Network Security Engineer - Enterprise & Cloud Networking Expert

NIKHIL CHANDRAHASA KUMBLE

********@*****.*** +1-936-***-**** LINKEDIN

Network Security Engineer with 5+ years of experience designing and securing enterprise, hybrid, and cloud-connected networks in large-scale production environments. Expertise in Cisco ISE (802.1X, MAB), Palo Alto NGFW, SD-WAN (Viptela, VeloCloud), and BGP/OSPF/MPLS/DMVPN. Experienced in Zero Trust–aligned access control, secure segmentation, and identity-based networking for Fortune 500 organizations. Strong background in automation (Python, Ansible), monitoring (Splunk, Solar Winds), and AWS hybrid connectivity.

Switches: Cisco Nexus (9k, 7k, 5k), Catalyst ( 3500, 5000), Tools & Platforms: Cisco Prime, Aruba AirWave, F5 BIG-IP

ASR1k, ENCS, CSR, Arista switches, Juniper switches (LTM, ASM, APM), NET Cloud, Citrix

Routers: Cisco ASR 1K, 7600, 7200, 3800 series, CSR SD-WAN: Cisco Viptela SD-WAN, Cisco iWAN, DMVPN,

(Cloud Services Router), Juniper SRX routers, VeloCloud SD-WAN, Cradlepoint NetCloud.

LAN: Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet, Routing Protocols: RIP, OSPF, BGP, EIGRP, IS-IS, Route

VLANs, Trunking, STP, Port Security, Inter-VLAN routing Filtering, Route-Maps, MPLS, DMVPN, iWAN

Wireless: Cisco Wireless (AP 1700/1850/2800, WLC), Identity & Access: Cisco ISE (2.1, 2.3) Deployment, 802.1x Aruba Wireless (210/220/300), Aruba ClearPass, Cisco Prime Authentication (Wired & Wireless), AAA, RADIUS,

Firewall & Security: Palo Alto, Cisco ASA (5515, 5585), Monitoring & Logging: Splunk Enterprise, Splunk Universal Checkpoint Firewall, Fortinet (FortiGate), Forwarders, SolarWinds Orion, Citrix monitoring

Tokyo Electron Network Security Engineer November 2024 – Present

Lead network security operations supporting enterprise LAN, WAN, SD-WAN, and wireless environments across production infrastructure.

Designed and implemented Cisco ISE 2.1–based AAA architecture, integrating Active Directory and RSA authentication to enforce role-based access for multiple user types.

Built and maintained RADIUS and TACACS+ policies for network and security devices including Palo Alto firewalls, F5 BIG-IP, Cisco WLCs, and other security appliances.

Designed and deployed 802.1x authentication for wired and wireless networks, securing access across ODN access switches and corporate WLANs.

Designed secure enterprise network and firewall architectures aligned with Zero Trust and least-privilege principles.

Led end-to-end network design, implementation, testing, and production rollout for campus, WAN, and cloud connectivity.

Implemented and managed Palo Alto Next-Generation Firewalls (PA-500/3060/5060/7050/7080), including security policies, NAT rules, VPNs, and traffic inspection.

Deployed new edge sites and mini POPs in enterprise datacenters, including rack layout, cabling, and turn up of routing, firewall, and SD WAN devices.

Coordinated with colocation vendors and onsite technicians for rack-and-stack, power delivery, and cross connect activation for WAN and internet uplinks.

Configured and tested cross connects in meet me rooms to connect backbone routers, firewalls, and load balancers across colocation facilities

Supported and optimized MPLS-based WAN architectures, implementing traffic engineering using OSPF and legacy Frame Relay integrations where applicable.

Designed and supported routing solutions using OSPF, BGP, EIGRP, and RIP, including route-maps, administrative distance tuning, and redistribution strategies.

Implemented and supported Cisco SD-WAN (Viptela) and hybrid WAN environments using ASR1K, ISR4K, ENCS, and CSR platforms.

Led Cisco ACI fabric deployment using Nexus 9K ACI-mode switches and APIC clusters in production datacenter environments.

Designed and implemented multi-tenant ACI architecture with Tenants, VRFs, Bridge Domains, Application Profiles, EPGs, and Contracts.

Integrated ACI Spine-Leaf architecture with external L3 networks (L3Out) using BGP and OSPF.

Performed ACI Day-2 operations including fabric health monitoring, fault remediation, policy optimization, and endpoint troubleshooting.

Troubleshot ACI policy enforcement issues, contract misconfigurations, endpoint learning problems, and fabric connectivity faults.

Used Cisco APIC REST APIs for automation, validation, and troubleshooting tasks.

Designed and deployed site-to-site IPsec VPNs with vendors and customers to ensure secure connectivity across partner networks.

Installed, configured, and administered Splunk Enterprise and Universal Forwarders, enabling centralized logging and monitoring for network and security infrastructure.

Troubleshot Splunk data ingestion and configuration issues across remote and distributed locations, ensuring reliable log visibility.

Participated in network modernization initiatives, migrating legacy environments to SD-WAN and cloud-connected architectures.

Defined network security standards and design documentation used across multiple environments.

Deployed and managed Cisco Wireless (AP 1700/1850/2800, WLC) and Aruba Wireless (210/220/300 series) infrastructure, including controller and access-point configurations.

Managed wireless monitoring and operations using Aruba AirWave, Cisco Prime, NET Cloud, and Citrix, ensuring performance and availability.

Configured and maintained ASA, Palo Alto, and Check Point firewalls, including policy updates, upgrades, and troubleshooting for client environments.

Provided operational support for public and private Aruba wireless networks, including Aruba VPN and mobility services.

Mentored junior engineers on network security best practices, Splunk usage, and troubleshooting methodologies, improving team effectiveness.

Capital One Network Engineer September 2023 – October 2024

Performed support, configuration, testing and documentation for ISE rollout for CenterPoint Energy which includes making configuration changes in access and distribution layer switches, wireless controllers and ISE nodes.

Checkpoint log server upgrade from R71.40 to R75.40 to take advantage of Smart logs.

Implement Change Request on Cisco ASA 5515, 5585, Juniper SRX 240 and 650 firewall

Perform Change Management and VPN setup on Cisco ASA and Check Point firewalls.

Protect system by defining access privileges and control structures using Bluecoat proxy

Design and maintain Document, configure and implement Aruba WLAN infrastructure.

Involved in Switching Technology Administration including creating and managing VLANS & Port security, Trunking, STP, Inter-VLAN routing, LAN security etc.

Provided redundancy in a multi-homed Border Gateway Protocol BGP network by tunings AS-path.

Deploying Layer 2 security in Server Farms by configuring switch for 802.1x port based authentication.

Implemented Zero Trust access controls using Cisco ISE (802.1X, posture, profiling) and firewall-based segmentation.

Enforced identity-aware network access across wired, wireless, and VPN users.

Deployed new Splunk architecture at disaster recovery site.

Worked with structured cabling teams on fiber patching between ODF/patch panels and core/leaf switches during datacenter and ACI fabric deployments.

Verified single mode and multi mode fiber connectivity, optics (SFP/SFP+), and power budgets for uplinks between core, distribution, and edge devices.

Planned rack power distribution using dual PDUs and redundant feeds to ensure high availability for routers, switches, firewalls, and SD WAN appliances.

Migrations of manually defined IPSEC VPN WAN to Cisco iWAN (SDWAN) DMVPN Overlay with Cisco PfRv3 intelligent performance routing (BGP and OSPF model), and implementing dynamic QoS for 5 Call Centers processing more than 2 million customer transactions per year

Daily Monitoring Topology and Logical Network devices through Cisco Solarwinds Orion.

Maintain BIG IP F5 configuration for modules LTM, ASM, APM and future GTM.

Integrate and onboard event feeds from customer specified event sources into Splunk.

Delete/Add nodes to Solarwinds.

Built site-to-site IPsec VPNs over Frame-relay & MPLS circuits on various models of Cisco routers to facilitate adding new business partners to new and existing infrastructures.

Managing, monitoring and configuration of wireless on Aruba Air wave and Cisco Prime.

Executing RADIUS pre deployment tasks like ISE setup, loading templates into Prime.

Deploy 3 SNS 3495 ISE appliances.

Modify pilot ISE environment for production scaling and performance.

Provided datacenter network architecture guidance for large-scale enterprise environments supporting mission-critical applications.

Designed high-availability Spine-Leaf topologies using ECMP, vPC, and redundant fabrics.

Led datacenter migrations and refresh initiatives, minimizing downtime and ensuring seamless cutovers.

Designed, configured, and supported F5 BIG-IP LTM and GTM (DNS) solutions for global traffic distribution.

Implemented advanced iRules, SSL offloading, persistence profiles, and health monitors for application optimization.

Troubleshot L4–L7 application performance issues using packet captures and traffic analysis.

Developed Python automation scripts to validate configurations, analyze logs, and reduce manual operational.

Built and executed Ansible playbooks for repeatable network deployments and configuration compliance.

Integrated network automation using REST APIs with Cisco APIC, F5, and monitoring platforms.

Applied Infrastructure-as-Code principles to improve scalability, consistency, and deployment speed.

Supported VXLAN/EVPN data center fabrics, assisting with overlay monitoring, routing, and troubleshooting.

Worked on leaf-spine architectures using Cisco Nexus and Arista switches.

Supported Cisco SD-WAN (Viptela) deployments including vManage, control policies, and application-aware routing.

Assisted in SD-WAN migrations from MPLS to hybrid WAN environments.

Accenture Network Administrator March 2021 – July 2023

Used the ISE Endpoint Analysis Tool to analyze data and design new ISE Profiling Policies.

Implemented Positive Enforcement Model with the help of Palo Alto Networks

Performed operational Moves/Adds/Changes in Integrated Services Engine ISE 2.3 including but not limited to network devices, Identity Groups, Local Hosts, Local Users, and Administrator Policies etc.

Implemented logging, monitoring, and audit trails using Splunk for security and compliance reporting.

Participated in security reviews, firewall audits, and access control validation.

Responsible for the successful implementation, testing, and support of customers & network include troubleshooting OSPF, BGP routing protocols and their application on Cisco and Juniper routers

Integrated network access policies with Active Directory and IAM frameworks to reduce lateral movement risks.

Supported SASE-aligned designs combining SD-WAN, firewall security, and identity-based access control.

Experience with Aruba wireless design, configuration, implementation, and testing.

Assisted Network Engineer in the installation and configuration of firewalls.

Maintain proper daily operation and performance of the Splunk deployment.

Hands on experience with VeloCloud SDWAN, Activation of new Edge through zero touch provisioning

Monitor Network with the use of Solarwinds Orion tool.

Worked with team Managing and configuring Aruba Wireless controller devices 7210, 7240 and Cisco Access Points.

Designed and deployed AWS VPC architectures in subnets, route tables, IGW, NAT Gateways andVPN connectivity.

Integrated on-prem networks with AWS using IPsec VPNs and dynamic routing.

Implemented security controls using Security Groups, NACLs, IAM roles, and logging services.

Standardized network builds using template-driven automation and version-controlled configurations.

Performed configuration validation and compliance checks using automation scripts.

Supported hybrid cloud connectivity for enterprise applications and security services.

Automated firewall and network configurations using Ansible and Python, reducing manual changes and deployment errors.

Developed Terraform-based Infrastructure as Code for provisioning AWS networking and security resources.

Designed and supported enterprise WAN and backbone connectivity using MPLS, SD WAN (Viptela, VeloCloud), and hybrid internet circuits for large production environments.

Built spine leaf datacenter networks with Cisco Nexus and ACI, integrating edge and core routing using BGP and OSPF.

University of Houston-Clear Lake Masters in Computer Science(Minor Data Science) August 2023 - May 2025

JNTUH Bachelor’s, Computer Science May 2018 – May 2022

Published research Journal titled “Video Calling with Build-In Compiler” in “International Journal for Research in Applied Science & Engineering Technology (IJRASET)” with paper ID: IJRASET43930 and DOI: https://doi.org/10.22214/ijraset.2022.43930

Cisco Certified Network Professional (CCNP) – Enterprise Cisco Systems

Fortinet Network Security Expert (NSE 1, NSE 2, NSE 3) Fortinet Training Institute

Contact this candidate