Data Center Sd-Wan
Resume:
GOUTHAM VEGI
Phone: +1-817-***-****
Email-Id: *************@*****.***
LinkedIn: www.linkedin.com/in/gouthamvegi75/
PROFESSIONAL SUMMARY:
Very passionate Sr. Network Admin/Engineer with 8 years industry experience having worked in projects that include Data Center refresh, WAN Redevelopment, Firewalls, Load balancers, Cloud Proxies, ZTNA and Public Cloud. Excellent communication skills with the ability to work with storage, VMware, server and application teams. A proactive team player who also can work independently.
CAREER HIGHLIGHTS:
Extensive experience in large-scale environments on Network Design, IDF/MDF architecture, Datacenter Architecture, Legacy and Spine Leaf Architecture and migration projects to different vendor equipment.
Proficient in Layer 2 Switching and Layer 3 Routing with Cisco Switches (2960, 3500, 3750, 3850, 4500, 6500) and Nexus (2k, 3k, 5k, 7k, 9k) in enterprise and data center environments.
Expertise in Juniper EX Switches (EX2200, EX2500, EX3200, EX4200, EX4500, EX8200) and VSS, VPC, VDC technologies, Spine Leaf Architecture.
Skilled in Cisco and Juniper Routers (3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k; E, J, M, T-series) and Arista
7000 series routers.
In-depth knowledge of OSPF, EIGRP, RIP, BGP, MPLS over BGP, EVPN, VXLAN, VTEPS, and BGP attribute manipulation.
Proficient in designing, implementing, and managing SD-WAN solutions for various enterprise clients.
Skill in configuring QoS policies within SD-WAN to prioritize critical applications and ensure consistent performance and high availability. Hands on experience in configuring and Deployment of Routers and Switches in network support.
Strong troubleshooting skills in diagnosing and resolving SD-WAN-related issues to minimize network downtime.
Extensive experience with perimeter and VPN firewalls, including Cisco ASA 5500 series with Firepower module, Palo Alto firewalls, panorama, Checkpoint firewalls, Bluecoat and Zscaler cloud proxies.
Configured F5 LTM and GTM, implementing security modules (APM, ASM), and 2-factor authentication with RADIUS and RSA secure ID.
Experience in routers and switches in various network configurations supported VLANs, Qos, VoIP, and advanced access-lists.
Managed PA 200, 500, 3020, VM series firewalls, Panorama M100 series, Juniper SRX series, Fortinet firewalls and next-gen firewall technologies (URL Filtering, SSL Forward Proxy, APP ID, ThreatID).
Collaborated with stakeholders to define requirements, design solutions, and validate implementations, ensuring alignment with business objectives and industry standards as the recognized SME.
Experience with Netscaler, including creating virtual servers, application load balancing, upgrading software versions, and redirect rules, as well as migrating from Netscaler to F5.
Configured F5 LTM, series 5000 for corporate applications and high availability, implemented LTM and GTM in DMZ and internal networks, and worked on software versions up to 12.1.2.
Experience with Aruba and Cisco Wireless LAN controllers, provisioning APs, Virtual APs, RTLS, Wireless SSIDs, and upgrading WLCs.
Strong understanding of Cisco IOS, Cisco ACI, AWS, and Azure environments, with primary support for Blue Coat Proxy activities.
Skilled in SolarWinds NPM, NCM, IPAM, Windows DHCP, DNS, and Infoblox.
Implemented and troubleshooted VLAN, STP, MSTP, RSTP, PVST, 802.1Q, DTP, HSRP, VRRP, GLBP, LACP, PAGP, AAA, TACACS, RADIUS, MD5, VTP, and SVI.
Proficient in using tools like ping, traceroute, Gigaton, Wireshark, TCP dump, and Linux servers for network traffic troubleshooting.
Honored with multiple individual and team awards for managing SDLC releases covering technology refreshes, new requirements, and system maintenance.
TECHNICAL SKILLS:
Networking Technologies
LAN/WAN Architecture, TCP/IP, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP
Networking Hardware
Cisco Switches, Cisco Routers, ASA/Palo Alto/Fortinet/Juniper firewalls.
Routing Protocols
OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting
Security Technologies
Blue Coat, Palo Alto, ASA, Fortinet, Checkpoint, Zscaler
Network Monitoring
SolarWinds, NetView, Netbrain
Operating Systems
Windows, LINUX, Cisco IOS, NX-OS
Scripting
Python, Ansible
Switches
Cisco Catalyst (2960, 3500, 3750, 3850, 4500, 6500), Nexus (2k, 3k, 5k, 7k, 9k), Juniper EX series
Competencies:
CNS_Network Security_Cisco
Routers
Cisco: 3800, 3600, 2800, 2600, 1800, 1700, 800, ASR 9k; Juniper: E, J, M, T-series; Arista
7000 series
SD-WAN
Versa, Viptela, MPLS, VMware SD-WAN (VeloCloud)
Load Balancers
F5 (LTM), GTM, NetScaler, Cisco ACE, A10
Simulation Tools
GNS3, Packet Tracer, EVNG, Cisco Modelling Labs
Firewalls and Proxies
Cisco ASA, Palo Alto, Checkpoint, Juniper SRX, Next-Gen Firewalls, Bluecoat, Zscaler
AAA Architecture
TACACS+, RADIUS, Cisco ISE, Aruba Clearpass
Features & Services
F5 VIPs, Pools, Monitors, SNAT, SSL Offload, IPSEC VPN, SSL VPN, High Availability, Global Load Balancing
EDUCATION:
Bachelor’s degree in Information Science and Engineering.
Dayananda Sagar College of Engineering, Bengaluru, KA, India.
CERTIFICATION:
(CCNA) – Cisco Certified Network Associate
(CCNP) – Cisco Certified Network Professional
(PCNSE) – Palo Alto Certified Network Security Engineer
(AZ 900) – Azure Fundamentals
PROFESSIONAL EXPERIENCE:
State Street Corporation, Boston, June 2024 – Present
Sr. Network Engineer
Tasks: Responsible for the design, implementation, automation, and support of enterprise campus and cloud network infrastructure across AWS, Azure, and OCI. Managed L2/L3 routing and switching using Cisco platforms, enforced security with Palo Alto NGFWs and Zscaler, automated configuration and monitoring tasks with Python, and supported Cisco ACI and Cisco NDFC for policy-driven data center operations.
Key Responsibilities:
Designed and implemented BGP-based hybrid network connectivity between on-prem and multi-cloud environments (AWS, Azure, OCI) with high availability and route control.
Configured and supported Cisco ACI fabric including tenants, EPGs, bridge domains, and contracts for secure, micro-segmented data center operations.
Deployed and maintained Cisco NDFC (Network Data Fabric Controller) for automating and monitoring Nexus infrastructure and overlay networks.
Managed and troubleshot L2/L3 enterprise switching and routing on Cisco Catalyst and Nexus platforms, including VRF, VLANs, HSRP, and static/BGP routing.
Engineered secure and scalable AWS VPC networks using Transit Gateways, VGWs, route tables, NACLs, and VPC peering across accounts.
Built and maintained Azure Virtual Networks (VNets) with custom routing, NSGs, and Azure Firewall integrations for enterprise workloads.
Deployed OCI networking components including DRGs, LPGs, and route tables to enable secure application connectivity across tenancy regions.
Configured and secured SIP signaling using TLS encryption to protect VoIP communication against eavesdropping and tampering.
Implemented TLS-secured SIP trunks between on-premise PBX systems and SIP providers, ensuring compliance with VoIP security standards.
Led the end-to-end migration from Checkpoint firewalls to Juniper SRX, including rulebase translation, object mapping, and security zone alignment to ensure seamless policy enforcement.
Analyzed and optimized existing Checkpoint policies, removing redundant rules and streamlining configurations before replicating them in Junos OS for improved performance and manageability.
Led root-cause analysis and resolution of complex connectivity issues affecting LAN, roadside units, walk-in centers, and external partner networks, using tools like packet captures, NetFlow, SNMP monitoring, and log correlation.
Implemented Palo Alto NGFWs in hybrid environments with App-ID, User-ID, NAT, security profiles, and threat prevention for cloud and on-prem workloads.
Integrated Zscaler Internet Access (ZIA) with the enterprise edge to provide cloud-delivered web filtering, threat protection, and secure user access.
Designed and deployed Cisco ISE architecture to enforce 802.1X authentication and dynamic VLAN assignment across wired, wireless, and VPN access points.
Troubleshot SIP over TLS issues using tools like Wireshark and sngrep, analyzing encrypted SIP handshakes and certificates.
Managed digital certificates and PKI infrastructure for TLS implementation in SIP-based telephony networks.
Implemented and managed F5 Application Security Manager (ASM) to provide robust Layer 7 protection for web applications, including protection against OWASP Top 10 threats, bots, and application-layer DDoS attacks.
Automated network device provisioning and config audits using Python (Netmiko, NAPALM, Paramiko), improving operational efficiency and compliance.
Configured security policies in ASM, including learning mode, automatic policy building, and manual tuning of signatures and attack signatures to reduce false positives and enhance threat detection accuracy.
Built reusable Python scripts to push configs, back up device settings, parse routing tables, and validate BGP neighbor status across multiple sites.
Configured Juniper SRX firewalls with security policies, NAT rules, address books, and IPS/IDP profiles, ensuring parity with existing Checkpoint configurations and compliance standards.
Planned and executed cutover strategies with minimal downtime, performing pre- and post-migration validation, rollback planning, and coordination with application and security teams.
Integrated Red Hat Enterprise Linux (RHEL) systems into network infrastructure for deploying secure, scalable services such as DNS, DHCP, and syslog across enterprise environments.
Automated configuration and monitoring of network devices using Python scripts on RHEL servers, leveraging tools like cron, systemd, and rsyslog to streamline operations and ensure system reliability.
Worked with DevOps and cloud teams to support network automation workflows and CI/CD pipelines integrating with Terraform and Git.
Integrated TACACS+ with Cisco ISE and ACS to manage administrative access and command-level authorization for network infrastructure devices.
Troubleshot authentication failures and policy misconfigurations using logs, packet captures, and monitoring tools, ensuring seamless user and device access.
Provided L3 escalation and deep troubleshooting support for routing issues across MPLS, cloud edge, and inter-region connectivity, including BGP route leaks and flaps.
Maintained robust logging and telemetry across Cisco ACI and Palo Alto environments by integrating with external SIEM tools and custom Python logging scripts.
Participated in network design reviews, created high-level and low-level diagrams, and authored detailed change documentation and MOPs for all production deployments.
Environment: Cisco Routers (ASR, ISR), Catalyst & Nexus Switches, Cisco ACI, Cisco NDFC, Palo Alto NGFWs, Zscaler ZIA, AWS VPC/Transit Gateway, Azure VNets/NSGs, OCI DRG/LPG, BGP, Python (Netmiko, NAPALM), OSPF, VLANs, VRFs, Terraform, Git, CI/CD, Network Automation
Tory Burch, Manhattan, NY November 2023 – May 2024
Network System Engineer
Tasks: Managed enterprise campus network infrastructure with a focus on Cisco routing and switching, Aruba SD-WAN and wireless solutions, Aruba Central and ClearPass, and Palo Alto firewalls. Oversaw network design, operations, and optimization of security and load balancing using F5 LTM/GTM in a hybrid, high-availability environment.
Key Responsibilities:
Designed and supported Layer 2 and Layer 3 campus network architecture using Cisco Catalyst and Aruba switches, implementing VLANs, HSRP, STP, and routing protocols (OSPF, BGP).
Deployed and managed Aruba SD-WAN across remote offices, configuring dynamic path selection, role-based policies, and traffic shaping to improve application performance.
Installed and maintained Aruba wireless infrastructure, including Access Points and Mobility Controllers, ensuring seamless connectivity and RF optimization across corporate offices.
Managed Aruba Central for cloud-based visibility, centralized monitoring, and troubleshooting of switches, APs, and SD-WAN devices across all locations.
Integrated ASM with SIEM and logging systems for real-time alerting, log analysis, and incident correlation, improving visibility into application-layer threats and response time.
Supported network security and firewall rule verification by deploying and managing RHEL-based jump servers and syslog collectors, enabling secure administrative access and centralized logging for compliance audits.
Integrated SIP endpoints (IP phones, soft clients) with TLS for secure SIP registration and call setup.
Collaborated with VoIP vendors to enable TLS-based SIP signaling, enhancing call privacy and authentication.
Performed virtual patching and applied iRules in conjunction with ASM policies to mitigate application vulnerabilities during code remediation delays, enhancing overall web application security posture.
Planned and executed RF site surveys and wireless heatmaps using Aruba Central and AirWave to optimize AP placements and eliminate dead zones.
Deployed and troubleshot Cisco ISR and ASR routers, and Catalyst switches for core and edge connectivity across the campus network.
Configured and maintained Palo Alto next-generation firewalls, including policy creation, App-ID, NAT, SSL decryption, and zone-based segmentation.
Integrated Palo Alto firewalls with Active Directory and GlobalProtect for secure remote access and identity-based policy enforcement.
Installed and administered F5 BIG-IP LTM and GTM, providing global and local load balancing for internal and external applications with high availability.
Implemented and managed WAN optimization solutions using Cisco WAAS and Riverbed SteelHead to enhance application performance, reduce latency, and improve bandwidth utilization across distributed enterprise networks.
Monitored and troubleshot end-to-end campus network operations, resolving escalations related to switching, routing, wireless, and firewall issues.
Supported firmware upgrades, patch management, and configuration backups for Cisco and Aruba network equipment as part of lifecycle maintenance.
Collaborated with cross-functional teams to implement scalable and secure network designs that align with business growth and cloud adoption initiatives.
Environment: Cisco Routers (ISR 800, ASR 9K), Cisco Catalyst Switches (3850, 9300), Aruba SD-WAN, Aruba APs & Controllers, Aruba Central, Aruba Switches, Aruba ClearPass, Palo Alto Firewalls (PA Series), F5 BIG-IP LTM/GTM, OSPF, BGP, VLANs, 802.1X, DNS/DHCP, Campus Network Design
Disney, Orlando, FL May 2022 – November 2023
Network Engineer
Tasks: Worked in Enterprise and Data center environment on switching, routing, firewalls (Site to Site VPN tunnels). Worked on Cisco Wireless, migrating legacy switches to Nexus and migrating Load balancers in Data center for internal and external applications.
Worked as part of the delivery team where daily tasks included code upgrades, prefix-list addition, and access-list addition using Python scripts based on tickets generated by customers.
Installed and configured LAN/WAN Networks, Hardware, Software, and Telecommunication services – Cisco Routers and Switches like Cisco 3750, 3750 Gig, 6500, Nexus 7k, ASR 9k.
Designed, deployed, and managed Cisco Viptela SD-WAN solutions, including vManage, vSmart, vBond controllers, and edge devices, to ensure reliable and efficient connectivity across enterprise branch offices.
Configured secure overlay networks with IPsec encryption and implemented role-based access control (RBAC) to safeguard data integrity and ensure compliance with security regulations.
Enabled seamless hybrid cloud connectivity by integrating SD-WAN with Azure applications, ensuring high availability and optimized performance for cloud-hosted workloads.
Deployed and managed scalable SD-WAN solutions for multiple branch locations, providing secure, efficient, and cost-effective connectivity for remote offices.
Deployed and managed Cisco Meraki SD-WAN solutions to optimize branch connectivity, ensure application performance, and simplify centralized policy enforcement.
Designed and implemented Azure Virtual Networks (VNets), Subnets, and Network Security Groups (NSGs) to securely connect and segment cloud resources.
Configured and monitored Cisco Meraki switches, leveraging cloud-based management for efficient VLAN provisioning, port security, and network troubleshooting.
Installed and maintained routers and switches in various network configurations supported VLANs, Qos, VoIP, and advanced access-lists.
Configured and monitored Cisco Meraki switches, leveraging cloud-based management for efficient VLAN provisioning, port security, and network troubleshooting.
Deployed and optimized Azure Load Balancer and Application Gateway for high availability, scalability, and traffic management of cloud-based applications.
Deployed and configured FortiGate Next-Generation Firewalls (NGFWs) to enforce security policies, enable VPN connectivity, and ensure high availability across enterprise networks.
Enabled FortiGuard services (IPS, antivirus, web filtering) and SSL inspection to protect against advanced threats and secure encrypted traffic.
Designed network segmentation using VDOMs and security zones, integrating FortiSwitch and FortiAP for a secure, unified network fabric.
Monitored and optimized FortiGate performance using FortiAnalyzer, resolving complex issues to maintain uptime and compliance.
Implemented Zscaler Internet Access (ZIA) to provide secure, cloud-based internet access for distributed enterprise environments, replacing traditional on-premises firewalls and proxies.
Optimized ZIA performance by leveraging Zscaler Direct-to-Cloud architecture, reducing latency and improving user experience for remote and branch office users.
Deployed Zscaler Private Access (ZPA) to enable Zero Trust Network Access (ZTNA), providing secure, application-specific access to internal resources without exposing the network to the internet.
Implemented Data Loss Prevention (DLP) and Cloud Application Control policies in ZIA to monitor and restrict the use of unauthorized cloud applications and prevent sensitive data leakage.
Provided operational support and troubleshot production wireless network issues.
Designed and deployed F5 BIG-IP Local Traffic Manager (LTM) and Global Traffic Manager (GTM) solutions to optimize application delivery, ensure high availability, and distribute traffic across multiple data centers.
Deployed and configured Citrix ADC (Application Delivery Controller) to provide load balancing, traffic management, and application acceleration for critical business applications.
Monitored and optimized the performance of F5 and Citrix load balancers by analyzing traffic patterns, tuning configurations, and implementing advanced features like Caching, Compression, and Connection Multiplexing.
Provided Tier 3 support for load balancer-related incidents, ensuring minimal impact on application availability and user experience.
Environment: Routers (Nexus 1K, 5K,7K, Juniper MX-960), switches (6500/3750/3550 3500/2950), F5 Load balancing (LTM, GTM, APM, AFM, ASM), EIGRP, ACI, OSPF, BGP, VPN, Unified Contact Center Enterprise (UCCE), SDLC, QOS, MPLS, Cisco Catalyst Switches, AZURE, Firewalls (Cisco ASA, Palo Alto), Cisco Voice (CCM, UCCE, UCCX), Citrix.
Anthem, Richmond, VA September 2021 – May 2022
Network Engineer
Tasks: Installation of PA firewalls. Migration from ASA to PA. Worked on Tier 3 Issues with MPLS, Core and WAN routing, F5 and ACE LB. Managed IP subnets, Monitoring. Worked on service now tickets on Network issues in data center and Enterprise. Upgradation of IOS for various equipment on timely basis.
Key Responsibilities:
Configured and administered firewalls, which included Checkpoint, Juniper, and Cisco ASA firewalls.Researched, designed, and replaced Checkpoint firewall architecture with new next-generation Palo Alto PA3000 and PA5000 appliances serving as firewalls and for URL and application inspection.
Configured rules and maintained Palo Alto Firewalls and analyzed firewall logs using Panorama.
Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls.
Configured and maintained Cisco 3800, 3900 (ISR G2), and 7600 Series routers for enterprise and service provider environments, ensuring high availability and optimized routing performance.
Proficient in configuring and troubleshooting Cisco IOS-based devices, including advanced routing protocols (BGP, OSPF), ACLs, NAT, and QoS for secure and efficient network operations.
Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls and implemented Zone-Based Firewall and Security Rules on the Palo Alto Firewall.Reviewed policies, audited, and cleaned up unused rules on the firewall using Tufin and Splunk.
Gained data center experience including creating new cable run lists (L1), documenting runbooks, solution planning and upgrading, and architecting VXLAN, ACI, and ASA cluster firewall with NAC.Configured and maintained Cisco ASA 5580-20, ASA 5540, ASA 5520, ASA 5510 series firewalls.
Configured Syslog server in the network for capturing logs from firewalls.
Administered Cisco AMP endpoint security infrastructure and monitored endpoints for threats.
Configured and managed Cisco Web Security Appliance (WSA) in an enterprise environment..
Configured F5 Load Balancers, adding virtual IPs, nodes, pools, and health monitoring.
Worked on F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BigIP Load Balancers.
Established IPSEC site to site VPN tunnels between AWS VPCs and On Prem network devices.
Followed information security policies, methods, standards, NIST standards, and practices to organize information systems, IT reference material, and interpret regulations.
Environment: Cisco ASA 5580/5540/5520, Checkpoint R70, R75, R77.20 Gaia, Palo Alto PA-5000/3000, IEEE 802.11, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN, Cisco WSA, ACI, Bluecoat Proxy servers, IDS/IPS, SIEM, AWS.
Cognizant, Hyderabad, India January 2017 – June 2021
Network Admin
Tasks: Managed Layer 1/2/3 issues, multi-vendor switches/routers, firewall rules, VPN tunnels, and cabling in a NOC team.
Key Responsibilities:
Managed and configured Cisco routers (7200, 3700, 2600, 2800, 3600) and switches (4900, 2900, 3550, 4500).
Configured Site-to-Site VPNs, STP enhancements (Port-fast, Uplink-fast, Backbone-fast), private VLANs, and security measures.
Installed and configured Cisco ASA firewalls.
Managed firewall logging, DMZs, security policies, and IPSEC VPNs.
Implemented security architecture using ACLs.
Worked on troubleshooting LAN/WAN infrastructure, DNS, DHCP, and IP conflicts.
Used Wireshark for network scanning.
Provided 24 7 L2 support for Cisco ASA Firewalls.
Maintained redundancy with HSRP.
Documented network configurations and changes.
Managed IP address space using VLSM.
Environment: VLSM, Active Directory, DNS, CAT5 cabling, BGP.
Contact this candidate