Network Security Engineer

Lakshmi Daka

Network Security Engineer

*******.******@*****.***

+1-410-***-****

SUMMARY:

●Over 8 years of experience in designing, implementing, and managing network security and enterprise infrastructures across on-premises, hybrid, and cloud environments.

●Expertise in Next-Generation Firewalls (NGFW) including Palo Alto (PA-3430, PA-4000, PA-5450, PA-5060), FortiGate (1800F, 3200F, 500E), Cisco Secure Firewall (3105, 3110, 4200), and Juniper SRX series, ensuring high availability, threat prevention, and compliance.

●Skilled in Panorama, Zscaler ZIA/ZPA, Akamai WAF/API Gateway, Cisco ISE, Infoblox DNS, and advanced authentication techniques to enhance enterprise security posture.

●Strong background in LAN/WAN design and troubleshooting, including MPLS, BGP, OSPF, IPsec VPN, and IPv6 migration using Cisco ASR, ISR, Nexus, and Aruba switching platforms.

●Experienced in deploying SD-WAN solutions (Cisco Viptela, Versa), optimizing application performance, reducing WAN costs, and integrating hybrid cloud connectivity via AWS Transit Gateway, VPN, and Direct Connect.

●Proficient in AWS cloud networking, including VPC, Subnets, Route Tables, Security Groups, CloudWatch, and Flow Logs to ensure secure and efficient cloud environments.

●Hands-on experience with F5 BIG-IP (LTM, GTM, Cloud Edition) for global load balancing, application delivery, and performance optimization.

●Expertise in Cisco ACI multi-site deployments, automating configurations using Ansible and Python for improved operational efficiency and compliance.

●Experienced in enterprise WLAN deployments using Cisco and Aruba wireless solutions, implementing RF planning, spectrum analysis, and secure authentication (802.1X, WPA3, ClearPass, ISE) in high-density environments.

●Skilled in monitoring, log analysis, and incident response using SolarWinds, SIEM, Wireshark, Infoblox DNS statistics, ensuring proactive threat detection and remediation.

●Proven ability to develop zero-trust architectures, automate operations, reduce downtime, and improve network performance for large-scale enterprise environments.

●Adept at collaborating with cross-functional teams, aligning network and security strategies with organizational goals, and supporting mission-critical operations

TECHNICAL SKILLS:

Firewalls & Security

Palo Alto (PA Series, Panorama), Cisco ASA & Secure Firewall, Fortinet FortiGate, Juniper SRX, Check Point, Zscaler (ZIA/ZPA), Akamai WAF/API Gateway

Cloud & Virtualization

AWS (VPC, Transit Gateway, Direct Connect, CloudWatch), OpenStack, F5 BIG-IP (LTM, GTM, Cloud Edition)

SD-WAN & WAN

Cisco Viptela, Versa, Silver Peak, MPLS, IPsec VPN, BGP, OSPF, EIGRP

LAN, Data Center & Wireless

Cisco Nexus & ASR, Cisco ACI, VLANs, STP, IPv6, Cisco/Aruba Wireless, Cisco ISE, Aruba ClearPass

Automation & Scripting

Python, Ansible, Netmiko, Network Automation, Compliance Validation, SIEM Integration

Load Balancers

F5 Networks (Big-IP) LTM, GTM.

Professional Experience:

Fidelity Investment, TX

Network security Engineer Feb 2024 - Present

Responsibilities:

●Implemented in configuring VPNs, Palo Alto firewalls (such as the PA-3430, PA-4000, and PA-5450 series), and high-reliability internet connection.

●Configure Palo Alto Firewall surveillance to maintain updated out for strange movement, identify possible security risks, and analyse internet activity.

●Developed and implemented security procedures, connected to Panorama, and performed device assessments to provide dependable and adaptable Palo Alto firewall management.

●Implemented API protection policies using Akamai’s WAF and API Gateway, enforcing schema validation, rate limiting, and JWT-based authentication.

●Integrated Akamai Edge Security Connector (ESC) to forward WAF logs directly to internal security tools and enhance incident response capabilities.

●Implemented of additional security-related devices, Infoblox structures, DNS firewalls, and business process construction.

●Developed the ISEC software to provide a comprehensive safety strategy that includes continuous tracking, risk analysis, incident handling, and threats analysis.

●Implemented current knowledge of changes, maximizing system performance, and refining the program's structure are all necessary to create the Cisco Identity Services Engine (ISE).

●Using upgrades on the Cisco Secure Firewall 3105, 3110, and 4200 control centres for threat identification and unified rule administration, emergencies increased by 40%.

●Working on SD-WAN routers can be implemented and integrated using Cisco's Viptela structure, while additional elements need to be modified.

●Using and presenting SD-WAN data to track and evaluate the network's efficiency and quickly find and address problems.

●Installing more than 500 routers and several SRX 4100, SRX 3800, SRX 1600, and SRX 550 devices on Juniper networks.

●Using Cisco routers from the ASR 9903, 9904, 9912 series, the adaptable open layer infrastructure lowers operational expenses and provides internet access to remote sites.

●Integrating Cisco router features like 6 to 4, Dual Stack, and NAT64 made the process of switching from IPv4 to IPv6 simpler and had no effect on systems that were already operational.

●Configuring and troubleshooting VPN and wide-area MPLS services on Cisco routers to deliver reliable and safe broadband.

●Implemented flexible operations and efficacy through the creation and implementation of Cisco ACI layer for a flexible, policies cloud networks.

●Configured uniform setups and easier maintenance, Cisco ACI Multi-Site Symphony was developed to administer and manage rules across various data centres.

●Worked on F5 BIG-IP Cloud Edition has been set up for managing application resources in both private and public cloud settings.

●Improved availability and service uptime by implementing F5 LTM and GTM logs and analytics for thorough solving issues for software bottlenecks.

●Installed AWS Transit Gateway to effectively route traffic between several VPCs and on-site networks by managing and streamlining intricate network structure.

●Utilized AWS Cloud Watch and AWS VPC Flow Logs for tracking system safety and efficiency, assuring uninterrupted service and prompt problem-solving.

●Involved in using OpenStack connectivity updates to replace standalone Cisco Nexus 9300, 9400, 9500 and 9800 series switches in order to maximize setup diversity and effectiveness.

●Developing and updating of exact documents for Nexus switch areas, network architectures, and security regulations improved data transport and applications.

●Develop enhanced authentication procedures and extra security measures, such as multiple-layer authorization for Active Directory and internet transactions.

●Configured, deployed, and troubleshot enterprise-grade wireless networks using Cisco and Aruba access points, controllers, and monitoring tools.

●Optimized WLAN performance by implementing RF planning, spectrum analysis, and proactive issue resolution in high-density environments.

●Integrated wireless infrastructure with authentication solutions like Cisco ISE and Aruba ClearPass for secure network access.

●Developed and maintained Ansible playbooks and Python scripts to automate configuration deployment, reducing manual effort and errors.

●Integrated automation pipelines for network device configuration and compliance validation, improving operational efficiency.

●Implemented automated monitoring and alerting solutions, ensuring real-time visibility and faster incident response.

●Configured and managed Zscaler Internet Access (ZIA) policies for secure web filtering, SSL inspection, and user-based access control.

●Integrated Zscaler with identity providers (IDP) and endpoint security tools to enhance secure remote access.

●Monitored and analyzed Zscaler logs to identify potential threats, optimize policies, and ensure compliance with organizational security standards.

UHG, NY

Network Security Engineer March 2020 – Dec 2023

Responsibilities:

●Configured the most recent Palo Alto Networks rules and technology to ensure that cutting-edge security measures were constantly accessible.

●Working Panorama to monitor the organization, placement, and design of Palo Alto 5060 machines in servers and to schedule, control, or approve internet access.

●Developed the track of modifications made to the Palo Alto Next-Generation firewalls, PA-3430, PA-5430, and PA-5260, to improve their proficiency with SD-WAN interfaces and procedures.

●Installed and implemented FortiGate firewalls in compliance with company standards and particular safety requirements.

●Setting up IPsec site-to-site VPN connections with FortiGate developments, such as the 1800F, 3200F, and 500E series, and FortiManager 300D.

●Configured and managed AWS networking services including VPCs, Subnets, Route Tables, Security Groups, and Internet/NAT Gateways for secure and optimized cloud environments.

●Implemented hybrid cloud connectivity using VPN and Direct Connect, ensuring secure integration between on-premise and AWS environments.

●Configured security measures, such as teams, firewall restrictions, and storage, were created and implemented to safeguard apps and data on SD-WAN Viptela systems.

●Using vBond the developer, a crucial SD-WAN element, enabled the secure verification of endpoint activities related to network-based activities to be implemented.

●Implement established procedures and guidelines to look into safety concerns, reduce risks, and get regular Cisco ACI deployments back up and running.

●Developed Python scripts to automate Cisco ACI fabric tasks, such as EPG creation and health monitoring, improving operational efficiency by 20%.

●Using techniques to repair and substitute Active Directory Domain Services, with a focus on lowering the risk of outages and knowledge lost while ensuring dependability and planning recovery measures.

●Implemented end-user experience by deploying F5 GTM to direct users to the fastest data center, reducing page load times by 2 seconds on average.

●Monitored F5 BIG-IP performance using built-in dashboards and third-party tools like SolarWinds, ensuring optimal throughput and availability.

●Configure Ansible to continually detect and address prevalent issues, including excessive CPU utilization or network difficulties, to improve visibility and dependability.

●Utilizing your expertise using Netmiko-based asset automation methods to create feasible plans for big systems and multi-site deployments.

●Utilize Infoblox DNS traffic statistics to analyze unusual trends, possible threats, and other information that can help improve the effectiveness and security of the internet.

●Implementing strict safety requirements and controlling entry through the use of Cisco ISE's rules collection influence and prepared authentication.

●Using tracking and preventative measures, the ISEC structure can identify and thwart efforts by malware, unidentified individuals, and dubious network behavior.

●Configured and maintained Zscaler Internet Access (ZIA) and Private Access (ZPA) for secure remote connectivity and web filtering.

●Integrated Zscaler with identity providers (IdP) for single sign-on (SSO) and enforced user-based access policies.

●Configured and managed WAN connectivity using MPLS, BGP, OSPF, and IPsec VPN tunnels to support multi-site enterprise networks.

●Implemented SD-WAN solutions (Cisco Viptela/Versa) to optimize application performance and reduce WAN costs.

●Troubleshot high-priority WAN issues (latency, packet loss, link failures) ensuring minimal downtime and SLA compliance.

●Involved in safety measures that instantly detect and stop potentially dangerous activities are built into Cisco routers from the ISR 4221, 4331, and 1120 series, preventing malware assaults.

●Added alerting signals to Cisco routers for detecting new threats, enhanced defences towards atypical incidents, and enhanced firewall settings on a regular basis.

●Implementing firewalls from the Juniper SRX 5800, SRX 5400, and SRX 4700 series will provide complete defence against intrusions and secure boundaries for commercial networks.

●Integrating safeguards like Proactive ARP Analysis and IP source encrypts into Cisco Nexus 7010, 7018, 5548 and 5600 series switches, Layer 2 threat threats are reduced.

●Configured the capacity to find security holes in Cisco Nexus devices and apps so that they may be fixed during management and deployment.

●Deployed and managed enterprise WLAN infrastructure using Cisco and Aruba Wireless Controllers, ensuring seamless connectivity across multiple sites.

●Performed troubleshooting of wireless access points, RF coverage issues, and authentication failures to maintain optimal network performance.

●Configured and monitored wireless security policies including WPA3, 802.1X authentication, and rogue AP detection.

●Designed, configured, and maintained Layer 2 and Layer 3 network infrastructure using Cisco and Aruba switches.

●Implemented VLANs, STP, EtherChannel, and Port-Security to ensure secure and efficient LAN operations.

Poineer Technologies, India

Network Engineer Nov 2017 – Feb 2020

Responsibilities:

●Set up the danger identification and mitigating capabilities of ASA 5585, 5580, 5540, 5520, and 7510, including Bot networks Activity Analyzer and System-based Activity Awareness to improve network security.

●Increased Infoblox Threats Analysis information transfer capacities and enhanced DNS dependability methods allow for the prohibition of illegitimate websites and web addresses.

●Setting up and managing firewalls, such as VPNs, ACLs, Web Proxy, R80.10, R80.20, and R77.30 IDS/IPS checkpoints, as well as broadcast security programs.

●Install attack protections on Check Point 5800 firewalls to block access to nefarious web pages, so avoiding malware infections and data theft.

●Install Cisco Tetration on a device to check network links, monitor traffic patterns, maintain monitor out for any odd behavior that might indicate a safety concern or regulatory infraction.

●Utilizing TrustSec, a system was developed that employs software-determined splitting, or SD-Seg, to prevent attacks in the network's operating zones.

●Hands-on experience installing, maintaining, and identifying Cisco ASA firewalls furthermore, ability to mentor IT personnel and other relevant parties.

●Integrated Wireshark with SIEM tools for real-time analysis and correlation of network traffic data with security alerts.

●Troubleshooting issues with Bluecoat monitoring through enhancements to the system's architecture, knowledge generation, and management.

●In-depth skills analysis was carried out with Solar Winds NPM, accounting for delays, network limitations, and additional potential reasons for weak app usage.

●Monitored internet usage and security using Silver Peak's unified statistically and statistics, ensuring that issues were identified and resolved right away.

●Designed to maximize the speed, dependability, and flexibility of crucial tasks and offerings by utilizing increased capacity in NetScaler deployments.

●Troubleshoot WAN related problems including OSPF, EIGRP, IGRP, RIP and BGP routing and design troubleshoot L2/L3 related network problems.

●Installed and constructed highly resilient, flexible, and trustworthy DNS servers to provide vital business operations over extensive network infrastructures.

Contact this candidate