Network Engineer Palo Alto

Sai Manoj Punugupati

Senior Network Security Engineer

******************@*****.*** / +1-601-***-****

Professional Summary:

• 6 years of professional experience in Network Planning, Implementing, Configuring and testing of networking system on both Cisco and Juniper Networks including Firewalls and switches.

• Extensively worked using AWS services along with wide and in depth understanding of each one of them.

• Configuration of Palo Alto PA-7050, PA-5450, PA-3440 firewalls, access policies, Application & URL filtering, Security Profiles, Global Protect VPN, Data filtering and file blocking.

• Managed F5,Big-IP LTM appliances to load balance server traffic in critical several access silos, Planning and Implementation of the Cisco VPN clients to Cisco AnyConnect.

• Create and set up firewall rules for the FortiGate 1000F, 2600F, and 3200F firewalls to stop illegal users from getting into vital systems that handle records and data.

• Experience with Bluecoat Proxy systems spread around the firm's places, along with support complaints, requests, and projects asking for customer-facing proxy software testing.

• Involved in Checkpoint R77.30, R75.10, and R80.30 design and installation which includes Application and URL filtering Threat and Data Filtering.

TECHNICAL SKILLS:

Professional Experience:

BNY Mellon, NYC, NY Sep 2023 - Present

Network security Engineer

Responsibilities:

• Integrated network security with endpoint compliance tools to enforce business critical security postures across global offices.

• Monitored rule hit counts to identify with high traffic volume in Palo Alto and consider optimizing or consolidating them for better performance.

Cloud services AWS (VPC, Route53, direct connect, Cloud front) Wireless Cisco Meraki, Aruba wireless.

Firewall Palo Alto, Cisco Firepower, ASA, Juniper SRX series, Checkpoint Firewall, Fortinet

(FortiGate) Firewall.

Routing RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing.

WAN

Technologies

Frame Relay, ATM, MPLS, Leased lines & exposure to PPP. Switches Nexus 9k, 5k, 7k, Arista switches, Catalyst switches and Juniper switches. Networking

Concepts

Access-lists, Routing, Switching, Subnetting, Designing, VLAN, VTP, NAT Load Balancers F5 Networks (Big-IP) LTM, GTM.

• Used built-in rule optimization tools provided by Palo Alto Networks, such as Rule Usage Statistics, to identify unused or rarely matched rules for removal or consolidation.

• Used Palo Alto PA-7050, PA-7000, PA-5450, PA-5420, PA-3450 threat prevention IPS, antivirus, anti-spyware, and URL filtering, to protect the unknown threats.

• Migrated security policies, NAT rules, and VPN configuration from PA-5000 to PA-7000 series firewalls.

• Implemented version control practices within Panorama, allowing for the tracking and management of policy changes and revisions, which is essential for auditing and change management.

• Worked closely with Palo Alto Networks and vendor teams to integrate security solutions into the network infrastructure, optimizing security capabilities.

• Deployed and managed advanced endpoint protection platforms like CrowdStrike, Symantec Endpoint Protection, or Carbon Black, ensuring all devices on the network are safeguarded against malware, ransomware, and zero-day attacks.

• Configured endpoint detection and response (EDR) systems to continuously monitor and analyze endpoint activities, enabling proactive identification and mitigation of potential threats.

• Developed and enforced endpoint security policies that included disk encryption, antivirus configurations, data loss prevention (DLP) settings, and application whitelisting to maintain compliance with organizational security standards.

• Ensured endpoint devices adhered to network access control (NAC) policies, limiting access to corporate resources only for devices that meet predefined security criteria.

• Managed centralized patch deployment for endpoints across the enterprise, leveraging tools like Microsoft SCCM or Ivanti to ensure timely updates and reduce vulnerabilities.

• Conducted regular vulnerability scanning of endpoint devices to detect and remediate security weaknesses, using tools such as Qualys or Nessus.

• Led efforts to harden endpoint devices by disabling unnecessary services, configuring firewalls, and enforcing least privilege access to reduce attack surfaces.

• Designed secure remote access and VPN policies to support hybrid work models, ensuring business continuity and secure user connectivity.

• Streamlined policy migration from legacy to next-gen firewalls (ASA to FTD) with minimal business disruption, reducing operational risk.

• Integrated endpoint security solutions with SIEM platforms to enable real-time correlation and analysis of endpoint-related security events.

• Troubleshoot and diagnostics for Fortigate VPN connectivity issues, identifying and resolving connectivity problems promptly.

• Integrated FortiGate with Fortinet Security Fabric, enabling coordinated threat intelligence sharing and automated threat response across Fortinet solutions.

• Managed logs and event data from Fortinet devices, including FortiGate firewalls, FortiSwitch, and FortiAP wireless access points.

• Implemented WAN link load balancing on FortiGate 60 firewalls to optimize network traffic distribution across multiple internet connections.

• Played an active role in real-time incident response, leveraging FortiGate 1000 series features to quickly identify and contain security incidents, limiting potential damage.

• Utilized Cisco ACI architecture to build a spine-leaf fabric topology with leaf switches, providing optimal east- west traffic flow and minimized latency.

• Implemented Spine-Leaf networks with Cisco ACI’s policy-based automation, allowing for dynamic provisioning and rapid adaptation.

• Performed monitoring, logging, and diagnostic tools within Cisco ACI to promptly identify and resolve network incidents and anomalies related to Bridge Domains and Subnets.

• Integrated security features such as firewalls and threat detection, into SD-WAN VIPTELA deployments to enhance network security.

• Worked on dashboards in SD-WAN VIPTELA to monitor network performance, troubleshoot issues, and provide stakeholders with visibility into network health.

• Enabled real-time visibility for business units through SD-WAN performance dashboards, improving application performance monitoring.

• Implemented dynamic path selection and intelligent traffic steering on VIPTELA vEdge 1000 series devices, leveraging network conditions to choose the best WAN link for optimal performance.

• Utilized INFOBLOX Threat Intelligence feeds and DNS Firewall to identify and block malicious domain names and IP addresses.

• Implemented Cisco Nexus 9000 Series switches as part of a unified fabric architecture, simplifying data center network design and management.

• Effectively managed IP addressing and subnetting schemes on Cisco routers to optimize IP resource utilization and support network growth.

• Installed and configured Cisco routers ISR (800, 900, 1000, 4000 series) and ASR (1000, 5000 and 8000) series.

• Customized guest portal using Cisco ISE’s self-service portal capabilities, providing a branded and user-friendly experience for guest users.

• Integrated Cisco Client solutions with identity services, Active Directory for centralized user authentication, authorization, and accounting.

• Developed Terraform modules to provision AWS security groups and network ACLs, ensuring consistent and secure network configurations across multiple AWS accounts and regions.

• Setup AWS security groups which behave as Virtual firewalls controlling the traffic by allowing it to reach one or more AWS EC2 instances.

• Used Python scripting for network traffic analysis and packet sniffing to identify network bottlenecks and performance issues.

• Worked on Python Scripting to deploy and automation testing purpose and managing Linux-based operating systems.

Cardinal Health, Columbus, OH Oct 2020 – June 2023 Network security Engineer

Responsibilities:

• Offered specialized troubleshooting expertise for Palo Alto Networks' products, adeptly resolving intricate network security issues and minimizing downtime for seamless operations.

• Configured and supported Palo Alto NGFW models including PA-5450, PA-3440 series running PAN OS-7.x, 8.x, ensuring optimal performance and security.

• Executed configuration of IPsec VPNs and performed updates and password recovery on Palo Alto devices, ensuring secure and reliable connectivity.

• Installed, configured, and maintained a variety of Palo Alto models, including PA-220, PA-820, and PA-7080 series, guaranteeing their effective operation within the network infrastructure.

• Configured and provided support for Fortinet on various models, including FortiGate 6500F, 6300F, 7081F, 1500D running Forti-OS 5.2, 5.4, optimizing their functionality for secure and efficient network operations.

• Conducted timely firmware upgrades and routinize maintenance on FortiGate firewalls, guaranteeing the incorporation of the latest features, security patches, and optimal performance.

• Enhanced security across a varied network infrastructure across multiple locations by deploying FortiGate firewalls, ensuring robust protection against cyber threats.

• Kept abreast of the most recent advancements in FortiGate Fortinet firewall technologies, features, and certifications through ongoing professional development and continuous learning initiatives.

• Troubleshot Firepower API slowness to optimize Firemon performance.

• Secure configurations of load balancing in F5, SSL/VPN connections, Troubleshooting CISCO ASA firewalls, and related network security measures.

• Integrated our ASAs and FTDs with FireMon.

• Handle Incident tickets & Service Requests related to Cisco ASA firewall, & VPN along with the connectivity issues and provide prompt support when any issue pops up.

• Partnered with operations and compliance teams to implement centralized policy management using Firemon for change tracking and governance.

• Integrating Configuring Cisco ASA Firewalls with ISE to the Posture policy compliance for remote VPN IPSec, SSL Any Connect users.

• Engineered and executed VPN solutions utilizing Cisco Firepower 1010, 1120, and Cisco Firepower 1150, establishing secure remote access for employees and partners. Ensured the confidentiality and integrity of data transmission in the process.

• Performed all maintenance tasks on the Nexus Switches, ASR Routers, Checkpoint Firewalls, F5 Load balancers Infoblox DNS and Cisco ACI.

• Proficient in Designing, Installation, and Configuration of Nexus switches, including 7k, 5k, 2k, and 9k series, for robust and scalable network architectures.

• Implemented Cisco Nexus switches and working with many departments to build complex safety network topologies.

• Developed to identify and resolve network problems and guarantee proper usage and connectivity with Cisco Nexus 9300, 9400, 9500 and 9800 switches.

• Setting up virtual switches for Cisco Nexus 1000v and VMware vSphere; moreover, analysing Cisco Nexus switches to produce certain situations.

• Configured Nexus 7010, implementing NX-OS virtual port channels, Nexus port profiles, and managing Nexus versions 4.2 and 5.0. Established Nexus VPC peer links for enhanced connectivity.

• Designed and implemented vPC domain, incorporating single-sided/double-sided vPC configurations, vPC peer- keep alive, vPC peer-link, and vPC member ports between Nexus 7009 and Nexus 5500 series switches in data centres.

• Successfully upgraded NX-OS on Nexus 7009 through ISSU (In-Service Software Upgrade), ensuring seamless updates without disrupting network operations.

• Collaborating with Juniper routers, including MX-480 and MX-960, and switches such as EX-4200, EX-4300, and EX-8200. Extensive experience extends to Juniper firewalls, specifically Juniper SRX-5400, SRX-4600, and SRX- 550.

• Improved capacity to detect and avoid unwanted activity at network devices Cisco routers in the ISR 1160, 1131, and 1120 series have enhanced security mitigation features.

• Conducted configuration and adept troubleshooting of Cisco routers, spanning various series including 2800, 2900, 7500, and 7200, ensuring robust and reliable network performance.

• Managed and maintained Cisco routers, performing routine updates, patches, and troubleshooting to ensure network availability and reliability.

• Implemented and proficiently managed dynamic routing protocols such as OSPF, EIGRP, and BGP on Cisco routers, optimizing data flow and seamlessly adapting to evolving network conditions.

• Configured Cisco ISE for wireless and Wired 802.1x Authentication on Cisco wireless LAN controllers, catalyst switches and Cisco ASA firewalls.

• Improved F5 Big-IP may be ready to fulfil the increasing needs for connectivity in addition to making use of its strength and regulating abilities.

• Enhanced business resilience by designing redundant VPN and load-balancing solutions for critical applications.

• Configuring and running F5 LTM cloud-based servers, iRules, and network connectivity to efficiently manage tasks like convert files and data validation.

• Install Python administration with two-factor authorization to strengthen the integrity of technological contacts.

• Managed servers on the Microsoft Azure Cloud Platform (Azure Virtual Machine) instances using Ansible Configuration Management.

• Supported secure cloud migration strategies by designing VPC and security group structures in AWS and Azure, minimizing risk to healthcare systems.

Microsoft, India Nov 2018 – Sep 2020

Network Engineer

Responsibilities:

• Configuring ACLs for network monitoring, handling of assets, management administration, and website settings on Cisco 5520, 5555, and 5554 ASA firewalls.

• Increased the R81, 13k, and R80.30 firewall series' efficiency and helped Checkpoints TAC staff find solutions for both physical and software issues.

• Monitoring app usage and connectivity, we managed to detect and address problems as they escalated, thanks to the tracking and analytic capabilities that Silver Peak comes with.

• Utilizing Cisco's TrustSec monitoring and analysis tools, tracked and examined network traffic while detecting and addressing security risks instantly.

• Integrating Tetration for a united safety plan with the current security facilities, which includes firewalls, SIEM structures, and antivirus programs.

• Monitoring consumption trends online and rapidly issuing safety alerts and limitations, Solar Winds NPM deployment reduced unfavourable effects on customer data.

• Utilizing Wireshark to track packet-level data in attempt to search for security holes and potential dangers like spyware infections and external incursion attempts.

• Developed and executed an operating room cabling scheme that enabled efficient and quick Ethernet connection between system elements.

• Extensive expertise with cloud-based apps, Terraform, and automated component connectivity for system design.

• Implementing TCP and UDP traffic assessment and management to ensure a durable and efficient internet and applications connectivity.

• Setting up BGP, EIGRP, RIP, MPLS, VPN, and OSPF protocol architectures to handle routing problems following migrations and extra user connections.

Education:

• MASTER IN COMPUTER AND INFORMATION SCIENCE

UNIVERSITY OF SOUTHERN MISSISSIPPI, USA

• BACHELORS IN COMPUTER SCIENCE AND ENGINEERING

KKR AND KSR INSTITUTE OF TECHNOLOGY AND SCIENCES, INDIA

Contact this candidate