Network Security Engineer
Resume:
Kavadi Naga Revathi
Sr Network Security Engineer
****************@*****.***
SUMMARY:
9+ years of experience in designing, implementation, exceptional troubleshooting, support large scale enterprise data centers and remote sites including routers and firewalls.
Working as Cloud Administrator on Confidential Azure, involved in configuring virtual machines, storage accounts, Confidential.
Created Python scripts to facilitate the integration of various network security solutions, ensuring seamless data exchange and improving overall security posture.
Configured and managed Aruba Instant APs for quick and scalable deployment of wireless networks in branch offices and remote locations.
Configured and managed FortiGate's 7081F, 4200F, 2600F, 1000F Application Control to regulate the use of applications and prevent risky or unauthorized software usage.
Implemented and managed Palo Alto Networks PA-5250, PA-3250, and PA-7000 series firewalls to secure corporate networks against external threats.
Created Ansible playbooks to integrate and configure network security tools, including Snort IDS, Splunk SIEM, and OpenVPN, enhancing overall network security and operational efficiency.
Managed guest network access using Cisco ISE, giving guests easy access options that are safe and secure.
TECHNICAL SKILLS:
Network Tool: Cisco VPN’s, WAN, LAN, VPN, Firewalls, routers, Wireshark, Fiddler, Logs Miners
Languages: KQL, PowerShell, Familiarity with SQL, Python
Firewalls: Palo Alto, Fortinet, Juniper SRX, Checkpoint and Cisco ASA.
Data Center Switches: Nexus 2k, 5k, 7k and 9k series and Arista 7000 series switches
Operating System: macOS, MS Windows 1998, 2000, XP, Vista, win 7, 8, 10, 11, Win Hello, Wind Hello for Business, Servers 2008, R2, 2012, 2012R2, 2016, 2019, 2022
Standards/Practices: AD, ADFS, DNS, DHCP, NPS, RDG, TCP/IP, IIS
Scripting Lang: Python, RESTful API, Bash
LAN Technologies:
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
Professional Experience:
Infosys, Richardson TX Oct 2024 to Present
Sr. Network Security Engineer
Responsibilities:
Configured to protected zones, Palo Alto firewalls, such as the PA-5430, PA-5250, and PA-3410 series, offer improved network setup and administration capabilities.
Implemented the effectiveness of several Palo Alto safeguards using the business's Panorama tracking platform.
Developing use of to promote the deployment of the Palo Alto developing structure, which monitors and assesses the effectiveness and reliability of IPsec VPNs.
Using Palo Alto Panorama's user interface and exercise connection capabilities to quickly and effectively analyze potentially hazardous situations.
Configured Cloudflare Load Balancing to provide geographic redundancy and failover support for critical applications with active health checks.
Implemented incident response by analyzing historical Cloudflare traffic logs during DDoS, credential stuffing, and scraping incidents.
Implemented robust SD-WAN network architectures, ensuring high availability and scalability to meet business requirements.
Developed and optimized application traffic through advanced routing policies, QoS, and load balancing using SD-WAN Viptela.
Configured and maintained security features within SD-WAN Viptela, including end-to-end encryption, firewall rules, and secure segmentation.
Implemented a multi-pod Cisco ACI infrastructure to set up numerous servers to accommodate increased connectivity.
Using incorporating the most recent developments, the Cisco ACI applications underwent functional improvements and alterations that increased their use and included new capabilities.
Implemented OSPF and BGP, two sophisticated routing protocols, to Cisco Nexus switches to improve networking capacity and flexible routing features.
Configured ACI modes on Cisco Nexus 9300, 9400, and 9500 series switches to enable software-defined networking (SDN) and enhance automated networking and flexibility.
Set up Cisco Nexus switches' Quality of Service (QoS) settings to give priority to important apps, therefore lowering latency and guaranteeing dependable performance.
Implemented protection enhancements to Cisco routers to recognize and halt malicious activities at the network's borders.
Configured to verify a seamless transfer and minimal downtime for critical operations, a redundant system was developed using extra Cisco ISR 111X, 1120, 1131, and 1160 routers.
Implement standardized network equipment by combining Cisco routers with wireless access points, switches, and firewalls.
Set up Ansible Tower to schedule recurring assessments of the private network and provide across alerts when guidelines are violated.
Configure the Cisco Secure Firewall 3120 and 3130's versatile monitoring options, which allow for fast policy modification and monitoring of all connected devices.
Set up network designs on Juniper SRX 4700 and SRX 4300 devices to monitor and control assured service-layer connections.
Developed the concepts that could allow additional connecting device manufacturers to improve or alter the open-source Netmiko business.
Implement the Infoblox TE 1506-1606 DNS firewall restrictions to aid in thwarting the programmer's efforts to use DNS tunnelling.
Configured and resolved effectively thanks to the use of ISEC's innovative security analysis tools and the supervision of regular network assessments.
Collaborated with cybersecurity teams to ensure Active Directory security by implementing best practices such as least privilege, regular password changes, and account lockout policies.
Using the machines, schemes, structure, and installed programs as criteria, create the Cisco ISE research settings to categorize displays.
Develop advantage of the popular Python word processing tools to track data and look for trends that might point to security flaws or legal infractions.
Using F5 iRules from Viprion to ensure that legitimate client enquiries are directed to pertinent, acknowledged, and taken into consideration solutions.
Development of the F5 ASM and SIEM networks, incident response times were reduced and threat identification was expedited.
Configured and maintaining accurate records for F5 GTM establishes and processes, activities and support were enhanced.
Utilized Azure Network Watcher and Azure Monitor for real-time monitoring, diagnostics, and troubleshooting of network issues.
Configured Azure Traffic Manager for global load balancing and traffic routing based on performance, geographic location, and other criteria.
Integrated Arista switches 7260X, 7050X, and 7132LB with SDN solutions to enable centralized control and management of network resources.
Freddie Mac, Chicago, IL May 2022 – Sep 2024
Sr. Network security Engineer
Responsibilities:
Configure AWS Cloud Watch to update applications and cloud resources, change alerts, and turn on messaging.
Set up AWS Cloud Trail to monitor and analyze API activity for each AWS account, ensuring that an accurate record of all actions taken on the AWS platform is kept up to date.
Integrated state-of-the-art features, such Aruba Dynamic Absence, to offer secure, regulated entry to policy-based internet connections.
Configured and maintained enterprise-level proxy servers to ensure secure and efficient internet access across the organization.
Implemented forward and reverse proxy solutions to optimize network traffic, enhance security, and reduce latency.
Monitored and analyzed proxy server performance, identifying bottlenecks and optimizing configurations to improve response time.
Deployed and configured Web Application Firewalls (WAF) to protect web applications from common web-based threats, including SQL injection, XSS, and CSRF attacks.
Experience with Active Directory, the primary administration hub for streamlining security procedures and maximizing user information require.
Involved in the division and containment of system automation activities through the utilization of design standards and Python scripts, which improved code utilization and upkeep in large-scale deployments.
Monitored web traffic through WAF to identify and mitigate security threats, ensuring minimal impact on application performance.
In-depth understanding of Meraki secure skills, which enhance total system safety with modern features like risk testing, entry monitoring, and data screening.
Working with F5 Viprion facilitates the sharing secure software and assets between public and private networks by operating smoothly in cloud settings.
Configure the iRules on the F5 system to control the connectivity in both directions, boosting efficiency and freeing sufficient nodes to handle SSL transactions.
Involved in order to provide upgrades and the optimal user experience between distant computers, distributed routing policies were created utilizing F5 Viprion's GSLB features.
Set up and maintained several locations' worth of safe and dependable wide area network connection using Cisco Viptela vEdge routers.
Improved network efficiency by defining and enforcing application-aware traffic rules using Cisco Viptela's integrated policy administration.
Increased internet connections and MPLS by integrating SD-WAN Viptela, guaranteeing dependable connection.
Assist with controlled, policy-based system management and planning, the Cisco ACI fabric was developed, put into place, and maintained.
Effectively integrate and transfer current network technology, Cisco ACI was set up in both usage- and infrastructure-centric topologies.
Setting up connections between sensitive information places, Cisco ISE-secured endpoints, and firewalls, between other security measures.
Assisted many teams in seamlessly integrating ISEC into the entire design, enhancing security processes and guaranteeing exceptional efficacy.
Configuring the necessities for effectively monitoring and managing local DNS and DHCP settings was part of installing Infoblox for Networks Tool Administration.
Setting up Ansible with firewalls, switches, and other networking equipment together with security protocols for the entire company.
Maintaining activity monitoring on the internet, helped set Cisco Secure Firewall 3105 and 3110 access controls, and prevented unauthorized access to important assets.
Developed to apply safety patches and alter the hardware of Cisco routers to fix issues and adhere to rules.
Integrated ZTNA principles with existing network infrastructure, ensuring seamless access control and minimizing attack surfaces.
Configure safe connections between business and local locations that protect confidential information by including Cisco routers ISR 1100, 1160, and 1131 into a multi-site working architecture.
Increased effectiveness of networks and connectivity by identifying and resolving problems with Cisco router tracking inquires, including route, ping, and screen exchanges.
Developed rules and regulations for Juniper SRX 1600 and SRX 2300, guaranteeing adherence to the law and promoting information exchange.
Increased Layer 2 and Layer 3 connection, together with lag-free data transportation, were the primary objectives in the Cisco Nexus Switch architecture.
Implementing the Cisco Nexus 9300, 9400, 9500 and 9800 series comprehensive service modules (ISM) connection analysis and evaluations to add to safety precautions.
Working on the FortiGate 1000F, 1800F, 2600F, and 3500F firewalls, the application of regulated impacting traffic rules for significant applications has resulted in a growth in use of bandwidth.
Monitored the administration of FortiGate configuration, rules, and information interpreting, making audit-related duties easier and acted as a vital point of interaction.
Developed the Fortinet security architecture, which promotes interaction and data exchange between Fortinet devices and improves safety in general.
In order to supply safe authorization and communication in IPv4 and IPv6 situations, a multinational corporation installed dual stack FortiGate firewalls.
Implementing network infrastructure, procedures, and hardware configurations for Palo Alto Networks PA-7080, PA-5420, PA-3430, and PA-3260 firewalls in internet-based sites in accordance with corporate and company standards.
Skilled in using Palo Alto Networks controlling firewalls to create dynamic, ever-changing displays that are customized to certain safety situations and business requirements.
Implemented Palo Alto Networks' layer methodology for firewalls in the PA-7000 series, which decreased setup issues and guaranteed an ongoing security history across multiple places.
Huntington Bank, Columbus, OH Oct 2019 to Apr 2022
Network Security Engineer
Responsibilities:
Configured and kept up security monitoring in Azure System Portal to provide reliable reliability and availability of the backside.
Deploying Panorama scripting to configure out typical safety precautions and protocols to PA-2200, PA-850, PA-440, and PA-460 Series routers deployed in sites, better management and policies stability were ensured.
Integrated WAF logs with Security Information and Event Management (SIEM) systems for real-time threat detection and response.
Implemented SSL/TLS interception on Blue Coat appliances to inspect encrypted traffic and prevent data exfiltration.
Deployed access control lists (ACLs) on proxy servers to enforce internet usage policies and restrict access to unauthorized sites.
Install programs like Checkpoint Monitor and distribute their duties among the F5 BIG IP devices in the 4000r, 5000r, and 12000 rSeries to verify the firewall's dependability.
Utilizing the Cisco ASA 5500, 5510, 5580, and 5585 firewalls, we developed and implemented system divide techniques including VLAN marking and Secured Levels while engaged in many teams.
Integrated proxy servers with web filtering and security appliances to provide comprehensive threat protection and content filtering.
Collaborated with security teams to implement and maintain Blue Coat Unified Agent for remote user protection and policy enforcement.
Designed and managed the capacity-tracking and investigating Solar Winds Online Networks Management Platform, which keeps an eye on all links and devices and raises an alarm when needed.
Implementing Tetration principles, small components, zero-trust protections, application assistance, and other techniques, structures improved in overall efficiency and safety.
Integration with Blue Coat's Site Monitor, which prevents usage of URLs and offerings that are currently rated unsuitable or hazardous based on their length and networking quality.
Implement LAN-based mobile connectivity, establish systems using Cisco routers 1900, 2900, and 3900.
Collaborated with cross-functional teams to deploy ZTNA as part of a broader Zero Trust architecture, improving overall network security posture.
Troubleshot and resolved issues related to ZTNA deployments, ensuring uninterrupted secure access to critical applications and data.
Configured & administered Domain Naming Server (DNS), Dynamic Host Configuration Protocol (DHCP), Distributed File System (DFS), Internet and Remote Access Service (RAS).
Worked on Cisco 6513, 6509 and 7204 series devices including FWSM firewall changes, routing switching changes and Juniper Net Screen based SSL VPN and ISG.
Configured and troubleshoot of BGP, OSPF, EIGRP, RIP, VPN routing protocol in Cisco Routers & L3 switches.
Worked on SDN/NFV technologies including Open Stack Neutron, VM ware NSX, Open flow, Open daylight, Open v Switch, Open Contrail.
Utilizing TrustSec policies to divide internet traffic according to client duties, devices types, and business demands, we controlled the potential for intruders to change their course.
Worked with Checkpoint firewalls 21k, 13k, 12k, and R75.40VS to offer unified policy supervision, cutting, and tracking for safeguarding networks and data systems.
Cap Gemini, India Jun 2016 to Aug 2019
Network Support Engineer
Responsibilities:
Integrated webpages into router locations by developing and managing DNS structures, which made it possible for networking and internet services to communicate easily.
Experienced in setting up and maintaining routing standards, such as BGP, EIGRP, OSPF, and RIP, for effective data transport.
Installation and configuration of various Routers like 800, 1600, 2500 and configuration of various Cisco switches like 2960, 3560.
Build and maintain all WAN connectivity for remote offices with a global Checkpoint firewall infrastructure.
Troubleshoot and configured connectivity issues related to VPN, DHCP, DNS, Firewall DMZ.
Implemented WAN, LAN, VOIP, Security solutions in health care, retail, manufacturing and financial services.
Contact this candidate