Security Engineer Network
Resume:
Ganesh Vuppala
*************@*****.***
Senior Network Security Engineer
SUMMARY:
8+ years of experience on Network Engineer with routing, switching and Data center environment and configuring of networking system on both cisco and Juniper networks.
Configuration, Troubleshooting and Maintenance of Palo Alto firewalls PA-2k, PA-3K, and PA-5k, 7k series.
Experience in designing, configuring, and managing Fortinet firewall 7081F, 7121F solutions to safeguard network infrastructure against cyber threats.
Strong hands on experience in layer 3 Routing and layer 2 switching, Dealt with Nexus models like 9k, 7k, 5k, 2k series.
Experience configuring & troubleshooting routing protocols like RIP, OSPF, BGP, and EIGRP.
Worked on Cisco 7200, 3800, 3600, 2800, 2600, 1800 series routers and Cisco 2900, 3500, 4500, 5500 switches.
Configuring VIPs in Load balancers/NetScalers for postal Infrastructure in support of Cisco ISE, Analyzing packet capture via Wireshark.
Implemented SD-WAN solutions utilizing Viptela and Versa technologies to enhance efficiency and scalability across enterprise LAN and WAN environments.
Experienced in integrating Cisco ACI with third-party security solutions for comprehensive threat protection.
TECHNICAL SKILLS:
Network Management tools
Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime
Firewall
Fortinet (FortiGate) Firewall (1000F, 2600F, 3500F, 7081F) Palo Alto (PA-850, PA-3420, PA-5260, PA-7050, PA-7080), Cisco Firepower, ASAS and Juniper SRX series.
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering and Static Routing
Switches
Nexus 2k, 5k, 7k, Arista switches, Catalyst switches and Juniper switches.
Wireless
Cisco Meraki, Aruba wireless.
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
LAN Technologies
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, WLC.
Load Balancers
F5 Networks (Big-IP) LTM 6400
CERTIFICATIONS:
CCNA - CISCO Certified Network Associate
CCNP - CISCO Certified Network Professional
Professional Experience:
ADP, NJ Feb 2024- Present
Sr. Network security Engineer
Responsibilities:
Experienced in deploying and maintaining ACI fabric access policies, including VLANs, VRFs, and security groups, to control traffic flow and access.
Implemented shared-services architecture within Cisco ACI, facilitating inter-VRF communication to enhance network efficiency.
Review firewalls to find and remove unused firewall address objects and security polices using the Firemon Policy Optimizer tool.
Implemented Fortinet's advanced threat prevention capabilities encompassing intrusion prevention, antivirus, and application control, ensuring comprehensive security measures.
Deployed FortiManager to streamline management and policy enforcement across a multi-site network featuring FortiGate firewalls 7081F and 7121F.
Ensured secure integration of OT and IT environments by deploying and configuring Fore Scout to monitor and control access between the two domains.
Designed and implemented OT/IT integration solutions, leveraging Fore Scout Counteract to bridge operational technology (OT) and information technology (IT) networks securely.
Responsible for using Firemon App a management tool that allows you to make changes to all firewall policies on your network Integrated our ASAs and FTDs with Firemon.
Conduct comprehensive vulnerability assessments to identify potential security risks and prioritize patching activities based on criticality.
Integrated FortiAP access points with FortiGate firewalls to establish secure wireless access, prioritizing reliability and safeguarding network integrity.
Strong hands on experience in layer 3 Routing and layer 2 switching, Dealt with Nexus models like 9k, 7k, 5k, 2k series.
Upgraded load balancers from Radware to F5 BigIP v9 which improved functionality and scalability in the enterprise.
Demonstrate the ability to respond promptly to critical security vulnerabilities by initiating emergency patching procedures and coordinating with stakeholders to mitigate risks
Responsible for implementation of NAC, Vulnerability assessment, and IPS/IDS products. All Products are completely Open source Postgres, SQL, Linux 2.6 Kernel, and Python scripting languages.
Configured Citrix NetScaler Load Balancer to provide local and DR site Load Balancing.
Perform Configuration changes on BIG IP (F5) Load balancers and also monitored the Packet Flow in the load balancers.
Working with F5 load balancers and firewalls such as Cisco ASA, Palo Alto.
Experience in conducting security assessments and audits using Cisco Firepower SM-56 Management Center (FMC), identifying vulnerabilities and recommending remediation measures.
Experience in performing firewall rule audits, security assessments, and penetration testing on Cisco Secure Firewalls 3105 to identify vulnerabilities and strengthen network defenses.
Experience in configuring, diagnosing, and supervising Palo Alto Firewalls 5400 and 3220 through the centralized management tool Panorama M-500.
Upgraded load balancers from Radware to F5 BigIP v9 which improved functionality and scalability in the enterprise.
Experience in performing assessments of security policy rules to detect and remove redundant rules, thereby optimizing the efficiency of Palo Alto firewall policy enforcement.
Deployed and managed Palo Alto PA-7000, PA-5000, PA-3000 to safeguard data center integrity, extending support for routers, switches, and firewalls.
Collaborated closely with interdisciplinary teams to address intricate network security hurdles, using Palo Alto firewall logs and reports.
Experienced in using Infoblox Threat Intelligence feeds to proactively identify and block malicious domains, IP addresses, and DNS queries, enhancing overall threat detection capabilities.
Conducted risk assessments and implemented risk mitigation strategies for OT/IT integration projects, leveraging Fore Scout to identify and address vulnerabilities.
Maintain detailed documentation of patching activities, including patch status, deployment schedules, and post-deployment evaluations. Generate reports to communicate patch compliance and overall network security posture.
Installed and configured Cisco ASA 5500 series firewall and configured remote access IPSEC AVPN on Cisco ASA 5500 series.
Deployed ClearPass Policy Manager and ClearPass Guest Access Manager to authenticate wireless users, in coordination with Aruba Virtual Mobility Controller and access points (such as Aruba 6000 controller, Aruba AP65, AP70, AP124, AP125).
Deployed Leaf-Spine topologies utilizing Arista switches, creating a network infrastructure characterized by high bandwidth and low latency to achieve optimal performance in the data center.
Developed monitoring tools using Python 3.x for the Network. Also developed deployment interface using Python 3.x for the network.
Worked primarily as a part of the Firemon security.
In depth knowledge of industry compliance standards and integrated appropriate controls within Active Directory to ensure adherence to regulatory requirements.
Implemented Viptela SD-WAN with cloud services to expand the advantages of SD-WAN to applications and resources hosted in the cloud environment.
Configured peering Access Control Lists (ACLs), and established AVPN Tunnels involving EC2 instances, VPCs, S3 buckets, Route53, and other AWS networking elements.
Implemented BGP peering to establish connectivity between the on-site data center located in Newark and the AWS cloud.
Deployed health monitors on F5 VIPRION 2400, 4400, and 4800 to systematically monitor the status of backend servers, automatically rerouting traffic away from unhealthy servers.
Experience in implementing F5 iRules to customize traffic management and security policies on BIG-IP platforms, providing granular control over application traffic.
Configuring and optimizing F5 VIPRION to efficiently manage and distribute application traffic, enhancing performance and reliability.
Florida Blue, FL Dec 2022 – Dec 2023
Sr. Network security Engineer
Responsibilities:
Implemented and fine-tuned AVPN (Virtual Private Network) connections on FortiGate, guaranteeing secure communication channels for remote offices and users.
Implemented and managed firewall policies on FortiGate 3000F devices, monitoring both inbound and outbound traffic to protect the organization's network infrastructure.
Deployment of FortiGate firewalls 3200F across diverse network topologies, including single firewall setups, high availability clusters, and virtualized environments.
Implemented IPS (Intrusion Prevention System) and antivirus scanning on FortiGate 1000F firewall to proactively detect and block malicious network traffic and malware threats.
Designed and deployed scalable network architectures utilizing Cisco routers to optimize data transmission and ensure robust connectivity.
Citric NetScaler 9.3 to 10.1 firmware upgrade experience in Citrix NetScaler application delivery controller.
Support for z/OS installation, maintenance, control, and update of the Control report retention files.
Setup and configured Citrix NetScaler for use with mobile devices, and configured ICA Proxy, virtual servers, SNIP, VIP, etc.
Provide Load Balancer expertise on F5 BigIP LTM and GTM devices like 7050 and 2200 and Troubleshoot application slowness.
Upgrade multiple development environments on mainframe z/OS platform, including programs, database structures (IMS/ DB2/ VSAM), JCL, Bind Packages/ Bind Plans, etc.
Hands-on experience in setting up and resolving issues with Juniper SRX 4300 and SRX 2300 firewalls, combined with direct engagement with customers in a service/support context.
Implemented and configured Panorama to streamline the oversight and regulation of multiple Palo Alto firewalls, guaranteeing uniform policy enforcement throughout the network.
Experience in crafting and implementing scalable security frameworks utilizing Palo Alto Panorama, adeptly overseeing vast and intricate network landscapes.
Provisioned using Ansible as configuration management tool and use it to automatically deploy applications to fresh/newly built VM during startup time.
Exchange 2010, Office365 admin, Intune, Azure, AIP, RM, Office 365 mailbox migration and endpoint deployment.
Applied network segmentation strategies to segregate OT and IT networks, minimizing risk and enhancing security postures using Fore Scout’s capabilities.
Configured firewalls with Palo Alto PA-3430, PA-5250, PAN-PA-7000-DPC-A, and various Panorama models from the 100 and 500 series (running PAN-OS 8.6).
Installations and customization of z/OS operating system and components.
Configured dynamic address groups and security policies on Palo Alto Panorama to automate threat response and adapt to changing network conditions in real-time.
Proficiency in various infrastructure activities like Continuous Deployment, Application Server setup, Stack monitoring using Ansible playbooks and has Integrated Ansible with Jenkins.
Achieved comprehensive visibility and control over OT and IT devices by integrating Fore Scout, enabling real-time monitoring and automated response to potential threats.
Configured and optimized Cisco Firepower 4115 and 1120 Next-Generation Intrusion Prevention System (NGIPS) for real-time threat mitigation and proactive security initiatives.
Implemented DNS Security Extensions (DNSSEC) via Infoblox to safeguard the integrity of DNS data, mitigating potential risks linked with DNS spoofing or cache poisoning attacks.
Implemented Cisco ISE deployments designed to be scalable and resilient, effectively catering to the evolving requirements of the organization's network security framework.
Experienced in configuring and managing ISEC-specific security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), and access control systems.
Deployed vPC on Cisco Nexus 7000 switches to provide redundant links and eliminate single points of failure in the network architecture.
Installed and maintained SMTP on various MVS z/OS 1.8 systems.
Double hop NetScaler setup for remote logins to Citrix environment.
Configuring, maintenance, and upgrades on data center infrastructure, including Nexus 7k, 6k, 5k, 2k switches, and UCS systems.
Upgraded Citrix NetScaler Gateway from 10.0 to 10.5.
Perform configuration, maintenance, and upgrades on data center infrastructure, including Nexus 7k, 6k, 5k, 2k, and UCS.
NetScaler GSLB, HA, 2 factor token, EPA and AVPN functionality setup.
Integrated Viptela SD-WAN with cloud services to establish seamless connectivity, enabling effortless access to cloud-based applications for branch offices and remote users.
Implemented, and supervised SD-WAN solutions leveraging the Viptela architecture, enhancing network efficiency and simplifying operational workflows.
Implemented vManage, the central management and monitoring platform for Viptela SD-WAN, to monitor the performance of vEdge routers and vSmart controllers, while also generating detailed reports.
Worked on Cabling in IDF/MDF and in Data centers with Copper and Fiber.
Developed and deployed contract filters within Cisco ACI to govern and control communication between Endpoint Groups (EPGs) within the fabric.
Deployed and configured the Cisco ACI Multi-Pod architecture, expanding the ACI fabric across numerous data center pods.
Use Platinum for DB2 for z/OS software to perform other DBA related activities on DB2 objects.
Experience in troubleshooting and resolving issues on Cisco ACI fabrics, utilizing tools like Cisco APIC and ACI fabric analyzer to diagnose and rectify network anomalies.
Integrated F5 VIPRION with Splunk SIEM for centralized logging and correlation of security events, enabling proactive threat hunting and rapid incident response.
Configured F5 VIPRION with load balancing algorithms to distribute traffic evenly across servers, improving application availability and responsiveness.
Experience in designing, deploying, and managing F5 Big-IP solutions to optimize network traffic and enhance security.
Hands-on experience in Network Automation and Firewall Migration (FTD, FMC), including configuring on-site to cloud connectivity using AWS.
Configured and supervised AWS Network Load Balancers (NLB) to effectively distribute incoming application traffic among multiple targets.
Managed Cisco PIX firewall for ACL and AVPN, overseeing the migration of physical servers to the AWS data center.
Equifax, Ga OCT 2019 – Nov 2022
Network Security Engineer
Responsibilities:
Implemented Panorama Centralized Management of Palo Alto firewalls, including PA-500, PA-200, and PA-3060, to centrally manage the console, configure and update firewall core, and back up configurations.
Experience supporting EIGRP, OSPF, BGP based network by resolving level 2 & 3 problems of internal teams & external customers of all locations.
Experience working with F5 LTM 3600/6400 and GTM 2200/4200 in data center.
Deployment and Management of Bluecoat proxies in forward proxy scenario as well as for security in reverse proxy scenario.
Ensured compliance with industry standards and regulatory requirements for OT/IT integration by developing and enforcing security policies within Fore Scout.
Experience with configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (Module) for the Nexus 5000.
Implemented Check Point firewalls with Threat Prevention subscription to detect and block advanced threats such as malware and zero-day attacks.
Configured Cisco ASA firewall ACLs to restrict unauthorized access to network resources, enhancing security posture and compliance.
Deploying and decommission of VLANs on core ASR 9k, Nexus 7k, 5k and its downstream devices using Cisco ACI.
Hands-on experience in the connection of LAN MDF to IDF using Nexus 5000 series switches.
Configuring, troubleshooting, and maintenance of Cisco routers including the 2900 and 3900 series, ASR 1002/1004, as well as switches spanning the 3800, 6500, and 4500 series.
Configuration of the network stack from system to access to core services and validated existing network state using Ansible.
Worked on the connection of LAN MDF to IDF using Nexus 5000 series switches and Catalyst 3850 series switches.
Implemented Terraform for orchestrating and automating complex infrastructure configurations, promoting consistency and reliability across diverse environments.
Integrated Wireshark for packet-level analysis and interpretation, identifying anomalies, errors, or security threats within network traffic.
Implemented, configured, and supervised the Cisco Tetration platform to deliver comprehensive visibility, monitoring, and security for data center environments.
Experience in designing and implementing structured cabling systems to facilitate efficient data transmission and ensure network reliability.
Collaborated with cross-functional teams to align security policies and compliance requirements using Citrix NetScaler, in adherence to industry standards and regulatory mandates.
Conducted capacity planning and trend analysis utilizing historical data and analytics from SolarWinds to ensure scalability and efficient resource allocation.
Implemented Silver Peak's traffic steering and path conditioning capabilities to optimize application delivery across the network.
Configured and managed TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) to enable scalable and dynamic propagation of security policies across network devices.
Experience in deploying, diagnosing issues, and setting up Cisco Meraki Layer 2 and Layer 3 switches, incorporating various models like MS 225, MS 250, and MS 350.
Wipro, India Aug 2016 – Sep 2019
Network Support Engineer
Responsibilities:
Worked on creating new load balancing policies by employing BGP attributes including Local Preference, AS-Path, and community, MED.
Implemented new/changing existing data networks for various projects as per the requirement.
Switching related tasks included implementing VLANs and configuring ISL trunk on Fast-Ethernet and Gigabit Ethernet channel between switches.
Installation and configuration of Juniper M 120 multi service edge router and also MX 10 and MX 40 series routers in datacenter.
Hands on experience in Managing Data center starting from installation to decommission.
Contact this candidate