Network Engineer Palo Alto
Resume:
Vandana Dega
Senior Network Engineer
*********@*****.***
Summary
Network Engineer with 5+ years of experience in the industry, which includes expertise in the areas of Routing, Switching and Firewall.
Configured, installed and implemented in building Palo Alto, Fortinet and Checkpoint Firewalls.
Experienced in Palo Alto Advanced Threat Management using threat prevention features and Advanced Troubleshooting.
Good knowledge on OSI Network Protocol/Layer, Ethernet, OSPF, EIGRP, BGP, DNS, DHCP, GTP, HTTP, SSH SNMP and Frame Relay.
Hands on experience in configuring and troubleshooting of various IP Routing Protocols i.e., RIP, EIGRP, OSPF, BGP and also switching protocols & technologies.
Experience in working with Cisco Nexus switches in creation and management of VLANs, VPCs, VDCs and VRFs for Nexus 9k, 7k, 5k, 2k devices.
Hands on experience in configuring Viptela devices and creating device and feature templates on vManage required for SD-WAN implementation.
Technical Skills:
CISCO Routers
8200,8600, 1109, 111X, 4221, 2900, 3900, ASR- 9922, 9912,1009 and ISR 4351, OSPF, EIGRP, BGP
CISCO Switches
8200, 8300, 8500, 9200, & Nexus 9K,9500,9800, 7010,5548,7018, Arista Switches 7368X5,7280, 7050X
Firewalls
PA-820, PA-3260, PA-5220, PA-5220, PA-3430, PA-3410) Fortinet (FortiGate), Akamai WAF, Cisco Checkpoint R70, R75, R80 and R81.10 series and Cisco ASA firewalls ASA-5515, ASA- 5520, Juniper SRX SRX-340, SRX-5800, SRX-4100
Networking Tools
SolarWinds, Nagios, Wireshark
Switching Concepts
VLAN, STP
Load Balancers
F5 BIG-IP I series (11000i, 15000i,7000i,1000i), R series (5000r, 1000r,12000r), LTM, GTM and Load Balancers
SD WAN
Cisco Viptela (vEdge, vManage & vSmart) and PRISMA SD-WAN
Certifications:
CCNA: Cisco Certified Network Associate
CCNP: Cisco Certified Network Professional.
Professional Experience
Patelco Credit Union, Fremont, CA
Sr. Network Engineer
April 2023 - Present
Responsibilities:
Configured security zones using Palo Alto to segment the network and apply least-privilege access controls.
Performed end-to-end SSL certificate management on Akamai to ensure secure and encrypted content delivery.
Utilized Akamai Control Centre for in-depth analysis and monitoring of content delivery and security configurations.
Managed and debugged configurations within Akamai Property Manager to ensure accurate rule enforcement and content routing.
Ensured compliance with security policies by regularly performing patch management and version control across Cisco Firepower 1140/1150/1000 and FTD Series devices.
Deployed and maintained Check Point Next Generation Firewalls (NGFW) for perimeter security, threat prevention, and VPN connectivity.
Integrated Terraform with CI/CD pipelines for automated network configuration and validation.
Troubleshot routing issues and network outages on Cisco routers (ASR- 9922, 9912, 8200) to maintain high availability and minimize downtime.
Experienced in Cisco Catalyst access switch 3750 and Cisco Catalyst 6509-E Chassis switches with 4451 and 3925 Cisco Router.
Deployed and managed VMware NSX-T/NSX-V for network virtualization, microsegmentation, and advanced security policies.
Automated network device configuration using Python and libraries like Netmiko, NAPALM, and Paramiko.
Deployed and managed Illumio Core for microsegmentation and lateral movement prevention in hybrid cloud and on-prem environments.
Configured and managed enterprise-grade load balancers (F5 BIG-IP, Citrix ADC, HAProxy, NGINX, or AWS ELB) for high availability and traffic distribution.
Deployed and managed Prisma SD-WAN solutions to optimize branch connectivity, improve application performance, and reduce operational costs across multiple enterprise locations.
Managed domain migration between vendors while integrating Infoblox solutions for enhanced control over DNS, DHCP, and IPAM (DDI).
Managed Palo Alto Networks Panorama to streamline firewall configurations and policy enforcement.
Designed and implemented enterprise-wide SD-WAN solutions to enhance WAN performance, reduce costs, and improve network agility.
Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
Hands on experience on Checkpoint Firewalls, ASA (5550) Firewalls. Implemented Security Policies using ACL, Firewall, IPSEC, SSL, VPN, IPS/IDS, AAA (TACACS+ & RADIUS) network.
Implemented seamless patch management processes as part of security policy deployment, reducing vulnerabilities in the ISEC infrastructure.
Managed the implementation of security rules and threat prevention measures with Azure and Palo Alto firewalls to safeguard network traffic.
Monitored and troubleshot network performance and security issues within Azure VNets, ensuring the smooth operation of cloud services and applications.
Implemented Layer 4 and Layer 7 load balancing policies to optimize application performance and reliability.
Configured and optimized Check Point firewall (R70, R75, R80 and R81.10 Series) logging for seamless ingestion into SIEM tools, enhancing security incident visibility and response efficiency.
Automated network provisioning and security policy deployment using VMware vRealize Automation and PowerCLI.
Configured and managed security policies, NAT rules, and access control across Check Point firewalls using SmartConsole.
Deployed and tested Cisco routers (ISR 1100, 1101, 1109, ASR 1000 series) and Catalyst switches (3750, 6513-E, 2960 series) in production and lab environments.
Developed automation frameworks using Python and Ansible to provision and configure Cisco ACI Leaf-Spine architectures, reducing manual errors and improving deployment speed.
Involved in the deployment and onboarding of Viptela SD-WAN components, including vEdge devices and vSmart controllers, via vManage to enable scalable and secure enterprise WAN solutions.
Integrated FortiAnalyzer and FortiManager for centralized logging, reporting, and device management.
Experience with Zscaler cloud proxies ZIA and ZPA. Worked on setting up tunnels to Zscaler Zen’s, zero trust network access.
Integrated Terraform with source control tools (Git) for versioning and peer-reviewed infrastructure changes.
Developed Python scripts to monitor network performance, collect logs, and analyze traffic patterns.
Built scalable network automation tools for provisioning switches, routers, and firewalls.
AT&T, Dallas, TX
Network Engineer Sep 2021 – March 2023
Responsibilities:
Configured LDAP profiles on Palo Alto firewalls to synchronize with Active Directory, allowing for centralized authentication and user visibility.
Implemented and fine-tuned access control policies on Fortinet firewalls, using ACLs to restrict unauthorized access and ensure compliance with company security standards.
Implemented FortiGate 1800F, 3200F, and 500E HA configurations, optimizing load balancing and traffic distribution for maximum network resilience and uptime.
Monitored load balancer performance and traffic analytics to proactively identify bottlenecks and optimize routing.
Configured and managed Cisco Firepower Threat Defense (FTD) 2100 devices to enhance network security and improve intrusion prevention capabilities.
Deployed Junos Space Network Director to improve visibility and simplify the administration of security configurations on Juniper SRX firewalls (SRX-340, SRX-5800, SRX-4100) leading to more efficient network operations.
Used Python with Ansible for automated deployment of network changes across multi-vendor environments.
Utilized SolarWinds to monitor and analyze performance metrics of network devices, proactively identifying and resolving issues.
Integrated Aruba wireless networks with Active Directory and external identity providers for seamless user authentication.
Created reusable and version-controlled Terraform modules for consistent deployment of networking components.
Identified and mitigated hardware issues in Cisco branch routers (1109, 111X, 4221) during routine maintenance and incident response, supporting critical WAN connectivity for remote offices.
Implemented critical software patching on Cisco Nexus 7018 and 5548 devices during scheduled maintenance windows to mitigate vulnerabilities and maintain infrastructure integrity.
Configured Identity Awareness and integrated Check Point with LDAP, RADIUS, and AD for role-based access control.
Implemented SolarWinds NetFlow Traffic Analyzer (NTA) to monitor network traffic patterns, detect anomalies, and identify potential security threats.
Used Illumio VENs (Virtual Enforcement Nodes) for workload-level enforcement across Linux and Windows servers.
Integrated Active Directory for centralized user authentication, enabling secure access to network devices and resources across multiple sites within the enterprise network.
Managed and tested Infoblox NIOS software upgrades, ensuring a seamless transition and minimal impact on DNS, DHCP, and IPAM operations within the enterprise network.
Deployed and managed Cisco ISE for network access control (NAC), streamlining device authentication, authorization, and accounting for a diverse range of endpoints on the corporate network.
Possess in-depth knowledge of PBX phone systems, including installation, configuration, and maintenance, ensuring reliable communication infrastructure and seamless telephony services.
Utilized Cisco ACI APIs in combination with Python and Ansible to automate tasks such as policy updates, fabric expansion, and device configurations, enhancing overall network automation.
Maintained, configured Arista switches (7368X5, 7280, 7050X) in datacentre to maintain network stability.
Worked on deploying Cisco ISE in securing the IT Infrastructure Device Admin Access using TACACS and Radius Authentication for 802.1x Authentications on Wired and Wireless Infrastructures.
Integrated Juniper devices with network monitoring tools via SNMP, syslog, and Junos Telemetry.
Monitored and troubleshot Aruba wireless and wired infrastructure using Aruba Central and AirWave.
Automated load balancer configurations and deployments using Python, Ansible, or Terraform.
Led the upgrade of APIC, Leaf, and Spine Nexus 9k switches in ACI mode, ensuring seamless functionality and adherence to the latest network standards.
Led automation efforts for transitioning VIPs from F5 iSeries (7000i, 1000i) to rSeries (1000r, 12000r) using Ansible and BIG-IQ, resulting in faster deployments and a 90% reduction in downtime.
Expleo, India
Network Engineer April 2020 – June 2021
Responsibilities:
Maintained Cisco routers (2900, 3900) by regularly updating routing tables, monitoring performance, and troubleshooting protocol interoperability issues.
Created and managed backend pools, health probes, and load balancing rules on Azure Load Balancers to ensure reliable Azure service availability.
Coordinated firmware upgrades, configuration backups, and maintenance for Juniper network infrastructure.
Implemented role-based access and state locking with Terraform Cloud/Enterprise to ensure secure collaboration.
Deployed and managed site-to-site VPNs and AWS Direct Connect for hybrid cloud connectivity.
Implemented custom Nagios plugins to monitor non-standard network services and enhance infrastructure visibility.
Configured OSPF, EIGRP, and BGP routing protocols on Cisco routers to enable dynamic route exchange and improve network scalability.
Implemented DNS forwarding and conditional forwarding rules to optimize query routing and improve response times.
Applied TCP/IP principles to design resilient, scalable IP routing architectures supporting both IPv4 and IPv6 protocols.
Education: - Bachelors in Electronics and Communication Engineering, INDIA.
Contact this candidate