Security Engineer Network
Resume:
Sai Manoj Punugupati
Network Security Engineer
******************@*****.***
Professional Summary:
Network and Security Engineer with over 6 years of experience in designing, implementing, and securing enterprise-class networks in on-prem, hybrid, and cloud environments.
Proficient in managing firewall platforms including Palo Alto (PA-7000, 5200, 3200 series), Cisco Firepower, ASA, Fortinet FortiGate and Check Point, with expertise in policy creation, threat prevention, and VPN deployment.
Strong background in routing and switching technologies, working with Cisco (ISR, ASR, Nexus), Juniper SRX, and Arista switches, deploying OSPF, BGP, EIGRP, and implementing MPLS Layer 3 VPNs and VRFs.
Hands-on expertise in Cisco ACI, including configuration of tenants, Bridge Domains, Spine-Leaf fabric, application profiles, and multi-tenant segmentation to secure enterprise data center environments.
Experience deploying and troubleshooting SD-WAN architectures using Cisco Viptela, Meraki, and Silver Peak, optimizing application delivery and branch connectivity.
Skilled in cloud networking and security with AWS and Azure, deploying services like Direct Connect, Transit Gateway, CloudFront, CloudWatch, and VPC firewalls, while ensuring compliance with governance policies.
Strong working knowledge of identity and access control, implementing Cisco ISE, Aruba ClearPass, RADIUS, TACACS+, and Active Directory integration for user authentication and posture validation.
Advanced experience with automation and scripting tools such as Ansible, Python, Netmiko, and Terraform, used for firewall policy deployment, compliance auditing, and network provisioning.
Hands-on expertise with load balancers and WAFs, including F5 BIG-IP (LTM, GTM, APM) and Akamai, creating iRules and deploying Advanced WAF for web security and high availability.
Utilized Wireshark, SolarWinds, ISEC tools, and NetFlow analyzers to monitor, analyze, and troubleshoot Layer 2–4 issues, network anomalies, and optimize traffic flows.
Automated network implementations and tasks and designed monitoring tools using python scripting.
EDUCATION:
Master’s in computer and information science- University of Southern Mississippi, USA
TECHNICAL SKILLS:
Networking Protocols & Technologies
• Routing: BGP, OSPF, EIGRP, RIP, VXLAN, VoIP, PBR, Route Filtering, Redistribution, Summarization, and Static Routing
• Switching: VLANs, VPC, VRF, VDC, STP
• VPNs: IPsec, SSL VPN, Cloud flare Tunnels
Platforms & Hardware
• Cisco: Nexus (9K/7K/5K), Catalyst, ASR (9K/1K), ISR, ACI, Meraki MX, ISE
• Juniper: MX routers, EX switches, SRX firewalls
• Arista: 7050X3/7060X/7800R3 switches
• Load Balancers: F5 BIG-IP (LTM/GTM), Azure Load Balancer
• Firewalls: Palo Alto, FortiGate, Cisco FTD, Cisco ASA, Check Point.
Cloud & SD-WAN & Automation
• Cloud Networking: AWS (VPC/CloudFront/Direct Connect), Azure (Load Balancer/Transit Gateway)
• SD-WAN: Cisco Viptela (vEdge/vManage), Silver Peak, Prisma SD-WAN
• Automation: Terraform, Ansible, Python (Netmiko), REST APIs
PROFESSIONAL EXPERIENCE
BNY Mellon, NYC, NY
Network Security Engineer Sep 2023 – Present
Responsibilities:
Deployed and managed Palo Alto Networks Panorama for centralized firewall administration, streamlining policy enforcement across IPv4 and IPv6 networks.
Involved in configuring Palo Alto GlobalProtect VPN to secure remote communication between corporate networks and remote devices.
Configured and managed L3 VPN tunnels and gateways on Palo Alto devices, including PA-3200 Series and PA-5000 series firewalls, to establish secure connections.
Designed zone-based security policies on Palo Alto firewalls, including PA-5280, PA-5260, PAN-PA-7000-DPC-A, and PA-7050, to segment and secure network traffic.
Implemented key routing protocols like RIP, OSPF, BGP, and EIGRP, fine-tuning them using tools like route-maps, distribute lists, and administrative distance adjustments to control how traffic flows across the network.
Set up and managed BGP, OSPF, EIGRP, RIP, and VPNs on Cisco routers and Layer 3 switches, ensuring efficient data routing and secure remote connections.
Implemented dynamic routing protocols on Juniper MX routers, solving complex issues like discontinuous networks where routes weren’t properly connected.
Installed and configured Cisco Nexus 7018, 7010, 5548, 5600, 9300, and 9400 switches, using EIGRP/OSPF to manage traffic efficiently in large data centers.
Created Access Control Lists (ACLs) and Control Plane Policing (CoPP) on Cisco Nexus switches to regulate traffic and mitigate network threats.
Configured and deployed Nexus protocols such as VPC, VRF, VDC, and FEX Links across Cisco Nexus 7018, 7010, 5600, and 5548 series switches.
Used Cisco ACI (Application Centric Infrastructure) with a spine-leaf design to automate security policies and segment networks for better security and performance.
Implemented micro-segmentation strategies to isolate sensitive applications and services, improving lateral threat containment using platforms such as Illumio or Cisco ACI.
Managed Juniper MX960, MX480, MX240 routers and EX3300/4200/4300 switches to ensure fast and reliable routing in enterprise networks.
Implemented intrusion detection and prevention system (IDPS) policies on Juniper SRX 380 and SRX 2300 firewalls to identify and block malicious traffic.
Defined and enforced tenant policies in Cisco ACI to ensure secure segmentation of network resources across different business units.
Enforced AAA security and policy segmentation across 20+ tenants in Cisco ACI, ensuring compliance with ISO 27001.
Deployed and configured Zscaler Internet Access (ZIA) to secure web traffic and enforce security policies, ensuring compliance and reducing attack surfaces.
Developed and enforced Access Control Lists (ACLs) and firewall rules based on validated user-to-application and application-to-application data flows, ensuring least-privilege access.
Conducted deep packet analysis using Wireshark to troubleshoot complex Layer 2/3/4 issues including packet loss, retransmissions, and protocol mismatches.
Hands-on experience with IP addressing and subnetting, including route summarization, VLSM, and IP planning for secure segmented networks.
Configured Cisco FTD (Firepower Threat Defense) 2100/1150 with FMC (Firepower Management Center) for intrusion prevention (IPS), malware blocking, and SSL decryption to inspect encrypted traffic.
Deployed and configured Meraki MR Access Points to provide robust and seamless wireless connectivity.
Designed, implemented, and managed virtualized environments using VMware vSphere to optimize server resource utilization and increase operational efficiency.
Configured Silver Peak SD-WAN appliances to provide secure branch office connectivity with application-aware routing for better performance.
Deployed AWS Direct Connect in accordance with security, privacy, and data governance regulations to ensure secure private network links.
Implemented AWS Transit Gateway to optimize network architecture and facilitate seamless communication between on-premises environments and VPCs.
Strengthened security controls in Active Directory to protect credentials, manage permissions, and enforce policies.
Secured automation flows by integrating Netmiko with CyberArk vaults for credential rotation and zero-trust enforcement.
Used Ansible playbooks to automate configurations for Cisco ACI, firewalls, Incident responses and enhance Intrusion prevention.
Integrated Ansible with SOAR for automated threat response and ticket enrichment.
Deployed Cisco ISE (Identity Services Engine) for 802.1X authentication, device profiling, and TACACS+/RADIUS to control network access.
Integrated Infoblox with Cisco ISE to dynamically assign IP addresses based on endpoint posture.
Managed Aruba ClearPass to enforce role-based access policies and ensure endpoint compliance before granting network access.
Enhanced SD-WAN monitoring and troubleshooting by leveraging vManage analytics for proactive issue resolution.
Configured and maintained VMware ESXi hosts and vCenter Server, ensuring high availability, performance, and scalability of virtual infrastructure.
Configured and optimized IPsec tunnels in the SD-WAN architecture to secure communication between data centers and branch offices.
Cardinal Health, Columbus, OH
Senior Network Engineer Oct 2020 – Jun 2023
Responsibilities:
Configured and enforced SSL decryption policies on Palo Alto PA-5410, PA-5430, PA-3420 firewalls to inspect encrypted traffic, ensuring compliance with internal security policies.
Improved TCP/IP networking to ensure smooth communication between servers, devices, and applications, reducing delays and improving performance.
Configured VXLAN, MLAG, and EVPN on Arista switches, enabling flexible and scalable networking in modern data center environments.
Worked with older Cisco Catalyst 2900, 3570, 4500, 6500 switches and ASR 1000/9000 routers, maintaining and upgrading them for continued reliability.
Implemented VDC, VPC, VRF, and OTV on Nexus 5505/7009 switches, enhancing scalability and redundancy in data centers.
Integrated Check Point firewalls (R77, R80, R80.40) with SIEM tools to monitor traffic, detect threats, and ensure compliance with security policies.
Set up Juniper SRX 4300/4700/5800 firewalls for application-level security and configured cluster failover to ensure uninterrupted protection.
Configured 1800F, 1000F and 60D series equipment in accordance with networking designs and safety standards after installing FortiGate firewalls.
Set up FortiGate devices tracking and analysis options to simplify network traffic monitoring, examine safety incidents, and provide compliance evaluations.
Developed and deployed custom Python scripts to automate periodic compliance monitoring and secure network assessments.
Design and implement network topologies using Zscaler’s cloud-based security model.
Optimized Cisco Meraki MX appliances for SD-WAN, using Auto VPN and threat intelligence to connect remote sites securely.
Installed and maintained robust network security policies using Cisco Secure Firewall models 3130 and 3120.
Conducted ISEC tool training to ensure IT personnel gained proficiency in security integration techniques.
Developed and implemented network authentication and authorization solutions using Cisco ISE.
Designed a scalable and efficient Cisco ACI network utilizing Leaf-Spine topology for optimized performance.
Automated AWS VPCs, Network ACLs, and security groups using Terraform, ensuring consistent and compliant cloud deployments.
Used Terraform to deploy AWS/Azure resources and F5 BIG-IP setups, ensuring repeatable and version-controlled infrastructure.
Created F5 iRules for data manipulation, security filtering, and logging, enhancing overall security policies.
Integrated F5 Advanced WAF to protect web applications against SQL injection, bot attacks, and malicious websites
Connected Palo Alto firewalls and Cisco ISE to automate security policies via REST APIs, improving response times for policy changes.
Implemented Aruba ClearPass Guest with captive portal authentication to securely manage guest Wi-Fi access.
Moved old DNS systems to Infoblox for better visibility and security policy control.
Utilized Infoblox reporting and analytics tools to track IP usage trends, audit DNS query patterns, and ensure compliance.
Deployed and managed Infoblox appliances for DNS/DHCP/IPAM ensuring redundancy and clean namespace management.
Used Terraform to deploy AWS or Azure resources as code, ensuring repeatable setups.
Automated F5 BIG-IP, Palo Alto, and Cisco ACI setups via Terraform modules.
Developed playbooks for automated triage using Cisco ISE + Palo Alto logs.
Integrated Palo Alto with Splunk SIEM for centralized logging and threat visualization.
Conducted failover testing within the DNZ to verify the resilience of the SD-WAN infrastructure in case of link or device failure.
Implementing, configuring, and managing SD-WAN structures, with a focus on Viptela the internet, to maximize network performance and connection quality.
Setting up AWS Direct Connect, creating specialized, secure connectivity between directly servers and AWS services.
Configured AWS Cloud Watch to track and gather information from different AWS services, offering knowledge about the system’s effectiveness in the moment.
Microsoft, India
Network Engineer Nov 2018 – Sep 2020
Responsibilities:
Implemented dynamic routing protocols including RIP, EIGRP, and OSPF on Juniper MX series routers, addressing complex issues such as discontinuous networks.
Successfully migrated Cisco Catalyst 6500 environments to Nexus 7K/5K/2 K infrastructures.
Performed firmware upgrades and patch management for Check Point R77.30, R80.10, R80.30, and R77 Security Gateways to address security vulnerabilities and enhance platform stability.
Managed fast Layer 3 switching/routing, LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
Aided team to use SolarWinds to discover and map network devices automatically, simplifying device management and ensuring comprehensive network coverage.
Performed daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems, and key processes, reviewing system and application logs, and verifying completion of scheduled jobs.
Worked with Cisco hardware and software vendors to resolve technical network issues, opened cases for investigation as well as requested RMA’s along with working with onsite remote hands.
Design, implementation and operational support of routing protocols in complex environments including BGP, OSPF.
Improve scalability and ease of deployments of the Open stack underlay network by migrating from Standalone Nexus to Cisco ACI platform.
Troubleshoot Cisco ASA Firewall, Checkpoint Firewall, SSL VPN connectivity and provide connection profile solution.
Contact this candidate