Senior Network Security Engineer with SD-WAN and Automation
Resume:
Pranay Kumar Akula
Birmingham, AL **************@*****.*** +1-659-***-****
Professional Summary:
Results-driven Network Security Engineer with over 5 years of experience architecting, implementing, and securing enterprise-grade infrastructures for global organizations. Demonstrated expertise in deploying and managing next-generation firewalls, intrusion prevention systems, SD-WAN, and advanced segmentation strategies that protect mission-critical traffic and enhance business continuity. Strong hands-on experience with Palo Alto, Cisco, Fortinet, and Juniper technologies, delivering scalable and resilient solutions across data centers, campuses, and hybrid cloud environments. Skilled in centralizing operations and enforcing consistency using Panorama, Cisco ACI, and Ansible, while improving agility and reducing manual errors through automation. Proficient in optimizing application delivery with F5 BIG-IP and VIPRION, modernizing WAN infrastructures, and building hybrid connectivity solutions with AWS and Azure to enable high availability and secure global reach.
Recognized for integrating cutting-edge monitoring and security controls including Cisco ISE, Aruba ClearPass, Infoblox, Splunk, and Zscaler, ensuring comprehensive visibility, Zero Trust enforcement, and compliance with enterprise standards. Adept in vulnerability management, advanced threat detection, and applying strong encryption practices to safeguard sensitive data in motion and at rest. Experienced in automating complex operational tasks using Python scripting and orchestration frameworks to improve efficiency, reduce downtime, and accelerate incident response. A collaborative and detail-oriented engineer with a proven ability to deliver secure, future-ready infrastructures that balance security with performance—supporting enterprise growth, global operations, and digital transformation initiatives. Applied strong knowledge of RSVP, LDP, and PIM in Data Center Network Design, optimizing routing, traffic engineering, and multicast delivery.
Technical Skills:
Firewalls: Palo Alto (PA-5450, PA-5280, PA-3220, PA-440, PA-7000, GlobalProtect, Panorama, WildFire), Cisco Firepower (NGIPS 4115, 1120, Threat Defense, 2100, 4100), Cisco ASA, FortiGate (3000 series, Forti Analyzer, Forti Sandbox, FortiClient), Juniper (JunOS, Network Director).
Switching & Routing: Cisco Nexus (9000, 7000, 5000, 9300, 9500, 9800), Cisco Catalyst (2960, 3850), Cisco ASR, Arista (7300, 7280, 7800), Aruba CX.
Access Control: Cisco ISE, Aruba ClearPass, Active Directory, Kerberos.
Cloud & Virtualization: AWS (VPC, Route 53, Transit Gateway, Direct Connect, EC2, Elastic Load Balancers, VPC Peering), Azure (Traffic Manager, VNets, NSGs, DDoS Protection, multi-region deployments), VMware vSphere.
Monitoring Tools: Splunk, SolarWinds NetFlow, Infoblox, Juniper Network Director, JunOS CLI, Forti Analyzer, Qualys.
Other Toos: Cisco Stealthwatch, Cisco CyberVision, ISEC, Python, Ansible, Netmiko, Scapy, Nmap, Proofpoint, Microsoft 365 Defender, Zscaler, Netskope, Cloudflare, Cisco Viptela, Silver Peak, Cato SD-WAN, Cisco Meraki.
Educational Qualifications:
University of Alabama at Birmingham Birmingham, AL May 2024
Master’s Degree: Computer Science
Matrusri Engineering College, Hyderabad, India Apr 2020
Bachelor’s Degree: Computer Science
Certifications:
Cisco Certified Network Associate – CCNA - Udemy
Cisco Certified Network Professional: CCNP – Udemy
AWS Certified Advanced Networking
Network Automation with Python
In progress: Fortinet NSE7, Microsoft Azure Fundamentals (AZ-900)
Professional Experience:
CrowdStrike Austin, TX
Sr. Network Security Engineer May 2024 – Current
Configured Cisco ACI policies and contracts to enforce segmentation and micro-segmentation across bridge domains and VRFs, strengthening the security posture in the data center. Supported policy-driven automation for external routing and inter-tenant traffic control, ensuring scalable and secure connectivity.
Configured and managed Juniper SRX Series firewalls in High Availability (HA/Cluster and MNHA) setups, leveraging JUNOS CLI to implement stateful firewall policies, NAT, IPSec/SSL VPNs, IPS/IDS, and DDoS mitigation across service provider and enterprise environments.
Experience with Palo Alto firewalls and cloud-based management (Panorama, Strata Cloud); SolarWinds (NetFlow, SWQL), scripting with Python & PowerShell.
Planned, Coordinated, and Implemented Network Security Measures across enterprise environments, ensuring compliance with best practices and minimizing risk exposure.
Applied strong knowledge of Cisco routing protocols including EIGRP, OSPF, BGP, and MPLS, as well as VLAN segmentation, Ethernet services, and the OSI model to design and troubleshoot enterprise and service provider networks.
Interfaced with ISPs and Carriers to install, commission, and test WAN/Internet Circuits at remote sites, while collaborating with vendors to define Hardware and Software Requirements aligned with business objectives and performance needs.
Optimized high-performance switching with Cisco Nexus 9300, 9500, and 9800 series switches configured with HSRP/VRRP for redundancy and failover. Augmented data center visibility and monitoring by deploying Arista 7300, 7280, and 7800 series switches, leveraging their advanced telemetry features for proactive performance tracking and troubleshooting.
Migrated enterprise access control from Cisco Identity Services Engine (ISE) to Aruba ClearPass, improving endpoint visibility, compliance enforcement, and authentication workflows. Replicated existing ISE policies into ClearPass and enhanced them for greater flexibility and security during the migration process.
Configured and maintained Cisco Meraki MS225, MS250, and MS350 switches, providing secure Layer 2 and Layer 3 connectivity for distributed enterprise sites. Leveraged Meraki’s centralized cloud dashboard for simplified operations, remote troubleshooting, and rapid deployment.
Troubleshot and Optimized Splunk Components including forwarders, deployment servers, and federated search configurations, improving data accuracy and query performance.
Leveraged Advanced Security Tools including Darktrace for anomaly detection and Nessus for vulnerability scanning to proactively identify risks, monitor abnormal traffic patterns, and strengthen enterprise cyber defense posture.
Administered and supported enterprise voice communications infrastructure, including POTS, PRI, SIP trunks, and DID management, ensuring reliable call routing, secure VoIP integration, and seamless interoperability between legacy telephony systems and modern IP-based platforms.
Implemented and supported Cisco ISR/ASR 4400, 8300, and 8500 series routers along with Catalyst 9200/9300/9500 switches, configuring BGP, OSPF, QoS, and VLAN segmentation to optimize enterprise LAN/WAN performance.
Hands-on experience using tcpdump and Wireshark for deep packet inspection, TLS handshake analysis, and root cause troubleshooting of TCP/UDP flows.
Leveraged ExtraHop for deep packet inspection and network analytics, enhancing visibility into application performance and accelerating root-cause analysis of network issues.
Contributed to Disaster Recovery (DR) and Business Continuity Planning (BCP) by implementing redundancy, resiliency testing, and failover strategies, ensuring uninterrupted service availability during outages or security incidents.
Strengthened security infrastructure through centralized DNS, DHCP, and IP address management (DDI) using Infoblox, which improved operational control and resilience. Built BGP peering with AWS for hybrid cloud connectivity and integrated enterprise vulnerability scanning tools such as Qualys and ISEC equivalents to support firewall rule audits, penetration testing, and proactive risk remediation.
Executed Hardware Troubleshooting on GTD-5 circuit packs, shelves, and slots, providing Tier 3 support for fault isolation, replacements, and recovery in alignment with central office procedures.
Engineered Cloud-Native Networking and VPN Solutions across AWS, Azure, and GCP, integrating with enterprise WAN backbones to deliver secure, high-performance connectivity for remote sites and cloud workloads.
Led Change Control processes in alignment with GMP standards, ensuring all network and infrastructure modifications were documented, reviewed, and implemented with minimal risk to operations and compliance.
Mentored Junior Engineers and Technicians, providing training on network security, monitoring tools, and troubleshooting methodologies.
Implemented and managed network monitoring and security analytics using ExtraHop and Splunk, enabling real-time threat detection, performance optimization, and rapid incident response across enterprise environments.
Researched and Recommended Network Hardware and Software Solutions, collaborating with vendors and customers to align technology with business requirements.
Automated and customized application delivery with F5 BIG-IP, leveraging iRules, iApps, and iControl REST API to deliver tailored application services. Led a WAN modernization program that decommissioned legacy MPLS links, activated high-capacity circuits, and deployed real-time monitoring platforms to optimize performance and enable seamless cutovers with minimal disruption.
Implemented advanced Ethernet Technologies including VLANs, STP, LACP, and MC-LAG to deliver resilient, efficient, and redundant Layer 2/Layer 3 connectivity.
Elevance Health Atlanta, GA
Network/Security Engineer Aug 2023 – Apr 2024
Designed and mapped network topologies by integrating routers, firewalls, switches, and load balancers, organizing interconnections and segmenting traffic paths. Ensured redundancy through high-availability designs, applied routing optimization, and built scalable infrastructures to handle enterprise-level network growth.
Configured IPSec Site-to-Site VPNs to connect branch offices securely and SSL VPN tunnels to provide encrypted access for remote users. Implemented these on Palo Alto, FortiGate, Cisco ASA, and Juniper platforms, ensuring confidentiality, integrity, and reliable access to internal resources.
Developed and maintained dashboards and alerts in Splunk to monitor network traffic patterns, proactively identifying anomalies and minimizing downtime across critical systems.
Skilled in writing and optimizing regular expressions (PCRE) for secure web gateway and log correlation use cases, improving performance of filtering rules and Splunk searches.
Deployed and managed Cisco Nexus Dashboard Fabric Controller (NDFC) to centralize policy management, automate fabric provisioning, and streamline operations across Nexus 9000 series data center environments.
Developed Test, Implementation, Verification, and Back-Out Plans as part of change control processes, ensuring successful deployments and rapid rollback in case of issues.
Collaborated with healthcare IT teams to support secure connectivity and compliance for Electronic Medical Record (EMR/EPM) platforms such as NextGen and Microsoft 365 integrations, ensuring reliable access, data protection, and alignment with HIPAA and NIST frameworks.
Managed and Optimized Email & Web Security Solutions including Mimecast and Forcepoint, applying anti-phishing, malware filtering, and data protection policies to safeguard enterprise communication channels
Delivered exceptional Customer Interaction support before and after DISA Storefront (DSF) entry, providing clear communication, issue resolution, and seamless service experiences.
Configured and Maintained Network Equipment and Infrastructure including switches, routers, firewalls, and wireless access points, supporting large-scale enterprise operations and projects.
Applied industry Frameworks and Benchmarks including NIST CSF 2.0 and CIS Controls to strengthen security posture, align with compliance requirements, and guide risk management initiatives.
Developed Network Documentation using Microsoft Visio, creating accurate diagrams to support operations, troubleshooting, and design reviews.
Deployed and Supported VoIP Services across multiple locations by configuring MPP phones, local gateways, and firewall policies, while enabling advanced telephony features such as call queues, voicemail, hunt groups, auto attendants, DECT networks, and hoteling.
Designed and Implemented Splunk Infrastructure (On-Prem and Cloud) to support enterprise-scale deployments, ensuring reliability, scalability, and optimized log ingestion.
Administered and supported enterprise Voice Services including PBX and VoIP technologies, configured SIP and H.323 protocols, managed DIDs, and integrated Microsoft Teams to deliver secure and reliable unified communications.
Deployed and administered Palo Alto next-generation firewalls, configuring security segmentation, application-level filtering, intrusion prevention, and URL filtering. Worked with Cisco Firepower Threat Defense and Fortinet firewalls to unify security policies, detect threats in real-time, and enforce consistent access control across the environment.
Implemented Zscaler Cloud Proxy to secure outbound internet traffic, enforcing authentication policies, validating SSL certificates, and applying granular filtering rules. Configured authentication bypass rules for trusted applications and applied Zero Trust Network Access models to validate both users and devices before granting access.
Designed and deployed multiple Azure regions and endpoints using Azure Traffic Manager to build a globally distributed web service, ensuring high availability, low latency, and seamless user experience across geographies.
Integrated SIEM tools to centralize log collection and correlation. Leveraged Infoblox for DNS analytics to identify suspicious query patterns, used Cisco ISE for identity-based access controls and reporting, and configured Forti Analyzer to detect anomalies and generate real-time security alerts for faster incident response.
Administered Windows Server services including Active Directory Domain Services (AD DS), DNS, DHCP, and Group Policy Objects (GPO) to support enterprise authentication, secure access controls, and hybrid cloud integrations in compliance with security frameworks.
Deployed and Maintained EDR Solutions such as SentinelOne, ensuring endpoint visibility, proactive threat detection, and rapid response to malware, ransomware, and insider threats.
Configured enterprise switching and routing on Cisco Catalyst 2960 and 3850 for core connectivity, extended fabric modules with Nexus 5000 FEX, and secured access layers with Meraki MS series. Optimized traffic with Spanning Tree Protocol, applied dynamic routing, and used Nginx ingress controllers to manage traffic distribution for applications.
Managed Cisco ACI to provide centralized policy-based control, real-time visibility into application flows, and automated network provisioning. Deployed Viptela SD-WAN Zero-Touch Provisioning to simplify device onboarding, enforce WAN segmentation, and apply intelligent routing policies that improved branch office performance and scalability.
Monitored and optimized network performance using SolarWinds NetFlow Traffic Analyzer to study traffic flows and detect unusual bandwidth usage. Utilized Juniper Network Director and JunOS CLI for fine-grained monitoring, diagnostics, and proactive resolution of routing and switching issues.
Utilized Ticketing and Knowledge Tools such as ServiceNow, Jira, and Confluence to manage incidents, document solutions, and streamline change management processes across enterprise environments.
Administered Splunk Enterprise Security (ES), integrating with CIM data models to support threat detection, compliance reporting, and security event correlation.
Generated Detailed Reports on network operational status, incident metrics, and project milestones, improving visibility for leadership and stakeholders.
Configured and managed F5 BIG-IP LTM appliances such as the 2000 and 4000 series to enhance application delivery. Applied SSL offloading to reduce encryption load on servers, configured load balancing algorithms for traffic distribution, and built redundancy to maintain high availability of business-critical applications.
Applied ISEC encryption techniques including secure cryptographic algorithms, key management practices, and encryption policies to protect sensitive data during transmission and storage. These methods provided strong compliance with security standards and reduced risks of data leakage.
Automated operational and security processes with Python scripting, including parsing logs for anomaly detection, automating system health checks, and building custom monitoring workflows. This reduced manual effort, improved detection speed, and enabled proactive responses to security threats.
Tata Consultancy Services Hyderabad, India
System Engineer (Network Engineer) Apr 2021 – Dec 2022
Administered Palo Alto (PA-440, PA-7000 series) firewalls to enforce application-aware access controls, NAT, and secure remote connectivity using Global Protect VPN. Leveraged WildFire threat intelligence to detect and block zero-day malware and advanced persistent threats.
Strengthened application delivery with F5 VIPRION load balancers by implementing SSL offloading, connection pooling, caching, and traffic compression. These optimizations improved responsiveness, reduced latency, and ensured high availability for business-critical services.
Provided Remote Site Support and Escalation Management, delivering Tier 3 troubleshooting and customer-facing resolution for WAN, LAN, and wireless outages.
Delivered Exceptional Customer Service by troubleshooting complex issues, coordinating with ISPs and carriers, and providing clear communication to both technical and non-technical stakeholders.
Engineered secure and scalable cloud networking architectures across AWS and Azure. Designed AWS solutions with VPC peering, Route 53, Elastic Load Balancers, and Transit Gateway; in Azure, configured VNets, NSGs, routing policies, and DDoS protection to support resilient multi-cloud connectivity.
Managed Webex Contact Center Agents and Queues, leveraging analytics and troubleshooting tools to monitor performance, resolve incidents, and optimize call flow for improved customer experience.
Implemented FortiGate (3000 series) firewalls with policies for web filtering, application control, and social media usage. Integrated Forti Sandbox for advanced threat analysis and deployed FortiClient agents to extend endpoint-level protection.
Optimized enterprise and data center security using Cisco Firepower (2100 and 4100 series) appliances, enabling intrusion prevention, VPN services, and firewall policies to secure both internal and perimeter traffic.
Deployed and managed Cisco ACI fabric policies, including contracts, QoS prioritization, and VMM integration with VMware vSphere, delivering secure segmentation, automated tenant isolation, and dynamic scalability for modern data centers.
Streamlined enterprise authentication and access control by integrating Cisco ISE, Active Directory, and Kerberos. This allowed for identity-based access enforcement, centralized auditing, and compliance-driven policy management.
Enhanced global WAN efficiency by implementing Cato SD-WAN and Cisco Viptela SD-WAN solutions. Configured hybrid WAN architectures with intelligent traffic steering, SaaS optimization, and secure direct internet access to reduce MPLS dependency.
Automated network operations with Python (Netmiko, Scapy, Nmap) and Ansible, building workflows for device provisioning, configuration management, security patching, and large-scale troubleshooting. This reduced manual overhead and improved reliability.
Designed and managed enterprise routing and switching across Cisco Nexus (9000, 7000, 5000 series), Cisco ASR, Aruba CX, and Arista switches. Configured VLANs, VRFs, EVPN-VXLAN, QoS, and redundancy mechanisms like vPC and port channels for optimal traffic flow and high availability.
ACT Fibernet Hyderabad, India
Network Administrator Nov 2019 – Mar 2021
Deployed and managed Cisco SD-WAN Viptela and Cisco Meraki solutions to modernize branch office connectivity, reduce MPLS costs, and maintain secure site-to-site communication.
Configured and supported Arista switches and Cisco Nexus platforms in campus and data center environments, implementing Layer 2 and Layer 3 services, VXLAN overlays, VRF segmentation, and VLAN design for scalable multi-tenant architectures.
Designed and managed AWS networking services including EC2 networking, Route 53 DNS routing and health checks, AWS VPN, Direct Connect, Elastic Load Balancers (ALB/NLB), and VPC peering to optimize global cloud connectivity and service availability.
Tuned and administered Splunk correlation searches, custom dashboards, and SPL queries to detect anomalies such as failed logins, privilege escalation attempts, and suspicious user behavior across internal and cloud environments.
Monitored and enforced cloud security policies using Netskope Cloud Access Security Broker (CASB), applying Data Loss Prevention (DLP) controls and detecting high-risk cloud application behaviors.
Conducted incident response and root cause analysis for alerts generated by Microsoft 365 Defender, Proofpoint Email Security, and Netskope Security Cloud, improving mean time to detect and resolve threats.
Automated configuration and provisioning across more than 50 network devices using Python scripting and Ansible automation, reducing manual effort by 39% and cutting configuration turnaround time.
Migrated secure web gateway services from Cisco IronPort to Zscaler Cloud Proxy, including policy design, proxy configuration (PZEN), and post-deployment optimization in coordination with cross-functional teams.
Strengthened security and uptime by deploying Cisco Stealthwatch and Cisco CyberVision for deep visibility into campus and ICS/OT traffic, and enabled Cloudflare DDoS protection for web-facing assets to mitigate volumetric attacks.
Contact this candidate