Security Engineer Network
Resume:
Rohith Pathi
Network Engineer
Network and Security Engineer with 4.5 years of experience in building and supporting enterprise networks for IT, healthcare, and financial organizations. Skilled in routing, switching, firewalls, VPNs, and access control, with practical exposure to hybrid cloud environments on AWS and Azure. Experienced in strengthening security through Zero Trust models, Cisco ISE, and Palo Alto firewalls, while ensuring compliance with frameworks such as NIST and PCI-DSS. Known for troubleshooting complex issues, improving performance with tools like SolarWinds, Splunk, and Wireshark, and contributing to reliable, secure infrastructure.
Networking Protocols & Technologies TCP/IP, UDP, IPv4/IPv6, Subnetting, VLSM, ARP, ICMP, SNMP, NAT/PAT, DHCP, DNS, NTP, QoS, STP/RSTP, VLAN, 802.1Q Trunking, EtherChannel (LACP/PAgP), HSRP, VRRP, GLBP, OSI Model, Static & Dynamic Routing, BGP, OSPF, EIGRP, RIP, MPLS, Metro Ethernet, WAN/LAN Design.
Expertise with the Juniper network ecosystem, strong understanding of SASE and cloud proxy technologies, File analysis, Proven experience in network telemetry, file analysis, and cloud-based security solutions, Familiarity with log generation and analysis tools.
Enterprise Networking & Infrastructure Cisco Routers (2600–7600), Catalyst Switches (2960, 3750, 4500, 6500), Cisco Nexus (3k/5k/7k/9k), Cisco ASA & Firepower, Palo Alto NGFW, Aruba Wireless Controllers, Cisco ISE, Cisco DNA Center, Load Balancers (F5 LTM – basic), Infoblox IPAM, Structured Cabling, Rack Layouts.
Network Security & Access Control Firewalls (Cisco ASA/Firepower, Palo Alto), GlobalProtect VPN, VPN Tunnels (IPsec, SSL), ACLs, Stateful Inspection, Zero Trust Security, Cisco ISE (AAA, 802.1X, RBAC), Azure AD / Entra ID, MFA, Security Group Policies, SASE, Cloud Security Controls.
Cloud & Virtual Networking AWS Networking (VPC, IGW, NACLs, Security Groups, Route Tables, Transit Gateway, Direct Connect), Microsoft Azure (NSG, VPN Gateway, ExpressRoute, Peering), VMware NSX, Hybrid Cloud Networking, SD-WAN (Cisco Viptela, Meraki), Cloud Network Segmentation, Container Networking (Docker, Kubernetes – basic).
Monitoring, Troubleshooting & Performance Tools SolarWinds, PRTG, Wireshark, TCPDump, NetDisco, Splunk (network logs), Cisco Prime, Cisco DNA Assurance, HP Network Automation (HPNA), SNMP Monitoring, Packet Capture/Analysis, Latency & Packet Loss Diagnosis, Baseline & Capacity Reporting.
Automation & Scripting Python (automation & config parsing), Bash, PowerShell, REST APIs for network/cloud automation, CLI & SSH Device Automation, Ansible (basic playbooks), Terraform (infrastructure as code – basic), DNS/IPAM/Firewall automation.
Compliance & Standards NIST 800-171, ISO/IEC 27001 & 27002, Network Security Audits, Policy Enforcement, Change Control, Configuration Hardening, Patch & Vulnerability Management, ITIL Service Management.
Operating Systems & Productivity Tools Windows Server, Linux (Ubuntu/CentOS), Unix (basic), MacOS, Microsoft Visio (network diagramming), ServiceNow (ITSM/Ticketing), Microsoft Project, MS Teams, Documentation Best Practices.
Bank of America Jul 2025 – Present Remote, USA
Network Security Engineer
Designed and implemented Zero Trust Network Access (ZTNA) with Cisco ISE, Palo Alto NGFWs, and Azure AD Conditional Access,• reducing lateral movement risks across the enterprise.
Built secure hybrid cloud networking in AWS and Azure (Transit Gateway, ExpressRoute, NSGs, VPC peering) to meet NIST 800-171 and• PCI-DSS compliance requirements.
Automated firewall policy checks, VPN onboarding, and IPAM updates using Python and REST APIs, cutting manual configuration effort• by 40%.
Optimized • Palo Alto Firewalls and Cisco Firepower with advanced security profiles, SSL inspection, and traffic segmentation for sensitive workloads.
Drove incident response for high-severity network breaches, leveraging Splunk dashboards and packet analysis tools to identify root• causes and coordinate remediation.
Partnered with compliance and audit teams to enforce configuration hardening, patch cycles, and change control documentation• across 500+ devices.
Built and tested Ansible playbooks for repetitive firewall policy deployments and experimented with Terraform modules for network• infrastructure provisioning in AWS.
United Health Group Feb 2024 – Jan 2025 Remote, USA
Network Security Analyst
Monitored and triaged network security alerts using Splunk, SolarWinds, and Palo Alto Panorama, escalating high-priority incidents to• SOC teams.
Managed VPN configurations, firewall rule updates, and ACL reviews, supporting secure access for 10,000+ remote and hybrid users.• Investigated anomalous traffic flows, DNS irregularities, and suspicious sessions via Wireshark/TCPDump, helping detect and contain• potential threats.
Assisted in enforcing role-based access controls (RBAC) and 802.1X authentication through Cisco ISE, improving endpoint compliance.•
Supported cloud security posture by validating AWS Security Groups, Azure NSGs, and IAM permissions against corporate standards.•
Produced weekly compliance and incident trend reports for senior leadership, improving visibility into recurring security risks.•
Collaborated with cloud and DevOps teams to review container networking policies (Kubernetes, Docker) and enforce segmentation• between workloads.
Zentek Infosolution
Network Engineer Jul 2021 – Jun 2023 Hyderabad, India Designed and maintained enterprise LAN/WAN infrastructure using Cisco Catalyst (2960/3750/4500) and Nexus (5k/7k) switches,• delivering high-availability networks for business-critical applications.
Administered dynamic routing (BGP, OSPF, EIGRP) across MPLS and Metro Ethernet circuits, improving routing convergence and• reducing failover times.
Hardened security by managing Cisco ASA Firewalls, Palo Alto NGFWs, and VPN tunnels (IPsec, SSL), ensuring branch and remote site• connectivity.
Integrated Cisco ISE for 802.1X authentication, TACACS+, and policy enforcement, enhancing device and user-level access control.• Supported • hybrid cloud adoption projects by configuring AWS VPCs, route tables, and Azure VPN Gateways, enabling secure workload migration.
Deployed • QoS policies and VLAN segmentation for VoIP and collaboration traffic, reducing packet loss and jitter in real-time communications.
Used SolarWinds, Splunk, and Wireshark for proactive monitoring and troubleshooting, reducing MTTR for recurring incidents.•
Documented change requests, SOPs, and Visio-based topology diagrams in ServiceNow, ensuring compliance with ITIL standards.• Assisted in the deployment of F5 Load Balancers (LTM) for traffic distribution across web applications, ensuring better availability• and redundancy.
Participated in a Cisco Meraki SD-WAN proof-of-concept, evaluating performance improvements for branch connectivity.•
Associate Network Engineer Apr 2020 – Jul 2021 Hyderabad, India Contributed to router and switch rollouts by performing baseline configurations, VLAN setups, trunking, and access security for• branch offices.
Assisted in resolving routing protocol incidents (RIP, OSPF, EIGRP), minimizing downtime during network outages.•
Delivered Tier 1/2 support for DHCP, DNS, NAT/PAT, and subnet escalations, ensuring smooth internal connectivity.•
Helped scale Cisco ASA firewall policies and VPN services to support remote workforce expansion during the COVID-19 transition.• Managed Infoblox IPAM tasks, including IP allocation and DNS/DHCP updates, reducing address conflicts and improving record• accuracy.
Investigated latency and traffic anomalies with Wireshark/TCPDump, assisting in root cause analysis for connectivity issues.•
Monitored performance with SolarWinds SNMP alerts, flagging bandwidth bottlenecks for further optimization.•
Maintained network diagrams, troubleshooting guides, and cabling standards, ensuring operational readiness and smoother audits.•
Projects
Campus Network Design and Implementation
Designed and simulated a scalable enterprise campus network using Cisco Packet Tracer, implementing VLANs, STP, OSPF, and inter-• VLAN routing for segmentation and redundancy. Integrated DHCP and DNS services to enable dynamic IP management and name resolution. Configured ACLs and NAT for secure Internet access, ensuring policy-based traffic control. Conducted end-to-end testing with Wireshark to validate connectivity, redundancy, and failover scenarios, demonstrating industry best practices in LAN/WAN design, security, and troubleshooting.
Hybrid Cloud Network Security Implementation
Led • the integration of on-premise data centers with AWS and Azure using site-to-site VPN and ExpressRoute for secure hybrid connectivity. Configured BGP routing for redundancy, deployed Palo Alto firewalls with SSL/IPsec VPNs, and enforced Cisco ISE-based RBAC for endpoint authentication. Implemented VLAN segmentation and QoS for VoIP and collaboration traffic, reducing latency and congestion by 30%. Leveraged SolarWinds and Splunk for monitoring, building proactive dashboards to enhance visibility and reduce MTTR by 25%.
Masters in Computer Science Aug 2023 – May 2025 Missouri USA
University Of Central Missouri
Contact this candidate