| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidatePaSenior Network Engineer (SDWAN, Palo Alto, Security, AWS, F5)Phone: PHONE NUMBER AVAILABLEEmail: EMAIL AVAILABLELinkedIn: Aman Reddy LinkedInPROFESSIONAL SUMMARY:Experienced Senior Network Engineer with a robust background in designing, implementing, and optimizing complex network infrastructures. Expertise spans SD-WAN solutions, next-generation firewalls, and cloud integrations, delivering scalable, high-performance solutions aligned with stringent security standards. Proven success in leading transformative projects, including Data Center expansions and multi-site network deployments. Dedicated to driving innovation and efficiency, ensuring networks operate at peak performance to meet organizational goals. Ready to bring strategic vision and technical expertise to elevate your network infrastructure.Strong hands-on experience on Cisco Catalyst (series 3850, 3560, 4500, 6500), Cisco Nexus (series 5K, 7K, 9K), Cisco Routers (series 7300, 4000, 3800, ASR 9000), Firepower (4100), Load Balancers (Citrix NetScaler, Cisco ACE, F5 BIG-IP LTM/GTM, VIRPION), IDS/IPS (HIDS, NIDS, NIPS, HIPS), Fire eye, Splunk, Palo Alto Networks Firewalls (PA-820, series PA-3K, 5K), Checkpoint IP Appliances (NXG R60, R70, 3100, 5900), FortiGate (7060E and 7030E)Implemented single sign-on (SSO) solutions with Forti Authenticator to streamline user access across multiple applications and services.Deployed Forti Authenticator to provide centralized authentication services, integrating with LDAP, RADIUS, and Active Directory for secure user authentication.Configured multi-factor authentication (MFA) using FortiToken and FortiToken Mobile to enhance security for VPN and network access.Experience in working with Cisco Nexus Switches like 5000, 7000 and 9000 series and configuring VDC, VPC, EVPN, VRF, and OTV on the Nexus switches.Thorough experience in configuring Virtual Local Area Networks (VLAN) with IEEE 802.1Q, VLAN trunking protocol (VTP), shortest path bridging, Multiple VLAN Registration Protocol and VLAN Cross Connect (CC). Experience in IDF/MDF Architecture, Data center Architecture and Spine Leaf Architecture.Experience with EC2 instances, Security policies. Experience in Python Scripting for Network Automation.Migration Experience from Cisco ACS to Cisco ISE.Experience on EVPN, MLAG, Symmetric and Asymmetric routing in Spine Leaf, VXLAN, VTEPS, VNI, MAC flood lists updates using BGP Route distinguishers, RT1,2,3 and 5 updates.Installed, configured, deployed Network Virtualization (NSX) VMware platform for the software defined data center. Migrating from metro ethernet to MPLS circuit for remote site connectivity.Integrated vSphere with Cisco UCS (Unified Computing System) to leverage hardware-based performance and scalability for virtualized environments.Utilized VMware vRealize Automation to automate the provisioning and management of virtual machines, streamlining IT operations and improving efficiency.Experience in configuration of LAN protocols such as Ethernet and Fiber Distributed Data Interface (FDDI) on Cisco Switches. Experience in documenting and preparing process related operational manuals.Experience of various wireless 802.11 standards, controllers, Access Points, Wi-Fi analytics from various vendors (Cisco Meraki, HPE, D-Link and Net gear).Implemented and maintained Sourcefire intrusion detection/ prevention (IDS/IPS) system and hardened protection standards, IDS/IPS signatures on Firewall for Fine-tuning of TCP and UDP services.Migrated from ASA to Palo Alto 5000 Series. Experience in NAT/PAT, Policies, SSL Forward proxy, Decryption, URL Filtering on PA firewalls. Experience in designing and implementing F5 web-based solutions. Experience in writing F5 iRules. Experience in implementing F5 solutions in Azure cloud.Experience with Zscaler Internet security and Zscaler private access. Worked on ZIA for internet web traffic security. Migrated from IRONPORTS to Zscaler ZIA. Worked on setting up tunnels from f5 devices to Zscaler cloud.Worked on the URL filtering and upgradation of Palo Alto firewall from PAN-OS 9.1 to PAN-OS 10.0.Worked on the migration from Cisco ASA to the Palo Alto firewall and the configuration of User-IDs, App-IDs, SSL Decryption, URL Filtering, Policies, Zone Protection, High Availability, Certification Management, Migrated all IPSEC tunnels, ACLs, NAT rules and policies. Experience with Aruba WLAN infrastructure in large scale global deployments. Experience with 802.1x, RADIUS, EAP-TLS WLAN standards.Experience with TCP/IP internals and the ability to analyze packet captures using Wireshark.Experience with 3700and 3800 series cisco Wireless Access PointsEDUCATION:Bachelor of Engineering in Electronics and Communication from Sri Indu University, IndiaMaster of Science in Cybersecurity from State University of New York AlbanyCERTIFICATION:CCNA - Cisco Certified Network AssociateCCNP - Cisco Certified Network ProfessionalPCNSE - Palo Alto Networks Certified Network Security EngineerCCSE Certified cloud security engineerAWS Certified - Adv NetworkingComptia sec+TECHNICAL SKILLS:RoutersvEdge Routers, Catalyst 8300 Series, 8200 Series, ISR 4000 Series, 1000 Series, 900 Series, 800 Series, Catalyst 8300 Series Edge Platforms, ASR 1000 Series, Asr 1013 Router, ASR 901 Series, ASR 9000 Series, 1013 Router. Juniper MX304, MX10004 and MX10008, SDN-enabled MX10003, SDN-enabled MX2020Routing Fundamentals and ProtocolsRouted and Routing protocols RIP, EIGRP, IS-IS, OSPF, BGP, IPX; MPLS, IPv4, and IPv6 addressing, subnetting, VLSM, Static routing, ICMP, ARP, HSRP, VRRP, Route Filtering, Multicast, 802.11, Policy-Based Routing, Redistribution, Port forwarding.Switch PlatformsCisco Catalyst series 2960, series 3560, 3850, 4500, 6500, 7000; Nexus series 2K, 5K, 7K; Nortel/Avaya 5510, 5520.Switching Fundamentals and ProtocolsEthernet technologies, LAN networks, MAC, VLAN and VTP, STP, PVST+, Multicast, RSTP, Multi-Layer Switching, 802.1Q, EtherChannel, PAgP, LACP, CDP, HDLC, RARP.Firewall PlatformsCheckpoint (NGX R65, 3100, 5100, 5900), Cisco Firewalls (ASA 5505, 5506-X, 5585), Palo Alto Networks with panorama 8.0, WAFPalo Alto DevicesPA-440 ML-powered next-generation firewall (NGFW), PA-220, PA-3410, PA-3420, PA-3430, and PA-3440, PA-440, PA-7000, PA-7080, PA-7050Network Management and MonitoringServiceNow, Infoblox, Wireshark, HP NView, Cisco Prime, Splunk, Security Device Manager (SDM), Cisco Works, TCP Dump and Sniffer, SolarWinds Net Flow Traffic Analyzer, NetScout, Network Performance Monitor (NPM), Network Configuration Manager (NCM), SAM, IP Address Manager, Additional Polling Engine.Load BalancersF5 (BIG-IP) LTM 2000, 3900Viprion, Cisco ACE, Citrix NetScalerOperating SystemsWindows 10/7/XP, MAC OS, Windows Server, Nexus OS, Cisco IOS XR, Linux, UNIX, Cumulus. vm wareSecurity SoftwareNessus, Ethereal, Nmap, Metasploit, RSA, Authentication, PIAWireless TechnologiesCanopy Wireless Devices, D-Link Point-to-point Wireless, D-Link APs, CISCO 1200 series APs, Aruba wireless and APs, Cisco Meraki, Linksys Wireless/Wi-Fi Routers, Prime Infrastructure, Ekahau, Air Magnet, AirWatch and WLCs (8510, 5508, 5706), Cisco AironetAPs (2600, 3600, 3700), ISE, MSE, Aruba 225, Aruba 3000 controller & Airwave, ISE, Clear Pass 6.0,6.2,6.5Standards & Frameworks, PoliciesOWASP, OSSTMM, PCI DSS, GDPR, CCPA, PCI DSS, HIPAA, SOXScriptingShell, Python and AnsiblePROFESSIONAL EXPERIENCE:Client: T-Mobile USA, Inc., Remote Jan 2023 PresentRole: Senior Network Engineer (SDWAN, Palo Alto, Security, AWS, F5)Successfully installed Palo Alto next-generation firewall (NGFW), PA-400 Series firewalls in Data Center as perimeter Firewalls. Worked with Cisco Viptela, Versa SD-WAN solutions. Migrated from DM-VPN and MPLS circuits to SD-WAN solutions.Design and deployment of enterprise IT PaaS Platforms specializing in implementation based on EAI, J2EE, SOA, Web Services, Messaging Middleware & CEP (Complex Event Processing) and Micro - Services (API) architecture.Configured Silver Peak Orchestrator for centralized management and monitoring of SD-WAN deployments, simplifying policy enforcement and network operations.Conducted a POC on Versa and Viptela SD-WAN solutions as a team and worked on evaluating the solutions. Built cloud infrastructure using Infrastructure as Code technologies and Terraform.Worked on SDWAN implementations at all Greenfield and Brownfield facilities by deploying Viptela hardware.Worked with Palo Alto Next Generation Firewall with security, networking, and management features such as URL filtering, Anti-virus, IPsec VPN, SSL VPN, IPS, Log Management.Monitored and troubleshooted traffic on Palo Alto Firewall through Panorama. Created and modified rules and objects on Palo Alto Firewall through Panorama.Designed, implemented, and configured best practices on NextGen IDS/IPS Firewalls such as Palo Alto, Cisco Firepower (Sourcefire). Deployed and maintained SDWAN solutions, routers, and switches, Cisco ASR, Juniper SRX, and Fortinet firewalls. Advanced experience in internal wireless networks, test measurement, and analysis.Configured SolarWinds NetFlow Traffic Analyzer to analyze network traffic patterns and identify bandwidth.Developed and implemented ArcSight Console Rules, Filters, Active Channels, and Dashboards/Data Monitors.Created and customized Reports and Notifications within ArcSight ESM.Performed installation and configuration of ArcSight ESM, including Connector Appliance setup for managing connectors.Worked on Zscaler policies, cloud app control policies, advanced threat, malware, sandbox-based policies. Worked with network management protocols/tools (TACACS, NTP, SNMP, SYSLOG, etc.)Configured QoS policies on Cisco Catalyst 9500 Series switches to prioritize critical applications and ensure optimal network performance, utilizing classification, marking, and queuing techniques.Implemented single sign-on (SSO) solutions with Forti Authenticator to streamline user access across multiple applications and services.Utilized IPsec with IKEv2 on Cisco ISR 4000 Series routers to establish secure and resilient VPN connections, enhancing network security and performance.Configured 802.1X authentication and RADIUS-based access policies on Aruba ClearPass, integrating with Aruba 5400R Series switches to enforce user and device identity-based access controls.Completed project to evaluate Cisco Next-Generation Firepower 4100 Series security appliances for both the virtual Firepower Threat Detection and the Virtual ASA modules to increase security in a production environment.Configured Cisco ISE to support device administration using TACACS+, providing centralized authentication and authorization for network devices and enhancing administrative control.Resolved customer requests to create firewall policies for Cisco ASA, Juniper SRX, Fortinet, and NX-OS.Integrated Splunk with cloud-based services (AWS, Azure) to monitor and secure hybrid network environments, providing end-to-end visibility and control applicationsImplemented AWS Direct Connect to establish dedicated network connections between on-premises data centers and AWS, ensuring low latency and high bandwidth for critical Combine AWS, Terraform and linux engineering disciplines to build and support enterprise web applications. Focus on optimizing existing systems, building infrastructure as Code IaaS, AWS production environments and eliminating work through automation.Support internal deployment full end-to-end Agreement Cloud solutions and helping in building complex integrations utilizing DocuSign's API.Deployed F5 BIG-IP ASM version 14.x to protect web applications from threats such as SQL injection, cross-site scripting (XSS), and DDoS attacks. Configured security policies and application layer firewalls to safeguard critical applications.Implemented F5 BIG-IP APM version 13.x to provide secure remote access and single sign-on (SSO) solutions for enterprise applications. Configured access policies to enforce multi-factor authentication (MFA) and device posture checks.Leveraged Arubas Adaptive Radio Management (ARM) and ClientMatch technologies to optimize RF performance and ensure reliable wireless coverage and client connectivity.Worked on integrating existing Layer 2 and Layer-3 networks with CISCO ACI.Created config templates in DNAC for WLCs (Wireless LAN Controllers) as per customer demand.Integrated Cisco DNA Center with ITSM platforms (e.g., ServiceNow) to streamline network operations, automating incident and change management processes.Configured and troubleshooted infrastructure for Windows Azure environments.Installed and configured Riverbed Steelhead 550H WAN optimization.Implemented QoS policies on Cisco Catalyst switches to prioritize VOIP traffic, reducing latency and ensuring reliable voice quality.Utilized Ekahau Site Survey and Ekahau Pro for wireless network planning and optimization, conducting predictive site surveys and real-time measurements to ensure reliable coverage and performance.Actively monitoring network traffic and system logs in real-time using SIEM solutions using snort to promptly detectand respond to security incidents, anomalies, and potential threats.Configured and monitored Security Onion sensors across the network, detecting a zero-day exploit targeting a critical server. Prompt isolation and patching prevented a potential system compromise.Implemented SolarWinds Security Event Manager, improving incident response time by 50% through centralized log management and analysis.Configured Riverbed SteelCentral for end-to-end network performance monitoring and troubleshooting, providing comprehensive visibility into application and network performance.Designed, implemented, and managed Cisco Wireless LAN Controllers, wireless access points, and management systems.Orchestrated the strategic design and implementation of the Cisco Call Manager architecture, ensuring scalability and alignment with organizational goals.Client: FM Global Apr 2020 Dec 2022Role: Network Security EngineerResponsibilities:Researched, designed, and replaced Checkpoint firewall architecture with new next-generation Palo Alto PA3000 and PA5000 appliances for improved security and application inspection.Configured Palo Alto Firewalls and analyzed firewall logs using Panorama. Successfully installed Palo Alto PA-3000/PA-5000 firewalls to protect Data Center.Deployed Zscaler Cloud proxies using GRE tunnels to zCloud from Edge routers, implemented Azure AD SSO authentication, and managed user group policies on Cloud-based proxies for Internet traffic.Migrated Nexus 7Ks & Nexus 5Ks to an ACI Fabric in a brownfield Datacenter, integrating existing Layer 2 and Layer-3 networks with CISCO ACI.Implemented Cisco ACI Microsegmentation for enhanced security and deployed DNS services using BIND and Windows Server DNS for reliable domain name resolution.Configured SolarWinds NetFlow Traffic Analyzer and User Device Tracker (UDT) to monitor network traffic patterns, device connections, and endpoint activity.Implemented QoS on Cisco Catalyst 9500 Series switches to ensure optimal network performance for critical applications.Configured Aristas advanced monitoring features, including Latency Analyzer (LANZ) and Data Analyzer (DANZ), to gain insights into network performance and troubleshoot issues.Successfully utilized Arista Cloud Vision products like CVP, CVA, and CVX to streamline network management and enhance operational efficiency.Utilized Wireshark and tcpdump for in-depth packet analysis.Implemented Nessus PCI DSS scanning for compliance checksDesigned, implemented, and maintained Site-to-Site VPNs, and remote access VPNs using Cisco solutions (ASA 5520 and 5540), including head-end and remote client-side connections.Worked on Blue Coat Proxy SG to safeguard web applications in untrusted environments like guest Wi-Fi zones.Deploy, manage and effectively maintain security systems and their corresponding or associated software, including firewalls, checkpoint firewall, squid firewall, blue coat proxy and routers, IDS, IPS, cryptography systems, Encryption (RSA, AES), Tokenization (OpenNMT), and anti-virus software.Deployed Symantec Blue Coat ProxySG appliances for secure web gateway (SWG) solutions, configuring web filtering, threat protection, and SSL inspection to enhance web security.Worked on Juniper devices like M, MX, T routers on advanced technologies like MPLS VPNs, TE, and other service provider technologies. Troubleshot Routing, Security, and SDWAN issues and coordinated with support and professional services.Deployed and optimized Barracuda CloudGen WAF (Web Application Firewall) to secure critical web applications, resulting in a 50% decrease in successful SQL injection attempts and a 35% reduction in overall application layer attacks within the first quarter of implementation.Leveraged Nagios for comprehensive network monitoring, reducing system downtime by 25% through proactive issue detection and resolution.Configured BGP, OSPF in Juniper M and MX series routers. Worked on BGP attributes (MED, AS-PATH, Local Preference), Route-Reflector, Route-Redistribution among routing protocols.Deployed VMs for various applications and services, ensuring resource allocation and load balancing.Installed and configured Aruba AP-535 and AP-555 access points to deliver high-performance Wi-Fi 6 connectivity.Leveraged Arubas Adaptive Radio Management (ARM) and ClientMatch technologies to optimize RF performance and ensure reliable wireless coverage and client connectivity.Provided expert level security and network planning, researching, designing, and testing new networking technologies for perimeter firewall security, Intrusion Prevention/Protection System (IPS), DNS and DMZ security, and Internet Security.Employed Nmap for network discovery and security auditing, maintaining an up-to-date inventory of all network assets.Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.Executed routine and ad-hoc vulnerability scans using Tenable Nessus and Qualys VM, verifying system security settings and configurations across 500+ endpoints, resulting in a 40% reduction in critical vulnerabilities over 6 months.Implemented network security policies and controls to ensure compliance with PCI-DSS, HIPAA, and GDPR standards.Led daily threat hunting operations using IBM QRadar, analyzing over a thousands of events per day and successfully identifying and mitigating 3 zero-day threats within a 6-month period, resulting in zero successful breaches and a 60% reduction in false positives.Conducted regular security awareness training for employees using Phishing simulations with tools like KnowBe4, reducing phishing click rates by 45%.Implemented multi-factor authentication (MFA) using Okta across all critical access points, significantly strengthening user access controls.Applied ITIL frameworks to improve IT service management practices, ensuring efficient incident response, problem resolution.Client: Veradigm Inc (Allscripts India) Jan 2018 Mar 2020Role: Information Technology Support EngineerResponsibilities:Worked with the Help Desk for circuit troubleshooting to give Support to the Tech persons at the site.Deployed Cisco Firepower 2100 Series with FTD version 6.7, configuring next-generation firewall features, including intrusion prevention, advanced malware protection, and URL filtering.Utilized CDP to automate network inventory processes, resulting in a 40% reduction in manual documentation efforts and improved accuracy of asset management.Configured DHCP services on Cisco IOS and Windows Server to dynamically assign IP addresses and network configurations to client devices, ensuring efficient IP address management and reducing administrative overhead.Utilized SNMP on Cisco routers to allow for network management. Completed the installation and configuration of T1, T3 & OC3 circuits. Troubleshoot TCP/IP problems, troubleshoot connectivity issues.Implemented Chef for infrastructure as code (IaC) to manage network configurations, enabling rapid deployment and updates of network policies and device settings.Configured VPN services on Cisco FTD 2100 Series, providing secure site-to-site and remote access connectivity with robust encryption and authentication.Utilized Nmap to conduct network discovery and security audits, identifying open ports, services, and potential vulnerabilities on network devices and servers.Implemented SNMP on Cisco routers to allow for network management. Completed the installation and configuration of T1, T3 & OC3 circuits. Troubleshoot TCP/IP problems, troubleshoot connectivity issues.Configuring and troubleshooting multi-customer network environment. Involved in network monitoring, alarm notification, and acknowledgment.Utilized Ansible playbooks to automate the deployment and management of network devices, configuring VLANs, interfaces, and routing protocols across multi-vendor environments.Configured Splunk to ingest data from Cisco, Juniper, and Palo Alto Networks devices, ensuring a unified view of network activity and security posture.Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.Implemented ITIL best practices to streamline IT service management processes, enhancing service delivery, incident management, and change management.Used OpenDaylight SDN controller for network programmability and automation, integrating with various network devices to enable centralized control and orchestration.Implemented A10 Thunder TPS for DDoS protection, leveraging advanced threat detection and mitigation technologies to safeguard network and application infrastructure.Configured ACLs on Juniper SRX Series firewalls to simplify management and enhance readability, ensuring consistent and accurate policy enforcement.Configured A10s WAF (Web Application Firewall) features to protect web applications from common vulnerabilities and attacks, enhancing overall security posture.Configured Citrix NetScaler Gateway for secure remote access, implementing multi-factor authentication (MFA) and VPN services to protect remote connections.Conducted regular network scans with Nmap, pinpointing previously unknown open ports and unpatched vulnerabilities on a newly acquired network segment. This proactive approach allowed for timely remediation before attackers could exploit them.Utilized CUCM monitoring and troubleshooting tools (e.g., Cisco RTMT, Prime Collaboration) to track system performance and identify potential issues. Environment: Cisco Catalyst and Dell Switches, Cisco 2800, 7600 series routers, ISP circuits, Cabling, IDF/MDF |
