablement, ensuring secure zero-trust access to internal and external applications.
● Supported Spanning Tree Protocol configurations (STP, RSTP, PVST+), ensuring loop prevention and Layer 2 stability within small branch environments.
● Worked on initial implementation and troubleshooting of Access Control Lists (ACLs) to control traffic flow on Cisco routers based on IP, port, and protocol.
● Gained hands-on exposure to routing protocols such as RIP and OSPF, reviewing adjacency formation and static route configuration on Cisco 2600/3600 routers.
● Utilized CLI tools like ping, traceroute, and show commands for network path validation, packet loss identification, and latency troubleshooting
● Assisted in racking, stacking, and patching of switches and routers during small-scale installations and refreshes, following structured cabling best practices.
● Maintained detailed documentation of config changes, common issue resolution steps, and device logs in ticketing platforms and internal wikis.
● Participated in peer learning sessions and cross-functional troubleshooting efforts to build knowledge in Layer 2/3 protocols, network fundamentals, and vendor CLI environments.
● Laid the foundation for enterprise network engineering, gaining practical experience in structured diagnostics, device provisioning, and basic configuration management.
Contact this candidate