Senior Network and Cloud Security Engineer
Resume:
SAI RAGHAVA
United States **********.**@*****.*** 512-***-**** www.linkedin.com/in/v-s-raghava-k
Summary
Senior Network and Cloud Security Engineer with hands-on experience designing, deploying, and securing enterprise routing, switching, and data center environments using Cisco Catalyst and Nexus platforms, along with hybrid cloud infrastructures across AWS, Azure, and GCP, including regulated financial services environments. Experienced in Palo Alto, Fortinet, Cisco FTD, and Zero Trust platforms such as Zscaler and Prisma, supporting production banking systems with 99.9% availability. Strong background in SD-WAN, multi-cloud connectivity (Transit Gateway, ExpressRoute, Direct Connect), and high-availability firewall deployments across data center and cloud platforms. Hands-on with Terraform, Ansible, and Python to automate configuration validation, reduce manual effort, and maintain consistent, compliant environments aligned with PCI-DSS and NIST standards.
CAREER HIGHLIGHTS
Led SD-WAN deployments using Cisco Viptela and Versa platforms, improving global branch connectivity, SaaS performance, and reducing MPLS operational costs by over 35%.
Configured and optimized Palo Alto, Fortinet, and Cisco FTD firewalls with advanced NAT, SSL inspection, and threat profiles, strengthening enterprise perimeter and application security.
Deployed EVPN-VXLAN fabrics across Cisco Nexus 9K and Arista 7280 switches, enhancing datacenter east-west traffic efficiency and reducing latency during peak operations.
Automated firewall policy management and network configuration using Ansible and Terraform, minimizing manual effort and accelerating deployment timelines across hybrid infrastructures.
Delivered resilient F5 BIG-IP and Citrix ADC load-balancing frameworks, improving global application availability, response time, and end-user experience by more than 30%.
Built Terraform modules to provision AWS Transit Gateways, VNets, and VPNs automatically, ensuring consistent hybrid-cloud connectivity and maintaining standardized configurations across environments.
Optimized BGP routing and traffic engineering using route reflectors, QoS shaping, and NetFlow analytics, improving global latency and bandwidth utilization.
Integrated CI/CD pipelines for network configuration management using GitLab and Jenkins, enabling version-controlled infrastructure deployments and improving change reliability by 50%.
Core Competencies:
Enterprise Routing & Switching
Cloud Network Architecture
Firewall & Zero Trust Security
SD-WAN & WAN Optimization
Network Automation & CI/CD
CERTIFICATIONS
Cisco Certified Network Professional - CCNP
AWS Certified SysOps Administrator - Associate
Palo Alto Certified Network Security Engineer - PCNSE
Technical Skills
Networking Protocols
BGP, MP-BGP, EVPN, VXLAN, MPLS, OSPF, IS-IS, EIGRP, PIM, IGMP, VRFs, HSRP, VRRP, GLBP, IPv6, DNS, DHCP, TACACS+, RADIUS, STP/MST, LACP, QoS
Security & Compliance
Palo Alto PA-3020, PA-5220, PA-5250, VM-Series (AWS/Azure), Panorama Management, Prisma Access, Prisma Cloud, App-ID, User-ID, Security Zones, Virtual Routers, Cisco ASA 5506-X, Firepower FTD 2100/4100, Fortinet FortiGate 100F/200F, FortiManager, FortiAnalyzer, Azure Firewall, ZTNA 2.0, Zero Trust Architecture, SASE, VPN (IPSec/SSL/IKEv2/GlobalProtect), IDS/IPS, SSL Decryption, DLP, MITRE ATT&CK Framework, HITRUST, HIPAA, PCI-DSS, NIST CSF, ISO 27001
Load Balancing / ADCs
F5 BIG-IP (LTM, GTM, APM), Citrix NetScaler, A10 Networks, AWS ELB/ALB/NLB, Azure Load Balancer, Azure Traffic Manager
Cloud & Virtualization
AWS (VPC, Transit Gateway, Direct Connect, GuardDuty, Backup, S3), Azure (VNets, ExpressRoute, Traffic Manager, Azure Firewall, Site Recovery, AD), GCP (VPCs, Interconnect, Cloud DNS, Cloud Armor), Citrix ADC, Prisma Cloud, Zscaler ZIA/ZPA, Kubernetes (EKS, AKS, GKE), Container Networking, CNIs, Pod Security, and Workload Isolation
Automation & IaC
Terraform, Ansible, Python (automation & compliance scripting), GitLab CI/CD, Jenkins, YAML, Netmiko, Nornir
Observability & Monitoring
Datadog, Splunk (SIEM), Azure Monitor, AWS CloudWatch, SolarWinds, Cisco DNA Center, Riverbed, Wireshark, Microsoft Sentinel, ServiceNow integrations
Routing, Switching & WAN
Cisco Catalyst (9300/9500/9600), Nexus (7K/9K), Cisco ACI/DNAC, Cisco ISR/ASR, Cisco Viptela SD-WAN, Meraki SD-WAN, Arista 7280, Nokia 7750 SR, Riverbed WAN Optimization
Juniper Platforms
SRX, MX, EX Series Routers and Switches
OS & Infra
Cisco IOS XE/XR, NX-OS, PAN-OS, FortiOS, Junos, Linux (RHEL/Ubuntu), Windows Server, PowerShell Administration
Wireless & Edge
Cisco ISE TrustSec, Aruba ClearPass, Cisco DNA Center, 9800 WLCs, WPA2/WPA3 Enterprise, IoT/Edge Security, SAML AuthN & MFA (RSA SecurID, Azure AD), WebRTC, FreeSWITCH, STUN/TURN, SIP trunking, SBCs, QoS optimization, sngrep, VoIP troubleshooting
Work Experience
Client: Godiva Chocolatier, Remote Jan 2025 - Present
Role: Senior Network Engineer
Responsibilities:
Owned daily enterprise network operations across corporate offices, retail locations, and data center environments, maintaining 99.9% availability while supporting business-critical applications used by over 1,000 users.
Handled LAN and data center deployments including rack-and-stack of Cisco Catalyst 9300/9500 and Catalyst 9600 core switches, Nexus 7000/9000, Arista 7280, and Juniper EX series, along with structured cabling, device imaging, and end-to-end connectivity validation across 30+ site upgrades annually.
Managed large-scale switching environments using Cisco IOS, IOS-XE, and NX-OS, including performing switch upgrades and patching activities on Catalyst 9000 series and Nexus platforms, while handling VLANs, trunking, STP/RSTP, and interface configurations across 200+ devices.
Worked on Arista EOS and Juniper EX/SRX platforms, performing interface troubleshooting, routing checks, VLAN provisioning, and supporting code upgrades and maintenance activities during production incidents and scheduled change windows.
Maintained SD-WAN environments using Cisco Viptela and Meraki SD-WAN, handling tunnel stability issues, path selection behavior, and circuit failover across 40+ branch and retail locations.
Administered Cisco Meraki MX, MS, and MR environments through the Meraki Dashboard, managing VLANs, client VPNs, firewall rules, monitoring alerts, and site-level troubleshooting.
Handled enterprise routing operations using BGP, OSPF, and EIGRP, validating route advertisements, redistribution behavior, and convergence across campus, WAN, and hybrid network environments.
Maintained high-availability network setups across Catalyst 9600 core and Nexus aggregation layers by performing HA validation, failover testing, and redundancy checks across SD-WAN and WAN paths.
Resolved real-time network incidents by reviewing interface counters, routing tables, device health metrics, and packet captures, reducing MTTR by 25%, improving network stability across 40+ branch sites.
Handled P1 and P2 network incidents, coordinating with infrastructure and application teams, documenting root cause analysis, and following through on corrective actions to reduce repeat issues.
Worked directly with ISPs and service providers for DIA and MPLS circuits, managing turn-ups, outage troubleshooting, and escalations, improving carrier response times by nearly 20%.
Supported enterprise wireless operations using Cisco 9800 WLCs, addressing authentication, roaming, and performance issues affecting corporate offices and high-density retail locations.
Maintained accurate network documentation including topology diagrams, IP addressing plans, and operational runbooks, improving visibility during hardware refresh and switch upgrade projects.
Worked on switch image upgrades, routing updates, VLAN modifications, and SD-WAN policy adjustments before and after maintenance windows, reducing configuration-related issues during deployments.
Supported network change validation within CI/CD workflows using Jenkins and GitLab, helping improve deployment consistency and reduce configuration-related production issues.
Monitored Zscaler (ZIA/ZPA) performance including latency, packet loss, and user traffic flow, performing first- and second-level troubleshooting on proxy, DNS, and VPN issues.
Implemented automation using Ansible and Python to validate configurations and perform routine network health checks, reducing repetitive operational effort by approximately 15%.
Collaborated with firewall and security teams to support Palo Alto, Fortinet, and Cisco platforms, validating rules, troubleshooting VPNs, and aligning network segmentation with Zero Trust policies.
Client: PNC Financials, PA Jan 2024 - Jan 2025
Role: Network Cloud Security Engineer
Responsibilities:
Owned and optimized Palo Alto security policies including NAT, URL filtering, App-ID controls, and zone segmentation, ensuring least-privilege access across production financial workloads.
Migrated legacy firewall rule bases into Palo Alto platforms, redesigning NAT structures and enforcing standardized security models aligned with enterprise compliance requirements.
Validated firewall high-availability deployments across on-prem and cloud environments, testing failover, session persistence, and traffic recovery during controlled maintenance windows.
Implemented GlobalProtect portal and gateway architecture with MFA integration and split-tunnel policies, supporting secure remote workforce access.
Advanced Zero Trust architecture by integrating Zscaler ZIA/ZPA and Cisco Umbrella, enforcing user, device, and application-based trust controls across distributed enterprise environments.
Orchestrated Prisma Cloud and AWS WAF integrations to protect cloud-native applications, tuning runtime policies and mitigating web-based threats in real time.
Engineered hybrid cloud connectivity using AWS Transit Gateway, Azure ExpressRoute, and GCP Interconnect, improving cross-cloud routing stability and reducing latency for financial transaction systems.
Maintained multi-region IPsec VPN connectivity between AWS and Azure environments, validating tunnel stability and ensuring high availability for business-critical applications.
Optimized SD-WAN traffic steering using Cisco Viptela and Versa, enhancing SaaS performance and improving WAN path selection efficiency across branch sites.
Reviewed and tuned BGP and OSPF routing policies between cloud VPCs and on-prem data centers integrated with Catalyst 9300/9500 layers, improving routing convergence and stability across production environments.
Automated firewall compliance validation and configuration checks using Ansible, Terraform, and REST APIs, reducing configuration drift by approximately 40% across hybrid environments.
Streamlined DNS, DHCP, and IPAM operations through Infoblox API automation, reducing IP provisioning delays by approximately 50% and minimizing manual configuration errors.
Integrated Cisco ISE for AAA services using RADIUS and TACACS+, enabling 802.1X authentication for wired networks, dynamic VLAN assignment, posture validation, and role-based access control across enterprise endpoints.
Enhanced security monitoring by integrating firewall and Prisma Access telemetry into Splunk, improving real-time threat detection and accelerating incident response coordination.
Implemented F5 BIG-IP LTM and Azure Front Door configurations to maintain resilient traffic distribution and high availability during peak financial processing periods.
Executed TLS 1.2/1.3 hardening and cipher standardization across internet-facing applications, addressing cryptographic findings identified during PCI-DSS and NIST audit cycles.
Supported ITIL-based change management by creating RFCs, conducting peer reviews, validating rollback plans, and coordinating firewall upgrades and hardware replacements within maintenance windows.
Participated in PCI-DSS and NIST security control validation activities, supporting audit remediation efforts and maintaining zero critical compliance findings.
Collaborated with SOC and DevOps teams to integrate security checks into CI/CD pipelines using Jenkins and GitLab, reducing deployment errors and strengthening DevSecOps governance.
Client: Zen & Art, India (Goldman Sachs) April 2018 - Aug 2023
Role: Network Security Engineer/ Administrator
Responsibilities:
Worked within the ABO Team supporting production banking applications across PROD, UAT, and DR environments, ensuring secure and uninterrupted connectivity for critical financial systems with 99.9% service availability.
Managed firewall policies on Palo Alto PA-3020, FortiGate 100F, and Cisco ASA platforms, implementing NAT, security zones, and SSL decryption, reducing unauthorized access attempts by approximately 30%.
Participated in Sev1 and Sev2 incident bridges, troubleshooting routing, VPN, proxy, and firewall issues impacting transaction systems, restoring critical services within SLA and reducing MTTR by nearly 25%.
Executed network changes through ServiceNow ITIL workflows including RFC creation, CAB approval, impact analysis, and rollback planning, successfully implementing 150+ production changes annually with zero major outages.
Tuned BGP, OSPF, and EIGRP routing across MPLS WAN environments supporting inter-data center banking traffic, improving route convergence time by 20% during failover events.
Optimized spanning-tree topology using RSTP and root bridge placement strategies, eliminating Layer 2 loops and reducing broadcast domain congestion.
Supported VRF-based segmentation across MPLS networks, isolating sensitive financial workloads and reducing lateral movement risks by 35% through structured network segmentation.
Configured and maintained IPsec site-to-site VPN and DMVPN tunnels on Cisco ISR routers, maintaining 99%+ tunnel uptime across branch and disaster recovery connectivity.
Maintained internet edge firewall clusters and load balancers, implementing inbound and outbound access policies, DDoS protection strategies, and URL filtering for banking applications.
Administered Cisco ISE 2.7 for TACACS+ and RADIUS authentication, strengthening access control enforcement and reducing unauthorized login attempts by 40%.
Administered Cisco Nexus 7000, 5000, and 2000 platforms running NX-OS 9.x, maintaining high backbone availability and consistent network uptime exceeding 99%.
Applied HSRP, GLBP, and VRRP redundancy configurations across core layers, achieving 100% successful failover validation during disaster recovery simulations.
Tuned F5 BIG-IP LTM virtual servers and SSL profiles to support internal banking portals, improving application response time by approximately 30% during peak transaction periods.
Supported AWS Direct Connect and IPSec VPN connectivity for hybrid banking workloads, validating routing propagation and secure access between on-prem data centers and cloud VPCs.
Managed BlueCat IPAM and DNS services across 100+ production subnets, resolving DNS-related outages and reducing IP conflict incidents by 40%.
Conducted packet capture and log analysis using Wireshark and Splunk, identifying routing inconsistencies and SSL issues, decreasing recurring network incidents by 20%.
Participated in PCI-DSS compliance validation activities by reviewing firewall rules and segmentation policies, contributing to successful audit clearance with zero critical findings during review cycles.
Coordinated with ISPs and carrier vendors for MPLS circuit provisioning, outage escalation, and performance validation, reducing carrier resolution time by nearly 15% and improving overall WAN service stability.
Developed standard operating procedures (SOPs), network diagrams, and firewall policy documentation used during audits and operational handovers.
Implemented Python and Ansible automation scripts to validate firewall rule consistency, audit configuration standards, and reduce manual configuration errors across production and disaster recovery environments.
Education
Master of Science in Computer Technology - Eastern Illinois University - USA
Contact this candidate