Post Job Free
Sign in

Security Engineer Network

Location:
United States
Salary:
.
Posted:
September 16, 2025

Contact this candidate

Resume:

Sara Shareef

Senior Network Security Engineer

****.******@*****.*** 650-***-****

Summary

Senior Network & Security Engineer with 8+ years of experience across enterprise, financial, telecom, and managed services environments.

Specialized in network security, hybrid cloud integration, and automation, delivering resilient infrastructure for large-scale users.

Proven expertise in designing and managing firewalls, SD-WAN, load balancers, and data center fabrics across multi-vendor ecosystems.

Hands-on experience with AWS networking, security automation, and infrastructure monitoring in enterprise cloud deployments.

Adept at working with cross-functional teams to implement secure, scalable solutions meeting compliance and performance goals.

Strong track record of supporting networks ranging from 5,000 to 20,000+ users, ensuring high availability and business continuity.

Technical Skills

Routing & Switching: Cisco Catalyst (2k, 3k, 5k), Nexus (3k, 5k, 7k, 9k), Juniper MX (480, 960, 7200), Arista 7000 (7050SX3, 7504, 7508), Aruba 2930F/6300F/2960, IE-1000.

Firewalls: Palo Alto (PA-7080, PA-7050, PA-5450, PA-3220, VM-300, Panorama M-500), Fortinet (FortiGate 60–7000F, FortiManager, FortiAnalyzer), Cisco Firepower (4115–4145), ASA 5506-X/5508-X, Check Point (R77.30, R80.0).

Cloud Networking & Security: AWS (EC2, S3, RDS, ELB, Direct Connect, Lambda, CloudWatch, Config), Akamai App & API Protector, Managed Cloud Firewall.

SD-WAN & Wireless: Cisco Viptela (vEdge, app-aware routing, QoS), Cisco Meraki MR, Aruba Wireless, Cisco ACI APIC for multi-tenant segmentation.

Load Balancers / Application Security: F5 LTM, ASM, Viprion, rSeries (r10900), Citrix NetScaler ADC (SSL offload, content caching, load balancing).

Identity & Access / NAC: Cisco ISE (802.1x, profiling), Ivanti Pulse Secure (ISEC), AAA (TACACS+, RADIUS).

Monitoring & Tools: Infoblox (DNS, DHCP, IPAM, Threat Intelligence), Wireshark, SolarWinds NPM, Nagios XI, Cacti, Cisco Tetration.

Automation & Infrastructure as Code: Python, Ansible, Terraform, Infoblox APIs, Arista EOS APIs, custom Ansible modules.

Protocols & Technologies: OSPF, BGP, EIGRP, RIP, IS-IS, VXLAN, MPLS, STP/RSTP, HSRP, VRRP, GLBP, IPSec/SSL VPN, Port-Channel, VLANs, QoS.

OS & Virtualization: VMware vSphere/ESXi, Windows AD/DHCP/RADIUS, Linux administration, DFS, NLB.

Certifications

Cisco Certified Network Associate (CCNA)

Palo Alto Networks Certified Network Security Engineer (PCNSE)

Fortinet Certified Professional Network Security (FCP)

Professional Experience

Capital One, Dallas, Texas

Senior Network Security Engineer Dec 2023 – Present

Responsibilities:

Standardized firewall deployments using Panorama M-500 templates for PA-820 and PA-3220, reducing onboarding time by 50%.

Optimized Palo Alto VPN tunnels with proactive health checks, improving uptime and user experience.

Deployed Akamai App & API Protector and Managed Cloud Firewall, securing applications against OWASP threats and reducing external attack surface.

Managed Cisco Nexus 9K/7K fabrics, configuring VLANs, routing, and inter-VLAN segmentation for multi-tenant data centers.

Administered Cisco ACI APIC, isolating tenants with Bridge Domains and integrating with firewalls, IDS, and load balancers.

Engineered SD-WAN policies on Viptela vEdge devices for application-aware routing and QoS alignment with business priorities.

Automated DNS/DHCP/IPAM management via Infoblox appliances and custom Python/Ansible workflows.

Enforced NAC policies with Cisco ISE and Ivanti Pulse Secure, ensuring device authentication and compliance before granting network access.

Integrated Arista 7050SX3/7500 series and Juniper MX480/MX960 for high-scale routing (OSPF, BGP, IS-IS).

Implemented network security as code with Terraform, codifying firewall rules, ACLs, and security groups for consistency.

Upgraded legacy iSeries (i5800, i7600) appliances to F5 rSeries r10900, improving throughput and hardware security.

Centralized wireless operations using Cisco Meraki cloud dashboard, enabling faster troubleshooting and policy enforcement.

Environment: Enterprise network supporting 25,000+ users across hybrid data centers and cloud environments.

Cisco ACI (multi-tenant fabrics), Nexus 9K/7K switching, Palo Alto firewalls (PA-3220/820, Panorama M-500), Fortinet FG-6000F, Cisco Viptela SD-WAN, Arista 7000 series, Juniper MX480/MX960, F5 LTM/ASM/rSeries (r10900), Akamai Cloud Firewall, Infoblox DNS/DHCP/IPAM, Cisco ISE, Meraki MR wireless, automation with Python, Ansible, Terraform.

Fidelity Investments, Charlotte, NC

Network Security Engineer Mar 2020 – Nov 2023

Responsibilities:

Managed enterprise FortiGate firewalls (60, 100, 1000 series) with Security Fabric integration, implementing unified security policies across multiple business units.

Built and enforced custom Palo Alto VM-300 firewall policies, integrating with Juniper SRX (240/480) for hybrid network segmentation.

Enabled VXLAN overlays on Cisco Nexus 5k/9k, optimizing east-west traffic flow in multi-site data centers.

Leveraged Cisco ACI analytics for proactive monitoring, reducing MTTR by 30% through centralized visibility.

Configured Viptela SD-WAN with AWS Direct Connect, securing hybrid workloads and improving cloud application performance.

Developed Arista EOS API automation scripts to deploy VLANs, cutting provisioning time by 60%.

Integrated F5 Viprion (WAF, DDoS) into app security stack, protecting business-critical applications against web-based threats.

Enforced URL filtering, SSL inspection, and content security with McAfee Web Gateway for 10k+ endpoints.

Automated AWS monitoring workflows using Lambda, CloudWatch, and Config, ensuring compliance across cloud environments.

Enhanced visibility and protection of DNS traffic by leveraging Infoblox Threat Intelligence and vulnerability scans.

Environment: Large-scale financial network with 20,000+ users across multiple U.S. sites.

Palo Alto VM-300, Juniper SRX/MX, Cisco Nexus (5k, 9k), Cisco ACI fabric, FortiGate 1000/3000 series, Viptela SD-WAN with AWS Direct Connect, Arista 7000 switches, F5 Viprion, McAfee Web Gateway, Infoblox, AWS (Lambda, CloudWatch, Config), automation with Arista EOS APIs, Python.

T-Mobile, Bellevue, WA

Network Engineer Oct 2018 – Feb 2020

Responsibilities:

Designed and deployed dynamic routing protocols (RIP, EIGRP, OSPF) on Juniper MX routers, ensuring resilient multi-site connectivity.

Migrated legacy load balancers from Cisco ACE to F5 LTM, achieving zero-downtime transition for production applications.

Implemented and managed Citrix NetScaler ADC with SSL offload, content caching, and advanced load balancing features.

Maintained Cisco ASA firewalls with Layer 3 routing and policy enforcement to support enterprise WAN connectivity.

Strengthened network visibility with Cisco Tetration, providing workload analytics and micro-segmentation.

Managed and monitored enterprise firewalls (Check Point R77.30, R80) using SmartView Monitor/Tracker and GAiA.

Proactively monitored network health with SolarWinds, Nagios XI, Wireshark, and Cacti, identifying performance bottlenecks.

Administered Windows-based services (Active Directory, RADIUS, DHCP, DFS, VMware vSphere) supporting enterprise infrastructure operations.

Environment: Nationwide telecom network supporting 15,000+ users and multiple regional sites.

Juniper MX routers, Cisco ASA, F5 LTM, Citrix NetScaler ADC, Check Point firewalls, Cisco Tetration, SolarWinds, Nagios XI, Wireshark, VMware vSphere, Windows enterprise services.

DXC Technologies, India

Network Engineer Sep 2016 – Aug 2018

Responsibilities:

Provided enterprise support for Cisco and Juniper routers/switches, troubleshooting LAN/WAN connectivity issues across global client networks.

Deployed and managed Cisco ASA and Check Point firewalls, implementing security rules and VPN tunnels for customer environments.

Supported Blue Coat ProxySG and Symantec Proxy, ensuring secure web access and traffic filtering.

Performed log analysis and traffic monitoring using Splunk, Wireshark, and SolarWinds to identify and resolve recurring issues.

Assisted with routing protocol implementations (BGP, OSPF) and policy-based routing for multi-site connectivity.

Created and maintained network documentation and change procedures, improving audit readiness and reducing configuration errors.

Environment: Global managed services environment supporting 5,000+ users.

Cisco ISR/ASR routers, Catalyst 3k/4k/9k switches, Juniper SRX/MX, Cisco ASA 5500 series, Check Point R77, Blue Coat ProxySG, Symantec Proxy, Splunk, SolarWinds, Wireshark, MPLS WAN, BGP, OSPF.



Contact this candidate