Security Engineer Palo Alto
Resume:
Sai Bhargav Veeravalli
Email: **************@*****.*** Contact: +1-980-***-****
LinkedIn URL: linkedin.com/in/sai-veeravalli-1190b522b
PROFESSIONAL SUMMARY:
A Certified Network/Security Engineer with over 7+ years of experience in designing, deploying and securing high-availability enterprise and datacenter networks for diverse sectors including Airline, banking, telecommunications and healthcare.
Expert in architecting robust LAN/WAN solutions, leveraging advanced routing and switching technologies (Cisco Catalyst/Nexus, Juniper) and load balancing (F5 BIG-IP) to deliver scalable and resilient connectivity.
Implemented Cisco SDWAN with Meraki to centralize network management and enhance security across distributed environments.
Configured and managed F5 modules including BIG-IP LTM, GTM and ASM in the enterprise environment.
Proficient in network security implementations, configuring firewalls (Cisco ASA, Palo Alto) and deploying secure VPN solutions (site-to-site and remote access) to protect sensitive data and ensure regulatory compliance.
Skilled in cloud and virtualization technologies, managing AWS networking and VMware ESXi environments to drive seamless cloud migrations and hybrid infrastructure strategies.
Engineered robust ZTNA architectures by integrating software-defined networking principles using tools like Zscaler Private Access.
Engineered robust, loop-free networks by configuring and optimizing spanning tree protocols (RSTP, PVSTP+, MSTP) on Cisco Catalyst and Nexus switches.
Adept at network automation and monitoring, utilizing Ansible, Python scripting, SolarWinds, Splunk, and diagnostic tools (Wireshark, Nessus, Nmap and TCPDump) to streamline operations, optimize performance and proactively resolve issues.
TECHNICAL SKILLS:
Routing
BGP, OSPF (Single & Multi-Area), EIGRP, RIP, Static & Dynamic Routing, Policy-Based Routing, IPv4/IPv6 Addressing, MPLS (L3VPN, L2VPN)
Switching
VLAN, Private VLANs, Inter-VLAN Routing, Spanning Tree Protocol (STP, RSTP, MSTP), VTP, Link Aggregation, Trunking (802.1Q), Port Security
Network Services & Protocols
SNMP (v2/v3) NAT/PAT, SFTP/SSH, FTPS/SSL, HTTPs and PGP/GPG, NTP, DHCP, DNS, FTP, QoS, Frame Relay, MFT
Security
RADIUS, TACACS+, DHCP Snooping, VLAN, Port Security, MACsec, 802.1X Authentication, NGFW (Cisco Firepower, Palo Alto), Zscaler, Zero Trust Security
VPN & Remote Access
IPsec VPN (Site-to-Site, Remote Access), SSL VPN, AnyConnect, MPLS VPN, ZTNA
Cloud & Data Center Networking
AWS VPC, Azure Virtual WAN, GCP Interconnect, Direct Connect, ExpressRoute, SDN (Cisco ACI, VMware NSX), Load Balancers (F5 LTM/GTM, Nginx)
Network Monitoring & Automation
SolarWinds, Nagios, Wireshark, NetFlow, Cisco DNA Center, Ansible, Terraform, Python for Network Automation
WORK EXPERIENCE:
Client: Southwest Airlines, Dallas, TX Senior Network Engineer Aug 2023 – Present
Responsibilities:
Implemented network infrastructure setup and management across branch offices by deploying Cisco Catalyst 9000 series, Nexus switches and Palo Alto NGFWs to support critical datacenter applications.
Deployed Cisco SDWAN solutions to optimize application performance and ensure secure, resilient connectivity across distributed environments.
Managed solutions for implementing IDS/IPS and Palo Alto Networks Firewalls to secure the network perimeter and internal traffic flows.
Deployed AWS cloud solutions leveraging AWS Transit Gateway, VPCs and Direct Connect to integrate on-premises infrastructure with cloud services.
Configured Spanning Tree Protocol (RSTP and PVSTP+) on Cisco Catalyst switches by implementing root bridge election and port cost optimization via Cisco Prime Infrastructure.
Worked on switching protocols on Cisco Catalyst switches by configuring MSTP, managing VLAN trunking and DTP settings, and troubleshooting topology changes to maintain optimized Layer 2 connectivity.
Engineered and optimized F5 BIG-IP LTM and GTM configurations to implement load balancing strategies with SSL offloading and granular access policies.
Configured advanced BGP route reflectors and deployed PIM Sparse Mode for multicast traffic on Cisco IOS platforms.
Streamlined code deployment processes using Kubernetes to significantly accelerate updates for network and security systems that underpin operational reliability.
Engineered lowlevel network design by modeling linklayer topologies, configuring VLAN segmentation and MTU alignment.
Used Microsoft Visio to design detailed network and process diagrams and built interactive Power BI dashboards deliver actionable insights.
Role: Network Security Engineer Client: Best Buy, Charlotte, NC Oct 2022 – Jul 2023
Responsibilities:
Deployed SD-WAN solutions using Cisco SD-WAN (Meraki) ensuring high-performance connectivity across distributed retail sites to support seamless point-of-sale and inventory operations.
Optimized F5 BIG-IP solutions by using iRules scripting and iControl REST APIs for dynamic load balancing and SSL offloading.
Maintained enterprise-grade switching infrastructures including Cisco Catalyst 9000, Nexus 9000, 3850 to deliver high-availability connectivity for Datacenter networks.
Configured Palo Alto Networks NGFWs by implementing IDS/IPS, URL Filtering and Threat Prevention policies and centralized management via Panorama.
Deployed hybrid AWS cloud solutions using AWS Transit Gateway to support high-performance retail applications while integrating and Zscaler Private Access (ZPA) to enforce identity-based security policies.
Engineered and maintained LAN/WAN infrastructures with VLANs, VXLAN, RSTP/MSTP and MACSec encryption to enhance network security and performance across multi-site retail operations.
Optimized Spanning Tree Protocol and 802.1q trunking on Cisco Catalyst switches using Cisco Prime Infrastructure and CLI automation to achieve loop-free VLAN segmentation.
Leveraged tools such as Cisco DNA Center to monitor network performance and proactively resolve bottlenecks.
Crafted Network Security Policies (NSP) and compliance measures in line with NIST, ISO 27001 and PCI-DSS standards to ensure a secure network environment.
Maintained CI/CD pipelines using GitLab CI to automate testing and deployment of network configurations across retail infrastructure.
Delivered Level 3 escalation support by diagnosing and resolving complex network issues using Wireshark, for ensuring rapid incident response.
Role: Network Engineer Client: United Health Group, CT June 2021– July 2022
Responsibilities:
Delivered Tier 3 network support within a high-availability Cisco Nexus for ensuring critical connectivity for electronic medical records (EMR) to maintain uninterrupted patient care.
Configured and maintained secure Azure site-to-site VPN and ExpressRoute connections, leveraging IPsec, dynamic BGP routing and Azure Network Watcher.
Deployed Hybrid-cloud networking solutions by integrating Azure Virtual WAN enabling seamless hybrid cloud deployments for disaster recovery and backup of critical clinical applications.
Developed and implemented DMZ segmentation strategies for FTP servers using Palo Alto Networks protecting interfaces with external healthcare partners and vendors.
Leveraged Splunk to analyse traffic patterns and detect anomalies to ensure network performance and security metrics.
Configured BGP, OSPF and MPLS L3VPN routing within a Cisco IOS-XR environment, maintaining scalable and resilient connectivity across campus hospitals and research centers.
Enhanced WAN edge security by deploying Zscaler ZIA/ZPA and securing remote access with Palo Alto Prisma Access to facilitate secure remote work for healthcare professionals.
Configured VLAN trunking (802.1Q), Spanning Tree Protocol (RSTP/MSTP) and port security to ensure robust network performance for clinical and administrative applications.
Delivered continuous technical support, maintained comprehensive documentation and conducted capacity planning to drive future network expansions and improvements.
Role: Network Engineer Wells Fargo, Atlanta, GA Nov 2019 – Jun 2021
Responsibilities
Engineered and supported networking infrastructures using Cisco solutions (Catalyst 9000 and Nexus 9000 series).
Executed load balancing and firewall security configurations on F5 BIG-IP LTM and Cisco Firepower NGFW to ensure high-availability networks that meet the rigorous security requirements of the banking industry.
Configured and managed Cisco ACI for a software-defined networking (SDN) environment, streamlining segmentation and policy enforcement to protect sensitive customer and transactional data.
Optimized routing protocols (OSPF, BGP, EIGRP) on Cisco ASR routers and integrated security policies on Cisco ASA.
Implemented a dual-stack IPv4/IPv6 architecture to facilitate integration of legacy systems and connectivity for Automated network operations with Terraform for continuous service availability.
Maintained Layer 2/3 switching configurations including VLANs, inter-VLAN routing, 802.1Q trunking and EtherChannel to ensure high availability and network resilience.
Developed and maintained comprehensive network documentation using Microsoft Visio enabling clear communication of network designs, topologies and compliance audit trails.
Engineered IP address management with DHCP and DNS ensuring efficient and error-free assignment across multi-site banking environments.
Delivered Tier 2 and Tier 3 network support, troubleshooting LAN/WAN, DNS, DHCP and TCP/IP issues to minimize downtime.
Leveraged SolarWinds for real-time network monitoring and analytics to proactively detect anomalies and ensure performance benchmarks are met in line with SLAs.
Role: Telecom Network Engineer Reliance Jio Hyderabad, India July 2018 – Nov 2019
Responsibilities:
Engineered and fine-tuned dynamic routing protocols (BGP, OSPF, EIGRP and RIP) across carrier-grade networks to improve performance for high-volume telecommunications traffic.
Performed support of UCC voice environments by managing Cisco Unified Communications Manager for monitoring SIP trunk performance and optimizing QoS policies.
Involved in the design, configuration and deployment of a scalable data center network infrastructure supporting over 1,000 users, router/switch installations, load balancers and secure VPN setups to support service delivery.
Configured and optimized IPSec Site-to-Site VPN tunnels on Cisco ASA 5500-X Series with customized Phase 1/2 policies to ensure secure and reliable external connectivity.
Established robust Layer 2/3 networks using STP, RSTP, SFTP/SSH, and MFT to deliver carrier-grade redundancy and high availability across critical telecom nodes.
Managed access layer switches (Cisco 4510, 4948 and 4507) by configuring VLANs, EtherChannel, LACP and trunking to optimize segmentation and traffic flow within dense network environments.
Deployed Firewall policies by configuring ACLs, NAT, PAT, zone-based firewalls (ZBFW) and IPS/IDS on Cisco ASA to reinforce network security.
Leveraged comprehensive monitoring tools (Cisco DNA Center) to continuously track performance and resolve network bottlenecks across the infrastructure.
Certifications: Azure
Education:
Master in Computer and Information Assurance in Cyber Security in Gannon University May 2024
Bachelors in Computer Science From Vellore Institute of Technology (VIT), Tamil Nadu India May 2018
Contact this candidate