Security Engineer Network
Resume:
VARDHAN THARLAPALLY
NETWORK SECURITY ENGINEER
************@*****.***
PROFESSIONAL SUMMARY:
Network Security Engineer with 6years of experience in designing, implementing, and optimizing enterprise-grade networks, specializing in routing and switching (Cisco, Juniper), SD-WAN, and data center fabrics (Cisco ACI, VXLAN). Proficient in BGP, OSPF, EIGRP, VLANs, STP, and TCP/IP, with a proven track record of maintaining 99.99% uptime across critical infrastructures. Skilled in diagnosing complex issues such as latency, packet loss, and routing errors using Wireshark, SolarWinds, and CLI-based troubleshooting. Experienced in hybrid cloud networking (AWS VPC, Azure ExpressRoute, Direct Connect) and automation with Python, Ansible, and Terraform, reducing manual processes by 70%. Adept in securing enterprise environments through Palo Alto, FortiGate, and Cisco ASA firewalls, NAC solutions (Cisco ISE, Aruba ClearPass), and micro-segmentation with Cisco ACI/VMware NSX, while leveraging SIEM tools for proactive threat detection and mitigation.
TECHNICAL SKILLS:
Network Tools: F5 (Big-IP) LTM 6400 Load Balancer, Meraki IDS/IPS, Cisco ISE NAC, Cisco ACI, IDS/IPS, WSS
Proxy,Zscaler, Aruba SD-WAN, Cisco Viptela SD-WAN, PRISMA SD-WAN
Security Tools: Securonix, Splunk, MS Defender Antivirus, EDR, SEP Antivirus, Solarwind, Beyond Trust Privilege access management, Saviynt Identity and access management IG, Qualys Vulnerability Management, CASB.
Firewalls: Fortinet FortiGate, Palo Alto, Cisco Meraki, Cisco Firepower, Cisco ASA and Juniper SRX series.
Network Management Tools: Wireshark, Netflow Analyzer (NetScout), SNMP, HP OpenView.
LAN Technologies: VLAN, Inter-VLAN Routing, VTP (VLAN Trunking Protocol), STP (Spanning Tree Protocol), RSTP, Lightweight Access Point, WLC (Wireless LAN Controller), Ethernet (IEEE 802.3), Fast Ethernet,
Routers and Switches: Cisco ISR, Cisco ASR, Cisco Nexus: Cisco Nexus, Cisco Catalyst, Cisco Meraki Switches.
Tools & Technologies: O365, Azure (vNet, ExpressRoute, Firewall, Security Center, DevOps), Intune (MDM), AWS, Active Directory, Symphony Summit ITSM, ServiceNow ITSM, Terraform, Ansible.
Compliance Standards: NYDFS, PCI-DSS, MAR, SOX
Programming Languages: PowerShell, Bash, Python, Linux CLI, SQL, KQL, C, C++ and HTML.
Operating Systems: Windows 7/8/10/11, Windows Servers, Mac OS and Linux.
Professional Experience:
Cigna Health Care / Network Security Engineer
Newyork, NYC December 2024 - Present
Responsibilities:
Developed security policies and defense mechanisms for Palo Alto PA-5450, PA-5410, and PA-3430 series firewalls to prevent potential intrusions and threats.
Configured Palo Alto Panorama 6.1.9 to manage rule sets, ensure up-to-date software and hardware, and protect privacy processes.
Enhanced Palo Alto firewall dashboards for real-time traffic analysis and rapid response to anomalies and security threats.
Monitored and assessed privacy and security standards to eliminate redundant data and optimize Palo Alto firewall deployments.
Implemented Azure Firewall policies and Network Security Groups (NSGs) to enforce segmentation and control east-west and north-south traffic.
Automated cloud infrastructure provisioning and policy enforcement using Terraform, Ansible, and Azure DevOps pipelines.
Involved in configuring custom security rules in Akamai WAF to block unauthorized access attempts and malicious traffic.
Set up adaptive rate-limiting policies in Akamai’s cloud firewall to throttle excessive requests from botnets and automated attacks.
Extended SD-WAN benefits to cloud applications and operations by integrating Viptela SD-WAN with cloud-based services.
Implemented IPsec security and multi-factor authentication within the Viptela SD-WAN architecture to ensure secure data transfers and network service reliability.
Configured Viptela SD-WAN for dynamic traffic rerouting from congested MPLS links to secondary broadband connections during peak times.
Enhanced connectivity by enabling inter-VRF communication within the Cisco ACI shared-services framework.
Established and managed security zones, VLANs, and VRFs in the Cisco ACI environment to monitor connections and meet accessibility standards.
Assisted in integrating Cisco ACI with VMM domains to proactively manage hybrid infrastructure policies.
Used Netmiko to collect device logs and status reports, enhancing real-time monitoring and network health insights.
Configured and maintained Cisco ISR 4221, 4331, and 4431 routers, addressing multi-layer issues and ensuring routine maintenance for optimal performance.
Conducted security assessments of Cisco routers to identify and mitigate potential vulnerabilities.
Configured security zones and policies on Juniper SRX 4200 and SRX 2300 firewalls to segment network areas and prevent unauthorized access.
Collaborated with team members to deploy, configure, and maintain Cisco Nexus switches (7018, 7010, 5548, 5600 series).
Enhanced security by integrating Cisco Nexus switches with intrusion detection systems, firewalls, and encrypted authentication protocols.
Configured IPsec VPNs on Cisco Nexus switches to securely connect remote and branch sites.
Integrated AWS CloudWatch Logs with Lambda functions to automate incident response and reduce MTTR.
Designed AWS Direct Connect links for dedicated, low-latency connectivity between on-premises data centers and AWS, boosting hybrid cloud performance.
Developed Python/PowerShell scripts to automate Azure resource management, IAM policy validation, and incident response workflows.
Hardened Azure environments by implementing role-based access control (RBAC), managed identities, and Key Vault for secret management.
Optimized disaster recovery and performance by configuring failover and load balancing in AWS Route 53 for high-availability applications.
Worked on Ansible for centralized device management, simplifying system configuration and monitoring across multiple sites.
Deployed and managed Arista switches (7170, 7170B, 7130, and 7280 series) for secure, high-performance enterprise network configurations.
Used Illumio ASP to analyze traffic patterns and software interactions, minimizing lateral movement and enhancing security posture.
Contributed to datacenter migration planning and oversight ahead of the AWS transition.
Used Terraform to enforce security policies, such as access control lists and firewall rules, ensuring compliance and minimizing misconfigurations.
Optimized SSL/TLS performance and reduced server load by configuring SSL offloading on the F5 LTM 7000 platform.
Monitored F5 GTM metrics to analyze DNS query patterns, optimize traffic flow, and troubleshoot issues for reliable global traffic management.
Enhanced network security through role-based policies and managed Aruba ClearPass for secure network access control.
AT&T / Senior Network Engineer
Brooklyn, NYC September 2023 – November 2024
Implemented and improved IPsec and SSL VPNs on FortiGate 1800F, 3200F, and 500E devices, enabling secure site-to-site connections and client internet access.
Deployed Fortisandbox for advanced threat detection, analyzing suspicious files in a controlled environment to identify and block zero-day attacks.
Strengthened the security posture by configuring and optimizing FTD policies, including malware protection, URL filtering, user authentication, and IPS.
Deployed robust APIs for seamless integration with orchestration and automation tools, enabling security policy automation on the Palo Alto PA-5000 series.
Equipped security teams using PA-5k with tools and visibility to support proactive threat hunting and thorough post-incident analysis.
Facilitated the creation of custom intrusion prevention system (IPS) rules on Palo Alto Firewalls, tailored to the organization's specific security needs.
Contributed to integrating FortiGate firewalls with Fortimanager and FortiAnalyzer, ensuring centralized configuration, management, and real-time monitoring.
Supported management and maintenance of real-time logging, alerting, and reporting on FortiGate 1500 series firewalls, improving visibility into network traffic and security events.
Assisted in integrating IPsec VPN with dynamic routing protocols like OSPF and BGP, enabling seamless and secure network routing.
Contributed to the configuration and management of Cisco ISE for network access control and policy enforcement.
Applied knowledge of securing Virtual Private Cloud (VPC) environments, including VPC peering, route tables, and secure internet gateway configuration.
Provided support in designing and managing Network Access Control Lists (NACLs), offering an extra layer of subnet-level security.
Worked on troubleshooting and resolving connectivity issues on Cisco ISR G2 (2900 and 3900) routers, using diagnostic tools to identify and address performance issues.
Implemented traffic engineering techniques on Cisco Nexus 9000 and 7000 series switches, including ECMP and link aggregation, to optimize real-time traffic distribution and enhance performance.
Developed and refined ACI filters to implement granular traffic control, enhancing segmentation and security.
Configured ACI policies to prioritize and manage QoS for critical applications, ensuring optimal performance and resource allocation.
Troubleshot Cisco ACI-related issues by leveraging real-time monitoring tools and logs for prompt resolution.
Contributed to implementing high availability and redundancy strategies within vBond Orchestrator to maintain uninterrupted SD-WAN operations during failures.
Supported audit report generation and tracking of DNS and DHCP activities on Infoblox, ensuring compliance with security policies and regulatory standards.
Assisted in deploying data encryption solutions (SSL/TLS, IPsec) to secure sensitive data during transmission and storage within ISEC environments.
Provided assistance in maintaining accurate inventories of Cisco Meraki devices, tracking serial numbers, warranties, and configurations in real-time.
Collaborated with the team to implement traffic steering policies in F5 GTM to direct traffic efficiently, maintaining optimal performance and QoS.
Coordinated with teams to configure SSL offloading on F5 GTM, reducing backend server overhead and enhancing encryption/decryption performance.
Helped ensure compatibility of Netmiko scripts across diverse platforms and OS environments, enabling seamless automation across heterogeneous networks.
India – Expleo / Network Engineer January 2020– July 2023
Tailoring firewall configurations and access rules based on the capabilities offered by legacy Checkpoint firewall.
Conducted routine maintenance, applying hotfixes, and managing software updates on older Checkpoint versions to ensure stability and security.
Worked on Checkpoint R series firewalls to secure remote access VPN connections.
Deployed and managed Cisco ASA firewalls, including Cisco ASA 5500-X Series (5506-X, 5508-X), to establish a protected network perimeter.
Established IPSEC VPN tunnels with ASA 5500 series Firewall between some branch offices & headquarters.
Worked in Configure DirectFlow on Arista 7050SX3 to offload the traffic from the Palo Alto/Checkpoint firewalls and use Arista EOS DirectFlow extension for applying the security policies on the network based out of band monitoring, deep packet inspection and other platform analysis.
Migrated the conventional remote sites with ISR routers with Viptela SD WAN and achieved elastic network connection through MPLS and internet.
Involved in configuration of Access List ACL to allow users all over the company to access different applications and blocking others.
Performed switching technology administration including VLANs, inter-VLAN routing, Trunking, STP, RSTP, port aggregation & link negotiation.
Configuring various advanced features (Profiles, monitors, Redundancy, SSL Termination, Persistence, SNATs, HA on F5 BIGIP appliances SSL termination and initiation, Persistence, Digital Certificates, executed various migration/upgrade projects across F5 and hands on with F5 BIGIP LTMs/EM.
Experienced in converting Cisco ACE load balancer to F5 LTM load balancer in data center environment.
Maintained secure connection using SSH and making MD5, Plain text in routing protocols like EIGRP, OSPF, RIP, HSRP, VRRP, GLBP.
Educational Details:
Bachelor’s in Information Technology (IT), SRM University, India .
Master's in Data Analytics / George Mason University, United states.
Certifications:
oCCNA
oCCNP
oAWS Cloud Practitioner
Contact this candidate