Network Engineer

Location:

Houston, TX

Posted:

October 30, 2025

Contact this candidate

Resume:

Niyaz Suleman

Senior Network Engineer

Email: *************@*****.***

Professional Summary:

Network Engineer with 10+ years of experience designing, implementing, and securing scalable enterprise networks across finance, healthcare, and telecom sectors.

Hands-on expertise in Aruba Palo Alto PA-5220, Fortinet FortiGate v7, and Cisco ASA 5525-X deployments, supporting high-performance environments with Zero Trust v3 enforcement.

Proficient in SD-WAN implementations using Silver Peak v9 and Viptela, optimizing MPLS and DIA circuits while enhancing redundancy and QoS v6.1 performance.

Expert in Cisco switching and routing (Catalyst, Nexus, DNA Center) and HPE/Aruba switching, with proven success in designing Aruba Wireless solutions including APs, Controllers, and Mobility Conductors.

Skilled in routing protocols BGP v4 (RFC 4271), OSPF v2 (RFC 2328), and EIGRP for hybrid and multi-site network routing over VLAN 100–130 and loopback interfaces.

Strong experience with Checkpoint R80.30 firewall policies, NAT, and IPSec v3 (RFC 6071) tunnel configurations using Protocol 50, UDP 500/4500, and TCP 443.

Automated network infrastructure using Ansible v2.9 and Terraform v1.1, reducing provisioning time and maintaining consistency across Cisco, Palo Alto, and Juniper platforms.

Proficient in IPv6 (2001:db8::/64) address planning, NAT64/DNS64 dual-stack configuration, and DHCPv6 deployment over VLAN-segmented interfaces.

Expert in Cisco ISE v3.0 integration for 802.1X, dynamic VLAN assignment, posture validation, and endpoint isolation with Zero Trust v3 policy enforcement.

Deployed and managed Citrix ADC v13 with content switching, SSL offloading, and load balancing across TCP 443, UDP 53, and port 8443 environments.

Configured F5 BIG-IP v14.1 LTM and GTM modules to support HA applications using SNAT pools, iRules, and SSL certificates across two data centers.

Developed automation workflows using Python and API Integration v3 for dynamic firewall updates, device inventory, and real-time policy rollouts.

Used SolarWinds v2023, Wireshark v4.0, and Splunk to analyze NetFlow data, capture packets, and troubleshoot interface drops on Gi0/1–Gi0/4.

Designed IP addressing schemes across IPv4 10.0.0.0/8 and IPv6 2001:db8::/64, integrating with Infoblox v8.3 for IPAM, DNS, and DHCP.

Created BGP communities, route-maps, and OSPF areas to implement policy-based routing and failover across VLANs 10–30 and tunnel interfaces.

Implemented IPSec v3 remote access VPNs with Fortinet FortiGate v7 and Cisco ASA 5525-X, integrating with RADIUS and SAML authentication.

Hardened Cisco, Palo Alto, and Checkpoint devices by disabling insecure services (telnet, HTTP), applying patch management, and enforcing ACLs.

Deployed Aruba 300 Series and Cisco WLC v9800 wireless infrastructure with SSID-to-VLAN mapping, WPA3 enterprise auth, and seamless handoff.

Created QoS v6.1 policies using CBWFQ and LLQ to prioritize VoIP, video, and real-time financial traffic on UDP 5060, 5004, and 16384.

Integrated Zero Trust v3 policies into Cisco ISE v3.0 and Fortinet FortiGate v7 platforms using dynamic endpoint tagging and AD group mapping.

Managed SD-WAN overlay tunnels, traffic steering, and centralized policy enforcement using Silver Peak v9 orchestrator and CLI.

Configured Citrix ADC v13 with GSLB and app firewall for external application exposure, handling DNS-based routing across regions.

Applied API Integration v3 to automate rule rollback and compliance checks across firewall appliances and infrastructure devices.

Built Terraform v1.1 modules for reusable AWS, Azure, and GCP security group templates, limiting cloud exposure to 4 references per project.

Developed Ansible v2.9 playbooks with encrypted credentials and git integration to support CI/CD-based network changes.

Conducted SIEM integration with FortiSIEM, Splunk, and Checkpoint R80.30 to ingest logs, generate alerts, and perform threat correlation.

Created HA firewall clusters using VRRP, HSRP, and failover interfaces (Gi1/1, Gi1/2) for redundant path availability and zero downtime.

Delivered L2/L3 segmentation using VLANs 20, 50, 80 and routed SVIs across Nexus and Catalyst platforms for optimized east-west traffic.

Authored Visio diagrams, SOPs, and change control documents aligned with NIST, PCI-DSS, and ISO 27001 security compliance.

Collaborated with cross-functional teams to drive network modernization projects while aligning design with regulatory mandates.

Led full-cycle upgrades for Cisco ASA 5525-X to Fortinet FortiGate v7, and Checkpoint R80.30 to Palo Alto PA-5220 with cutover success.

Technical skills:

Category

Skills / Tools / Technologies (with Numbers)

Cloud Platforms

AWS, Azure, GCP, AWS VPC, AWS Direct Connect, Azure VNets, Azure ExpressRoute, GCP VPN (UDP 500, UDP 4500), GCP Load Balancers (TCP 80/443)

Network Devices

Cisco Catalyst 9200/9300, Cisco Nexus 9000, Cisco ISR 4000, Cisco ACI, Juniper EX 4200/4300, Arista 7050X, Fortinet FortiGate 100F/200E, Palo Alto PA-5220/PA-850, F5 Big-IP LTM/GTM (v16.x), Panorama (v10.x)

Routing & Switching

BGP (Protocol Number 179), OSPF (Protocol Number 89, RFC 2328), EIGRP (Protocol Number 88), VRF, VLAN (IDs 1–4094), VXLAN (UDP 4789), HSRP (UDP 1985), VSS, MLAG, Port-Channel (Interfaces like Po1–Po8), Policy-Based Routing, Route Maps, STP (IEEE 802.1D), LLDP (IEEE 802.1AB) Cisco Catalyst/Nexus, Cisco DNA Center, HPE/Aruba CX switches, VLAN/VXLAN, STP, VSS, VRF, SDN, Port-Channels, BGP, OSPF, EIGRP

Wireless

Firewalls & Security

Palo Alto, Fortinet, Cisco ASA 5506/5508, Panorama, Azure Firewall, IPSec VPN (Protocols 50 (ESP), 51 (AH), UDP 500/4500), SSL VPN (TCP 443), GRE (Protocol 47), DMZ, ACLs, NAT, Zero Trust, SASE, Deep Packet Inspection, Checkpoint, F5 BIG-IP (LTM/GTM), SSL VPN, IPSec, ACLs, SASE, Zero Trust

Authentication & Access

TACACS+ (TCP 49), RADIUS (UDP 1812, 1813), MFA, AAA Frameworks, Active Directory (TCP/UDP 389, 636, 3268, 3269), 802.1X (IEEE 802.1X), RBAC, Least Privilege 802.1X, TACACS+, EAP, Cisco ISE, Aruba ClearPass, Dynamic VLAN Assignment, Zero Trust NAC

Load Balancing

F5 Big-IP (LTM, GTM), AWS ELB (TCP 80/443, UDP 53 if DNS), GCP Load Balancing (TCP 443, UDP 443, ICMP)

Monitoring & Logging

SolarWinds, PRTG, Nagios, NetFlow (UDP 2055, 4739, 9996), SNMPv3 (UDP 161/162), Syslog (UDP 514, TCP 514), ELK Stack, Grafana, Wireshark, Packet Brokers, Confluence, Splunk

Automation & Scripting

Python 3.x, Ansible 2.x, Terraform v1.x, Netmiko, YAML, Shell Scripting (Bash)

Infrastructure as Code

Ansible, Terraform, Git (Port 9418, HTTP/HTTPS 80/443), Jenkins (TCP 8080)

Virtualization & Containers

VMware ESXi 6.7/7.0, Kubernetes (API Server 6443), Docker (Daemon TCP 2375/2376), Calico (BGP Port 179), NFV

Protocols

IPv4 (RFC 791), IPv6 (RFC 8200), BGP (Protocol 179), OSPF (Protocol 89), EIGRP (Protocol 88), IPSec (Protocol 50, 51), GRE (Protocol 47), SSL/TLS (TCP 443, RFC 5246), DNS (UDP 53), DHCP (UDP 67/68), SNMP (UDP 161/162), PIM-SM (RFC 7761)

WAN & SD-WAN Cloud

MPLS (RFC 3031), SD-WAN, WAN Optimization, QoS (DSCP values like EF = 46), SLA Monitoring, Link Redundancy Cisco Viptela, Silver Peak, AWS/Azure/GCP Networking, VPN, QoS, Traffic Engineering

Network Tools

Cisco Prime Infrastructure (Port 443), Junos Space, Infoblox (DHCP/DNS Ports 67/68, 53), Draw.io, Visio, Markdown

Security Compliance

HIPAA, PCI-DSS, GDPR, NIST (SP 800-53), SOC 2

Disaster Recovery / HA

HA Pairs, Redundancy Paths, VRRP (Protocol 112), VSS, Failover Mechanisms, DR Testing, Zero-Downtime Upgrades

Project & Documentation

Network Diagrams, Runbooks, RCA Reports, Change Management (CAB), SOPs, Markdown, Confluence

Emerging Technologies

5G (3GPP Rel 15/16), Wi-Fi 6 (IEEE 802.11ax), SASE, Zero Trust, AI/ML Integration

Other Tools

Visio, Confluence, ELK Stack, Splunk, Grafana, Git, Jenkins, Cisco Prime, Infoblox

Networking & Security

Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, Cisco ISE, F5 BIG-IP, Citrix ADC, SD-WAN

Aruba 300/500 Series, Aruba Central, Aruba Mobility Controllers

Switching & Routing

Cisco Catalyst/Nexus, Cisco DNA Center, HPE/Aruba CX switches, VLAN/VXLAN, STP, VSS, VRF, SDN, Port-Channels, BGP, OSPF, EIGRP

Wireless

Aruba Wireless (APs, Controllers, Mobility Conductor), Cisco WLC 9800, Aruba Central, Wi-Fi 6 (802.11ax), WPA3 Enterprise, RF Optimization, Roaming Profiles

Enterprise Infrastructure

Routers, Switches, VPN Concentrators, Firewalls, Wireless Access Points, Load Balancers

Troubleshooting Tools

SolarWinds, Wireshark, Splunk, SNMPv3, NetFlow, Diagnostic Line Monitors, Test Equipment

Compliance

NIST, PCI-DSS, HIPAA, ISO 27001

Certifications:

●Cisco Certified Network Professional (CCNP).

●Cisco Certified Network Associate (CCNA).

●Palo Alto Networks Certified Security Engineer (PCNSE).

Professional experience:

Client: Stellantis Financial Services, Houston, TX Jun 2024 – Till Date

Sr Network Engineer

Responsibilities:

Designed and implemented Cisco DNA Center ACI v2.7 fabric with Bridge Domains and Endpoint Groups (EPGs), segmenting application tiers across VLANs 100–130 over interfaces Eth1/1–Eth1/48.

Configured Cisco Catalyst and Nexus switches for multi-tier network segmentation with VLANs and VXLAN overlays. Fortinet FortiGate v7, Palo Alto PA-5220, and Cisco ASA 5525-X firewalls in HA mode, enforcing IPSec v3 (RFC 6071) using Protocol 50, UDP 500/4500, and TCP 443.

Deployed Checkpoint R80.30 for perimeter filtering, VPN, and NAT across 10.10.0.0/16 and 192.168.20.0/24 ranges, integrating with Active Directory for identity-based access.

Used BGP v4 (RFC 4271), OSPF v2 (RFC 2328), and EIGRP to route across core, distribution, and edge layers with dynamic route redistribution between OSPF and BGP.

Engineered SD-WAN with Silver Peak v9 and Viptela for 40+ sites, applying QoS v6.1 policies for traffic prioritization and DIA breakout based on application classes.

Automated network provisioning with Ansible v2.9 and Terraform v1.1, pushing config templates to Fortinet FortiGate v7 and Cisco ISE v3.0 devices.

Integrated Cisco ISE with 802.1X, RADIUS, and TACACS+ for device and user authentication across wired/wireless networksv3.0 for posture validation, dynamic VLAN mapping, and device profiling across NAC-enabled VLANs 10–50 on access switches.

Deployed Citrix ADC v13 with SSL bridging, GSLB, and content switching for multi-region healthcare portals, balancing TCP 443/8443 and UDP 53.

Configured F5 BIG-IP v14.1 LTM/GTM to load balance web and backend services, applying SNAT pools and iRules for intelligent traffic handling.

Managed IPv6 routing across 2001:db8::/64 subnets, enabling dual-stack configuration with NAT64/DNS64 and DHCPv6 on VLANs 60, 70, and 80.

Developed Python scripts for firewall backup automation, IP conflict detection, and API-driven provisioning using API Integration v3 with REST endpoints.

Tuned SolarWinds v2023, Wireshark v4.0, and Splunk dashboards to monitor jitter, packet loss, and performance issues across Gi0/1–Gi0/4 interfaces.

Maintained DNS/DHCP infrastructure using Infoblox v8.3 for IPAM and lease management, assigning pools for both IPv4 and IPv6 ranges.

Applied Zero Trust v3 principles by combining Cisco ISE v3.0 profiling with Fortinet FortiGate v7 policies for endpoint segmentation and lateral movement control.

Created QoS v6.1 profiles for VoIP and video prioritization using CBWFQ and LLQ across UDP ports 5060, 5004, and TCP 8443.

Performed IOS/NX-OS upgrades on Cisco Catalyst 3850, 9300, and Nexus 9000 switches to meet NIST security baselines and patch CVEs.

Integrated SD-WAN telemetry with Splunk and SolarWinds v2023 to track BFD sessions, latency thresholds, and dynamic failover events.

Hardened Checkpoint R80.30, Cisco ASA 5525-X, and Palo Alto PA-5220 by disabling legacy ciphers, securing SNMP, and enforcing SSHv2-only access.

Created dynamic ACLs and EEM scripts using Python to auto-apply policies based on interface state changes and user logins.

Enabled remote access VPN with Fortinet FortiGate v7 and Cisco ASA 5525-X, integrating with LDAP and SAML for identity-based login.

Provisioned Terraform v1.1 modules to build reusable templates for cloud security groups and firewall rules across Azure and AWS.

Supported Citrix ADC v13 automation via Ansible v2.9, managing cert renewals and VIP failover across 3 zones using API Integration v3.

Configured F5 BIG-IP v14.1 iRules and persistence policies for healthcare application sessions, balancing across 8 backend servers on TCP 443.

Designed VRRP and HSRP topologies with interface tracking (Gi1/1, Gi1/2) to provide HA between core and edge zones with sub-second failover.

Used Infoblox v8.3 to manage DHCPv6 lease durations and dual-stack transition zones across 172.16.0.0/12 and 2001:db8::/64.

Performed Zero Trust v3 segmentation using Cisco ISE v3.0 Security Groups and firewall rules on Fortinet FortiGate v7 and Checkpoint R80.30.

Assisted in BGP v4 path selection and community tagging strategies for route reflection between edge and core across VLAN 150–170.

Configured Citrix ADC v13 for TLS 1.3 enablement, disabling weak ciphers and enforcing ECC certificates per compliance mandate.

Tuned RF profiles and roaming thresholds to optimize voice and IoT device performance across multiple SSIDs.

Implemented Aruba Central for cloud-based WLAN monitoring, client analytics, and zero-touch provisioning.

Integrated Ansible v2.9 and Terraform v1.1 into CI/CD pipelines using GitLab to push daily changes across 200+ network devices.

Authored change documentation, runbooks, and topology maps for firewall migration from Checkpoint R80.30 to Palo Alto PA-5220.

Environment: Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, Cisco ISE, Citrix ADC, SD-WAN, F5 BIG-IP, SolarWinds, Wireshark, Splunk, Infoblox, Ansible, Terraform, Python, API Integration, VLANs, IPv6, BGP, OSPF, EIGRP, IPSec, QoS, Zero Trust, DNS, DHCP, NAC, Wireless, Disaster Recovery, Compliance.

Client: BMC Software, Houston, TX Mar 2022 – May 2024

Sr Network Engineer

Responsibilities:

Deployed Cisco Nexus 9300 and Catalyst 3850 switches with VLANs 10–150 across interfaces Gi0/1 to Gi0/48, segmenting environments for PCI, Dev, and Finance.

Configured Fortinet FortiGate v7, Cisco ASA 5525-X, and Palo Alto PA-5220 in HA with IPSec v3 (RFC 6071) using Protocol 50, UDP 500/4500, and TCP 443.

Implemented Checkpoint R80.30 for perimeter security and site-to-site VPNs across 172.16.0.0/12 and 10.10.0.0/16 ranges with LDAP integration.

Configured BGP v4 (RFC 4271), OSPF v2 (RFC 2328), and EIGRP on Cisco and Juniper SRX340 devices across VLAN 20–50 using loopback and physical interfaces (ge-0/0/0 to ge-0/0/3).

Deployed SD-WAN (Silver Peak v9, Viptela) across 60+ branches, applying traffic steering, policy-based routing, and QoS v6.1 profiles.

Led deployment of Aruba Wireless (APs, Controllers) with Mobility Conductor for enterprise Wi-Fi coverage.

Integrated Cisco ISE v3.0 with posture checks, dynamic VLAN assignment, and 802.1X enforcement for all user and IoT endpoints.

- Integrated Cisco ISE and Aruba ClearPass for 802.1X and TACACS+ authentication, enabling role-based network access.

Implemented Zero Trust v3 framework using Cisco ISE v3.0 and Fortinet FortiGate v7 to enforce segmentation and identity-aware access.

Configured F5 BIG-IP v14.1 LTM/GTM for SSL offload, GSLB, and session persistence across apps running in Azure and on-prem DCs.

Deployed Citrix ADC v13 with TCP multiplexing, content switching, and web firewall for sensitive APIs exposed via ports TCP 443 and UDP 53.

Automated firewall provisioning using Ansible v2.9, pushing configuration sets to Palo Alto PA-5220, Fortinet FortiGate v7, and ASA 5525-X.

Built Terraform v1.1 modules for Azure VNets, route tables, NSGs, and security group automation via API Integration v3 workflows.

Integrated Python with RESTful APIs to generate dynamic NAT rules, object groups, and configuration templates on firewalls and switches.

Used SolarWinds v2023 and Wireshark v4.0 for NetFlow traffic analysis, path MTU discovery, and packet-level troubleshooting on interfaces Gi1/1 to Gi1/4.

Maintained DNS, DHCP, and IPAM across IPv4 192.168.0.0/16 and IPv6 2001:db8::/64 subnets using Infoblox v8.3 automation.

Configured remote access VPNs using Cisco ASA 5525-X and Fortinet FortiGate v7 with SAML, MFA, and group-based policy enforcement.

Tuned BGP v4 for community filtering and load balancing, including route maps and MED settings across multi-homed internet connections.

Designed campus HA topologies using HSRP and tracked interfaces, enabling failover across VLANs 100, 120, and 140.

Deployed dual-stack IPv4/IPv6 networks using Juniper EX4600 for core access, enabling DHCPv6 and NAT64 in VLANs 60, 80, and 100 over interfaces xe-0/0/1 to xe-0/0/4.

Hardened firewalls with strict crypto policies, disabling SSLv3/3DES, limiting access to management ports (TCP 22, 443), and rotating certs.

Monitored IPS alerts, DNS tunneling attempts, and outbound beaconing using FortiSIEM, Splunk, and SolarWinds v2023.

Enforced Zero Trust v3 controls across microsegmented VLANs using Cisco ISE v3.0 SGT tagging and Checkpoint R80.30 firewall rules.

Automated firewall audit compliance checks via API Integration v3, retrieving rules, hit counts, and misconfigurations from Fortinet and Cisco ASA.

Applied QoS v6.1 policies for voice, video, and critical data apps over VLAN 160 with traffic mapped to UDP ports 5060, 5004, and 16384.

Conducted Visio-based topology design, change control documentation, and rollback planning in alignment with ISO 27001 and PCI-DSS 3.2.

Built DR plans using active/passive firewall failover, zone-based ACLs, and VRRP on Fortinet FortiGate v7 and Palo Alto PA-5220.

Tuned Citrix ADC v13 GSLB records for hybrid cloud routing, integrating Azure and on-prem DNS visibility with NetScaler DNS views.

Integrated Git-based CI/CD with Ansible v2.9 to push ACL updates, VLAN adds, and route redistribution changes across 250+ nodes.

Troubleshot HSRP flaps and STP loops on Nexus 7K using Wireshark v4.0 and port-channel status from interfaces Gi1/0–Gi1/3.

Applied Terraform v1.1 modules to automate Azure Firewall rule deployment with API triggers and security group sync using Python scripts.

Supported 24/7 operations, changing windows, and RCA processes, collaborating with ISPs and vendors for BGP peering and MPLS turnups.

Environment: Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, Cisco ISE, F5 BIG-IP, Citrix ADC, SD-WAN, SolarWinds, Wireshark, Splunk, FortiSIEM, Infoblox, Ansible, Terraform, Python, API Integration, VLANs, IPv6, BGP, OSPF, EIGRP, IPSec, QoS, Zero Trust, NAC, VPN, DHCP, DNS, Compliance, DR.

Client: Johnson Controls, Milwaukee, WI Sep 2019 - Dec 2021

Sr Network Engineer

Responsibilities:

Deployed Cisco-Aruba campus network integrating DNA Center and Aruba CX switches for intelligent segmentation. Cisco ISR 4431 routers and Fortinet FortiGate v7 to support HA site connectivity, using IPSec v3 (RFC 6071) tunnels over Protocol 50, UDP 500, and TCP 443.

Configured Checkpoint R80.30 and Palo Alto PA-5220 to protect segmented healthcare zones, enforcing deep packet inspection and SAML-based authentication.

Integrated Cisco ASA 5525-X with dynamic NAT and SSL VPN policies, enabling secure remote access for 1,200+ remote users over VLANs 100–130.

Configured Aruba Wireless Controllers and Cisco WLCs to enable redundancy and seamless connectivity

Automated configuration management using Ansible v2.9 and Terraform v1.1 to push routing, ACL, and BGP templates to Fortinet, ASA, and Checkpoint devices.

Designed BGP v4 (RFC 4271), OSPF v2 (RFC 2328), and EIGRP routing topologies for hybrid cloud failover across interfaces Gi0/0 – Gi0/3 and loopbacks.

Built SD-WAN overlay with Cisco Viptela to connect remote sites with high availability and secure access.

Maintained DNS and DHCP services using Infoblox v8.3, applying failover policies and IPv6 addressing via 2001:db8::/64 for DMZ and internal networks.

Developed Python scripts to automate interface checks, gather routing tables, and fetch SNMPv3 data from firewalls via API Integration v3.

Used SolarWinds v2023, Wireshark v4.0, and Splunk to monitor BFD, packet loss, and jitter across Gi1/0–Gi1/3 and port-channel interfaces.

Deployed F5 BIG-IP v14.1 for LTM/GTM to handle multi-region app delivery, configuring SSL offload and SNAT on TCP ports 443 and 8443.

Integrated Cisco ISE v3.0 with dynamic VLANs, posture validation, and MAC filtering for 802.1X enforcement across wired/wireless segments.

Enabled Zero Trust v3 architecture using ISE v3.0 tagging and segmentation rules with Fortinet FortiGate v7 and Checkpoint R80.30.

Configured Citrix ADC v13 for content switching, SSL offload, and firewall integration to secure patient-facing web portals on TCP 443.

Migrated legacy workloads to GCP and Azure, implementing Terraform v1.1 modules for VPC peerings and cloud route advertisements.

Tuned HA firewall pairs (ASA 5525-X, Fortinet FortiGate v7) using tracked interfaces, VRRP, and NAT failover to minimize downtime.

Performed VLAN segmentation using IDs 10–150 and trunked them across Arista 720XP and Nexus 9300 switches via interfaces Eth1/1–Eth1/24.

Built dashboards using Grafana, SolarWinds v2023, and FortiSIEM for threat alerts, bandwidth visibility, and interface utilization.

Enforced RBAC and device login policies using RADIUS (RFC 2865) and TACACS+ (RFC 7462) integrated with Active Directory.

Created compliance documentation and ACL flowcharts in Draw.io, validating against HIPAA and PCI-DSS network isolation mandates.

Designed IPv6 dual-stack overlays using NAT64, DNS64, and SLAAC via DHCPv6 on VLAN 160 across 2001:db8::/64 IP range.

Configured application-aware QoS v6.1 with CBWFQ and priority queues for VoIP traffic using UDP ports 5060, 5004, and 16384.

Hardened all firewalls (PA-5220, ASA 5525-X, FortiGate v7) by disabling insecure protocols, applying firmware upgrades, and ACL lockdowns.

Conducted weekly change control with rollback plans, DR validation, and RCA prep in CAB meetings with cross-functional teams.

Provisioned GCP Load Balancers and Azure Application Gateways behind Citrix ADC v13 and F5 BIG-IP v14.1 for external service exposure.

Worked with cybersecurity teams to deploy threat feeds, auto-block C2 domains via Checkpoint R80.30, and apply Zero Trust v3 inline rules.

Client: DXC Technology, India Apr 2018 – Aug 2019

Network Engineer

Responsibilities:

Designed broadcast-ready network architecture using Cisco Catalyst 9300 and Juniper EX4600 switches, applying VLAN segmentation (IDs 20, 40, 60) and trunking over interfaces Gi0/1–Gi0/24.

Deployed Fortinet FortiGate v7, Cisco ASA 5525-X, and Palo Alto PA-5220 to enforce IPSec v3 (RFC 6071) with Protocol 50, UDP 500/4500, and AES-256 encryption for content transport.

Managed Aruba and Cisco LAN/WLAN infrastructure, including switch uplinks, VLAN segmentation, and wireless optimization.

Hardened Checkpoint R80.30 for perimeter defense, dynamic NAT, and URL filtering, protecting media workflow servers across 10.10.10.0/24 and 2001:db8::/64 subnets.

Built SD-WAN overlays using Viptela and Silver Peak v9, enabling optimized application-aware routing and QoS v6.1 for live video feeds and editorial workflows.

Integrated Cisco ISE v3.0 with 802.1X authentication and posture validation to enforce Zero Trust v3 on user and IoT VLANs via dynamic SGT assignment.

Deployed Citrix ADC v13 with GSLB and SSL offload for web-based production tools, applying TCP 443 policies and failover logic across AWS and on-prem.

Implemented F5 BIG-IP v14.1 LTM/GTM to balance streaming traffic using SNAT, persistence profiles, and TLS inspection across VLANs 80 and 100.

Used Terraform v1.1 and Ansible v2.9 to provision VLANs, ACLs, and firewall policies across Fortinet FortiGate v7 and Cisco ASA 5525-X systems. Supported campus segmentation projects with VXLAN overlays and SDN-based automation.

Wrote Python scripts to parse logs, check BGP v4 (RFC 4271) sessions, and automate backup config validation using API Integration v3.

Monitored traffic using SolarWinds v2023 and Wireshark v4.0, capturing UDP 5060, 5004, and 16384 packets during peak streaming sessions.

Configured dynamic routing with BGP v4, OSPF v2 (RFC 2328), and EIGRP, tuning prefix lists, community tags, and next-hop settings across Gi1/0–Gi1/4.

Managed IP addressing, DNS, and DHCP via Infoblox v8.3, integrating static pools and AAAA/A records for dual-stack access in 2001:db8::/64 zones.

Implemented VLAN segmentation across editing, rendering, and playout zones (IDs 30, 50, 90), secured via ACLs and trunked uplinks to core switches.

Deployed Palo Alto PA-5220 with GlobalProtect VPN and wildfire inspection to monitor media ingestion points and remote editing traffic.

Integrated FortiSIEM and Splunk for log correlation, alerting on IPS events, BGP route flaps, and management interface access (TCP 22, 443).

Maintained high-availability for ASA 5525-X and Fortinet FortiGate v7 firewalls using active/passive clustering and tracked interface failover (Gi0/0, Gi0/1).

Built Zero Trust v3 access policies combining Cisco ISE v3.0 profiling with Checkpoint R80.30 firewall enforcement for critical app VLANs.

Automated cloud route updates and firewall sync using API Integration v3 and Terraform v1.1 for content upload pipelines into AWS.

Configured Citrix ADC v13 with TLS 1.3, HSTS headers, and app firewall policies to meet security mandates for studio portals.

Tuned QoS v6.1 using CBWFQ and LLQ to prioritize video and VoIP over wireless and wired interfaces tagged with VLANs 160 and 170.

Captured real-time session data with Wireshark v4.0 during live broadcasts, resolving latency issues on interfaces Gi2/0–Gi2/3.

Used Ansible v2.9 to auto-deploy configurations to 150+ devices, including Palo Alto PA-5220 and F5 BIG-IP v14.1 platforms.

Documented L2/L3 diagrams and firewall rules with Visio and Markdown, ensuring compliance with NIST SP 800-53 and internal audit standards.

Collaborated with vendors for fiber uplinks, rack installs, and switch refreshes, including ASA to FortiGate migrations with pre/post validation.

Participated in CAB meetings and DR rehearsals, validating BGP v4 route convergence, HA failover timing, and rollback plans.

Client: Metrix Solutions, India Nov 2015 – Mar 2018

Network Engineer

Responsibilities:

Assisted in deploying Fortinet FortiGate v7, Cisco ASA 5525-X, and Palo Alto PA-5220 for warehouse segmentation with IPSec v3 (RFC 6071) tunnels using Protocol 50 and UDP 500.

Configured Cisco ISE v3.0 for dynamic VLAN assignment (IDs 100, 110, 130) and enforced 802.1X authentication to support Zero Trust v3 policies on edge switches.

Used Checkpoint R80.30 to manage ACLs and NAT policies across 192.168.50.0/24 and 10.10.0.0/16 zones, integrating with Active Directory and TACACS+ (RFC 7462).

Built SD-WAN lab test environment using Silver Peak v9, simulating failover paths between regional hubs using QoS v6.1 and policy-based routing.

Created Ansible v2.9 playbooks to automate VLAN creation, trunk port setup, and interface descriptions on FortiSwitch 224E and Cisco Nexus 9300 switches.

Assisted in Azure VPN Gateway configuration with BGP v4 (RFC 4271), peering to on-prem routers using Port 179 and applying AS-path filters.

Used Terraform v1.1 and Python to auto-deploy security group rules and update Azure VNet route tables using API Integration v3 workflows.

Monitored SNMPv3 traffic via SolarWinds v2023 and Wireshark v4.0, analyzing interface counters on uplinks Gi0/1–Gi0/4 across VLAN 20 and 30.

Configured DHCP Snooping (RFC 2131), ARP Inspection (RFC 826), and port security to block rogue devices in dynamic IoT subnets.

Tuned Fortinet FortiGate v7 for dynamic IPsec VPNs and app inspection, integrating with F5 BIG-IP v14.1 SSL offload and Palo Alto PA-5220 wildfire analysis.

Provisioned Infoblox v8.3 to manage IPv4/IPv6 ranges including 2001:db8::/64, automating DNS record creation and DHCP lease tracking.

Supported Zero Trust v3 enforcement by integrating Cisco ISE v3.0 posture checks with Checkpoint R80.30 firewall access groups.

Hardened Cisco ASA 5525-X, Fortinet FortiGate v7, and Palo Alto PA-5220 by disabling insecure services, enforcing TCP 22/443 lockdown, and patching firmware.

Created topology diagrams, DR runbooks, and change plans in Confluence, aligning with ISO 27001 and internal audit frameworks.

Enabled PIM-SM and PIM-DM (RFC 4601) multicast for RFID scan zones, using VLANs 160/170 to ensure delivery of tracking feeds.

Used Wireshark v4.0 and SolarWinds v2023 to capture latency spikes during high-traffic windows across interfaces Eth1/1 to Eth1/4.

Assisted with SD-WAN overlay testing and route-map validation for content prioritization on UDP ports 5060, 5004, and TCP 443.

Applied API Integration v3 with Terraform v1.1 to auto-sync BGP route updates and firewall object groups across hybrid environments.

Documented BGP, VLAN, and firewall policy logic with Markdown, maintaining weekly syncs with senior engineers for RCA tracking.

Shadowed Citrix ADC v13 deployments for load balancing internal applications, applying LTM policies and observing real-time

Contact this candidate