Network Security Engineer with 5+ Years Experience

Sriram Sapireddy

Birmingham, AL ***** +1-737-***-**** *****************@*****.*** https://www.linkedin.com/in/sri-ram-0566731a5/ Professional Summary:

• Experienced Network Security Engineer with 5 years proven expertise in designing, implementing, and securing enterprise network infrastructures across healthcare, manufacturing, and financial environments.

• Skilled in managing next-generation firewalls (Palo Alto, Fortinet, Cisco ASA, Juniper SRX, Check Point), centralized management platforms, and security policies to protect critical applications and ensure compliance with regulatory standards.

• Strong background in routing, switching, and SD-WAN (Cisco Nexus, Catalyst, ASR, Viptela, Meraki), delivering resilient, scalable, and high-performance network connectivity across data centers and global branch sites.

• Hands-on experience with application delivery and data center technologies (Cisco ACI, F5 BIG-IP, Infoblox DDI), enabling segmentation, secure workload isolation, DNS firewalling, and high availability for mission-critical systems.

• Proficient in VPN and remote access solutions (IPSec, SSL, GlobalProtect), ensuring encrypted and seamless connectivity for distributed users and third-party partners.

• Adept at network automation and monitoring using Python, Ansible, REST APIs, and tools like NetScout, Stealthwatch, Zscaler, reducing manual tasks, improving operational consistency, and accelerating incident resolution.

• Experienced in supporting hybrid cloud environments with AWS, integrating secure connectivity, monitoring, and automation frameworks to ensure end-to-end visibility and operational efficiency. Technical Skills:

Firewalls, VPN & Security: Palo Alto NGFWs, Panorama, GlobalProtect, Fortinet FortiGate, FortiManager, FortiAnalyzer, Cisco ASA, Cisco Firepower (FTD), Check Point, Juniper SRX, IPSec VPN, SSL VPN, Remote Access VPN, Threat Prevention, URL Filtering, IDS/IPS. Routing, Switching & WAN: Cisco Nexus (5K/7K/9K), Cisco Catalyst (2960/3850/6800), Cisco ASR Routers, Arista Switches, Juniper Routers, OSPF, BGP, EIGRP, MPLS, Spanning Tree Protocol (STP), Cisco SD-WAN (Viptela, Meraki), Silverpeak, Riverbed WAN Accelerators.

Data Center & Application Delivery: Cisco ACI (ANPs, EPGs), VXLAN, Fabric Segmentation, F5 BIG-IP LTM, F5 VIPRION, SSL Offloading, iRules, Load Balancing, High Availability, Infoblox DDI (DNS, DHCP, IPAM, DNS Firewall). Wireless, NAC & Cloud: Aruba Wireless, Aruba ClearPass, Cisco Catalyst 9800 WLC, Cisco Meraki Wireless, Zscaler Cloud Proxy, AWS VPC, AWS Direct Connect, AWS CloudWatch, Hybrid Cloud Security Integrations. Monitoring & Automation: NetScout InfiniStream, Cisco Stealthwatch, Zscaler Analytics, NetFlow, Syslog, Python Scripting, Ansible, Terraform, REST APIs, Network Automation Frameworks. Educational Details:

University of Alabama at Birmingham Master of Science – May 24

• Master’s Degree: Master’s in Computer Science

JNTUH University Hyderabad, India - May 2021

• Bachelor’s Degree: Bachelor’s in Computer Science and Engineering Certifications:

• Certified CCNA & Certified CCNP,

• Udemy - Fortinet Certified Professional: Network Security (FCP),

• Certified Cloud Security Professional (CCSP) – Coursera. Professional Experience:

Atrius Health Jun 2024 – Present

Infrastructure/Security Engineer Atlanta, GA

• Designed, implemented, and managed enterprise firewalls using Palo Alto NGFWs and Fortinet FortiGate appliances. Built security policies, configured NAT rules, and enforced traffic segmentation to protect business-critical applications and meet compliance standards.

• Administered Palo Alto Panorama and FortiManager/FortiAnalyzer for centralized firewall management. This allowed consistent rule deployment, centralized log analysis, and simplified compliance reporting across a large enterprise network.

• Configured and maintained multi-vendor firewalls such as Cisco ASA, Juniper SRX, and Check Point, ensuring secure perimeter defense. Managed policies and monitored activity to prevent threats and protect sensitive workloads.

• Deployed and managed secure VPN solutions including IPSec and SSL VPNs. Implemented Palo Alto GlobalProtect for encrypted remote access, ensuring distributed users could connect securely without impacting performance.

• Built and optimized routing and switching environments with Cisco Nexus switches and Cisco ASR routers. Implemented OSPF, BGP, and EIGRP to support reliable routing, fast convergence, and scalable connectivity across enterprise data centers.

• Designed and deployed Cisco ACI to segment data center traffic. Used Application Network Profiles (ANPs) and Endpoint Groups (EPGs) to control east-west communication, enforce security policies, and simplify compliance.

• Implemented modern WAN solutions using Cisco SD-WAN and Viptela. Configured application-aware routing and adaptive policies to improve WAN flexibility, optimize bandwidth usage, and ensure high performance for critical applications.

• Deployed and supported application delivery solutions with F5 VIPRION platforms. Configured SSL offloading and traffic distribution to improve application availability, enhance performance, and reduce the load on backend servers.

• Strengthened DNS and IP address management by deploying Infoblox DDI (DNS, DHCP, IPAM). Implemented DNS firewall features to mitigate tunneling threats, ensure efficient IP allocation, and improve network visibility.

• Automated firewall and network operations using Ansible, Python scripting, and REST APIs. This streamlined configuration management, reduced manual errors, and allowed faster rollout of firewall policies and VPN provisioning. AMETEK Jul 2023 – May 2024

Network Security Engineer Atlanta, GA

• Designed, implemented, and managed firewall policies using Palo Alto NGFWs (PA-7080, PA-5280, PA-3260) to enforce strict security standards, segment traffic, and protect enterprise applications. Also managed FortiGate Firewalls (200, 1000, 1800 Series) for branch and data center environments, configuring client administration policies to prioritize critical business services.

• Configured and monitored Palo Alto Panorama for centralized firewall management, policy deployment, and log analysis. Integrated NetFlow and ISEC tools to provide real-time visibility into network activity, correlate events, and respond quickly to security incidents.

• Deployed Palo Alto GlobalProtect VPN to enable secure, encrypted access for remote employees and third-party partners. This ensured business continuity during large-scale remote work transitions while maintaining strict compliance with security policies.

• Built and maintained large-scale routing and switching infrastructures using Cisco Nexus switches (7018, 9300, 9400, 9600). Implemented traffic mirroring on these platforms for real-time analysis and troubleshooting. Additionally, supported Arista switches (7800R3, 7280R3, 722XPM), enabling continuous performance monitoring for data center-grade reliability.

• Implemented WAN optimization and software-defined networking solutions by deploying Cisco Viptela SD-WAN vManage. Configured BGP and adaptive routing to improve WAN flexibility, while also utilizing Silverpeak and Riverbed WAN Accelerators to enhance branch performance and accelerate application delivery.

• Engineered enterprise-grade wireless solutions using Aruba Wireless and Cisco Wireless Controllers. Conducted site surveys and spectrum analysis to ensure coverage in high-density areas, and enforced SSID-based VLAN tagging with ACLs to segment guest, IoT, and internal traffic for security and compliance.

• Configured and managed F5 BIG-IP appliances (2200, 4480, 4200) for critical services such as SSL offloading, secure virtual hosting, and traffic management. Used iRules to create custom traffic policies, optimize load balancing, and enhance the overall performance of enterprise applications.

• Strengthened DNS infrastructure by deploying Infoblox DNS Firewall. Configured tunneling mitigation techniques and network segmentation policies to contain threats and prevent exfiltration attempts through DNS channels.

• Integrated enterprise monitoring platforms such as SolarWinds (NPM, IPAM, and custom dashboards) to improve visibility into network health and optimize IP address management. Supplemented this with IBM Tivoli Monitoring (ITM) for proactive system tracking and Dynatrace integration with ServiceNow and Slack, enabling automated ticketing and reducing mean time to resolution (MTTR).

• Developed automation frameworks using Ansible for configuration management and Python with REST APIs for dynamic provisioning. Automated firewall deployments, network policy updates, and compliance checks, significantly reducing manual workload while improving consistency and audit readiness.

• Supported hybrid infrastructure in AWS Cloud by configuring VPCs and Direct Connect for secure communication between on- premises and cloud environments. Integrated SolarWinds IPAM to maintain consistent IP address management across hybrid deployments and ensure compliance with enterprise standards. Tata Consultancy Services (TCS) Oct 2021 – Dec 2022 System Engineer / Network Engineer Hyderabad, India

• Configured and managed Palo Alto firewalls, implementing security policies, threat prevention, URL filtering, and VPN solutions. Used Panorama for centralized management, log analysis, and consistent rule deployment across multiple sites.

• Administered Cisco Firepower Threat Defense (FTD) to enforce unified security policies and intrusion prevention. Performed regular policy updates and log reviews to ensure compliance and mitigate threats.

• Deployed and maintained Fortinet FortiGate firewalls, configuring IPSec and SSL VPNs to provide secure remote access. Utilized FortiManager for reusable templates and FortiAnalyzer for real-time monitoring and incident response.

• Designed and implemented segmentation policies using Cisco ACI, leveraging Endpoint Groups (EPGs) and Application Profiles to isolate workloads, enforce access controls, and improve application security.

• Configured and supported enterprise routing and switching using Cisco Nexus and Catalyst platforms, implementing OSPF and BGP for dynamic routing, and ensuring high availability with Spanning Tree Protocol.

• Implemented Cisco SD-WAN (Viptela) solutions with Zero-Touch Provisioning (ZTP) for rapid device onboarding. Configured application-aware policies to optimize performance and provide secure connectivity across branch sites.

• Managed DNS and IP address resources using Infoblox DDI, enabling automated IP management and deploying DNS firewall features to detect and block tunneling threats.

• Optimized application delivery with F5 BIG-IP LTM appliances, configuring load balancing and SSL offloading to improve performance and provide high availability for enterprise applications.

• Deployed and maintained Aruba Wireless solutions, integrating with ClearPass for secure device onboarding and policy-based access control across high-density environments.

• Automated network and security operations with Python scripting and Ansible, reducing manual effort in firewall configuration, VPN provisioning, and compliance checks while improving consistency. Client: Travelers Insurance Jun 2020 – Sep 2021

Associate Engineer (Network/Security) Hyderabad, India

• Designed and deployed SD-WAN solutions using Cisco Viptela, Meraki, delivering secure branch connectivity, reducing MPLS dependency, and providing intelligent traffic steering to improve application performance across the WAN.

• Configured and optimized dynamic routing protocols BGP and OSPF across MPLS and hybrid networks, enabling seamless route redistribution, automatic failover, and high availability to ensure uninterrupted enterprise operations.

• Implemented enterprise-grade wireless infrastructure with Cisco Catalyst 9800 Wireless Controllers (WLCs), managing thousands of access points and clients while applying secure wireless policies to ensure scalability, stability, and consistent user experience.

• Automated large-scale configuration deployments and firewall rule updates using Ansible and Terraform, reducing manual intervention, improving accuracy, and accelerating provisioning timelines across global network environments.

• Integrated Splunk Enterprise with firewalls and core network devices to centralize log collection and event correlation, providing greater visibility into network health, faster root cause analysis, and proactive issue resolution.

• Deployed NetScout InfiniStream appliances to capture and analyze packet-level traffic, and created service monitors to track performance trends of mission-critical applications such as O365, SAP, and Salesforce, improving reliability and user satisfaction.

• Built and supported monitoring frameworks in AWS Cloud using CloudWatch and SIEM tools, providing real-time alerting, reducing incident triage times, and ensuring end-to-end visibility across hybrid infrastructure environments.

• Conducted network audits and traffic behavior analysis with Stealthwatch and Zscaler analytics, identifying anomalies, optimizing traffic flows, and enhancing resilience against both operational and security-related disruptions. Other Experience:

University of Alabama at Birmingham, AL Jan 2023 to May 2023 Graduate Teaching Assistant for Mobile Application Development Birmingham, AL I mentored over 50 students in Python, Django, and Kotlin projects, helping improve overall course performance by 10%. I led hands-on labs in mobile and web development using React and Django, which boosted student participation by 30%. In addition, I assisted with solution testing and feedback sessions, raising the quality of student projects. I supported the teaching of the software development lifecycle, including SDLC and Agile practices, while also creating technical guides and instructional materials on modern frameworks such as Next.js and Nest.js. To strengthen collaboration and technical skills, I introduced GitHub and Linux shell scripting sessions, and provided support on scripting, debugging, and deployment practices.

Contact this candidate