Post Job Free
Sign in

Security Engineer Senior Network

Location:
Chicago, IL
Salary:
100k
Posted:
September 10, 2025

Contact this candidate

Resume:

Prajval Gurrala

Senior Network Security Engineer

***************@*****.***

312-***-****

SUMMARY:

Senior Network & Security Engineer with over 8.6 years of experience in designing, implementing, and securing large-scale enterprise networks and cloud infrastructure. Expert in advanced firewall administration (Palo Alto, Fortinet, Cisco ASA, Check Point), SD-WAN (Viptela), and data center technologies (Cisco ACI, Nexus, Arista). Proven ability to automate network operations using Python, Ansible, and Terraform to enhance efficiency, reduce mean time to resolution (MTTR) by 40%, and enforce robust security postures. Adept at leveraging F5 LTM/GTM, Cloudflare WAF, and Illumio for zero-trust implementation to protect critical infrastructure across hybrid and multi-cloud environments (AWS, Azure). Certifications:

• Cisco certified Network Professional (CCNP)

• Cisco certified Network Associate (CCNA)

TECHNICAL SKILLS:

LAN Technologies: SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, WLC. Firewalls: Palo Alto Networks, Fortinet FortiGate, Cisco ASA firewalls, Checkpoint. LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet. Load Balancers: F5 LTM, GTM and BIG-IP, 2000, 3900, 5000, 6400, 6800, 8900. Monitoring&ManagementTools:SolarWindsNPM,NCM,IPAM,NetFlowTrafficAnalyzer,Panorama,FortiManager,F ortiAnalyzer,CiscoPrimeInfrastructure,Splunk,CloudWatch WAN Technologies: Frame Relay, ATM, MPLS, Leased lines & exposure to PPP. Switches: Nexus 9k/5k/7k, Arista switches and Juniper switches Cisco, Arista DCS and CCS Wireless: Cisco Meraki and Aruba Wireless.

Routing: RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering and Static Routing. WAN Technologies: Frame Relay, ATM, MPLS, Leased lines & exposure to PPP. Cloud services: AWS (VPC, Route53, Direct connect, Cloud front, Arista CCS, Cloud Watch) Scripting Languages: Python, Bash, Shell scripting, Terraform, Ansible Professional Experience:

BNY Mellon, NY

Sr. Network Engineer Oct 2023 - Present

Responsibilities:

• Configured and administered firewall rules on Palo Alto Firewalls, conducting thorough analysis of firewall logs via Panorama for comprehensive security monitoring.

• Extensive experience with Cisco IOS, IOS-XE, and NX-OS for routing, switching, and data center operations.

• Implemented and managed Cisco IPSEC VPN for the remote access connectivity from our remote branch offices to our HQ in NYC. Integrated Cisco VPN solutions with Active directory for centralized user authentication and access control.

• Hands-on with Catalyst, Nexus (3K, 5K, 7K, 9K), and ASR/ISR routers for core, distribution, and access layers.

• Deployed and administered IDS/IPS systems (e.g., Palo Alto Threat Prevention, Snort, Cisco Firepower) to detect, log, and block suspicious network activity in real-time.

• Proficient in configuration of L2/L3 protocols, VPC, HSRP, OSPF, EIGRP, BGP, and VRF.

• Familiar with Cisco ACI (Application Centric Infrastructure) and fabric provisioning using APIC.

• Monitoring and troubleshooting via NetFlow, SNMP, and Cisco Prime/DNA Center.

• Designed, implemented, and supervised firewall rule sets on Palo Alto to ensure strict adherence to security policies and efficient management of network traffic.

• Implemented in firewall administration, network and information security, network administration and related technical specialties of Palo Alto PA-5450, PA-5280, and PA-3430 firewalls.

• Configured Custom WAF Rules using Cloudflare’s firewall rule builder to detect and block application-layer attacks, reducing false positives by 30%.

• Integrated Cloudflare WAF with existing SIEM and SOAR platforms for real-time threat detection and automated incident response, reducing mean time to detect (MTTD) by 40%.

• Set up secure IPsec tunnels between vEdge routers and vSmart controllers to ensure encrypted communication across the SD- WAN infrastructure.

• Configured and administered dynamic routing protocols like BGP within the SD-WAN Viptela framework using vManage.

• Using Palo Alto’s Panorama centralization of authority system, enhanced tracking, analyzing and administration were achieved across many Palo Alto firewalls.

• Involved in Centralized supervision via Panorama was necessary for the deployment of Palo Alto cloud-based firewalls (PA- 7050, PA-5430, PAN-PA-5400-DPC-A, and PA-5280 series).

• Working on Palo Alto’s surveillance functions to successfully track IPsec VPN connection integrity and efficiency.

• Supported and integrated CI/CD pipelines to automate infrastructure provisioning, configuration, and deployment across development, testing, and production environments.

• Implementation of continuous operation and backup and restoration systems was facilitated by the grouping and switching features of F5 Viprion.

• Integrating appointment storage through the application of F5 iRules on Viprion, seamless demand transferring to the appropriate server infrastructure was ensured for consistent user interfaces.

• Implemented secure VPN connections via Viptela SD-WAN, establishing overlay networks to optimize data traffic.

• Successfully implemented and managed Arista CloudVision Portal (CVP) for centralized network management through automated zero-touch provisioning (ZTP) and configlet builder.

• Developed and implemented custom Python scripts for automated health checks and monitoring of Arista switches, reducing mean time to resolution (MTTR) for network incidents. Troubleshot and resolved critical EVPN/VXLAN issues in the leaf- spine fabric, utilizing advanced debugging techniques including packet captures, route analysis, and EOS show commands.

• Integrated Cisco ACI with Virtual Machine Manager Domains such as VMware vSphere or Microsoft Hyper-V, streamlining network provisioning and management processes through automation.

• Configured and oversaw tenant implementation within Cisco ACI, guaranteeing the organized distribution of resources and tailored policies for individual business units or clients.

• Implemented routine monitoring of the operational status of various components within the Cisco ACI fabric, including Spine switches, Leaf switches, and application endpoints.

• Implementing the Meraki MX64, MX65, and MX67 firewalls into various Meraki services, such as switches and connection points, resulted in a seamless and interconnected network architecture.

• Configured and secured Aruba switches and access points to ensure optimum network performance and adherence to corporate security policies.

• Using tools like Ansible to set up encryption processes, I was able to improve the setup and management of encoding rules across large networks.

• Improved data security and reliability by separating sensitive network traffic using VLAN segmentation on Cisco Nexus 5000 series switches.

• Worked with Nexus models like the 9300, 9400, 9800, and 9500 series, and maintain hands-on experience with layer 2 switching and layer 3 routing.

• Working on Cisco Nexus switches were used to implement segmentation techniques and access control procedures in order to maintain secure network restrictions.

• Monitored and analyzed application performance using F5 2000i, 4000i iSeries, troubleshooting traffic flows to resolve network bottlenecks and improve application delivery times.

• Used F5 iSeries for automated failover and redundancy, improving network resilience and reducing downtime for mission- critical applications by 40%.

• Developed and implemented access control lists (ACLs) and firewall policies on Cisco routers to enforce strong network security measures and mitigate potential threats.

• Implemented CIS benchmarks on Cisco router 8100, 8200, ASR 9902, 9903 configurations to align with industry-standard security guidelines, enhancing network security and compliance with regulatory requirements.

• Setting up the network design in AWS, which includes things like route table administration, NAT deployment, VPC setup, subnet structure, and Internet gateway installation.

• Set up VPN tunnels and put peering access control lists into place using AWS's EC2 instances, Virtual Private Clouds, S3 buckets, Route53, and other connection elements.

• Develop connectivity between the AWS cloud and the on-site data center located in Newark, BGP peering was implemented.

• Using Cisco Firepower 1150, 4112, and SM-48, custom intrusion rules were created and put into place to customize security measures for different network configurations.

• Working on Cisco Secure 3120 and 3105 Firewall integration, implemented regulations for tiny segments, which limited flexibility within the network, isolated critical resources, and reduced the attack surface.

• Utilized tools like Cisco Prime, FortiManager, and Ansible for automated patch deployment and configuration consistency across devices.

• Integrating the Cisco ISE services into use, which enhanced security tracking, centrally managed applications, acceptance, and service handling

• Collaborated with DevOps teams to implement Infrastructure as Code (IaC) using tools like Terraform, Ansible, and Jenkins for scalable, repeatable deployments.

• Conducted vulnerability assessments and applied necessary software and hardware updates to mitigate identified security risks and ensure compliance with industry standards.

• Implemented Illumio to set up zero-trust security measures on both on-premises and online systems by identifying usage requirements and monitoring and assessing network activity.

• Using ISEC tools (or appropriate vulnerability scanners), regular network scans were carried out in order to proactively find and address security flaws.

• Working on Infoblox DDI (DNS, DHCP, and IPAM) structures were created and maintained to guarantee dependable and efficient methods for network verification and confirmation.

• Monitored and optimized network performance using SolarWinds Network Performance Monitor (NPM), enabling proactive detection of latency and bandwidth issues across hybrid infrastructures.

• Utilized SolarWinds NetFlow Traffic Analyzer (NTA) to identify top talkers, monitor application traffic patterns, and isolate abnormal traffic sources in real-time.

• Configured custom alerts, dashboards, and reports in SolarWinds to monitor device uptime, interface utilization, and routing protocol health across core infrastructure.

• Integrated SolarWinds with ServiceNow for automated ticket generation based on predefined network thresholds, improving incident response time by 35%

ADP, NJ

Network Engineer Sep 2021 – Aug 2023

Responsibilities:

• Deployed Palo Alto's monitoring tools to track the status and performance of IPsec VPN tunnels effectively.

• Implemented and fine-tuned security zones and interfaces on Palo Alto firewalls like the PA-5250, PA5280, PA-3260 Series, enhancing segmentation and management capabilities.

• Used Panorama, Palo Alto's centralized management platform, for streamlined oversight, monitoring, and reporting across multiple Palo Alto firewalls.

• Deployed secure wireless access using Fortinet, seamlessly integrating FortiAP access points with FortiGate firewalls 200E, 100E, 1800F to ensure robust network security.

• Configured and supervised security policies across Fortinet firewall, FortiManager, and FortiAnalyzer, bolstering the overall security posture.

• Integrated Endpoint security solutions (e.g., CrowdStrike, Symantec, Microsoft Defender) with SIEM platforms for centralized monitoring and response.

• Worked collaboratively with peers to utilize FortiGate's SNMP monitoring and alerting capabilities, promoting proactive network management and swift incident response.

• Deployed and configured Cisco FTD appliances to provide integrated threat defense, enhancing network security and performance.

• Developed and deployed security policies across the FMC dashboard, ensuring consistent protection across the network.

• Deployed, and managed Cisco SD-WAN (Viptela) solutions, optimizing wide-area network performance and improving application delivery for remote branches and cloud services.

• Configured Viptela vEdge routers to implement secure, scalable SD-WAN architecture, ensuring encrypted traffic and optimized routing across hybrid WAN environments.

• Used Cisco SD-WAN (Viptela) to enforce application-aware policies, enabling dynamic path selection and improving performance for critical business applications by 30%.

• Integrated Cisco ACI with third-party security tools like Palo Alto Networks and F5 to extend policy enforcement and improve overall network visibility and threat detection capabilities.

• Implemented Cisco ACI’s role-based access control (RBAC) and security policies to limit user permissions and enforce the principle of least privilege within the data center.

• Monitored and analyzed network traffic using Cisco ACI’s Telemetry and APIC Dashboard, enabling proactive identification of security vulnerabilities and performance issues.

• Using REST APIs and Python to streamline backup configurations and system checks, the organization's productivity increased.

• Developed and utilized in deploying Aruba SD-Branch systems, which improved traffic flow and guaranteed secure branch- to-branch communication.

• Integrated VXLAN and EVPN to expand network flexibility and bandwidth; set up and maintained Arista 720D, 710P, and 5000 switches in centrally managed scenarios.

• Using the advanced capabilities of Cisco 8100, 8200, and 8600 ASR9k routers, I configured and oversaw extensive networks to ensure effective data processing.

• Configure Cisco 7600 series routers to build scalable and reliable network structures that adhere to requirements of service providers and large enterprises.

• Set up the Cisco Secure Firewall 4245 and 4225 monitoring and evaluation tools to monitor network usage, detect anomalies, and gather compliance data.

• Implementing Cisco Nexus 7000 switches, a virtual private cloud was installed to enable extra links and mitigate specific network structure flaws.

• Configuring, maintaining, and upgrading data center hardware, including Nexus 7018, 7010, 5548, and 5600 switches and UCS systems.

• Implemented security features on F5 2000r, 4000r rSeries, such as SSL/TLS encryption, advanced firewall policies, and DDoS mitigation, safeguard applications and network traffic.

• Deployed Global Server Load Balancing using F5 rSeries to ensure disaster recovery and optimal performance by intelligently routing traffic across geographically dispersed data centers.

• Configured and maintained high-performance load balancers, including F5 (LTM/GTM), Cisco ACE 2000/5000 series, and A10 3900/6400/6800/8900, ensuring optimal application delivery and uptime.

• Performed firmware upgrades, health checks, and failover testing for enterprise-grade load balancers, enhancing resilience and minimizing downtime.

• Integrated load balancers with WAFs, firewalls, and authentication systems (AD, LDAP) to support secure and scalable web services.

• Implemented Infoblox DNS firewall rules to prevent DNS tunneling attempts, strengthening the network's security stance.

• Developed and oversaw ISEC safety procedures, guaranteeing strong defenses against intrusion and illegal access.

• Experienced in writing Terraform configurations to deploy and configure security-related resources such as firewalls, VPNs, and access controls.

• Set up a Cisco ISE solution for a business client that accommodates wired, wireless, and VPN users by configuring access control devices.

• Deployed and managed AWS Network Firewall to monitor and control inbound and outbound traffic, enforcing advanced security policies and ensuring regulatory compliance.

• Implemented AWS IAM policies, roles, and multi-factor authentication (MFA) to enforce the principle of least privilege and secure access to critical cloud resources.

• Configured AWS Security Hub to centralize security posture management and automate threat detection across multiple AWS accounts, improving incident response time by 30%.

• Enhanced vulnerability remediation processes by integrating IAVA bulletins into SolarWinds monitoring workflows for real- time alerting and mitigation tracking. Configured AWS Security Hub to centralize security posture management and automate threat detection across multiple AWS accounts, improving incident response time by 30%.

• Deployed SolarWinds IPAM and NCM modules for centralized IP address management and automated configuration backups, ensuring audit compliance and disaster recovery readiness.

• Developed network topology maps using SolarWinds Orion, visualizing WAN and LAN interconnections across data centers and remote branches.

• Created SolarWinds alert tuning policies to reduce false positives, increasing signal-to-noise ratio for actionable incidents in the NOC environment

Accenture, India

Network Administrator Jan 2017 – Aug 2021

Responsibilities:

• Configured Checkpoint Firewall using the Smart Dashboard NGX R70, R81, R80.20 software and connecting via Smart Center management. Authentication is done using an RSA SecurID.

• Troubleshooting and Configuration of Cisco ASA 5580, 5540, FWSM, firewalls for all the agencies connecting to City net.

• Troubleshooting and monitored routing protocols such RIP, FTD, OSPF, and EIGRP & BGP.

• Skilled in designing and implementing SD-WAN policies to prioritize critical traffic and improve overall network efficiency.

• Knowledgeable in troubleshooting cabling issues and performing cable testing to ensure adherence to industry standards.

• Skilled in load balancing and content caching with NetScaler to improve application performance and availability.

• Experienced in filtering and searching packet captures in Wireshark to isolate specific network events and anomalies.

• Skilled in creating custom alerts and reports in Solar Winds to proactively identify and mitigate security vulnerabilities and performance issues.

• Working knowledge in troubleshooting TrustSec deployments and resolving policy enforcement issues to maintain network security posture.

• Experienced in leveraging Tetration's analytics and machine learning capabilities to identify anomalous behavior and security risks within the infrastructure.

• Configuring, troubleshooting, and maintenance of Cisco routers including the 2900 and 3900 series, ASR 1002/1004, as well as switches spanning the 3800, 6500, and 4500 series.

• Monitored including a weekly review of log files, reports, weekly knowledge Base updates, etc., to determine the health and performance of secures appliances.

• Involved in L2/L3 Switching Technology Administration including creating and managing VLANs, Port security, VTP, STP, Inter VLAN routing, LAN security.

Education: -

Masters in computer science information system / Concordia University Wisconsin 2025, USA



Contact this candidate