Security Engineer Palo Alto

Sai Dixit

Network Security Engineer

***.*****************@*****.***

+1 (331) - 401-7810

SUMMARY:

* ***** ** ********** **** routing, switching, and data center environments, and Configuring, Troubleshooting of networking systems on both Cisco and Juniper Networks.

Proficient in configuring and troubleshooting Cisco Nexus (2K–9K series), Juniper switches, Palo Alto (PA-7050, PA-5430, PA-3430), Fortinet and FortiGate (7081F, 6500F, 4200F), Cisco ASA/Firepower, and Checkpoint firewalls. Skilled in designing secure LAN/WLAN infrastructures and cloud integration using AWS VPC, EC2, Route 53, Cloud Trail, and Cloud Watch. Experienced with Aruba Wireless (Clear-pass, Air Wave), RSA two-factor authentication, Digital Guardian DLP, Zscaler, and DNS firewall (RPZ) policies. Expert in automation and network monitoring using Python, Ansible, Netmiko, and SIEM tools (Splunk) for real-time threat management and compliance enforcement.

TECHNICAL SKILLS:

Load Balancers

F5 Networks (Big-IP) LTM, Viprion.

Switches

Nexus 2k, 5k, 7k, Arista switches, Catalyst 9k, 4k series switches, and Juniper switches.

Networking

TCP/IP, OSI Model, Socket Programming, LAN/WAN, switches and routers, IPV4/IPV6

Routing

RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, route filtering, redistribution, summarization, and static routing.

Tools

GNS3, Packet Tracer, Solarwinds, VMware Workstation, Wireshark, Nagios, and Fluke Networks.

Languages

Python, Anisble.

Firewall

Fortinet, FortiGate, Palo Alto, Checkpoint, ASA, and Juniper SRX series.

Wireless

Cisco Meraki, Aruba Wireless.

Cloud Services

AWS (VPC, Direct Connect, CloudFront, Route53), NAT Gateway, CLM.

Professional Experience:

US Bank - MN June 2023 to Present

Network Security Engineer

Responsibilities:

Experience in setting up Palo Alto Networks' globally secure VPN hardware to provide consumers and staff with safe Internet access.

Installed and maintained Palo Alto PA-7080, PA, and PA-3260 firewall rules to ensure strict conformity to health requirements and enhance link safety, using EIGRP and TCP/IP protocols.

Improved safety protocols, continuous company activity, and the development and deployment of Palo Alto Networks Next-Generation Firewalls in a multi-site setting were ensured.

Monitoring firewall logs attentively, installing the Palo Alto firewall to guarantee peak performance, and utilizing Panorama for safety surveillance.

Maintained a comprehensive database of FortiGate configurations, policies, and practices Knowledge is a crucial tool for simplifying tasks linked to audits.

Installation, administration, and safety monitoring expertise with Fortinet FortiGate firewalls for IPv4 and IPv6 networks.

Maintaining bandwidth allocation and prioritizing essential tasks might be facilitated by establishing monitoring client policies for the FortiGate 4200F, 1000F, 3700F, and 2600F firewalls.

Configure the Cisco Firewall 3110 and 3105 routers to provide the best possible protection against attacks and effective access control.

Managed Cisco Meraki wireless network infrastructure, including Wireless LAN Controllers, Cisco APs, Standalone APs, and Mesh APs, to optimize connectivity and network performance.

Designed and implemented Data Loss Prevention (DLP) strategies to protect sensitive data and prevent unauthorized access or leakage.

Worked with several network-related features and APIs by utilizing the extensive package catalogs of Ansible, which offered flexible and powerful automation options.

Applying for authorization to reroute data for thorough activity screening and safety protocols via application routes on the Cisco Nexus 9300, 9400, 9500 and 9800 switches.

Provide through guidelines and protocols for the Juniper SRX 1600 and SRX 2300, ensuring that regulations are adhered to and information is exchanged.

Improved security and compliance with CIS guidelines will be implemented in Cisco router ISR 1101, 1109, 111X, and 1120 units.

Responsible for Configuring SITE TO SITE VPN on Cisco ASA 5500 series firewall between Head office and branch office.

Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco ASA Firewalls, NAT and Juniper SRX firewall.

Designed and implemented 802.1x Wired/Wireless User Authentication using Cisco ISE Radius Server, enhancing network security and user access control.

Hands on experience with data center technologies that include spine leaf, CISCO ACI, Arista cloud vision. Working experience on the Arista 7150S series, 7160 series, and 7260QX series switches.

Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 and 8500 for Wireless Network Access Control integration with Cisco ISE.

Implemented strict security measures and controlled Cisco router firewall rules and authorization classes (ACLs), preventing unauthorized access.

Applying security techniques and Cisco IOS protections (Auto Secure) while utilizing web pages to perform regular safety checks and diagnose Cisco router issues.

Alkira, San Jose, CA Jan 2023 to June 2023

Network Administrator

Responsibilities:

Monitored Palo Alto firewall effectiveness using Panorama, leveraging user activity tracking and correlation tools for threat analysis and response.

Configured and managed Fortinet, FortiGate (7121F, 6500F, 4400F) firewalls to protect corporate networks against unauthorized access and breaches.

Implemented ACI modes on Cisco Nexus (9300, 9400, 9500) series switches for software-defined networking, improving agility and automation.

Optimized routing using OSPF and BGP on Cisco Nexus switches to enable scalable and dynamic traffic engineering.

Configured QoS on Cisco Nexus switches to prioritize critical applications, reduce latency, and ensure reliable performance.

Hardened Cisco routers and managed ASA firewalls, implementing protection policies to detect and prevent perimeter-based threats.

Deployed redundant systems using Cisco ISR routers (111X, 1120, 1131, 1160) to ensure business continuity and minimize downtime during fail overs.

Configured RADIUS and TACACS+ protocols for AAA-based secure access control on enterprise devices.

Set up Ansible Tower for automated network compliance checks and policy enforcement alerts.

Administered Cisco Firepower (1140, 1150) and Secure Firewall (3120, 3130), enabling real-time monitoring and policy enforcement.

Designed network architectures using Juniper SRX (4700, 4300) series for secure service-layer traffic management.

Maintained and secured Citrix NetScaler, ensuring reliable application delivery and remote access.

Conducted regular audits and performance tuning on Palo Alto, Cisco ASA/FTD, F5 Load Balancers, and Citrix NetScaler for compliance and optimization.

Deployed multi-pod Cisco ACI infrastructure to scale server connectivity and support enterprise applications.

Designed and deployed SD-WAN using Viptela, implementing high availability, QoS policies, and intelligent routing for application optimization.

Monitored AWS networking components using CloudWatch, VPC Flow Logs, and CloudTrail for performance and security visibility.

Implemented AWS WAF and AWS Shield to safeguard banking applications from DDoS and common web vulnerabilities.

UBS, India Feb 2020 to Dec 2021

Information Security Engineer

Responsibilities:

Developing and implementing security-related solutions in accordance with Terraform requirements, such as VPNs, security software, and client monitoring.

Collaborated with Silver Peak and other vendors for technical support, updates, and to stay informed about the latest SD-WAN technologies and features.

Expertise in system management, data security, and related technical fields familiarity with the Palo Alto firewall PA-3220, PA-1420, PA-850, and PA-460 series.

Applying VLAN design, routing, and layout techniques to the installation and maintenance of Cisco security devices, such as the ASA 5500, 5540, and 5515/PIX.

Managed and analyzed Cisco Router 1900, 2900, and 3900 to align with business goals by collaborating with managerial connection administrators, resulting in optimized network performance and connectivity.

Configured and managed Cisco Firepower Threat Defense (FTD) devices to enhance network security and monitor network traffic.

Implemented advanced threat protection solutions using Cisco FTD, including intrusion prevention systems (IPS) and malware defense.

Working knowledge and demonstrated experience with Cisco Juniper, HP Aruba, Avaya, and Arista switches & Routers. Heavily involved with data center migration from Cisco to primarily Arista with minimal downtime utilizing VxLAN.

Configured STP for loop prevention and VTP for Inter-VLAN Routing. Expertise with Installation of Arista 7250QX series switches on Spine Platform.

Provided Tier1 technical support, assisting users facing network problems. Performed advanced troubleshooting and diagnostics, delivering tier/level-1 solutions to network failures, improving user satisfaction.

Actively involved in switching technology Administration including creating and managing VLANS, Port security - 802.1x, Trucking 802.1Q, RPVST+, Inter-VLAN routing, and LAN security on Cisco Catalyst Switches 4507R+E, 6509-E and Cisco Nexus Switches 2232, 5596, 7009.

Responsible for configuration, maintenance, and troubleshooting of dynamic routing protocols: BGP, OSPF & (route redistribution, distribute lists, route-maps, offset-lists, prefix lists, route summation, route-feedback, BGP attributes) on Cisco Routers 7613, 7201, and 3945E.

Glance, India May 2019 to Feb 2020

IT Engineer

Responsibilities:

Installed and supported various MPLS/BGP, Metro Ethernet deployments, and configured routing and switching platforms, as Aruba Wireless Solutions.

Done troubleshooting of TCP/IP problems and connectivity issues in a multi-protocol Ethernet environment.

Configured RSTP, MST and used VTP with 802.1q trunk encapsulation provided port binding and port security wherever required, provided router redundancy through HSRP.

Created, set up, and refined server DNS expertise for the modification, maintenance, and setup of DNS architecture.

Implementing a range of transportation computations, such as OSPF, BGP, RIP, and EIGRP, to create and oversee intricate LAN/WAN systems.

Configured and troubleshot wide- and regional-area systems (ISDN, Frame Relay, DDR, NAT, DHCP, and TCP/IP), ensuring seamless network operations and reducing downtime.

Certifiations:

Cisco Certified Network Associate (CCNA)

Cisco Certified Network Professional (CCNP)

Palo Alto Networks Certified Cybersecurity Associate (PCCSA)

AWS Certified Solutions Architect – Associate

Education:

Bachelors in CSE from GRIET, India.

Master’s in Computer Arts & Science (Cybersecurity Specialization), Chicago State University, Chicago, IL.

Contact this candidate