Post Job Free
Sign in

Senior Network & Security Engineer SD-WAN, Data Center, & Automation

Location:
Leander, TX
Posted:
February 17, 2026

Contact this candidate

Resume:

Sahithi E

CCNP Certified Senior Network & Security Engineer

Email-Id: *******.********@*****.***

Phone: 224-***-****

LinkedIn

PROFESSIONAL SUMMARY:

Senior Network & Security Engineer specializing in large-scale enterprise and carrier networks, blending data center, WAN/SD-WAN, network security, and automation experience across banking, telecom, and consulting environments.

Deep hands-on expertise with Cisco SD-WAN (Viptela) and Versa SD-WAN, including vManage template/policy design, IPsec overlays, BGP underlay, SLA-based traffic steering, and migrations from DMVPN/EIGRP for remote branches.

Strong routing and MPLS background across Cisco and Juniper platforms (BGP, OSPF, EIGRP, VRF, MPLS L3VPN) supporting multi-tenant enterprise and carrier environments.

Data center networking experience with Cisco ACI (tenants, ANPs, EPGs, contracts), Cisco Nexus, Arista 7500R, and Cisco ASR 9000, implementing segmented fabrics and stable interconnectivity for core enterprise and multi-tenant environments.

Application delivery / ADC experience with F5 BIG-IP (LTM/GTM), A10 GSLB, Citrix ADC, VMware NSX-ALB (Avi), and HAProxy, including VIP/pool configuration, health monitoring, GSLB policies, and SSL offload; supported phased cutovers and multi-site failover during maintenance windows.

Broad next-generation firewall and VPN expertise across Palo Alto (hardware + VM-Series), Cisco ASA, Juniper SRX, Check Point, and FortiGate, covering policy/NAT, IPsec/SSL VPNs, SSL inspection/decryption (where deployed), User-ID/App-ID style controls, and application-based access policies for hybrid and remote access.

Strong identity, access control, and campus segmentation background with Cisco ISE 3.x, Cisco SD-Access, Catalyst Center/DNA Center, TACACS+, and Aruba ClearPass, implementing 802.1X, role-based access, SGT-based segmentation (where used), and secure admin access.

Proven DDI/IPAM skills with Infoblox and BlueCat BAM, administering DNS/DHCP/IPAM services and ensuring high availability name/address services for large enterprises and telecom environments.

Cloud and hybrid connectivity experience supporting secure IPsec-based links to AWS, Azure, and GCP (e.g., AWS VPN Gateway and cloud VPN equivalents), and extending on-prem security into cloud using Palo Alto VM-Series and Prisma Access.

Network automation practitioner using Python, Ansible, and Terraform with Git and review/validation workflows to standardize configuration backups, pre/post checks, provisioning, and policy/rule updates across multi-vendor platforms (e.g., Cisco, Palo Alto, F5).

Strong observability/telemetry background with Splunk, ThousandEyes, SolarWinds (VNQM/NPM), NetFlow, SNMP, ServiceNow, and log analytics platforms (e.g., BigQuery / ELK where applicable) enabling proactive performance monitoring and faster incident triage/RCA.

Enterprise wireless and QoS experience with Cisco WLC, Cisco/Aruba APs, Ekahau (where used), and Aruba AirWave, supporting RF tuning, SSID/VLAN segmentation, and voice/video QoS for campus and branch environments.

Strong troubleshooting profile using Wireshark, ThousandEyes, and deep log analysis (NetFlow, firewall, DNS, VPN logs) to isolate complex latency, packet loss, and routing issues across data center, WAN, and cloud paths.

Consistent focus on reliability and process excellence, creating Visio topologies, MOPs, HA/DR runbooks, and ITIL-aligned change workflows in Confluence, ServiceNow, and similar platforms to support stable, repeatable operations.

TECHNICAL SKILLS :

Network Technologies

LAN/WAN Architecture, TCP/IP, SD-WAN, VPN, VLAN, VTP, NAT, PAT, STP, RSTP, PVST, MSTP, CISCO ACI

Networking Hardware

Cisco Switches, Cisco Routers, ASA/Palo Alto/Fortinet/Juniper firewalls.

Routing Protocols

OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, Multicasting

Security Technologies

PAP, CHAP, Cisco, Blue Coat, Palo Alto, ASA, Fortinet, Checkpoint

Network Monitoring & Management tools

Snowflake, SolarWinds, Wireshark, HRping, WhatsupGold, Infoblox, Splunk, Nagios, ExtraHop Networks, FortiNDR, IronDefense, Obkio, CISCO ThousandEyes, NetBeez Network Monitoring, HPOV, ORION.

Operating Systems

Windows 10, LINUX, Cisco IOS, Cumulus, IOS XR, IOS-XE, NX-OS

Routers

Cisco ASR 9000 Series, ISR 800 Series, ISR 1900 Series, ISR 2900 Series, ISR 3900 Series, and ISR 4000 Series, CISCO 1800, 2611,2800, 3600, 3845, 3900,4300, 4400, 4500, ASR 1000X, 7206VXR, Juniper M & T Series.

Switches

CISCO 2960,3750,3850, CAT 9300, CAT9400, CAT 9500, 4500, 6500, 6800, Nexus 9K,7K,5K,2K, Arista cloud Switches

Load Balancers

F5 Networks (BIG-IP), NetScaler (Citrix), CISCO ADC, A10 Thunder, VMware NSX-ALB (Avi), Cisco ACE, QoS (DiffServ/DSCP), Traffic Shaping, Queuing, Policy Maps, Class Maps, Application SLAs

Capacity & performance

Cascade Riverbed (Flow Monitor), WAN Killer

Cloud Networking

AWS (VPC, IAM, CloudWatch), Azure (AD, ExpressRoute), GCP (VPC, VPN), Office 365 (E3/E5), Zscaler Cloud Proxy, Aviatrix Cloud Network Platform, Prisma Access (ZTP setup, Onboarding, BGP configuration), GlobalProtect Cloud Service

Programming Languages

C, C++, Perl, Power Shell, Python, Yang, XML, Ansible

Simulation Tools

GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence

Firewalls

Juniper Net Screen (500/5200), Juniper SRX (650/3600), ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto Firewalls.

AAA Architecture

TACACS+, RADIUS, Cisco ACS

Voice & Collaboration

Cisco Call Manager, ICM, Unity Connection, SIP, RTP, SCCP, WebEx/Teams Integration, SIP Trunking, QoS for Voice/Video

Features & Services

IOS and Features, HSRP, GLBP, VRRP, IPAM IRDP, NAT, SNMP, SYSLOG, NTP, DHCP, CDP, DNS, TFTP and FTP Management, Open Stack, IVR’s, HLD and LLD documents, Dell equal logics

WORK EXPERIENCE:

Navy Federal Credit Union, Pensacola, FL. Aug 2024-Present

Senior Network & Security Engineer

Responsibilities:

Implemented WAN/DC routing on Cisco ASR 9000 and Arista 7500R, working with eBGP and OSPF over an MPLS L3VPN setup to keep inter-site routing stable.

Supported campus/data center switching on Cisco Nexus 9500 and Arista 7500R, configuring VLANs, 802.1Q trunks, MST/RSTP, LACP port-channels, and HSRP/VRRP; validated failover and prevented L2 loops during maintenance windows and uplink failures.

Managed Cisco ISE 3.x for wired/wireless 802.1X, integrated with Active Directory, and applied role-based access across campus and branch sites to reduce unauthorized access.

Supported ISE RADIUS for SD-Access, tested PAN/PSN redundancy and failover, and kept user authentication working during node or link outages.

Set up Cisco SD-Access in Catalyst Center, building fabric domains, virtual networks, and SGT-based segmentation to separate users, guests, and sensitive teams.

Managed secure enterprise Wi-Fi using Aruba controllers/APs, configuring segmented SSIDs, guest access controls, and QoS/DSCP for voice/video to keep roaming stable during busy hours.

Implemented Zero Trust Security Architecture (ZTA) across enterprise environments, reducing attack surfaces and enforcing identity-based access controls.

Migrated legacy Cisco ASA firewall policy to Palo Alto by inventorying existing ACL/NAT/VPN objects, cleaning up unused rules, and rebuilding policies using App-ID/User-ID and security zones; validated rule hit behavior and minimized functional regressions during cutover.

Executed phased migration with a rollback plan: built new Palo Alto interfaces/zones/virtual routers, replicated NAT and site-to-site IPsec, and performed pre/post checks (routing, session establishment, critical app testing) to ensure clean production transitions.

Administered ZIA policies in the Zscaler Admin Portal (URL filtering, firewall controls, SSL inspection exceptions, bandwidth/app controls) and validated changes using traffic logs to minimize user impact during change windows.

Operated ZPA + ZDX by managing application access policies and monitoring user experience/performance (path, latency, packet loss), using ZDX insights to isolate issues to endpoint vs ISP/WAN vs Zscaler vs app and speed incident restoration.

Worked with security/IAM teams to apply least-privilege access for network admin logins using TACACS+ and role-based permissions; reviewed access logs during audits and cleaned up unused admin accounts/groups.

Supported site-to-site IPsec VPNs on Cisco Firepower 9300 and Juniper SRX, verifying crypto domains, routing, and failover for branch/partner/data center connections.

Moved branch connectivity in phases from DMVPN (Cisco ISR 4K/EIGRP) to Cisco SD-WAN (Viptela) using vManage templates and policies; tested routing, failover, and app path selection site by site.

Used ThousandEyes with SD-WAN and Prisma Access to check ISP and SaaS paths and quickly tell if an outage was caused by SD-WAN policy, the ISP, or the SaaS provider.

Built Cisco ACI policies (tenants, app profiles, EPGs, contracts) to segment applications and reduce manual VLAN work in the data center.

Supported multi-data-center load balancing on F5 BIG-IP (LTM/GTM) and Citrix ADC, managing VIPs, pools, monitors, and GSLB to keep apps available during maintenance and site events.

Worked with platform/app teams to move selected services to NSX ALB (Avi) and HAProxy while keeping existing VIPs in place; supported cutovers and validation during the move.

Supported cloud networking in AWS (VPCs, subnets, route tables, security controls) and worked with Azure teams when needed (VNets, UDRs, NSGs); fixed issues like asymmetric routing, DNS reachability, and MTU/MSS problems.

Managed AWS Route 53 public/private hosted zones and record sets (A/AAAA/CNAME/TXT) for cloud-hosted apps, ensuring reliable name resolution across hybrid networks.

Deployed and integrated FortiGate firewalls into multi-vendor networks, securing connectivity across AWS, GCP, and on-premises data centers.

Used Python tools (Netmiko, NAPALM, Paramiko) for repeatable device checks, config validation, and backups to keep results consistent and speed up troubleshooting.

Built Python automation (iControl, REST APIs) for F5 load balancer configuration backups and consistency validation.

Created Bash scripting frameworks (grep, awk, sed) for parsing logs, generating reports, and pushing CLI configs at scale across Cisco and Juniper devices.

Used Git-based change reviews for network updates with Python/Ansible so changes had peer review, history, and controlled rollouts to lab and production.

Reviewed Terraform plans for network builds, found drift and wrong settings, and helped standardize modules for consistent deployments.

Wrote Python scripts to check key network/security log signals and shared results into Splunk dashboards and ServiceNow ticket workflows to speed incident handling.

Managed Infoblox DDI (DNS/DHCP/IPAM) for prod and non-prod networks, kept HA DNS/DHCP running, and fixed DNS/DHCP/IP issues that affected application access.

Fixed Wi-Fi issues by checking RF interference, channel overlap, roaming behavior, and airtime use; adjusted channel/power, band steering, and minimum data rates to reduce disconnects.

Supported Cisco Meraki MX/MR/MS for branch sites, configuring VLANs, SSIDs, AutoVPN, and traffic shaping, and confirmed performance using dashboard health and event logs.

Built and installed new WAN/DC routers and switches, handled staging and interface bring-up, and completed pre/post checks to keep cutovers clean.

Executed assigned Jira tickets to validate new firmware and feature behavior, documenting test cases, expected results, and actual outcomes directly in Jira for closure.

Worked with NOC and ITIL teams to write and standardize HA/DR steps and maintenance runbooks for fabric, load balancing, and WAN work, reducing risk during failovers and change windows.

Verizon, Worcester, MA Nov 2023-Aug 2024

Network Engineer

Responsibilities:

Administered Fortinet FortiGate firewalls (enterprise and chassis platforms), implementing security policy/ACLs, IPS, and application control; managed centralized policy deployment and controlled installs via FortiManager to improve policy consistency and reduce misconfigurations.

Deployed VDOM-based segmentation and VLAN zoning to isolate PCI, guest, and internal traffic, validating routing/NAT and policy enforcement to meet compliance requirements and reduce lateral movement risk.

Implemented MFA for remote-access VPN on FortiGate using FortiToken/FortiToken Mobile, integrating with authentication services (RADIUS/LDAP where applicable) to strengthen remote-user access controls.

Configured and validated MPLS L3VPN routing (BGP policies and multi-area OSPF) on Cisco ISR 4000 and Juniper MX960, maintaining stable routing across customer VPNs.

Configured Juniper MX series and Cisco ASR 9000 routers for high-throughput forwarding, QoS enforcement, and BGP route-reflector support across regional POPs.

Monitored Carrier Ethernet (MEF E-Line/E-LAN) services and validated access/aggregation turn-ups (circuit readiness, L2 handoff, QoS markings) to meet customer SLA requirements.

Led L2/L3 operations for MPLS and SD-WAN services, executing redundancy/failover tests during maintenance windows and driving incident restoration through coordinated troubleshooting across regional sites.

Assisted in DMVPN Cisco Viptela SD-WAN migration, supporting vManage template validation, policy checks, and cutover readiness across sites.

Designed/maintained failover validation tests (link/interface shutdowns) to verify SD-WAN reconvergence and logged recovery times for comparison against baselines.

Deployed and operated Cisco SD-WAN (Viptela) using centralized vManage templates and policy-based path selection, improving WAN performance across 50+ branch sites.

Implemented SLA-based traffic steering (loss/latency/jitter thresholds) to keep critical applications on optimal paths during carrier degradation and outages.

Led operations and failover validation for MPLS and SD-WAN across 20+ regional POPs, coordinating with security teams to keep access policies consistent and reduce outage risk during scheduled maintenance.

Supported IPsec/SSL VPN services on Cisco ASA 5500-X and Check Point, tuning NAT/ACLs, validating encryption domains, and testing failover to maintain reliable branch and partner connectivity.

Supported Zscaler ZIA by validating forwarding/onboarding and troubleshooting WAN-related access/performance issues using path tests, logs, and policy checks to speed restoration/escalation.

Supported Zscaler ZPA onboarding by validating routing/DNS/connector connectivity and coordinating policy troubleshooting with network/security teams to maintain reliable private-app access.

Integrated Cisco ISE with TACACS+ for device-admin AAA, standardizing role-based access and improving audit visibility across network operations.

Built and maintained operational monitoring using SolarWinds (NPM/NCM) with SNMP and NetFlow to track latency, loss, utilization, interface errors, and routing events enabling proactive detection and faster evaluation.

Supported large-scale network validation testbeds using Cisco Nexus/Arista/Juniper to replicate production topologies (multi-hop BGP/OSPF, path diversity).

Performed hands-on Layer1/protocol troubleshooting (swap optics, verify fiber, check error counters, validate neighbor states) to keep testbeds stable.

Executed complex Jira validation tickets with defined exit criteria, attaching command outputs/diagrams as evidence to ensure repeatable results.

Used ThousandEyes and queryable telemetry/log datasets (e.g., BigQuery where applicable) to isolate carrier/peering issues and accelerate escalations supporting enterprise and transport services.

Supported cloud interconnects by validating Azure ExpressRoute BGP peering, route advertisements/filters, and failover behavior to maintain consistent reachability between on-prem networks and Azure services.

Supported customer DNS services using AWS Route 53 hosted zones and records, validating resolution paths and TTL behavior during cutovers and migrations.

Assisted with GCP network onboarding by reviewing VPC/subnet design, route propagation, and firewall policies, ensuring secure segmentation and clean traffic flow.

Built and supported a spine-leaf VXLAN/EVPN fabric, configuring the EVPN control plane and tenant segmentation (VRFs/VLANs) and validating ECMP and dual-uplink failover for multi-tenant workloads.

Supported Cisco ACI policy operations (APIC, ANPs/EPGs/contracts where applicable) to enforce multi-tenant segmentation and reduce manual VLAN work during customer turn-ups.

Built Python/Ansible automation for configuration backups, pre-check validation, and standardized provisioning across multi-vendor devices; maintained playbooks/templates in Git with review/validation steps to reduce drift and manual errors.

Documented topology diagrams, automation workflows, and change-management runbooks in Visio and ServiceNow, enabling faster RCA and smoother coordination across MPLS, SD-WAN, and transport operations.

Sapphire Software Solutions, Hyderabad, India Aug 2019-July 2023

Network Engineer (Routing/Switching & Firewalls)

Responsibilities:

Configured and supported enterprise LAN/WAN networks using Cisco Catalyst and Cisco Nexus switches, maintaining stable connectivity across core and access layers.

Implemented and troubleshot routing using OSPF, EIGRP, and BGP (as required) for branch and data center connectivity, validating redundancy and failover during circuit/device events.

Deployed VLAN segmentation, STP/RSTP, LACP EtherChannel, and gateway redundancy (HSRP/VRRP) to prevent L2 loops and maintain gateway availability during failures.

Applied WAN QoS (classification/marking and queuing) to prioritize voice/video traffic and validated behavior using interface counters/NetFlow during peak utilization.

Executed day-to-day LAN/WAN changes (VLAN adds, trunk updates, SVI/gateway adjustments, routing tweaks) with documented pre/post checks (reachability tests, counters, route tables) during maintenance windows to minimize user impact.

Hardened access-layer switching using PortFast/BPDU Guard, baseline port-security settings, and interface standardization (speed/duplex), reducing accidental loops and stabilizing endpoint connectivity.

Supported data center connectivity by operating Cisco Nexus switching and resolving end-to-end branch-to-DC path issues impacting applications.

Configured and supported site-to-site IPsec VPN tunnels between on-prem firewalls and AWS/Azure VPN Gateways, validating routing and tunnel stability for hybrid application connectivity.

Supported firewall operations across Cisco ASA, Check Point, and FortiGate—implementing NAT and access-policy changes, validating traffic flow/rule hits, and troubleshooting connectivity issues for internal and cloud-connected networks.

Supported MPLS/VRF-based segmentation across WAN circuits, validating route isolation and troubleshooting reachability issues (including label/LDP state where applicable in the environment).

Assisted with Versa SD-WAN deployments by configuring branch/hub appliances, bringing up IPsec overlays and BGP peering, and tuning SLA-based traffic steering for application path stability.

Implemented 802.1X authentication and role-based access using Cisco ISE and/or Aruba ClearPass, integrating with directory services and enforcing access policies for wired and wireless users.

Troubleshot IPsec VPN tunnel issues (phase1/phase2 mismatches, rekey failures, routing reachability), validated crypto parameters, and restored branch connectivity within incident/change processes.

Built basic Python/Ansible automation for configuration backups, interface health checks, and log collection to reduce manual effort and standardize routine operations.

Monitored network devices using SolarWinds with SNMP and NetFlow, tracking CPU, bandwidth/utilization, and interface errors to detect degradation early and speed triage.

Used Wireshark packet captures to isolate latency/loss symptoms (retransmissions, MTU/MSS issues, asymmetric flows) and support root-cause analysis across L2–L4 paths.

Resolved incident tickets by isolating L2/L3 faults using SolarWinds alerts, interface counters, syslogs, and routing tables; escalated with clear evidence and restored connectivity within SLA.

Supported wireless networks using Cisco WLC and Aruba APs, implementing SSID/VLAN segmentation and basic RF/QoS tuning, and troubleshooting roaming/coverage issues to stabilize user experience.

Applied WAN QoS for voice/video and validated marking/queuing behavior using NetFlow and packet captures during troubleshooting of call and video quality issues.

Created and maintained Visio network diagrams, runbooks, and MOPs for implementations and troubleshooting to support clean handoffs and consistent operations.

CERTIFICATIONS :

Cisco Certified Network Associate (CCNA)

Cisco Certified Network Professional (CCNP)

Amazon Web Services Networking Specialty (AWS)

Palo Alto Networks Certified Network Security Expert (PCNSE)

EDUCATION :

Master's in computer science, Illinois Institute of Technology, United states



Contact this candidate