Post Job Free
Sign in

Senior Network Security & Cloud Architect

Location:
Leander, TX
Posted:
March 17, 2026

Contact this candidate

Resume:

NIKSHIPTA KOYA

SENIOR NETWORK ENGINEER

Austin, TX 78701 • +1-512-***-**** • ***************@*****.***

www.linkedin.com/in/nikshipta-k-8115431b4

PROFESSIONAL SUMMARY

Senior Network Security and Infrastructure Engineer with extensive experience designing, implementing, and optimizing large-scale enterprise and cloud networking environments. Proven expertise in advanced routing and MPLS architectures including MP-BGP, BGPv4, OSPF (multi-area, summarization, virtual links), EIGRP authentication, and LDP across Cisco ISR/ASR platforms, Catalyst 9500/9400, Nexus 7000/9000, and Juniper MX routers. Experienced in implementing route reflectors, AS-path prepending, MED tuning, community tagging, MPLS VPN integration, and complex route redistribution across enterprise core and WAN networks.

Specialized in building resilient hybrid WAN architectures using SD-WAN technologies including Cisco Viptela (vManage, vSmart, vBond, ISR1000), Versa SD-WAN, and Silver Peak, integrating MPLS and internet transports with centralized policy control and application-aware routing.

Experienced in troubleshooting and validating WAN services across MPLS, Ethernet, and TCP/IP networks, performing end-to-end service verification, packet analysis, and routing validation using tools such as Wireshark, traceroute, and routing table inspection.

Deep expertise in network security architecture and next-generation firewall platforms including Palo Alto (PA-3000/5000/7000 series, VM-Series), Cisco ASA 5500-X, and Juniper SRX. Implemented advanced security controls including App-ID, IPS, URL filtering, WildFire sandboxing, SSL/TLS decryption, DNS security, and zone-based security policies across on-premises and multi-cloud environments.

Hands-on experience designing and integrating cloud networking architectures across AWS, Azure, and Google Cloud, including AWS VPC and Transit Gateway design, Google Cloud Interconnect (VLAN attachments), secure cloud firewall deployments, and application delivery optimization using Citrix NetScaler and Citrix Application delivery management(ADM).

Strong background in identity-driven network access control integrating Cisco ISE 3.x with Active Directory, RSA SecurID, and LDAP for AAA services, MFA enforcement, posture validation, and dynamic network segmentation across wired and wireless infrastructures.

Experienced in network monitoring, observability, and incident response using SolarWinds (NPM, NetFlow Analyzer), Cisco DNA Center, Splunk, SNMP, Syslog, Infoblox IPAM and Cisco Prime for proactive network operations, improved network visibility and performance analysis.

Hands-on experience with network automation and infrastructure-as-code using Python, Ansible, and Terraform, enabling repeatable network provisioning, configuration compliance, and CI/CD based infrastructure deployments.

Experienced in implementing Cisco DMVPN architectures using mGRE, NHRP, and IPsec to provide scalable and secure WAN connectivity, integrating BGP route redistribution and IP SLA–based failover for resilient enterprise branch networking.

CERTIFICATIONS:

Cisco Certified Network Professional (CCNP)

AWS certified Cloud Practitioner

Palo Alto certified network security engineer.

Certified Fortinet FortiGate Operator

EDUCATION

Master's: information systems, George Mason University - Fairfax, VA, United States

SKILLS

Switches: Cisco Catalyst 8500/8300/9400/9200, Cisco 8000V Edge Software, Cisco Meraki MS390, Nexus 7706/7710/7718/3k/5k/9300, Dell Power Switch S5248F-ON, N3248TE-ON, Z9264F-ON, S6000, Juniper EX Multigigabit Series

Wireless: Cisco, Aruba Wireless LAN, 802.11 a/b/g/n/ac. 802.1X Auth, 2.4 and 5 GHZ, EAP/PEAP, Aruba airwave & Aruba clear pass

Firewall: Palo Alto, Checkpoint, Cisco ASA, Firepower, FortiGate

Load Balancers: Cisco CSM, F5 Networks (Big-IP), Citrix NetScaler's, Cisco ACE and A10

WAN technologies: Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1, DS3, OC3, T1 /T3 & SONET

LAN technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet,40 & 100 GBE, Port-channel, VLANS, VTP, STP, RSTP, MST,802.1q

Security Protocols: IKE, IPSEC, SSL-VPN, ACL, NAT, PAT, URL filtering, SSL forward proxy, Blocklists.

Networking Protocols: RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, SNMP, VPC, VDC, MLAG

Operating System: CAT IOS, IOS XE, XR, NX-OS, Junos, PANOS, F5 BIGIP OS, Linux, Windows

Network Monitoring & Management Tool: Infoblox, SolarWinds, CISCO Prime, EMC Smarts, Nagios, Logic Monitor, Endpoint

WORK HISTORY

Senior Network Engineer

Dell Technologies – Austin, Texas 03/2025 - Current

Deployed and configured Dell EMC PowerSwitch platforms (S5248F-ON, Z9264F-ON) to support high-throughput data center switching with 25/40/100Gb uplinks, optimizing east-west traffic flows for virtualization and application workloads.

Configured and maintained BGP peering on Cisco ASR 9000 routers with multiple upstream ISPs, implementing route policies, prefix filtering, and path selection tuning to ensure optimal inter-domain routing and redundancy.

Implemented OSPF multi-area routing on Juniper EX4300 switches, optimizing LSA propagation and reducing routing table size to improve convergence time and network scalability.

Monitored EIGRP neighbor relationships and route updates using SolarWinds NPM for proactive issue resolution.

Conducted firmware lifecycle management and OS upgrades on Dell PowerSwitch platforms, validating compatibility and minimizing downtime during maintenance windows.

Executed service validation tests following network configuration changes, confirming connectivity, routing updates, and failover behavior across MPLS and SD-WAN environments.

Deployed and managed Cisco Viptela solution, configuring vManage, vSmart, and vBond controllers to establish secure overlay connectivity across branch, data center, and cloud environments.

Deployed Cisco SD-WAN on ISR 1000 Series routers with Viptela, configuring centralized policies and templates to streamline network operations and enhance routing efficiency.

Deployed Versa Networks SD-WAN solution, configuring secure and resilient connectivity for branch offices with advanced traffic steering, application optimization, and analytics.

Integrated BIG-IP APM with Active Directory and LDAP for centralized user authentication and authorization, streamlining access management.

Implemented Palo Alto Networks PA-5k,3k,7k Series NGFWs, configuring advanced security policies and application control features to protect against cyber threats.

Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using Panorama.

Integrated Cisco DNA Center with ITSM platforms (ServiceNow) to streamline network operations, automating incident and change management processes.

Configured STP on Fortinet Forti Switches to prevent loops and ensure reliable Layer 2 connectivity in enterprise network environments.

Configured AWS Transit Gateway to interconnect multiple VPCs and on-premises data centers, simplifying routing and improving network scalability.

Configured AWS Network Load Balancer (NLB) to distribute traffic across multiple EC2 instances, ensuring high availability and fault tolerance for web applications and services.

Supported Cisco Meraki MX firewalls, MS switches, and MR wireless access points, managing configurations, firmware upgrades, and security policies through the Meraki Dashboard to maintain secure branch connectivity.

Utilized Infoblox IPAM for subnet allocation, address tracking, and capacity planning, reducing IP conflicts and improving overall network visibility.

Developed Python scripts to automate network configuration and management tasks, integrating with RESTful APIs of Cisco, Juniper, and Arista network devices to streamline operations and reduce manual effort.

Implemented Zscaler cloud security platform including ZIA and ZPA to enforce secure internet access and Zero Trust application connectivity using SSL inspection, identity-based policies, and secure application segmentation.

Implemented Zscaler ZIA and ZPA solutions to secure outbound internet traffic and enable Zero Trust access to internal applications, integrating with enterprise identity systems and SIEM for centralized policy enforcement and monitoring.

Monitored network performance and security alerts using SolarWinds, SNMP, and Syslog, proactively troubleshooting routing, firewall, and connectivity issues across enterprise LAN and WAN environments.

Network Security Engineer

The World Bank Group – Washington, DC 02/2024 - 02/2025

Integrated BGP with MPLS VPN on Cisco ASR 1000 Series to provide scalable and secure virtual private networks for enterprise customers.

Configured OSPF route summarization on Cisco ASR 1000 Series routers to reduce the size of routing tables and improve network efficiency.

Performed routing validation and connectivity testing across MPLS VPN environments, confirming proper route exchange and traffic forwarding between customer VRFs.

Configured Juniper AppSecure on SRX Series firewalls to provide application-layer security, monitoring and controlling application traffic based on behavior and risk.

Deployed virtual Palo Alto Networks VM-300 firewalls in AWS and Azure, ensuring consistent security policies across on-premises and cloud environments.

Implemented segmented security zones and policy frameworks to control traffic between internal networks, DMZ, and external environments while maintaining compliance with enterprise security standards.

Deployed F5 BIG-IP GTM version 12.x to manage global traffic and ensure high availability across multiple data centers. Configured DNS load balancing and global server load balancing (GSLB) to direct users to the best-performing sites.

Utilized A10’s SSL/TLS offloading capabilities to reduce the load on application servers, enhancing overall performance and security by centralizing encryption and decryption processes.

Utilized Cisco ACI's API and automation tools to streamline network configuration and management, reducing manual effort and operational complexity.

Utilized SNMP and Syslog on Cisco ASA to monitor firewall performance and log security events, integrating with SIEM solutions for comprehensive security monitoring.

Utilized Splunk SIEM for security event correlation, firewall log analysis, and network anomaly detection, enabling rapid identification of suspicious traffic patterns and security incidents.

Integrated Blue Coat ProxySG with Blue Coat Reporter to generate detailed reports on web usage, security incidents, and compliance, providing comprehensive visibility and analysis.

Integrated Cisco ISE with Active Directory and RSA SecurID for multi-factor authentication, enhancing access security for sensitive network segments.

Configured IPsec VPN tunnels on Cisco ASA 5500-X Series firewalls to provide secure site-to-site and remote access connectivity, ensuring data confidentiality and integrity with strong encryption algorithms (AES-256).

Utilized Aruba Mobility Master for centralized management and orchestration of multiple controllers, ensuring consistent policy enforcement and simplified network administration.

Documented incident resolution, troubleshooting diagnostics, and root cause analysis in ServiceNow ITSM, supporting enterprise change, problem, and incident management processes in compliance with operational governance standards.

Supported Azure networking infrastructure including Virtual Networks (VNets), subnets, VPN gateways, and Network Security Groups (NSGs) to secure hybrid connectivity between cloud and on-premises environments.

Integrated Zscaler ZIA/ZPA with SD-WAN architecture to deliver cloud-based security enforcement, secure internet breakout, and Zero Trust access to enterprise applications.

Utilized Citrix Application Delivery Management (ADM) for centralized management and monitoring of NetScaler appliances, simplifying administration and policy enforcement.

Network Engineer

Oracle - India 05/2022- 08/2023

Configured and troubleshot dynamic routing protocols including MP-BGP, OSPF multi-area, EIGRP, and LDP, ensuring stable route propagation across enterprise core and WAN networks.

Implemented BGP route policies on Juniper MX960 routers, utilizing route maps and community strings to control route propagation and traffic engineering.

Implemented BGP traffic engineering policies using AS-path prepending, MED adjustments, and route-maps on Cisco ISR routers to influence outbound and inbound traffic paths

Configured OSPF virtual links on Cisco Nexus 7000 Series switches to connect disparate OSPF areas and maintain network connectivity.

Troubleshot SNMP communication issues using packet captures and verification commands to ensure monitoring continuity.

Performed packet capture analysis using Wireshark to inspect TCP three-way handshakes, DNS queries, and HTTPS sessions, identifying retransmissions, latency issues, and protocol anomalies.

Analyzed SSL/TLS handshakes and certificate exchanges to troubleshoot secure application communication failures.

Configured EIGRP on Cisco ISR 4451 routers to provide efficient and scalable routing within the enterprise network, utilizing advanced metrics for route selection.

Utilized EIGRP authentication with key chains on Cisco ASR 1000 Series routers to secure routing exchanges and prevent malicious route advertisements.

Implemented EIGRP route summarization on Cisco Catalyst 9400 Series switches to reduce routing table size and improve network performance.

Utilized STP monitoring tools to track topology changes and detect potential issues, ensuring proactive management and quick resolution of network problems.

Configured STP on Fortinet Forti Switches to prevent loops and ensure reliable Layer 2 connectivity in enterprise network environments.

Implemented DNS failover and redundancy using BIND and Windows Server DNS to ensure high availability of DNS services, minimizing downtime and maintaining network connectivity.

Configured split DNS on Windows Server DNS to provide different DNS responses for internal and external clients, enhancing security and optimizing network performance.

Utilized DHCP monitoring and reporting tools to track IP address usage, identify potential issues, and optimize IP address management, ensuring efficient network operations.

Integrated DHCP services with Cisco Prime Infrastructure for centralized management and monitoring, providing detailed insights into IP address utilization and network performance.

Utilized IPsec VPN with QOS policies on Juniper MX Series routers to prioritize critical traffic and ensure optimal performance over secure connections.

Configured IPsec VPN failover on Cisco ASR 1000 Series routers to ensure high availability.

Integrated SD-WAN solutions with existing MPLS networks to optimize hybrid WAN architecture, improving cost efficiency and performance for enterprise applications.

Utilized Cisco DNA Center's path trace feature to visualize and troubleshoot end-to-end network paths, identifying bottlenecks and performance issues.

Configured named ACLs on Juniper SRX Series firewalls to simplify management and enhance readability, ensuring consistent and accurate policy enforcement.

Integrated DMVPN with BGP for route redistribution between WAN and enterprise core networks.

Validated WAN service connectivity by performing traceroute analysis, route table verification, and TCP handshake inspection across multi-site enterprise networks.

Performed IP SLA tracking with object tracking to enable automatic failover between ISP circuits in DMVPN environments.

Network Admin

Park Place Technologies - India 05/2019 - 05/2022

#HRJ#99f4be2d-9ee6-47f9-a92b-60f5fdc04943#

Configured and deployed Cisco routers (2900, 3900, 7600, ASR 9000) and Catalyst/Nexus switches (2950-7K), supporting enterprise LAN/WAN infrastructure builds, including Layer-2/3 connectivity, VLAN segmentation, and routing protocol deployment.

Implemented OSPF and BGP routing using route-maps and prefix-lists, optimizing WAN path selection, and reducing routing loops across multi-site environments.

Configured OSPF on Cisco Catalyst 9500 Series switches, ensuring efficient route propagation and fast convergence within the enterprise network.

Configured VLANs, 802.1Q trunking, and STP variants (RSTP, MSTP), ensuring loop-free Layer-2 topology and consistent forwarding paths in data center cores.

Assisted in testing Layer-2 and Layer-3 network services including Ethernet VLAN transport and routed WAN links across enterprise branch networks.

Deployed HSRP, VRRP, and GLBP for gateway redundancy, achieving seamless failover and maintaining uninterrupted access during switch or router outages.

Implemented DHCP policies and filters on Windows Server to control and manage IP address allocation based on device type and network requirements.

Implemented SNMPv3 configuration on routers and switches for secure monitoring integration with centralized NMS tools.

Configured access control lists (standard and extended ACLs) to restrict inter-departmental traffic while preserving business-critical application access.

Performed racking, stacking, and cabling for new data-center pods, validating power redundancy and fiber uplink integrity during installation.

Assisted in development of logical network topology designs and migration strategies during infrastructure upgrades and network expansion projects.

Collaborated with senior engineers under ITIL change windows, executing approved configurations and maintaining operational network stability.



Contact this candidate