Network Security Engineer
Resume:
Nabeel Hussain
Network Security Engineer
*****************@*****.***
SUMMARY:
I have around 6 years of hands-on experience in designing, deploying, and supporting large-scale enterprise networks with a core focus on network security, SD-WAN, and cloud integration.
Extensively configured and managed Palo Alto Firewalls (PA-5220, PA-5450, PA-5250) and centralized policies using Panorama, enabling secure multi-site deployments and advanced threat prevention across the organization.
I’ve implemented and supported Cisco Viptela SD-WAN, utilizing vManage, vSmart, and vBond for centralized orchestration and high-availability connectivity across branch locations.
I’ve worked with a broad range of firewall platforms including Fortinet FortiGate, Cisco ASA, Firepower, and Checkpoint, customizing security rules, VPNs, and integrating advanced features like AMP, URL filtering, and IPS.
My experience spans deep into Cisco ACI, where I’ve deployed Bridge Domains, EPGs, ANPs, and multi-tenant network segmentation to enhance automation, policy control, and traffic isolation in data center environments.
I’ve scripted and automated network tasks using Python, Ansible, and Netmiko, creating reusable modules for ACL updates, firewall rule validation, and device onboarding workflows integrated with Infoblox and NetBox APIs.
On the cloud side, I’ve worked with AWS services such as EC2, CloudWatch, CloudTrail, CloudFront, and Direct Connect, focusing on secure cloud connectivity, monitoring, and compliance.
I deployed Zscaler Internet Access (ZIA) and Private Access (ZPA) to implement Zero Trust architecture, securing SaaS access and private apps for remote users with policy-based controls.
I have hands-on experience with load balancing and traffic steering using F5 BIG-IP LTM, GTM, and iRules, enabling high availability and optimized app delivery across multiple data centers.
My exposure to tools like Cisco ISE, Aruba ClearPass, dnstop, NetScaler, and Cisco Tetration has enabled me to monitor, segment, and secure network environments with strong compliance and policy governance.
TECHNICAL SKILLS:
Firewalls & Security
Palo Alto (PA-5220/5450), Panorama, Cisco ASA/Firepower, Fortinet, Check Point, Cloudflare WAF
SD-WAN & Networking
Cisco Viptela, Meraki, Versa SD-WAN, BGP, OSPF, EIGRP, MPLS, Cisco ISR/ASR, Nexus, Catalyst
Data Center & Cloud
Cisco ACI, AWS (EC2, CloudWatch, CloudTrail, CloudFront), Azure, Cisco Tetration
Access & Authentication
Cisco ISE, Aruba ClearPass, Zscaler ZIA/ZPA, IPsec/SSL VPN, GlobalProtect
Automation & Monitoring
Python, Ansible, Netmiko, SolarWinds, Cisco Prime, dnstop, REST APIs, Infoblox, NetBox
Compliance & Tools
Tufin, NAC, Network Segmentation, ServiceNow, MS Visio, Confluence
Professional Experience
GAP, San Francisco, CA
Sr. Network security Engineer March 2024 - Present
Responsibilities:
Configured and maintained multiple images of Palo Alto firewalls, ensuring a seamless integration with the existing network configuration.
Installing and upholding firewalls, rules, and centralized security and dependability systems are necessary as implementing the Palo Alto PA-5220, PA-3410, and PA-5450 networks.
Configured and managed on-prem firewalls including Fortinet FortiGate, Palo Alto, and Cisco ASA to enforce perimeter security and internal segmentation.
Deployed and maintained Cisco Meraki Systems Manager for centralized management of endpoints, enhancing visibility and control across remote and mobile assets.
Improved Cisco Secure Firewall 3105 and 3110 with advanced security features like URL filtration, AMP, and IPS to protect against sophisticated online threats.
Configured and deployed Aruba UXI (User Experience Insight) sensors for proactive network health monitoring and performance analytics across distributed environments.
Implemented Aruba ClearPass for secure network access control, enabling device profiling, role-based access, and guest onboarding across Wi-Fi networks.
Utilized Aruba AirWave for real-time monitoring, performance analytics, and proactive troubleshooting of wireless infrastructure, significantly reducing downtime.
Integrated Aruba wireless with Cisco ISE and Active Directory for seamless user authentication and policy enforcement.
Used Ansible modules to manage and update ACLs, NAT policies, and routing rules across hybrid network environments with Cisco ACI and Juniper SRX.
Implemented Viptela SD-WAN across multi-site environments to optimize traffic routing, enhance application performance, and ensure seamless connectivity.
Using SD-WAN Viptela’s centralized management platform for streamlined configuration, monitoring, and troubleshooting, reducing manual intervention and improving operational efficiency.
Implemented Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) for secure, policy-driven internet and application access across distributed teams.
Designed and deployed secure remote access solutions using SSL VPNs and IPsec tunnels, ensuring uninterrupted access for global workforce.
Deployed monitoring and analytics functionalities within Cisco ACI, enabling the acquisition of valuable insights into network performance, traffic dynamics, and potential security risks.
Integrated Cisco ACI with security services and appliances, fortifying the network's security posture with a comprehensive and layered approach.
Designed and supported Software Defined WAN (SD-WAN) environments using Cisco Viptela and vManage for secure, high-availability enterprise connectivity.
Developed and implemented the Cisco routers in the ISR 1160, 1131, and 1120 series, which provide improved routing, increased reliability, and improved connectivity.
Configured to manage and configure Arista switches 7170, 7170B, 7130, and 7280 to deliver efficient and secure connect structures in business environments.
Deploying and setting up Cisco Nexus 9300, 9800, and 9500 switches in cloud-based locations system effectiveness and adaptability were increased.
Configured Cisco Nexus 9300, 9500 series switches with advanced Layer 2/3 protocols (VPC, OSPF, BGP) to optimize routing and deliver fault-tolerant connectivity across core and distribution layers.
Implemented ACI Application Network Profiles (ANPs) and endpoint groups (EPGs) to segment traffic and enforce security policies within enterprise data centers.
Integrated Juniper SRX 4700/4300 series firewalls for perimeter defense, application-layer filtering, and high-availability clustering to ensure uninterrupted access to critical systems.
Utilized Arista 7050X and 7280R3 series switches with advanced automation and telemetry features to support low-latency environments for real-time applications.
Installing Cisco Nexus switches and configuring and managing Cisco Application Centric Systems, which enable policy-based equipment and simplified network management.
Deployed and set up AWS Cloud Watch for monitoring the performance and well-being of various AWS resources, such as EC2 instances, and Lambda functions.
Configured AWS Cloud Trail configurations to capture and log API calls and events spanning across AWS services, furnishing a comprehensive audit trail essential for security and compliance adherence.
Configured Bridge Domains, Application Profiles, EPGs, and Border Leaf/Spine topology within Cisco ACI, ensuring optimized policy-driven data center networking.
Developed and executed content delivery strategies through AWS Cloud Front, enhancing the expeditious delivery of both dynamic and static web content to users on a global scale.
Setup and implementation of MPLS systems utilizing Juniper routers (MX104, MX240) allowed for enhanced network adaptability and efficient traffic control.
Maintained and installed the Information Security Enforcement Console (ISEC), making sure that security policies were implemented immediately across the entire system.
Automated device onboarding workflows, including IP assignment, DNS updates, and interface provisioning using Ansible integrated with Infoblox and NetBox APIs.
Created Python scripts to automate firewall rule validation, configuration backups, and log parsing across multi-vendor security appliances including Fortinet and Palo Alto.
Using F5 iRules to set up a platform that gives complete authority over applications-based connections enables executed network oversight and conformity with protecting rules.
Huntington Bank, Cincinnati, OH
Network security Engineer Sep 2022 – Feb 2024
Responsibilities:
Extensive expertise in Palo Alto firewalls and Panorama, including deployment, template configuration, policy enforcement, and ongoing firewall maintenance in large enterprise environments.
Experience designing, deploying, and managing enterprise-scale network infrastructures, including data center and DMZ network security solutions.
Implemented threat avoidance, URL screening, and application control by configuring and managing Palo Alto Next-Generation Firewalls (NGFW) for security at the highest level.
Installing the Palo Alto PA-5440, PA-5250, and PA-3430 firewalls in a multi-site setting, along with developed routing capabilities, NAT, and VPN setting up.
Hands-on experience in copper and fiber structured cabling systems, overseeing end-to-end installations, patching, and documentation as per TIA/EIA standards.
Configured and optimized advanced routing protocols including BGP, OSPF, EIGRP, IP Multicast, and MPLS, ensuring efficient path selection, traffic segmentation, and fault tolerance across the network.
Developed and maintained adherence to company regulations and guidelines by using Palo Alto dashboards to track and maximize the efficacy of safety measures.
Implemented enforced policies across all devices by integrating FortiClient and FortiGate firewalls for flawless endpoint-to-network safety.
Involved in production-grade SD-WAN deployments, configuring vEdge routers, vSmart controllers, vManage, and vBond orchestrators to deliver resilient and scalable network connectivity.
Implemented and managed hybrid security environments leveraging FortiGate, Palo Alto, and Cisco Secure Firewalls, improving enterprise threat detection and incident response.
Developed to safeguard the security and privacy attributes of the FortiGate 1800F, 200E, 500E firewalls by identifying and blocking potentially harmful networks and applications.
Integrated FTD 2100 with Advanced Malware Protection (AMP) and URL filtering to block malicious content and unauthorized sites, boosting network resilience.
Implemented and fine-tuned Palo Alto URL Filtering, App-ID, and Threat Prevention modules to detect and mitigate application-layer threats across global enterprise networks.
Implemented and oversaw VPN solutions utilizing Cisco Secure 4225 and 3105 firewalls, guaranteeing users' safe remote access from various locations.
Configure the upgraded Cisco Firepower 4115 and 1120 to manage security measures in an extensive framework and provide real-time alerts for threats.
Integrated redundant and highly accessible SD-WAN systems, ensuring low downtime and continuous online accessibility.
Experience with SASE architectures and integration of secure internet access gateways for cloud-delivered security enforcement.
Implemented a secured endpoint that protects branch-to-branch communication into the SD-WAN setup, ensuring reliability of data and safeguarding against online attacks.
Configuring, monitoring, and troubleshooting SD-WAN settings across multiple divisions through the use of centralized administration websites.
Deployed Cisco ACI fabric in data center environments, enabling software-defined networking for enhanced automation and scalability.
Developed and implemented multi-tenant network segmentation strategies using Cisco ACI, enhancing security and compliance across the organization.
Setup the administration of Bridge Domains in Cisco ACI, organizing and segregating endpoint devices logically within the network for improved security and streamlined traffic management.
Managed the deployment of firmware updates for Cisco routers, which involves ASR 9922, 9912, and 9910, to address security flaws and add new features.
Working on Cisco routers with Cisco Prime Services installed to allow for centrally controlled networking management and instant accessibility.
Worked with ServiceNow Change Control processes to plan and execute firewall changes, rule implementations, and maintenance windows.
Setting up and maintaining WAN optimization features on Cisco routers, data transfer speeds and latency over wide networks are increased.
Knowledge on proxy/web security gateways including Blue Coat and Zscaler for content filtering and secure web access control.
Implemented Cisco ISEC regulations to ensure network security and resilience while adapting to the evolving requirements of a safe online environment.
Maintained uniform the directory's details amongst all domain controller systems by tracking and resolving problems with Active Directory replicating.
Using Netmiko, created unique Python scripts to streamline time-consuming network operations like software updates, device backups, and set up modifications.
Configured advanced traffic steering policies on F5 LTM 7000 using iRules, enabling intelligent redirection of users based on geographic location or device type.
Implemented F5 GTM 10000 to distribute traffic across geographically dispersed data centers, ensuring high availability and disaster recovery.
Monitored network performance and traffic patterns using Cisco Nexus’s 7010, 7018, and 5548 built-in tools and third-party software, ensuring optimal network efficiency.
Supported Remote Access VPN deployments, integrating Palo Alto GlobalProtect and IPsec solutions to enable secure hybrid workforce connectivity.
Installed and configured Arista switches for organization and exceptional data centre networks, including the 7050 and 7280 series.
Setup VPN interaction, traffic molding, and advanced security features for optimal network efficiency on Meraki MX450, MX250, and MX100 safety devices.
Monitored the handling of guest access and posture assessments as well as the administration of Cisco ISE rules to guarantee adherence to security requirements.
Sunseaz Tech, India
Network Support Engineer April 2019 – July 2022
Responsibilities:
Increased Check Point's safety protection to R80.10, R80.20, R77.30, and R81 (IPS, antivirus, anti-bot, and URL filtering) to guard towards a range of online threats and vulnerabilities.
Set up and configured Cisco ASA firewalls, such as the versions 5505, 5510, and 5520, to establish and maintain the network's external security.
Designed and deployed routing technologies, such as BGP, EIGRP, and OSPF, to improve network efficiency, flexibility, and dependability.
Applied accelerate features from BIG-IP's 7000, 6400, and 6800 series, such as caching and reduction, to enhance application performance and minimize end-user latency.
Designed and implemented structured cabling systems for data centres and enterprise networks, ensuring optimal performance and compliance with industry standards (TIA/EIA).
Implemented Terraform state management and remote state storage, ensuring the consistency and reliability of network infrastructure deployments.
Monitored and analyzed traffic patterns through NetScaler to identify and mitigate potential performance bottlenecks and security vulnerabilities.
Implemented High Availability configurations on Cisco routers 1900, 2900, 3900 including HSRP and VRRP, to ensure continuous network availability and redundancy.
Designed and implemented micro-segmentation policies using Cisco Tetration, reducing the attack surface and improving security posture across the data centre.
Monitored DNS traffic and performance using tools like dnstop and DNS analytics, identifying and mitigating potential issues before they impact end-users.
Troubleshot and resolved network connectivity issues related to TCP/IP, such as IP conflicts, routing loops, and fragmentation, ensuring minimal downtime and disruption.
Education: - B.E in Mechanical Engineering, INDIA.
Contact this candidate