Network Engineer Security
Resume:
Swetha Gugulothu
Senior Network Engineer
**********@*****.***
SUMMARY:
Over 6 years of experience with Network Security Engineer in deploying, migrating, troubleshooting and supporting enterprise level networks and Data centres.
Configured and adjusted a number of access controls to permit the use of specific VPN ports for Palo Alto PAN- PA-5400-DPC-A, PA-5280, PA-5250 Firewall via Panorama for a range of services and applications, Worked on FortiGate 3200F, 500E, 200E firewall series and VPN management. Migrated anti-spoofing and security policy configuration from Cisco ASA 5585, 5555, 5540 to Checkpoint firewall R80, R80.40, R81. Integrated next- generation firewall (NGFW) capabilities into SD-WAN Viptela appliances to inspect and filter traffic, preventing unauthorized access and malware threats. Deployed IOS upgrades on various cisco routers ASR 9912, 9910, 9906, 1000 series and Catalyst switches 8500, 9400, 6500, 6509-NEB-A, series hardware including Nexus 9400, 9500, 9800 series switch platforms. Experience working with Arista 7050X3, 7010T, 7280R3 in data centre, using the Amazon cloud environment for development and testing environments using the AWS command line tools to set up auto scaling of the instance group. Troubleshoot and performed health checks on F5 LTM/GTM load balancers and monitored the status of the application servers. TECHNICAL SKILLS:
Firewalls & Security Platforms: Palo Alto (PA-5400, 5250, 3430), Fortinet (1800F, 3200F, 500E), Cisco ASA/FTD/Secure Firewall, Checkpoint (R80.x), Juniper SRX, Illumio, Akamai WAF, Prisma Access/Cloud, Cisco ISE, Aruba ClearPass, ISEC
Routing & Switching: Cisco ISR/ASR, Catalyst (6500–9400), Nexus (9K), Arista, Juniper, OSPF, BGP, EIGRP, MPLS, VLAN, STP, HSRP, ACLs, NAT, DHCP, DNS
SDN & Data Center: Cisco ACI (Multi-Pod, Multi-Site), Endpoint Groups (EPGs), Microsegmentation, Cisco TrustSec, Tetration, NetScaler
Cloud & Virtualization: AWS (VPC, Route53, Direct Connect, CloudFront, CloudWatch, EC2, S3, VPN, Security Groups, Auto Scaling), Azure (VNet, ExpressRoute, Peering), Prisma Cloud, Terraform (IaC), Netmiko Load Balancing: F5 BIG-IP LTM/GTM (2000i, 4000i, rSeries, 7000, 10000 series), Advanced health checks, DNS- based GTM, SSL offloading, Akamai WAF policy automation via API Wireless & Edge: Cisco Meraki (MX64, MX67, MX250), Aruba Wireless & ClearPass, Silver Peak SD-WAN, Cisco Viptela SD-WAN
Monitoring & Management: Panorama, FortiManager, FortiAnalyzer, Cisco FMC, ISE, SolarWinds, PRTG, Wireshark, Cisco DNA Center, SNMP, SIEM Integration DDI & DNS Security: Infoblox DDI (DNS, DHCP, IPAM), BlueCat, DNSSEC, DNS Firewall, Anycast DNS, DHCP Failover
Automation & Scripting: Python, Ansible (Patch Management), Terraform (Reusable Modules), Netmiko, Akamai API scripting
Identity, Access & Zero Trust: 802.1X, RADIUS, TACACS+, MFA, SAML, OAuth2.0, Zero Trust Architecture
(ZTA), ZTNA, Cisco ISE, Azure AD
Protocols & Technologies: TCP/IP, UDP, IPv4/IPv6, IPSec, SSL/TLS, HTTPS, SMTP, VPN, SNMP, HTTP/2 Professional Experience:
Comcast, New York, NY Jan 2024 - Present
Sr. Network Security Engineer
Responsibilities:
• Configured security policies for IPv4 and IPv6 traffic on Palo Alto Networks firewalls, guaranteeing safe access to vital resources and thwarting attempts by unauthorized users to gain illegal access.
• Implemented device groups and templates in Panorama to enforce standard security configurations and rules on several Palo Alto firewalls, such as the PA-5450, PA-5250, and PA-5410.
• Configured and administered firewall rules on Palo Alto Firewalls, conducting thorough analysis of firewall logs via Panorama for comprehensive security monitoring.
• Developed automated scripts using Akamai API to manage WAF policies, monitor security events, and ensure consistent policy application across multiple regions.
• Configured and managed IPsec and SSL VPNs on FortiGate firewalls, ensuring secure remote access for employees while maintaining optimal network performance.
• Configured positive security models using Akamai WAF to allow only legitimate application behaviour while blocking anomalous or malicious activities.
• Monitored network traffic and application security through Prisma Access, enabling secure web access and reducing potential threats by 30% with URL filtering and threat prevention.
• Implemented Prisma Access to secure remote and mobile users, providing zero trust network access (ZTNA) across multiple global locations, ensuring consistent security and compliance.
• Managed Cisco ACI multi-pod and multi-site deployment, leveraging 9500 spine switches to extend ACI capabilities across multiple data centers, ensuring seamless connectivity and disaster recovery support.
• Implemented micro-segmentation policies on Cisco ACI 9318 leaf switches, enhancing security by isolating application workloads and reducing lateral movement of threats within the data center.
• Implemented migration plans to transition from F5 2000i, 4000i iSeries to rSeries seamlessly, minimizing downtime and ensuring uninterrupted application availability during the upgrade.
• Configured advanced health monitoring checks on F5 BIG-IP pools, ensuring only healthy servers receive traffic, which improved uptime and reduced unplanned outages by 20%.
• Integrated Meraki MX with Active Directory and Radius servers for seamless user authentication, improving security and simplifying access control across the network.
• Configured traffic shaping and QoS on Meraki MX64, MX67, MX250 devices, optimizing bandwidth usage and prioritizing critical application traffic to enhance performance for key business applications.
• Implemented Azure VNet peering across multiple regions to facilitate seamless inter-VNet communication, improving performance and reducing costs compared to traditional VPN-based connectivity.
• Configured and optimized ExpressRoute connections to establish private, high-speed connections between on- premises infrastructure and Azure, reducing latency and improving data transfer security.
• Using the Cisco ISE services, which improved service working with, acceptance, centralized oversight of apps, and security monitoring.
• Integrating Illumio, zero-trust safety precautions were set up on online and premises networks by determining requirements for use and retaining a watch on and evaluating network traffic.
• Working on Infoblox DDI (DNS, DHCP, and IPAM) establishes were developed and maintained in order to ensure reliable and effective techniques for network confirmation and confirmation.
• Integrated ISEC for forensic analysis and security investigations with the goal of determining the underlying causes of incidents involving unauthorized access and security breaches.
• Implementing Cisco Firepower 1150, 4112, and SM-48, custom intrusion rules were created and set up to adapt security protocols to various network configurations.
• Integrating of the Cisco Secure 3120 and 3105 Firewalls, enforcing rules for small segments that restricted network adaptability, isolated vital resources, and decreased the attack surface.
• Configured and put into place firewall policies and access control lists (ACLs) on Cisco routers to impose stringent network safety protocols and lessen possible threats.
• Developed safety and adherence to regulations by implementing CIS benchmarks on Cisco router 8100, 8200, ASR 9902, and 9903 setups to match industry-standard safety standards.
• Optimized Application Delivery with BIG-IP r2000 LTM; Configured Layer 7 load balancing, health check, and traffic persistence policies.
• Used Ansible to implement patch management across network security devices, ensuring timely updates to mitigate vulnerabilities and maintain regulatory compliance. CVS Health, Woonsocket, RI Sep 2022 – Dec 2023
Network Security Engineer
Responsibilities:
• Installed the Palo Alto Networks Wildfire inspection engine to thwart Zero-Day attacks and strengthen the network's security posture.
• Set up and fixed Virtual Private Network tunnel configurations using Palo Alto firewalls, such as PA-5250, PA- 3430, PA-5430, to ensure secure remote access and site-to-site communication.
• Implemented a complete network security architecture for a multinational corporation with a wide geographic reach, protecting both IPv4 and IPv6 traffic with Palo Alto Networks firewalls.
• Configuring and managing Fortinet Forti Manager, which enables centralized control over several FortiGate firewalls, including the 100E, 200E, 1800F, 500E and 3200F.
• Managed the detection and remediation of security breaches by conducting forensic investigations and leading incident response teams while closely examining FortiAnalyzer logs.
• Integrated Cisco FTD with Firepower Management Center (FMC) for centralized policy management, real-time visibility, and automated threat response.
• Configured and maintained access control policies, intrusion prevention systems (IPS), and URL filtering on Cisco FTD 2100 to secure network traffic.
• Implemented automated threat detection and response using Prisma Cloud’s machine learning-based capabilities, reducing incident response times by 40%.
• Developed compliance reporting with Prisma Cloud, ensuring continuous adherence to frameworks such as CIS, NIST, and PCI-DSS, reducing audit preparation time by 50%.
• Deployed and configured Cisco ACI 9500 series spine switches and 9318 leaf switches to create a scalable, high- performance data center fabric, improving network efficiency and reducing latency.
• Configured application profiles, endpoint groups (EPGs), and contracts within Cisco ACI to define and enforce communication policies across the 9500 and 9318 series architecture, ensuring secure and efficient traffic flows.
• Implemented load balancing with F5 BIG-IP Local Traffic Manager (LTM) across the 7000 and 10000 series, improving server utilization and reducing response times by up to 25%.
• Configured Global Traffic Manager (GTM) on F5 BIG-IP 7000 series to distribute traffic across multiple geographic locations, ensuring high availability and rapid failover capabilities for critical services.
• Integrated legacy infrastructure to Terraform-managed IaC, reducing operational overhead and enabling faster scalability and disaster recovery capabilities by leveraging cloud-native features.
• Developed reusable Terraform modules for standard network components, enabling automated, repeatable deployments with minimal configuration.
• Developing various subnets, particularly for server installations and the establishment of safe Virtual Private Clouds
(VPCs) on AWS structures, public or private.
• Monitored the datacenter's migration to AWS cloud watch and supported the database and developing teams throughout the entire process.
• Integration of Netmiko with tools for network surveillance resulted in controlled actual time device health checks, which accelerated responses to network incidents.
• Configured Aruba ClearPass for multi-factor authentication (MFA), adding an additional layer of security for sensitive network resources, which reduced unauthorized access incidents by 30%.
• Managed and optimized Aruba ClearPass guest access portal for secure visitor access, allowing guests to connect to the network with limited permissions while protecting internal resources.
• Set up and debugged Cisco routers and Layer 3 switches using the BGP, OSPF, EIGRP, RIP, and VPN routing protocols.
• Implemented Cisco router designs from the ISR 1100, 1101, and 1109 series in compliance with established execution standards.
• Set up security procedures for Cisco routers to ensure traffic control, prevent unauthorized access, and lessen possible risks to safety.
• Configured IPSEC-VPN tunnels with Cisco ASA 5500, 5585, 5520 and 5545 series Firewall between some branch offices & headquarters.
• Integrated risk evaluations into the Infoblox setup and deployed DNS security tools like DNSSEC and DNS firewall.
• Improved abilities to detect threats and handle incidents by integrating ISEC with SIEM establishes using expert teams.
• Developed authentication protocols for virtual transactions, multi-layered security, and streamlined Active Directory are a few additional safeguards.
• Integrating with well-known security tools like antivirus software and SIEM, Illumio was able to produce better threat detection and response capabilities.
• Using tools like VPNs, united threat handling, and attack mitigation, establish and manage secured links on Juniper SRX 4100, SRX 3800, SRX 1600, and SRX 550 firewalls.
• Improving traffic flows, upgrading hardware, and making adjustments, the Cisco Secure 3105, 3110, and 4200 firewall's developed rates and features were enhanced. Accenture, India April 2019 – July 2022
Network Engineer
Responsibilities:
• Worked on the CLI for tracing and creating ACLs between the source and destination for Cisco ASA 5515, 5540, 5555 firewalls.
• Set up current policies to minimize Checkpoint 21k, 13k, 12k, and Firewall policy lookup by identifying and removing security policies that are no longer needed.
• Experienced in cable management methods to keep an organized and neat cabling infrastructure, including cable dressing, labelling, and bundling.
• Implemented Cisco TrustSec Security Group tagging to improve access control, network visibility, and secure segmentation policy enforcement.
• Knowledge of network management tools and sniffers, such as Cisco, Wireshark, and HP-Open View, is necessary to support network operation centers around-the-clock.
• Install network devices' hardware and software, such as Cisco Nexus 5548, 2000 switches, and Cisco 1900, 2900, and 3900 series routers.
• Used Solar Winds Server & Application Monitor (SAM) to keep an eye on the availability of applications throughout the infrastructure, performance metrics, and server health.
• Hands-on experience navigating micro services architectures and containerized systems, integrating NetScaler for micro service traffic management and optimization.
• Implementing Tetration's timeline views and snapshots allowed incident response efforts to be streamlined by keeping an eye on changes and comprehending how security events developed.
• Developed Terraform modules and scripts to manage complex network deployments, such as hybrid cloud configurations and multi-cloud designs.
• Managed the Silver Peak Edge Connect appliances, which provide WAN connections between distant and dispersed branch offices in a secure and reliable manner.
• Maintained secure connection using SSH and making authentication MD5, Plain text in routing protocols like EIGRP, OSPF, RIP, HSRP, BGP, VRRP, GLBP.
• Configuring with security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
Education:
Bachelors in Electrical and Electronics Engineering, India Masters in Information Systems Technologies from Wilmington University, Delaware, USA Certifications:
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Contact this candidate