Security Engineer Palo Alto
Resume:
Sai Kiran Sanku
*****.*******@*****.***
Senior Network Security Engineer
SUMMARY:
8.5 year’s professional experience in Network Designing, Deployment, Configuring, Troubleshooting of Network Infrastructure and Testing of Networking System.
Managed multiple Palo Alto devices (PA-7000, PA-5000, PA-3000 series) firewalls and implemented threat prevention systems.
Working on FortiGate firewalls 7121F, 3200F, and 6300F, web filters policies were put into place to control web content, restrict access to dangerous websites, and enforce acceptable use guidelines.
Configured and managed DHCP services using Infoblox, ensuring efficient IP address allocation and management.
Experienced in various AWS Services (Elastic Load Balancing, Amazon Route 53, S3, EC2, and traffic routing).
Automated user administration using PowerShell scripts, Ansible, significantly enhancing directory management efficiency, accuracy, and reducing manual workload in large-scale enterprise environments.
Deployed Ansible Tower for centralized orchestration and reporting, allowing cross-team collaboration and secure execution of network automation tasks.
Worked on designing and deploying Viptela SD-WAN & Network migration from legacy WAN, also optimize and troubleshoot the SD-WAN networks for our users.
Configure and modify Cisco Nexus 9400, 7010, and 5548 switches to enhance network policy enforcement, traffic administration, and overall connection.
Working Knowledge with monitoring tools like Solar Winds and Network packet capture tools like Wireshark.
Technical Skills
LAN Technologies
SMTP, VLAN, Inter-VLAN Routing, VTP, STP, RSTP, Light weight access point, WLC.
Routing
RIPv2, OSPF, EIGRP, IS-IS, BGP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
Network Management Tools
Wire shark, Net flow Analyzer Net Scout, SNMP, Cisco Prime, Ethereal, HP open view
Load Balancers
F5 Networks (Big-IP) LTM 6400
LAN
Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet.
Firewall
Fortinet Firewall (60, 100, 1500D, 2000, 2500) Palo Alto (PA-500, PA-3060, PA-5060, PA-7050, PA-7080), Cisco Firepower, ASAS and Juniper SRX series
Cloud Technology
ATT Net Bond, Microsoft Azure, AWS EC2, VPC, IAM, S3, Route 53, ELB, EBS
Switches
Nexus 5k, 7k, 9k Arista switches, Catalyst switches and Juniper switches
Programming languages
ASSEMBLY, ASP, .NET, HTML, Python, Java, and Perl Script.
Operating systems
Windows XP/7/8/10, Windows Server 2003/2008, Mac OS and Linux.
Professional Experience
CVS Health, NY Oct 2024 to Present
Sr. Network security Engineer
Responsibilities:
Configured granular policies on Palo Alto firewalls based on application-specific behaviors and risks, ensuring precise detection and regulation of potential threats.
Installed and configured Palo Alto Networks firewall series (PA-5280, PA-5260, PA-7050) for application control, threat prevention, and perimeter security, enhancing the overall network defense strategy.
Analyzed firewall logs and refined policies using various tools, reinforcing the security posture by ensuring Palo Alto firewall policies are effective and up-to-date.
Developed and managed Palo Alto 7000 Series firewall configurations, bolstering network security frameworks to safeguard critical infrastructure.
Led the design and deployment of a comprehensive network security architecture, including firewalls, IDS/IPS, and VPNs, to secure both on-premise and remote access to critical infrastructure.
Integrated intrusion prevention, web filtering, application control, and antivirus capabilities into FortiGate firewalls as part of the UTM (Unified Threat Management) setup, ensuring comprehensive security coverage.
Configured, monitored, and maintained SevOne platform for real-time network performance monitoring and reporting, ensuring minimal downtime and optimal network health.
New Networking Concepts POC and Production Deployment- Cisco ACI, Cisco SDA, Palo Alto SASE, Palo Alto Prisma Configuration and Testing.
Created modular Ansible playbooks and roles for consistent configuration management across firewalls, switches, and routers, ensuring repeatability and reducing deployment time by 50%.
Implemented and maintained VPN configurations (IPsec, SSL VPN) on FortiGate firewalls, enabling secure site-to-site connections and remote management.
Administered and optimized Cisco voice applications including VXML gateways, VVBs, SIP proxies, and CUCM to support enterprise communication needs.
Migrated Fortinet firewall configurations (FortiGate 1800F, 200E, 3200F) to Palo Alto firewalls (PA-5410, PA-3220, PA-5280) including policy translation, NAT, IPsec VPNs, and post-migration validation.
Integrated Ansible automation with CI/CD pipelines, enabling version-controlled network configuration changes and seamless deployments in staging and production environments.
Configured advanced Palo Alto security features such as App-ID, Content-ID, Threat Prevention, and URL filtering to enhance perimeter security and threat mitigation capabilities.
Managed the deployment and integration of Cisco UCCE for enterprise contact centers, designing and configuring routing scripts, IVR systems, and agent desktop interfaces (Finesse/CTIOS) to streamline customer service processes and enhance agent productivity.
Designed and implemented Azure network security components including VNets, NSGs, Azure Firewall, Application Gateway, and UDRs for secure multi-tier cloud deployments.
Configured and managed Fortinet FortiGate series (4200F, 6500F, 7081F) for application control, threat mitigation, firewall security, and VPN services, aligning with enterprise security policies.
Enhanced FortiGate's IDS/IPS by developing signature-based detection and network attack mitigation strategies, ensuring real-time threat prevention.
Optimized cloud security frameworks by configuring cloud proxies to monitor and filter traffic in real-time, ensuring protection against malware and phishing threats in cloud environments.
Configured and optimized Viptela SD-WAN policies for traffic prioritization and application performance, ensuring alignment with organizational objectives and SLAs.
Integrated Palo Alto VM-Series firewalls within Microsoft Azure for centralized policy management and east-west traffic inspection across cloud-hosted workloads.
Led the deployment of SD-WAN solutions in new branch offices, facilitating a smooth transition to the Viptela SD-WAN environment with minimal disruption
Applied Zero Trust Architecture by segmenting Azure networks using NSGs, custom route tables, and Azure Policy to enforce least-privilege access control.
Integrated cloud proxy solutions such as Zscaler to provide secure internet access for remote employees while maintaining consistent security policies across hybrid and cloud environments.
Implemented proxy servers to safeguard enterprise networks by controlling web traffic, blocking access to malicious websites, and enforcing secure browsing policies across multiple regions.
Developed high-performance networking applications using Go, C, and C++ to optimize data throughput and minimize latency in Verizon's large-scale wireless network.
Implemented Zero Trust Network Access (ZTNA) principles within SD-WAN architecture, ensuring authentication and authorization of users and devices.
Led firewall migration and upgrade projects, including policy conversion using Check Point/FortiGate tools, optimizing ACLs, and validating post-migration security posture.
Worked on incident response and security monitoring, rapidly identifying and mitigating internal and external network threats, minimizing downtime and data breaches.
Designed and deployed Cisco ACI fabric, automating network provisioning and management, reducing new application deployment times by 40%.
Collaborated with cross-functional teams to troubleshoot and resolve network-related issues by utilizing SevOne’s advanced diagnostic features, significantly reducing incident resolution times.
Integrated third-party applications such as Appspace, eGain, Avaloque, and Calabrio with Cisco collaboration solutions to enhance functionality and user experience.
Configured application profiles and policies in Cisco ACI, ensuring consistent network behavior across data centers, which enhanced application performance.
Administered Check Point firewall infrastructures using SmartConsole and CLI, managing NAT/PAT policies, segmentation, and compliance-driven audits.
Engage the Cisco A2Q team in designing the UCCE solutions for the customers based on their business requirements and made sure design adhere to Cisco best practices.
Configured cloud-based firewalls and proxy servers to filter web traffic and mitigate security risks, ensuring secure browsing for employees accessing cloud-hosted applications.
Managed Cisco ACI tenants, VRFs, and bridge domains, optimizing network segmentation and improving security within the enterprise environment.
Upgraded Cisco 4500 to Cisco 3850 and documented the network diagram using MS Visio and design plan
Configured Cisco CSR for secure Azure cloud connectivity, enabling seamless integration between on-premise and cloud resources.
Built Python scripts to automate log parsing and alert generation for firewall and IDS/IPS systems, improving incident response time and reducing dependency on manual monitoring.
Bank Of America, TX Feb 2022 to Sep 2024
Sr. Network security Engineer
Responsibilities:
Integrated Palo Alto firewalls with Cortex XDR to enhance endpoint security and unified security detection, reducing incident handling time by 25%.
Developed and maintained standardized procedures for deploying and managing Palo Alto firewalls, ensuring reliable and secure network operations.
Automated firewall and SD-WAN policy deployment using Ansible Tower, Python, and Git for version-controlled, CI/CD-based network infrastructure changes
Developed and executed firewall migration testing scenarios covering high availability, failover, traffic steering, and policy enforcement to ensure seamless cutovers.
Configured Palo Alto firewalls (PA-7080, PA-5410, PA-3430) with App-ID to manage application usage, reducing bandwidth consumption by 50% for non-business-critical apps.
Monitored network traffic and mitigated security risks using Palo Alto Firewall management tools.
Configured FortiGate devices for data collection and analysis to investigate security incidents, provide compliance audits, and streamline network monitoring.
Regularly updated FortiGate firewalls (7121F, 2600F, 1000F, and 3200F) with risk-assessment techniques to protect against emerging threats.
Engineered hybrid cloud connectivity using Azure ExpressRoute, VPN gateways, and Cisco Viptela SD-WAN with integrated security controls and performance monitoring.
Conducted network performance monitoring and resolved connectivity issues to maintain seamless operations.
Translated business requirements into firewall and cloud network solutions, ensuring compliance with architecture standards and stakeholder expectations.
Deployed robust cybersecurity protocols, including user account management and access permissions, to secure critical resources.
Developed and maintained technical documentation for IT processes, policies, and troubleshooting guidelines.
Collaborated with both cloud and on-prem teams to design and implement scalable, secure network solutions using Palo Alto, Checkpoint, and FortiGate firewalls.
Integrated FortiGuard services with automated security updates and real-time threat analysis, enhancing the firewall's ability to detect and prevent new threats.
Conducted vulnerability scans, compliance audits, and real-time log analysis through integration with Splunk and Prisma Cloud SIEM for proactive threat response.
Implemented Fortinet Security Fabric on FortiGate firewalls for centralized management, visibility, and coordinated threat response across the network.
Monitored and analyzed Viptela SD-WAN performance metrics to ensure optimal operation and identify areas for network improvement.
Automated network inventory collection and compliance validation using Python and REST APIs, enhancing visibility and audit readiness for internal and regulatory requirements.
Enhanced security by integrating Viptela SD-WAN with existing security solutions like firewalls and SIEM systems, streamlining threat management.
Authored detailed HLD/LLD documents for Fortinet-to-Palo Alto conversion and Azure network security architecture, aligning with enterprise security frameworks and regulatory standards.
Executed SD-WAN deployment plans for new branch offices, ensuring smooth transitions and minimal disruptions in the Viptela SD-WAN environment.
Worked on Azure-based security architecture integration and DDI deployments, supporting dynamic IP allocation and access control in cloud-hosted environments.
Developed and implemented cloud security architecture leveraging cloud proxy solutions (e.g., Zscaler ZIA) to manage secure, scalable internet access for a global workforce.
Developed custom dashboards and reports to provide insights into network traffic, performance metrics, and SLA adherence, supporting proactive network management and troubleshooting.
Acted as an escalation point for complex production support incidents, resolving hardware and software issues and ensuring system uptime through effective troubleshooting.
Analyzed Cisco ACI telemetry to identify bottlenecks and optimize traffic flow for critical applications.
Configured and maintained hybrid network setups, ensuring high availability and redundancy between Azure cloud and on-prem data centers.
Enhanced security by implementing micro-segmentation policies within Cisco ACI to control east-west traffic in the data center.
Integrated Cisco ACI with legacy systems, enabling seamless communication across the entire network infrastructure.
Delivered proxy and network security solutions for securing e-commerce platforms, ensuring secure data transfer and safeguarding customer information through encryption and advanced security measures.
Configured AWS CloudWatch to monitor and gather data from various AWS services, providing real-time insights into network performance.
Designed and configured cloud proxy services to secure communications between on-premise data centers and cloud platforms like AWS and Azure, maintaining high availability and reliability.
Managed and maintained Cisco Unified Contact Center Enterprise (UCCE), CVP, CTIOS, Finesse, and CUIC, ensuring high availability and reliability of contact center operations.
Established secure and reliable connectivity between enterprise networks and AWS using AWS Direct Connect.
Provided advanced technical support and troubleshooting for iOS, macOS, and Windows devices, ensuring timely resolution of issues.
Designed and implemented IT infrastructure solutions to align with organizational needs, including disaster recovery plans.
Developed and maintained standard procedures for AWS CloudFront, including caching, data integrity, and necessary updates.
Migrated from legacy security appliances to Zscaler ZIA, ensuring granular policy enforcement, deployed Blue Coat proxies for web security, and utilized NGINX for API management, securing backend services with rate-limiting, access controls, and Web Application Firewall (WAF) for protection against cyber threats.
Enhanced network reliability by implementing new monitoring features on Cisco ASR 9901, 9902, and 9903 routers, improving proactive issue resolution.
Managed routine system administration tasks, including OS and application patching, upgrades, and backups, ensuring system stability and compliance.
Configured IPv6 on Cisco routers to ensure seamless dual-stack operations, securing network architecture to handle both IPv4 and IPv6 traffic.
Configured and setup Prisma tunnels for enabling the local internet break out for remote sites.
Worked with panorama for managing the Palo alto firewalls, and Prisma tunnels.
Designed and optimized firewall policies and VPN solutions to ensure secure communication between on-premise data centers and remote locations, while complying with industry standards such as PCI-DSS.
Salesforce, India Jan 2019 to Nov 2021
Network Security Engineer
Responsibilities:
Deploying, assessing, and selecting different routing protocols, including RIP, OSPF, EIGRP, and BGP ability to identify and resolve difficult network database issues.
Using Splunk to create a DNS reaction tracking system and search for patterns that might indicate malware attacks or command-and-control (C2) operations taking place on web pages.
Developed and maintained TCP/IP network documentation, including addressing schemes, subnet masks, and routing protocols, ensuring accurate and up-to-date network configurations.
Deployed and managed Varonis specifically Data Governance, Data Advantage and Data Alert modules in complex environments.
Work on Physical site Inventory verification, gather information of various Cisco Network devices and Security Devices to develop Run book and Spec Book.
Integrated internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
Wipro, India
Network Support Engineer Feb 2017 – Dec 2018
Responsibilities:
Designing and deploying EIGRP, OSPF, BGP, MPLS- VPN protocols and routing technologies for connecting data center to remote locations.
Planning Designed Implemented Network and System infrastructure configuration and testing documented system configuration and infrastructure information.
Implemented the BCP business continuity plan for provisioning the overall IT backup system for UNDP.
Worked with GPMC tool and Local Security policies to maintain domains and authenticating the users.
Conducted post-deployment validation and testing to confirm coverage, throughput, and client roaming behavior met design standards.
Education:
Bachelors in Computer Science / India.
Certifications:
Cisco Certified Network Professional (CCNP)
Palo Alto Certified Network Security Engineer (PCNSE)
Contact this candidate