| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateName: Pradeep reddyPhone: PHONE NUMBER AVAILABLEE-mail: EMAIL AVAILABLESenior Network EngineerPROFESSIONAL SUMMARY:5 years of Experienced Network professional worked on medium to large scale environments, enterprise and Data center networks. Performed roles of Senior Network Engineer, Operations and Deployment Engineer with Clients that include Financial, healthcare and Cloud Providers. Expert in Switching, routing, Network Security, Application Delivery, Wireless Virtualization and SDN.Strong knowledge in Cisco Routing, Switching and Security with Cisco hardware/software (heavy Cisco shop) experience.Integrated FortiClient EMS with FortiGate firewalls to enhance network and endpoint security through unified threat management.Implemented and administered VPN solutions on Palo Alto firewalls, including site-to-site and remote access VPNs.Implemented NEDs for a diverse range of network devices, including routers, switches, firewalls, and load balancers, ensuring compatibility with multi-vendor environments.maintained user authentication policies and access control rules on RADIUS servers to enforce security policies and regulatory compliance requirements.Experience with Zscaler Cloud Proxy Architecture with ZIA, traffic forwarding using GRE tunnels to Zcloud, Azure AD Authentication, Access policies, ZAPP.Regularly audited network setups and made recommendations for enhancements in Cisco and Arista environments.Utilized CAD/GIS systems to create detailed network topology maps, aiding in the identification and resolution of connectivity issues.Implemented FortiSwitches for network segmentation, VLAN configuration, and dynamic link aggregation (LAG), optimizing network performance and scalability while integrating seamlessly with FortiGate for centralized management and security enforcement.managed Cisco network infrastructure, including routers, switches, and ASAs (Adaptive Security Appliances), to ensure secure and dependable connection for enterprise customers.Experience working on Cisco Catalyst Series 3750, 4500, 6800, 6500, 9300, 9400, 9500.Experience on Cisco Wireless products and technologies including Cisco Wi-Fi access points, Catalyst 9800 wireless controllers, DNAC, ISE, DNA spaces, Meraki.Designed and implemented Meraki-based network architectures, ensuring simplicity, scalability, and cloud-driven management.Implemented and maintained policies on Cisco ISE/ICU to enforce authentication, authorization, and endpoint compliance for network devices and users.Security audits and vulnerability assessments of Cisco network equipment were performed using tools such as Cisco Security Manager (CSM) and Nessus to detect and correct security flaws and configuration problems.TECHNICAL SKILLS:Networking Technologies: LAN/WAN Architecture, TCP/IP, VPN, VLAN,VTP, NAT, PAT, STP, RSTPNetworking Hardware: Cisco Switches, Cisco Routers, ASA/PaloAlto/ firewalls, Wireless Cisco, WLC and Aruba.Routing Protocols: OSPF, ISIS, EIGRP, RIP, MPLS, IS-IS, BGP, MulticastingSecurity Technologies: PAP, CHAP, Blue Coat, Palo Alto, ASANetwork Monitoring: Solarwinds, Wireshark, HR ping, Whatsup gold, InfobloxOperating Systems: Windows 7, Vista, XP, 2000, LINUX, Cisco IOS, IOS XR,Programming Languages: Perl, Power Shell, Python,AnsibleSimulation Tools: GNS3, VMware, OPNET IT GURU, OPNET Modeler,CadenceSniffer: Wireshark AnalyzerTest Tools: XIA, Iperf, SSH, Bugzilla, TestopiaPROFESSIONAL EXPERIENCE:Client: Dish Network Aug 2023 Till DateRole: Senior Network Security AnalystResponsibilities:Utilized FortiClient EMS to centrally manage endpoint security, including deployment of antivirus updates, endpoint compliance checks, and remote troubleshooting for distributed networks with over 500 endpoints.Integrated FortiGate firewalls with FortiSandbox for advanced threat detection and mitigation, leveraging sandboxing technology to analyze and block zero-day threats.Utilized FortiManager to create and deploy centralized security policies across FortiGate firewalls, ensuring consistent enforcement and streamlined administration.Reduced network downtime by 15% through proactive troubleshooting and maintenance of Fortinet devices.Leveraged Palo Alto Networks Wildfire inspection engine to prevent Zero-Day attacks.Implement the Global Protect VPN, IPSec VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.Implemented Palo Alto Networks Next-Generation Firewalls (NGFW) across 5 data centers, reducing security incidents by 75% within the first year.Configured APP-ID feature in Palo Alto firewalls to reduce attack surface, regain visibility and control over traffic.Configured zone-based firewall policies on Palo Alto Networks PA-5430 to segment network traffic, enforcing security controls based on data sensitivity and minimizing the attack surface.Configured Quality of Service (QoS) policies on Catalyst 9800 controllers to prioritize critical applications and optimize traffic flow, enhancing user experience in high-demand environments.Configured and enforced security policies on Catalyst 9800 controllers, including WPA3, 802.1X authentication, and integrated threat detection, to safeguard wireless networks against potential threats.Integrated Palo Alto Networks PA-7050 with LDAP and Active Directory to enforce user-based policies, utilizing user identification features to apply security measures based on user identity.Utilized Cisco FTDs 7.1X version application visibility and control (AVC) features to manage and monitor application usage, enforcing security policies based on application behaviorImplemented Cisco DNA Center for network automation and assurance, configuring software-defined access and policy-based segmentation to enhance network security and efficiency.Configured RSTP (Rapid Spanning Tree Protocol) on Cisco Catalyst 9500 Series switches to prevent network loops and ensure fast convergence in Layer 2 networks, enhancing network stability and reliability.Configured RADIUS authentication on Cisco ISE and Aruba ClearPass to provide centralized authentication and authorization for network access, ensuring secure and efficient user management.Implemented TACACS+ command authorization on Cisco Nexus 9000 Series switches to control and audit administrative commands, enhancing security and accountability. Integrated Cisco ISE/ICU with existing network infrastructure components such as switches, routers, firewalls, and wireless controllers to enforce access policies and secure network communications.Configured and optimized FabricPath on Nexus 7000 switches, eliminating Spanning Tree Protocol limitations and improving network convergence time by 80%.Implemented Cisco Application Centric Infrastructure (ACI) using Nexus 9000 switches, reducing application deployment time from weeks to hours.Worked on Cisco Data - center platforms such as Cisco ACI, APIC and Cisco Nexus switches such as 7718, 5548, 2248.Leveraged Cisco Nexus OS for network infrastructure deployments, including configuration of VLANs, VRFs, ACLs, and other advanced features to support complex data center environments.Implimented ACI policies and configurations based on business requirements and application needs.Possess good experience in configuring and troubleshooting WAN technologies like MPLS, DS3 and ISDN.Configured and managed the integration of ACI with virtual switches and distributed virtual switches.Worked on implementing lab for SDN using Cumulus Linux for test-driving part of DC migration to SDN.Implemented Linux-based VPN solutions OpenVPN, IPsec to establish secure and encrypted communication for remote access and site-to-site connectivity.Deployed Kubernetes clusters to orchestrate containerized applications, configuring network policies, ingress controllers, and service discovery to ensure secure and efficient communication within the cluster.Configured Cisco ASA 5500-X Series firewalls with version 9.14, implementing advanced security policies, intrusion prevention, and VPN services for secure network accessUtilized Cisco ASA clustering to provide high availability and load balancing, ensuring uninterrupted security services and optimal performance.Implemented Azure Security Center and Azure Sentinel, enhancing threat detection capabilities and reducing security incidents by 75%Orchestrated the migration of on-premises databases to Azure SQL Database, improving query performance by 70%Implemented Azure Traffic Manager for global load balancing, improving application response times by 45% for international users.Developed and executed a comprehensive Azure disaster recovery plan, achieving a recovery time objective (RTO) of under 4 hours.Experience with Zscaler Cloud Proxy Architecture with ZIA, traffic forwarding using GRE tunnels to Zcloud, Azure AD Authentication, Access policies, ZCC 3.0 tunnel.Worked on PAC file updates, and Internet proxy migration from IronPort to Zscaler cloud. Access policies, AD-based, user-based, location-based access. ZAPP client.implemented Cisco ACI (Application Centric Infrastructure) solutions to provide a programmable and automated network infrastructure.Utilized Cisco ACI APIs and automation tools like Ansible to automate repetitive tasks and streamline network provisioning.Deployed and configured Cisco Network Service Orchestrator (NSO) to automate and orchestrate network services, streamlining provisioning and management tasks.Deployed HPE Aruba wireless solutions to provide secure and seamless connection for mobile devices, IoT devices, and mission-critical applications across a variety of settings, including workplaces, campuses, and public spaces.Aruba 802.11ac wireless access points deliver superb Wi-Fi performance, Aruba 330 series, 501 wireless client bridge, 7220, 7010 MOBILIT CONTROLLER.Deploy and manage with advanced security and network management tools like Aruba ClearPass Policy Manager, Aruba AirWave and cloud-based Aruba Central.Developed automated workflows using Aruba ClearPass Exchange to streamline device onboarding and policyenforcement, reducing manual configuration efforts.Integrated Python and Perl scripts with version control systems Git to manage changes, track revisions, and facilitate collaboration among team members.Developed and maintained documentation for Python and Perl scripts, providing clear instructions and insights for other team members and stakeholders.Utilized Chef cookbooks and recipes to automate the provisioning and configuration of network devices, reducing manual effort and minimizing configuration errors.Configured Google Cloud VPCs to create isolated network environments, setting up subnets, firewall rules, and route tables for secure and efficient networking. Implemented custom route tables and private Google access to enhance security and control over network traffic.Configured AWS VPN Gateway to establish secure IPsec tunnels between on-premises networks and AWS VPCs, ensuring data confidentiality and integrity.Designed and implemented F5 BIG-IP LTM version 15.x to optimize application delivery and ensure high availability. Configured virtual servers, pools, and load balancing algorithms to distribute traffic efficiently across backend servers.Configured SSL offloading on F5 BIG-IP LTM to reduce the load on application servers by terminating SSL/TLS connections at the load balancer.Conducted RF site surveys using Ekahau tools to identify optimal access point placement, minimize interference, and maximize coverage and capacity.Configured Citrix NetScaler GSLB to ensure high availability and optimal performance for geographically distributed applications and services.Configured ITIL-based change management processes to control and manage network changes, reducing the risk of disruptions and ensuring compliance with organizational policies.Configured Silver Peak Orchestrator for centralized management and monitoring of SD-WAN deployments, simplifying policy enforcement and network operations.Responsible for the IPAM (IP Address management) system for a very large WAN/LAN network (QIP) using Solarwinds IPAM and Infoblox DNS and DHCP servers.Design and Implementation Cisco Meraki Enterprise solutions for corporate infrastructuresDeploying Cisco Aironet 3800,4800 Series, Cisco Meraki Enterprise Cloud Access Points Bridges/Repeater for LAN ExpansionsConfigured BGP on Cisco ASR 9000 Series routers to manage inter-domain routing with multiple ISPs, optimizing route selection and ensuring high availability.Client: Navy Federal Credit Union, Vienna VA Apr 2022 Aug 2023Role: Network Security EngineerResponsibilities:Implemented FortiAnalyzer for real-time monitoring and analysis of network traffic, security events, and bandwidth utilization, creating custom reports and dashboards to track key performance metrics and security incidents.Managed FortiAP deployments for secure wireless connectivity, implementing multiple SSIDs, guest access policies, and wireless intrusion detection/prevention (WIDS/WIPS) to safeguard network integrity and user privacy.Managed FortiSwitches (including models like FortiSwitch 248E and 448E) for creating VLANs, implementing Layer 2 and Layer 3 switching, configuring link aggregation (LAG), and optimizing network performance with Quality of Service (QoS) policies.troubleshooting of complex LAN/WAN infrastructure that include configuring firewall logging, DMZs, related security policies, monitoring, documentation and change control.Leveraged Palo Alto's URL filtering capabilities to reduce malware infections by 90%, significantly enhancing organizational cybersecurity.Utilized Palo Alto Panorama for centralized management of 50+ firewalls, reducing administration time by 40% and improving policy consistencyUtilized Palo Alto Panorama version 10.0 for centralized management of multiple PA-3200 Series firewall instances, enabling unified policy deployment and comprehensive network security monitoring.Developed and executed Ansible automation scripts for the configuration and management of Palo Alto Networks PA-3020 firewalls, reducing manual efforts and minimizing errors.Conducted regular training sessions for IT teams on Zero Trust and SD-WAN concepts, best practices, and effective implementation strategies.Configured device provisioning and software image management in Cisco DNA Center, automating network device deployment and maintenance tasks.Developed custom authentication and authorization policies on Cisco ISE/ICU to align with organizational security requirements and regulatory compliance standards.integrated Catalyst 9800 controllers with existing LAN and WAN infrastructure, ensuring seamless operation and communication between wired and wireless networks.Implemented TACACS+ on Cisco ASA 5500-X Series firewalls and Cisco Catalyst 9300 Series switches for secure and granular device administration control, enhancing security and compliance.Designed and deployed VMware vSphere 7.0 environments, configuring ESXi hosts and vCenter Server for high availability, resource optimization, and seamless management of virtual machines.In corporated Cisco Nexus 9000 NX-OS to ACI fabric to work in concert with existing 7000s and ASRs for Multi-Protocol Label Switching (MPLS).Deployed Google Cloud Armor to protect applications from DDoS attacks and web-based threats, enhancing overall security posture. Configured security policies and custom rules to mitigate risks and ensure compliance.Utilized Docker to containerize applications, ensuring consistent deployment and scalability across different environments, and integrating with CI/CD pipelines for automated build and deployment processes.Configured Cisco Unified Communications Manager (CUCM) to manage and control IP telephony systems, ensuring high-quality voice communication across the network.Configured AWS VPN Gateway to establish secure IPsec tunnels between on-premises networks and AWS VPCs, ensuring data confidentiality and integrity.Configured Ekahau Sidekick for efficient and accurate site surveys, leveraging its built-in spectrum analyzer and dual-band Wi-Fi radio for comprehensive RF analysis.Implemented MST (Multiple Spanning Tree Protocol) on Juniper EX4650 switches to manage multiple VLANs with a single instance of spanning tree, optimizing network performance and scalability.Worked on ServiceNow Ticketing system to help clients resolve issues related to RSA two factor authentication, ZIA server proxy whitelisting, Zscaler URL categorization, Zscaler PAC file change and Internet browsing exception requests.Managed DHCP, DNS and IP address thru Infoblox, and Admin for Internet sites access thru Zscaler.Monitored and optimized network latency, throughput, and packet loss across Azure services, resulting in a 25% improvement in application performance.Implemented Azure DDoS Protection to defend against distributed denial-of-service attacks, ensuring uninterrupted service availability during peak traffic periods.Collaborated with vendors and service providers to assess and implement updates, patches, and new features for Zero Trust and SD-WAN solutions.Configured NAT (Network Address Translation) policies on Cisco ASA 5516-X to manage IP address translation and enhance network security.Implemented A10s GSLB (Global Server Load Balancing) to ensure high availability and optimal performance for geographically distributed applications and services.Implemented failover configurations on Cisco ASA 5545-X to ensure high availability and seamless failover in case of hardware or software failures.Implemented IPv4 access control lists (ACLs) and firewall policies to enforce security policies and control traffic flows within the network.Utilized Splunk Machine Learning Toolkit (MLTK) to develop predictive models for network performance and security, enabling proactive management and threat prevention.Responsible for performing predictive wireless site surveys with AirMagnet Planner and conducting physical wireless site surveys with AirMagnet Survey.Managed and troubleshoot NET Cloud, Cradle Point and Aruba access points wireless devices on Citrix and Airwave. Aruba VPN, customer public and private wireless networks. Aruba mobility and Clearpass training.Integrated Citrix NetScaler with Citrix Virtual Apps and Desktops to provide secure and high-performance access to virtualized applications and desktops, improving user experience.Configured SDN-based WAN optimization using Cisco SD-WAN (Viptela) to enhance application performance and user experience across distributed locations.Deployed Riverbed SteelHead appliances for WAN optimization, enhancing application performance and reducing bandwidth usage through advanced data deduplication, compression, and latency optimization.Create private VLANs, prevent hopping attacks, mitigate spoofing with snooping & IP source guard.Designed and Deployed Cisco Meraki Enterprise Cloud for Corporate HQ, Co-Locations and 500+ branches with distinct SSIDs.Created comprehensive documentation for ACI configurations, troubleshooting procedures, and best practices.Configured VPN services on BIG-IP APM to ensure secure connectivity for remote users, utilizing client-based and clientless VPN options.Deployed F5 BIG-IP GTM version 12.x to manage global traffic and ensure high availability across multiple data centers. Configured DNS load balancing and global server load balancing (GSLB) to direct users to the best-performing sites.Configured F5 BIG-IQ to manage device configurations, deploy software updates, and monitor system performance from a single dashboard.Conducted regular audits of curb cable infrastructure, identifying opportunities for optimization and efficiency improvements.Designed and implemented comprehensive migration strategies for transitioning from legacy MPLS circuits to SD-WAN architectures, ensuring minimal disruption to operations while maximizing the benefits of SD-WAN technology.Implemented Puppet to automate network device configuration management, ensuring consistent and compliant network environments across Cisco, Juniper, and Arista devices.Utilized Algosec's reporting and auditing features to generate detailed reports on network security policy changes, access violations, and compliance status.Utilized BGP route reflectors on Cisco Nexus 7000 Series to streamline route advertisement and reduce the number of BGP sessions required within the AS.Client: HP Enterprise Solutions, IND Sep 2020 Feb 2022Role: Network Operations Engineer (Wireless, Switching, Routing, Firewalls)Responsibilities:Worked on Nexus 5548, 2248, 2232, Cisco 12418, 12416 Cisco 7200VXR, Cisco 6513, and Cisco OSR, Cisco 4507 Routers, Cisco 6500, 4500, 3750 & 3560 switches.Implemented and configured AlgoSec Security Management Suite to streamline the management of complex network security policies.Utilized Cisco DNA Centers path trace feature to visualize and troubleshoot end-to-end network paths, identifying bottlenecks and performance issues.Working with IronPort, Bluecoat and Zscaler cloud Proxies for Internet Web Security. Worked on migration project from IronPorts to Zscaler Internet Security.Integrated network infrastructure changes into CI/CD pipelines to automate testing, validation, and deployment processes.Utilized A10s aGalaxy central management system to monitor and manage multiple A10 devices, providing comprehensive visibility and control over network operations.Implemented ITIL incident management and problem management processes to minimize service disruptions, ensuring quick resolution of network issues and root cause analysis.Configured Cisco DNA Centers automation workflows to streamline common network tasks, reducing manual effort and improving operational efficiency.Configured and maintained ExpressRoute circuits to ensure reliable and high-speed private connections between on-premises data centers and Azure, supporting hybrid cloud architectures.Integrated Cisco ASA with Cisco ISE (Identity Services Engine) for context-aware security policies and dynamic access control.Deployed F5 BIG-IQ version 7.x for centralized management and monitoring of multiple BIG-IP devices, simplifying operations and policy enforcement.Implemented voice VLANs to isolate VOIP traffic from data traffic, enhancing security and performance for voice communicationUtilized Ekahau Site Survey and Ekahau Pro for wireless network planning and optimization, conducting predictive site surveys and real-time measurements to ensure reliable coverage and performance.Created custom dashboards and alerts in Splunk to monitor network performance and detect anomalies, enhancing proactive network management and security monitoring.Worked on Bluecoat proxy server, Tipping Point Intrusion Protection System management.Collaborated with Linux distribution communities and forums to stay informed about the latest updates, security patches, and best practices.Troubleshoot issues related to VLAN, VLAN Trunking, HSRP failovers, related issues.Configured IPSEC VPN on SRX series firewalls.Utilized Nmap to conduct network discovery and security audits, identifying open ports, services, and potential vulnerabilities on network devices and servers.Implemented VMware Horizon for virtual desktop infrastructure (VDI), delivering secure and efficient desktop and application virtualization to end-users.Involved in configuring and implementing of Composite Network models consists of Cisco 2620 and, 1900 series routers and Cisco 2950, 3500 Series switches.Collaborated with cross-functional teams to troubleshoot and address network issues, resulting in minimal downtime.Configuring networks using routing protocols such as RIP, OSPF, EIGRP and BGP and manipulating routing updates using route-map, distribute list and administrative distance for on-demand Infrastructure.Provided redundancy in a multi homed Border Gateway Protocol (BGP) network by tunings AS-path.Client: Virtusa, IND Jun 2019 Aug 2020Role: Network EngineerResponsibilities: implemented Virtual Networks (VNETs) in Microsoft Azure, configuring address spaces, subnets, and Network Security Groups (NSGs) to control inbound and outbound traffic, ensuring compliance with corporate security policies.Collaborated with vendors to assess and implement emerging technologies, ensuring network architectures remain aligned with industry standards and advancements.Conducted periodic network reviews and audits to assess the effectiveness and alignment of network designs with evolving business requirements.Implemented and optimized load balancing solutions to distribute network traffic and ensure high availability of applications and services.Implemented Check Point App Control and URL Filtering to manage and control application usage and web browsing within the network.Developed Splunk queries and reports to analyze network traffic patterns, identify bandwidth utilization trends, and detect potential bottlenecks, optimizing network performance.Implemented User Defined Routes (UDRs) and Azure Virtual Network Appliances (NVAs) for traffic optimization and routing control, integrating with Azure ExpressRoute for private, high-speed connectivity between on-premises data centers and Azure environments.Configured VTP to manage VLAN database throughout the network for Inter-VLAN Routing.Worked in setting up inter-vlan routing, redistribution, access-lists and dynamic routing.Involved in configuring and implementing of Composite Network models consists of Cisco 2620 and 1900 series routers and Cisco 2950, 3500 Series switches.Implemented Algosec's AppChange module to automate the validation and documentation of firewall rule changes, improving accuracy and reducing errors.Utilized automated tools and scripts for proactive monitoring, troubleshooting, and optimization of network performance.Implemented continuous improvement practices to refine and enhance automation workflows over time.Integrated SD-WAN solutions with Quality of Service (QoS) mechanisms to prioritize and optimize network traffic for critical applications and services.Implimented best practices documentation to guide team members in implementing and maintaining automated network solutions.Conducted security incident investigations, root cause analysis, and implemented corrective actions to prevent recurring security incidents.Collaborated with regulatory compliance teams to align network security controls with industry regulations and standards.Managed various Switch Port Security features as per the companys policy Installation and troubleshooting networks with hand-on experience with OSPF, BGP, VPLS, Multicast, VPN, MPLS, & Traffic engineering.Configuring BGP/OSPF routing policies and designs, working on implementation strategies for the expansion of the MPLS VPN networks.Involved in implementation of trunking using Dot1Q, and ISL on Cisco Catalyst SwitchesWorked with snipping tools like Ethereal (Wireshark) to analyze the network problems.Maintenance and troubleshooting of network connectivity problems using PING, Trace Route.Performed replacements of failed hardware and upgraded softwarePerformed scheduled Virus Checks & Updates on all Servers & Desktops. |
