Post Job Free
Sign in

Network Security Engineer-Open For Relocation anywhere in USA

Location:
Cleveland, OH, 44114
Posted:
January 22, 2026

Contact this candidate

Resume:

Pramodh Tirumareddy

Sr. Network Security Engineer/NSE

Contact: +1-469-***-****

LinkedIn: www.linkedin.com/in/pramodht0302

Email: ************.****@*****.***

PROFESSIONAL SUMMARY

Senior Network Automation Engineer Nearly 8 years of experience architecting and implementing infrastructure-as-code for large-scale enterprise networks. Expert in building reusable Ansible and Python frameworks to provision, monitor, and validate Arista EOS and Cisco topologies. Deep experience integrating network automation into CI/CD pipelines (Jenkins/GitLab) and developing automated test suites for zero-touch provisioning.Adept at designing, implementing, and managing robust security architectures across on-premises, hybrid, and cloud infrastructures.

Network Engineer with hands-on experience in designing and deploying secure multi-cloud network architectures using Aviatrix

Proficient in securing workloads on AWS and Azure, leveraging tools like AWS Security Groups, NACLs, WAF, GuardDuty, CloudTrail, Azure NSGs, Azure Firewall, and Microsoft Defender for Cloud to ensure visibility, compliance, and threat response in cloud environments.

Skilled in deploying and managing SIEM platforms such as Splunk, IBM QRadar, ArcSight, LogRhythm, and Elastic Stack (ELK) to correlate events, detect anomalies, and support incident response.

Skilled in authentication protocols (RADIUS, TACACS+, LDAP, Kerberos, SAML, OAuth2) and tools such as Active Directory, Azure AD, Okta, and Ping Identity to secure user access and centralize identity governance.

Adept in Python, Perl, PowerShell, Bash for scripting and automating security tasks. Experienced with Ansible and Terraform for automating firewall configurations, infrastructure provisioning, and security workflows via REST APIs.

Expert in vulnerability scanning and remediation using Nessus, Qualys, OpenVAS, Nexpose, and compliance dashboards from Tenable.sc, Rapid7 InsightVM, and cloud-native tools.

Conducted proactive penetration testing using Metasploit, Nmap, Burp Suite, and Wireshark.

Deep knowledge of endpoint and extended detection solutions including CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, and Palo Alto Cortex XDR for comprehensive endpoint visibility and response.

Strong hands-on experience managing routers, switches, and load balancers from Cisco (IOS/NX-OS), Juniper, Arista, and F5 BIG-IP (LTM/GTM).

Expert in configuring and managing firewalls and NGFWs from leading vendors including Cisco ASA/Firepower, Palo Alto Networks, Fortinet FortiGate, and Juniper SRX to safeguard network perimeters and enforce granular security policies.

Hands-on experience with deploying and tuning IDS/IPS platforms like Snort, Suricata, Cisco Firepower, and Palo Alto Threat Prevention for real-time threat detection and mitigation.

Familiar with Cisco Catalyst 9200–9600 series in campus and branch network deployments.

Proficient with VPN and remote access tools such as Cisco AnyConnect, OpenVPN, FortiClient, and GlobalProtect (Palo Alto).

Experience deploying and managing NAC solutions like Cisco ISE, Meraki, and Aruba ClearPass for endpoint compliance and policy enforcement.

Experienced in integrating threat feeds from MISP, IBM X-Force, AlienVault OTX, and Cisco Talos to stay ahead of evolving threats and inform defense strategies.

Good experience in monitoring performance and availability using Splunk, Nagios, Zabbix, SolarWinds, and PRTG.

TECHNICAL SKILLS

Languages

Python, PowerShell, Bash

Cloud Security Tools

Microsoft Azure (Azure Firewall, NSGs, Microsoft Defender for Cloud)

Amazon Web Services (AWS: NACLs, Route 53, Security Groups, AWS WAF, GuardDuty, CloudTrail)

Endpoint Detection & Response (EDR) /XDR

Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, Palo Alto Cortex XDR

Firewalls

Cisco ASA/Firepower, Palo Alto Networks, Fortinet FortiGate, Juniper SRX

IDS/IPS

Snort, Suricata, Cisco Firepower, Palo Alto Threat Prevention

SIEM Platforms

Splunk, IBM QRadar, ArcSight, LogRhythm, Elastic Stack (ELK)

Automation Tools

Ansible, Terraform (for IaC), REST APIs for firewall/SIEM integration

Vulnerability Management

Tenable.sc, Rapid7 InsightVM, Nessus, Qualys, OpenVAS, Nexpose

Penetration Testing

Metasploit, Nmap, Burp Suite, Wireshark

Monitoring & Threat Intelligence

Zabbix, Nagios, SolarWinds, PRTG, MISP, AlienVault OTX, Cisco Talos

Network Access Control (NAC)

Cisco ISE, Cisco Meraki, Aruba ClearPass, Ethernet, TCP/IP, BGP, OSPF, PIM, MPLS

Routers, Switches, and Load Balancers

Cisco (IOS/NX-OS), Juniper, Arista, F5 BIG-IP (LTM/GTM), VLANs, routing protocols (OSPF, BGP, EIGRP), Cisco Catalyst Series, Nexus

VPN & Remote Access Technologies

Site-to-site VPNs, Remote-access VPNs (IPSec, SSL), Cisco AnyConnect, OpenVPN, FortiClient, GlobalProtect (Palo Alto)

Authentication/Identity Management

RADIUS, TACACS+, LDAP, Kerberos, SAML, OAuth2, Active Directory, Azure AD, Okta, Ping Identity

PROFESSIONAL EXPERIENCE

American Airlines, TX Dec 2023 – Present

Sr. Network Security Engineer (NSE)

Responsibilities:

Designed and implemented secure network architectures on Azure, utilizing Virtual Networks (VNets), Network Security Groups (NSGs), and Application Gateway for segmentation and traffic filtering.

Engineered secure hybrid connectivity using Azure VPN Gateway and ExpressRoute. Integrated Azure AD with third-party IdPs (Okta) using OAuth 2.0 for seamless SSO and secure access.

Architected a resilient network perimeter by deploying high-performance FortiGate FG-6000/FG-3000 series in an Active-Active High Availability (HA) cluster, delivering 99.999% uptime for mission-critical applications.

Designed a multi-tenant security architecture utilizing FortiGate Virtual Domains (VDOMs), logically isolating traffic between Production, Development, and Guest networks on shared physical hardware without compromising security boundaries.

Optimized firewall performance by conducting regular Policy Audits and utilizing the FortiGate Automation Stitches, automatically disabling unused rules and quarantining compromised hosts based on IOC triggers.

Applied OS hardening techniques on Windows and Linux servers by disabling unnecessary services, applying security patches, and configuring security policies.

Implemented scalable and secure VPN architecture (AnyConnect, FortiClient) with certificate-based authentication, MFA, and split tunneling, reducing helpdesk tickets by 35%.

Engineered low-latency Market Exchange connectivity, optimizing routing paths via BGP attributes (Local Pref/MED) to minimize hop counts and jitter for time-sensitive financial transaction flows.

Facilitated Cloud Exchange connectivity by configuring Azure ExpressRoute/AWS Direct Connect private peering, enabling high-speed hybrid data transfer between on-prem trading engines and cloud analytics resources.

tuned OSPF convergence timers in the core network to sub-second values, ensuring that link failures in the trading floor network triggered instantaneous failover without dropping active sessions.

Designed and deployed boot strategies for Xilinx UltraScale MPSoC, including BootROM, FSBL, PLM, and U-Boot.

Designed and deployed secure bootloader applications with cryptographic validation for embedded and IoT devices.

Designed and implemented encryption & decryption mechanisms for secure data transmission across corporate networks.

Designed and deployed SD-WAN (Cisco Viptela/Fortinet/VMware Velocloud) solutions across multiple branch offices, reducing WAN costs by while improving application performance.

Configured and maintained WAN routing policies with BGP, OSPF, and MPLS to ensure optimal traffic flow.

Built automated incident response workflows using Azure Logic Apps and Azure Automation, reducing mean time to respond (MTTR).

Configured encrypted IPsec tunnels between on-prem datacenter and public cloud using Aviatrix edge solutions

Designed and implemented Device PKI hierarchy for secure authentication across IoT and enterprise devices.

Enabled MFA and Managed Identities to enforce authentication and identity-based security.

Leveraged Azure Sentinel and Splunk for centralized log collection, threat correlation, and incident detection.

Automated network and security tasks using Python and PowerShell.

Used Ansible and Terraform for infrastructure-as-code (IaC), provisioning secure environments and standardizing firewall and SIEM configurations. Integrated tools via REST APIs to streamline security operations.

Deployed and managed Next-Generation Firewalls (NGFWs) with advanced features including Deep Packet Inspection (DPI), Application Control, and Intrusion Prevention Systems (IPS) using Cisco ASA/Firepower, Palo Alto Networks, Fortinet FortiGate, and Juniper SRX.

Implemented Cisco ISE, TACACS+, and RADIUS for network access control, policy enforcement, and device authentication.

Configured and monitored RTI Admin Console for device-to-device secure communication in DDS environments.

Assisted in deploying secure DDS middleware for mission-critical communication systems.

Managed device onboarding using PKI-based identity verification.

Built and maintained PKI infrastructure, including Root CA, intermediate CAs, and device enrollment workflow

Conducted regular internal and external scans using OpenVAS, Nessus, Qualys, Tenable.sc, and Rapid7 InsightVM.

Conducted network traffic analysis with Wireshark to detect anomalies, verify protocol compliance, and troubleshoot security incidents.

Performed network monitoring and vulnerability assessments to validate DDS and PKI security layers.

Tuned Snort for customized IDS rule sets and managed Palo Alto Threat Prevention (AV, spyware, vuln protection) to block malicious traffic.

Monitored and maintained Root of Trust infrastructure for secure device identity and cryptographic key management.

Leveraged Vivado Lab tools to validate FPGA-based hardware configurations, ensuring secure boot and device integrity.

Implemented DDS security plugins for authentication, encryption, and access control in distributed real-time systems.

Executed penetration testing with Metasploit, Nmap, and Burp Suite to uncover exploitable vulnerabilities.

Administered Cisco AnyConnect VPN with certificate-based auth, posture checks, and split tunneling to ensure secure remote access.

Secured Linux environments by applying OS hardening practices, automating patch deployment, and configuring audit policies.

Automated test case execution using Python and Bash scripts, ensuring traceability back to requirements in JIRA/JAMA.

Integrated SD-WAN with cloud platforms (AWS, Azure) for hybrid connectivity.

Managed routers and switches from Cisco (IOS/NX-OS), Juniper, and Arista for routing, VLANs, and segmentation.

Configured Cisco Meraki (MX, MS, and MR) for cloud-managed networking.

Designed high-availability solutions using F5 BIG-IP (LTM/GTM) for secure application delivery.

Consumed and integrated threat intelligence feeds like AlienVault OTX and MISP to enhance proactive defense strategies and stay ahead of emerging threats.

Monitored and reported requirement coverage using JIRA dashboards and JAMA traceability matrices.

Conducted vulnerability assessments and recommended secure coding practices in DevSecOps environments.

Embedded security into the CI/CD pipeline using Azure DevOps, ensuring continuous security testing, compliance validation, and vulnerability remediation during development.

Environment: Microsoft Azure (VNets, NSG, WAF, Firewall, Sentinel, Logic Apps, AD, RBAC, MFA, ExpressRoute, VPN Gateway), Cisco ASA, Firepower, ISE, AnyConnect, Meraki, Palo Alto NGFW, Threat Prevention, Fortinet FortiGate, Juniper SRX, F5 BIG-IP (LTM/GTM), Splunk, OpenVAS, Nessus, OSPF, AlienVault OTX, Qualys, Tenable.sc, Rapid7 InsightVM, Snort, Metasploit, Okta, OAuth 2.0, Python, PowerShell, Ansible, Terraform, REST API, MISP, DevSecOps, VPNs, IDS/IPS, NAC

Aetna, CT Sep 2022 – Nov 2023

Network Security Engineer (NSE)

Responsibilities:

Secured Azure environments using NSGs, ASGs, Azure Firewall, and Defender for Cloud, and VPN Gateway.

Managed site-to-site and point-to-site VPNs to ensure encrypted communication between on-prem and cloud.

Implemented cloud-native security features including VPCs, security groups, IAM policies, and OAuth 2.0.

Designed SSO and MFA via Okta, integrating identity services across platforms and applications.

Enforced security via Azure Log Analytics, IAM, and Azure Backup/Site Recovery for resilience and compliance.

Architected a secure DMZ environment for external-facing trading portals, strictly enforcing TCP/IP traffic segmentation and stateful inspection to protect the core banking infrastructure from internet-based threats.

Hardened B2B VPN tunnels utilizing IPsec IKEv2 and aggressive encryption standards (AES-256), ensuring secure transport of proprietary financial data over public internet links.

Designed and implemented secure network architectures incorporating NGFWs, VPNs, IDS/IPS, and segmentation.

Automated security workflows using Python and PowerShell to handle IP blacklisting, log collection, and rule deployment.

Applied Linux-based security monitoring to detect anomalies in system and network logs

Implemented Secure Boot mechanisms ensuring firmware integrity by enforcing signature verification before OS load.

Managed and secured VMware vSphere clusters, ensuring virtual network isolation, access control, and compliance with security baselines.

Applied backplane concepts to optimize secure communication across high-speed interconnects in networked systems.

Administered RTI Admin Console to configure secure DDS domains, enforce QoS policies, and monitor distributed applications.

Wrote Python scripts using Scapy and paramiko for automated penetration and compliance testing.

Built Bash automation scripts for log analysis, system hardening, and patch verification.

Implemented Hardware Root of Trust (HRoT) within MPSoC boot process to establish trust at power-on.

Worked with boot mode selection (QSPI, SD, NAND, PCIe) for flexible and resilient boot strategies.

Applied DDS security plugins for authentication, encryption, and access control across nodes and doma

Worked with DDS hierarchy to secure real-time publish-subscribe communications across distributed systems.

Implemented encryption technologies such as SSL/TLS and IPsec for protecting sensitive data.

Monitored network traffic for suspicious activity and responded to incidents ensuring network and system safety.

Supported enterprise WAN infrastructure with MPLS and traditional VPN solutions before migration to SD-WAN.

Used Ansible to enforce consistent configurations across network security devices and streamline provisioning of firewall and VPN settings.

Worked with Hardware Root of Trust (TPM, ARM TrustZone) to anchor system integrity and establish a trusted execution environment.

Developed policies for secure firmware updates and rollback protection to prevent exploitation of outdated images.

Fortified the network against encrypted threats by enabling SSL/TLS Deep Packet Inspection (DPI) on edge FortiGates, uncovering and blocking malware concealed within HTTPS tunnels without significantly impacting throughput.

Enforced Zero Trust principles by implementing granular Identity-Based Firewall Policies integrated with FSSO (Fortinet Single Sign-On), restricting resource access based on Active Directory user groups rather than static IP subnets.

Secured remote workforce access by deploying FortiGate SSL-VPN with MFA and Host Check compliance, ensuring only updated and corporate-managed devices could establish tunnel connections.

Applied Wireshark for deep packet inspection and investigation of suspicious traffic in real-time environments

Secured Bitbucket repositories with access control and integrated Bamboo pipelines for automated builds and security testing.

Supported design reviews to ensure backplane communication architectures met safety and security requirements.

Assisted in hardening operating systems by enforcing password policies, patch updates, and access controls.

Integrated Cisco ASA, Palo Alto Networks, Fortinet FortiGate, and Juniper SRX firewalls for perimeter defense, access control, and threat prevention.

Integrated PKI with network access control systems to enforce device identity verification.

Conducted periodic PKI audits to ensure compliance with cryptographic standards (X.509, FIPS).

Deployed Cisco ISE for NAC and device authentication using RADIUS and TACACS+.

Deployed and managed IDS/IPS solutions (e.g., Snort, Palo Alto Threat Prevention) for traffic monitoring and policy enforcement.

Maintained Bamboo build pipelines integrated with Bitbucket for continuous delivery and automated vulnerability scans.

Utilized JIRA and JAMA to capture, manage, and validate cybersecurity and device safety requirements.

Performed incident response and root-cause analysis for DDS and virtualization-related vulnerabilities.

Integrated security test scripts with CI/CD pipelines to ensure continuous monitoring of device security posture.

Developed Python and Bash automation scripts to validate cybersecurity and device safety requirements.

Assisted in validating Xilinx MPSoC bootloader security policies against threat models.

Conducted vulnerability assessments using Qualys, OpenVAS, and Nessus, and performed penetration testing with Burp Suite, Nmap, and Metasploit to identify and remediate threats.

Integrated AlienVault OTX with IBM QRadar to enhance threat detection. Monitored traffic and system performance using Nagios and Zabbix, deploying agents and proxies across network infrastructure.

Deployed and administered CrowdStrike Falcon for advanced EDR across enterprise endpoints. Configured Cisco AnyConnect for secure remote access with IPSec/SSL VPN, split tunneling, and posture checks.

Managed SSIDs, VLANs, and NAT settings through the Cisco Meraki Dashboard.

Deployed and managed F5 BIG-IP (LTM/GTM) for SSL offloading, secure application delivery, and global traffic management.

Assisted hardware teams using Vivado Lab tools to test FPGA and SoC implementations for security feature

Led incident response efforts by analyzing, containing, and mitigating security incidents.

Collaborated with cross-functional teams including DevOps, IT, and application security to implement preventive measures and document response plans.

Environment: Azure Cloud, Cisco ASA, Firepower, AnyConnect, ISE, Meraki, Palo Alto Networks, Fortinet FortiGate, Juniper, Arista, F5 BIG-IP (LTM/GTM), VPNs (IPSec, SSL), IDS/IPS (Snort, Palo Alto Threat Prevention), QRadar, Nagios, Zabbix, Okta, OAuth 2.0, RADIUS, TACACS+, CrowdStrike Falcon, OpenVAS, Qualys, Nessus, Metasploit, Burp Suite, Nmap, AlienVault OTX, Python, PowerShell, Ansible, Azure NSG, ASG, VPN Gateway, Defender for Cloud, Log Analytics, Backup & Site Recovery

ADP, India Jun 2018 – Jun 2022

Network Security Engineer/Support Engineer

Responsibilities:

Designed and maintained secure L2/L3 architectures using Cisco Catalyst (campus) and Nexus (data center) platforms.

Orchestrated a complex firewall migration from legacy Cisco ASA to FortiGate NGFWs using FortiConverter, meticulously mapping 5,000+ objects and ACLs while optimizing rule logic to reduce policy lookup overhead by 30%.

Enhanced application visibility by configuring Layer 7 Application Control, blocking high-risk shadow IT applications (BitTorrent, Tor) and prioritizing business-critical bandwidth using Traffic Shapers.

Implemented high availability and redundancy with vPC (Nexus) and StackWise (Catalyst). Administered enterprise routing, VLANs, and trunking via Cisco IOS/NX-OS, Juniper, and Arista platforms.

Designed and enforced security controls in AWS, leveraging Security Groups, NACLs, CloudTrail, and IAM policies to secure infrastructure.

Managed mission-critical B2B Extranets, overseeing encrypted Ethernet and MPLS circuits connecting the organization to external financial clearinghouses and market data providers, ensuring 99.999% link stability.

Optimized real-time market data delivery by configuring PIM-SM (Protocol Independent Multicast - Sparse Mode) and Anycast RP, ensuring efficient one-to-many distribution of stock ticker/financial feeds across the LAN.

Implemented MPLS QoS (Quality of Service) policies, rigorously prioritizing FIX protocol (Financial Information eXchange) and Voice traffic over bulk data transfer to guarantee trade execution speed.

Configured VPC Peering, Transit Gateway, and PrivateLink for secure, isolated communication between environments.

Developed custom threat detection and automated remediation using AWS Lambda, CloudWatch, and Step Functions.

Developed Python and Bash scripts to automate security audits, incident response tasks, and compliance reporting.

Automated remediation tasks such as quarantining compromised EC2 instances or revoking IAM credentials.

Configured and managed enterprise firewalls including Cisco ASA, Palo Alto Networks, Fortinet FortiGate, and Juniper SRX, implementing NAT, ACLs, and IPSec/SSL VPNs for secure remote and site-to-site connectivity.

Ensured advanced threat protection through granular traffic control and policy enforcement.

Deployed and monitored IDS/IPS solutions including Snort, Suricata, and Palo Alto Threat Prevention for malicious traffic detection and blocking.

Implemented Palo Alto Cortex XDR for advanced EDR, threat hunting, and real-time response to endpoint threats.

Utilized the Cisco Meraki Dashboard for end-to-end visibility of client devices, traffic flows, and network health.

Conducted vulnerability scans using Nessus and Qualys, interpreting results and coordinating remediation.

Performed offensive testing with Nmap, Burp Suite, and Wireshark to uncover and validate security gaps.

Deployed Cisco ISE for Network Access Control (NAC), using TACACS+ and RADIUS for centralized user/device authentication and policy enforcement.

Implemented network and system monitoring with Nagios and correlated security logs in ArcSight for real-time threat detection. Analyzed log data from firewalls, IDS/IPS, and EDR platforms to support rapid incident response.

Integrated with Active Directory for seamless identity and access management.

Deployed and managed F5 BIG-IP (LTM/GTM) for secure, resilient application delivery, including SSL offloading, health checks, and global server load balancing.

Environment: Python, Bash, AWS (VPC, IAM, Lambda, CloudTrail, Security Groups, CloudWatch, Step Functions), Cisco ASA, NX-OS, IOS, ISE, Meraki, PIM, Palo Alto NGFW, Cortex XDR, Threat Prevention, Fortinet FortiGate, Juniper, Arista, F5 BIG-IP (LTM/GTM), Ethernet, TCP/IP, MPLS, BGP, VPNs (IPSec/SSL), Snort, Suricata, Nessus, Qualys, Nmap, Burp Suite, Wireshark, ArcSight, Nagios, AlienVault OTX, TACACS+, RADIUS

EDUCATION

Master's Degree - Southern New Hampshire University, NH (Dec 2023)

Bachelor's Degree - NRI Institute of Technology, Agiripalli (May 2019)

CERTIFICATIONS

CCNA - Cisco Certified Network Associate

CCNP - Cisco Certified Network Professional



Contact this candidate