Senior Network Engineer - Enterprise, Cloud & SD-WAN Expert
Resume:
Sai Sundar Masetty
*************@*****.***
Network Engineer
SUMMARY
•Network Engineer with over 5 years of experience across enterprise technology, financial services, and industrial environments, bringing a hands-on approach to designing, securing, and optimizing network infrastructures that keep business operations running without interruption.
•Secured enterprise perimeters across Palo Alto, FortiGate, Cisco Firepower, Check Point, and Juniper SRX spanning policy management, VPN, and SSL/TLS threat inspection.
•Responds decisively during critical network incidents from latency escalations to application outages applying fast diagnosis, structured escalation, and a clear focus on minimizing business impact.
•Built and maintained routing and switching environments on Cisco Nexus, Arista, and Cisco Catalyst platforms, deploying BGP, OSPF, EIGRP, and ISIS across enterprise-scale topologies.
•Deployed and tuned F5 BIG-IP LTM and GTM appliances for application load balancing, configuring virtual servers, backend pools, and health monitors across distributed data centers.
•Extended enterprise connectivity into AWS and Azure through VPC and VNet design, Transit Gateway configuration, and secure hybrid cloud peering.
•Administered Cisco ACI data center fabrics on Nexus 9k and 7k switches, managing tenants, bridge domains, and VXLAN overlays for scalable workload segmentation.
•Deployed and optimized SD-WAN solutions using Cisco Viptela and Prisma Access for reliable, policy-driven branch office connectivity.
•Driven to automate network infrastructure using Python and Ansible, turning repetitive operational tasks into reliable, repeatable processes that free up time for higher-impact engineering work.
•Managed enterprise IP services through Infoblox DDI and enforced network access control using Cisco ISE and Aruba ClearPass.
TECHNICAL SKILLS
Firewalls & Security: Palo Alto PA-3000/PA-1410/PA-850/PA-450, FortiGate 1000/200, FortiManager, Cisco Firepower, Juniper SRX, NAT, VPN, Decryption, Prisma Access, MFA, Segmentation
Routing & Switching: BGP, OSPF, EIGRP, ISIS, RIP, MPLS, Cisco Nexus 9k/7k, Arista Switches, Cisco Catalyst Switches, Cisco ISR Routers, STP, VXLAN
Data Center & Fabric: Cisco ACI, InfiniBand, Fabric Concepts
Load Balancing: F5 BIG-IP LTM, F5 BIG-IP GTM, F5 BIG-IP iSeries
Cloud Networking: AWS VPC, AWS Transit Gateway, Azure Networking, Hybrid Cloud Connectivity
SD-WAN: Cisco Viptela, Prisma Access SD-WAN, Cisco Meraki
Network Access Control: Aruba ClearPass, Cisco ISE, Active Directory
IP Services: Infoblox, DNS, DHCP, IPAM
Automation & Tools: Python, Ansible, Terraform, Wireshark
Certifications:
CCNA
PROFESSIONAL EXPERIENCE
Caterpillar, Irving, TX 2025-09 — Present
Network Engineer
•Led end-to-end firewall migration with zero downtime, including policy conversion, rule optimization, traffic validation, and rollback planning aligned with enterprise standards.
•Enforced security policies and NAT rules on Palo Alto PA-3000 and PA-1410 series firewalls to govern and protect data center traffic flows.
•Deployed and sustained site-to-site IPsec VPN tunnels and GlobalProtect remote access VPNs on Palo Alto firewalls for resilient enterprise connectivity.
•Applied decryption policies on Palo Alto platforms to inspect SSL/TLS encrypted traffic and surface hidden threats.
•Deployed and hardened Next Generation Firewalls across Palo Alto and Fortinet platforms, aligning configurations with enterprise security policies and compliance requirements.
•Administered FortiGate firewall policies to control IP-level access, interface segmentation, and VLAN assignments across business segments.
•Managed a cluster of FortiGate 1000 and 200 series appliances through FortiManager for centralized, consistent policy distribution.
•Configured and managed VDOMs on FortiGate firewalls to segment network traffic across business units and enforce isolated security domains.
•Deployed IPS/IDS capabilities across firewall platforms to strengthen threat detection and reduce attack surface.
•Designed and optimized large-scale NAT policies (SNAT, DNAT, PAT) to support complex application flows across SD-WAN, cloud, and on-premises environments.
•Administered Cisco ACI fabric on Nexus 9k spine and 7k leaf switches, managing tenants, bridge domains, EPGs, and contracts to enforce micro-segmentation.
•Resolved Layer 2 connectivity issues within the ACI fabric by analyzing VXLAN endpoint learning tables on leaf switches.
•Deployed Cisco ACI with Nexus 9000 switches and APIC controller in a VMware environment to extend fabric networking across virtualized data center workloads.
•Implemented Cisco Viptela SD-WAN to enable policy-based routing, traffic engineering, failover mechanisms, and WAN optimization — directing application traffic based on real-time path performance across distributed sites.
•Diagnosed and resolved control and data plane connectivity issues within the Viptela SD-WAN overlay network.
•Provisioned AWS VPCs, subnets, and route tables to extend on-premises network infrastructure into the cloud.
•Validated VPC peering connections and deployed AWS Transit Gateway for scalable inter-region connectivity.
•Configured virtual servers and backend pools on F5 BIG-IP iSeries appliances, applying health monitors to ensure traffic was directed only to available application servers.
•Configured 802.1X authentication policies on Aruba ClearPass for corporate wired and wireless network access control.
•Sustained and monitored an InfiniBand switch fabric supporting a high-performance computing environment with low-latency interconnects.
•Upgraded firmware on Cisco Nexus 9k and 7k series switches during scheduled maintenance windows to maintain platform integrity.
•Developed Ansible playbooks to drive network automation for standardizing initial configuration of new network devices, reducing onboarding time.
•Authored and applied Terraform configurations to provision cloud networking resources including VPCs and subnets in AWS.
•Troubleshot and resolved TCP/IP, PPP, OSPF, BGP, and MPLS protocol issues, applying systematic troubleshooting to diagnose root causes and restore network stability.
•Diagnosed and resolved DNS, DHCP, and IP conflict issues using packet capture tools including Wireshark to isolate root causes and restore connectivity.
•Configured traffic forwarding from branch offices and remote users to Zscaler cloud gateways, improving visibility and enforcing consistent security policies.
•Created and maintained security policies, application controls, and user-based access rules within ZIA to support Zero Trust security initiatives.
Capital One, McLean, VA 2024-04 — 2025-08
Network Security Engineer
•Enforced security rules and address objects on Palo Alto PA-850 and PA-450 firewalls to secure branch office network perimeters.
•Deployed User-ID and App-ID on Palo Alto firewalls to enforce granular, identity-based access control policies across branch environments.
•Administered Cisco Firepower appliances, configuring access control policies and intrusion prevention rules to detect and block threats.
•Diagnosed and resolved connectivity issues tied to Cisco Firepower policies and NAT configurations, restoring affected traffic flows.
•Deployed MLAG (Multi-Link Aggregation) on Arista switches to provide resilient, redundant server connectivity.
•Configured VLANs and L3 interfaces on Arista switches to establish logical network segmentation across the environment.
•Tuned application steering policies within Prisma Access SD-WAN to improve performance and reliability of cloud application traffic.
•Migrated branch office internet traffic from local breakouts to centralized secure web gateway services through Prisma Access, improving visibility and control.
•Configured and managed BGP and OSPF routing protocols to ensure stable, continuous connectivity between on-premises infrastructure and cloud environments.
•Diagnosed and resolved ISIS routing adjacency failures in a multi-vendor network environment to maintain routing stability.
•Provisioned Azure VNets, subnets, and Network Security Groups (NSGs) to support secure application deployments in the cloud.
•Validated secure hybrid cloud connectivity between the on-premises data center and Azure, ensuring consistent policy enforcement.
•Managed F5 BIG-IP LTM virtual servers and server pools to ensure high availability and consistent application traffic distribution.
•Administered F5 BIG-IP GTM wide IPs to enable DNS-based global load balancing across geographically distributed data centers, ensuring resilient application availability.
•Implemented caching and bandwidth management strategies within Zscaler to reduce WAN data consumption and optimize internet access.
•Deployed 802.1X authentication policies in Cisco ISE, integrating with Active Directory to enforce user group-based network access.
•Configured and validated Cisco Meraki security appliances with primary and secondary ISP connections for automatic WAN failover.
•Managed DNS records, DHCP scopes, and IPAM for the corporate network using Infoblox DDI, ensuring accurate and reliable IP address management.
•Developed Python scripts to automate configuration backup collection across multi-vendor network devices, reducing manual operational effort.
•Administered Zscaler Internet Access (ZIA) policies including URL filtering, SSL inspection, cloud firewall, and bandwidth control to secure user internet traffic.
Microsoft, India 2021-03 — 2023-06
Network Engineer
•Enforced security policies and NAT on Check Point firewalls to harden the enterprise network perimeter and control traffic flows.
•Administered rulebases and deployed policy installations on Check Point Security Management Server to maintain consistent firewall enforcement.
•Validated site-to-site IPsec VPN tunnels on Juniper SRX series firewalls, ensuring reliable and secure connectivity to partner networks.
•Configured security zones and screen options on Juniper SRX firewalls to enforce traffic inspection and reduce exposure to network threats.
•Deployed and configured Cisco Catalyst switches across 3k, 5k, 6k, 6500, 3750, and 3800 series, implementing OSPF, EIGRP, and BGP with Access Control Lists aligned to network security policy.
•Managed Layer 2 switching on Cisco Catalyst switches, including VLAN provisioning and Spanning Tree Protocol (STP) configuration to prevent network loops.
•Collaborated on OSPF, BGP, HSRP, IPv6, and Bundle Ethernet implementation on an ASR 9K redundant pair to support high-availability routing.
•Partnered with the security team using Cisco ISE to identify network threats and drive rapid containment and remediation.
•Diagnosed and resolved switching loops and broadcast storm issues by analyzing STP topology and port states to restore network stability.
•Configured OSPF and EIGRP on Cisco ISR routers to support reliable internal network routing and ensure consistent site-to-site reachability.
•Developed Python scripts to automate periodic health checks of BGP sessions on edge routers, enabling proactive fault detection and reducing manual effort.
EDUCATION
•Masters, computer and information science at Florida Atlantic University.
•Bachelors, computer science and engineering at Chandigarh University.
Contact this candidate