Naresh Kobbera

OBJECTIVE:
An experienced network professional having 8 yrs. of professional industry experience as Network engineer and seeking
an opportunity to enhance my skillset in Network security services.

PROFESSIONAL SUMMARY:
 An accomplished network engineer with a track record of employment in the information technology and
services sector. a solid IT specialist knowledgeable in Cisco IOS, Technical Support, Secure Sockets Layer (SSL),
SSL Certificates, Palo Alto Firewalls, Checkpoint Firewalls, Cisco ASA & FP Firewalls, and Juniper Firewalls.
 Expertise in complicated network system design, implementation, and troubleshooting, as well as routing,
switching, and firewall technologies.
 Thorough understanding of setting up and troubleshooting LAN, WAN, Frame-Relay, Ether-channel, NAT, VLAN,
STP, VTP, HSRP & GLBP, QoS, and IP Routing Protocols (RIPV2, OSPF, EIGRP & BGP).
 Knowledgeable about using the secure web gateways Zscaler and Bluecoat Proxy to accomplish URL and web
content screening.
 practical knowledge of setting up Meraki devices and generating the feature and device templates needed for
SD-WAN deployment.
 Experienced in setting up and offering operational support for site-to-site VPNs, extranets, B2B VPNs, MPLS, and
MPLS-VPN.
 AWS expertise, including knowledge of VPCs, VPC peering, Transit Gateway, EC2, CloudFormation stacks, Cloud
Watch logs, Cloud Trail, IAM rules, Route 53, Direct Connect, Global Accelerator, CloudFront, and network and
application load balancers.
 Knowledge of the wireless technologies used by Aruba, Meraki, and Ubiquity.
 Possess knowledge of a variety of network tools, including IBM Qradar, Firemon, Tufin, Algosec, and Splunk.
 Excellent knowledge of different security frameworks, attack vectors, and procedures (e.g., MITRE ATT&CK,
NIST, CIS, ISO 27001/27002, ITIL, etc.).
 good working knowledge of endpoint security products as VMware Carbon Black, Trend Micro, PAN Cortex-XDR,
Crowdstrike, and Symantec.
 Experienced Network Engineer specializing in CloudGenix SD-WAN, optimizing network performance and
ensuring seamless connectivity.
 Technical competence gained through hands-on experience with IDS/IPS deployment, both host-based and
network-based, using a variety of technology suppliers, including Palo Alto, Cisco, Checkpoint, Snort, Fire Eye,
etc.
 Creation, execution, troubleshooting, and maintenance of network and security infrastructures, including Cisco
routers, switches, and firewalls from other vendors.
 Dealt with network packet capture tools like Wireshark and monitoring tools like (CA Network performance
management, Netscout nGenius Client, Solarwinds, Logic Monitor, and Cisco Prime).
 Excellent knowledge of and expertise with the migration from technologies from many vendors to the Next Gen
Palo Alto Firewall.
 With multi-factor authentication technology providers such as Microsoft MFA, RSA SecureID, Okta, and Duo
security, experienced setting and staging RAS-vpn solutions such as PA Global Protect, Juniper Pulse, and Cisco
AnyConnect.
 created and analyzed security architectures, and penned comprehensive security control configuration
guidelines that complied with business security guidelines and regulations.
 Create and test network models using software like Cisco modelling labs or Riverbed Netplanner to foresee the
effects of production changes.
 familiarity in physically configuring and maintaining Fortinet FortiGate firewalls.
 assisted in the switch from Cisco to Fortinet security platforms.
 With FortiGate Manager, Fortinet firewalls' operating systems could be updated.
 Implement the McAfee Data Leak Prevention (DLP) solution, configure it, maintain it, tweak it, and debug it.
 Worked with both LTM and GTM network load balancers from F5 Big IP.
  Utilized scanning tools including IBM Qradar, Nessus, and Qualys vulnerability scanner in collaboration with the
information security office to fix network vulnerabilities.
 An understanding of Active Directory, Domain Controllers, DHCP, DNS, and Group Policies in AD.
 Has experience pushing significant network changes during a predetermined window.
 Familiarity with Python, Perl, Bash, and Tool Command Language (Tcl) for network automation programming.
 Excellent protocol configuration skills, including HSRP, VRRP, GLBP, SSH, ICMP, IGMP, PPP, HDLC, SNMP, and
SMTP.
 Have worked with network devices to build authentication protocols including LDAP, TACACS+, & RADIUS for
access control & privilege management.
 Proficient in managing isolation, performance, and faults for big enterprise networks using many layers of
redundancy.
Technical Skills:

Routers & Switches (Cisco ASR, Catalyst & Nexus series, Arista, Brocade and Juniper devices)
Routing Protocol BGP, OSPF, EIGRP, IGRP, IGMP, RIP, IS-IS), ISR, ASR, Routed Protocol TCP/IP,
Multicasting (PIM), OMP.
LAN Protocol VLAN, VxLAN, PVLAN, VTP, Inter-vLAN routing, ISL, dot1q, ARP, CDP, STP, IS-IS, RSTP,
MSTP, ISL PVST, LACP, HSRP, VSS, GLBP, VPC, VDC, Ethernet, Port security.
WAN Technology Frame Relay, WiSM Module in 6509, X.25, L2VPN, L3VPN, E1/T1/DS1/DS3, ISIS, MPLS
Network SNMP v2, v3, Cisco Works, 3Com Network Analyzer, MRTG, SolarWinds, and Orion
Management
Firewalls Palo Alto PA-500/PA-2K/PA-3K/PA-5K/PA-7k, ASA 5585/5520/5510, Check Point
R65/R70/R75, ISA 2004/2006

Certification/Trainings:
Palo Alto Networks Certified Network Security Engineer (PCNSE).
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)

Professional Experience: -

CVS Health, RI(Hybrid) Nov 2022 – Current

Sr Network Security Engineer

Responsibilities:
 Configuring and implementing firewall rules on Cisco CDO and Firepower devices through FMC.
 Implementing site-to-site VPN on Cisco Firepower devices.
 Troubleshooting network security issues.
 Implementing, configuring and troubleshooting VPN, IPSEC and other security protocols.
 Ability to migrate from Checkpoint to Cisco NextGen firewall. Proficient with security standards, NIST, ISO, CIS
and how it relates to safeguarding the enterprise.
 Owning the enterprise infrastructure of the Network Security team, such as implementation of firewall rules, web
proxy infrastructure updates, intrusion detection device policy management, wireless intrusion prevention infra-
structure support and advanced malware protection, DNS support, and F5 technologies.
 During the design phase, Meraki SD-WAN was included into the infrastructure.
 created a roadmap and migration strategy for the worldwide implementation of SD-WAN solutions in collabora-
tion with internal support teams.
 SDN (cloud vision), Cloud Genix, and SD Wan employing Palo Alto VTIs to reduce MPLS coasts.
 In charge of overseeing and maintaining the ION 3K/7K SD WAN Cloud Genix platform.
  Examining and debugging the Cloud Genix environment's traffic and regulations.
 Participated in Cloud Genix and Meraki switch automation script design.
 Loop in design call for SD WAN configuration using Cloud Genix to specify the use of internet links and MPLS ap-
plications.
 Identify, accept, apply, and impart the finest cloud security engineering techniques.
 Create proof-of-concept cloud security environment implementations and reference architectures.
 involved in designing and building cloud security architecture for clients' internal Azure applications.
 conducted risk assessments for cloud security for apps that were hosted on Azure.
 involved in creating enterprise-level cloud security measures for the Azure environment
 Utilizing PowerShell, Python, and SSH scripting, automate cloud security and monitoring duties.
 Fixing enterprise environment network access issues, infrastructure failures, and performance degradations
 Participating 24x7 on-call rotation management for production issue resolution=Optimizing network firewall rule
sets to require minimum access necessary, in addition to optimal device processing
 Worked extensively on Algosec to examine and tidy up firewall rules.
 Audit and improve firewall rules with Algosec.
 To help with the firewall audit, Checkpoint found unused firewall rules and hazardous ports using Algosec and
Palo Alto.
 Hands-on experience with confidential ACI deployment and technologies such as VXLAN and NVGRE.
 ACI proof of concept was carried out using a secret NEXUS 9500 as the spine and a NEXUS 9300 as the leaf.
 Cisco SDA/ACI was learned and researched for future implementation.
 For newly installing customers, assistance with initial installation and configuration for SDA assessment is pro-
vided.
 Doing the minor adjustments using the Algosec fire flow and analyzer.
 Contributed to the management of the Tipping Point intrusion prevention system, the Bluecoat proxy server, and
the Orion and Algosec reporting tools.
 Automating security and network controls with Algosec to enhance the present change management system.
 supplied thorough documentation—including network diagrams—for the installation of a new network security
architecture that complies with commercial and technical specifications.
 analyzed current security architectures, procedures, and processes by interacting with a variety of business and
technical teams to guarantee smooth workload transitions.
 Administration of the Fortinet firewall and Fortigate 3000 and 3815 series configuration according to the network
diagram.
 Sentinal One Endpoint protection, the Fortinet Forti sandbox, and the Fortinet FortiMail are among the newly in-
stalled files that FireEye AX and Kali Linux Sandox have analyzed and reviewed.
 New Fortnitet firewalls were installed to improve security, set up network control IPs, apply application control,
and log for compliance.
 Configuring, upgrading and maintaining devices to the latest code releases and performance improvements

PNC Financial Services, PA (Remote) Jan 2020 – Oct 2022

Sr Network Security Engineer

Responsibilities:
 As a senior for solutions from Cisco, Cisco Meraki, Palo Alto Networks, Aruba Networks, Arctic Wolf Networks,
Web Titan proxy, PAN Endpoint Security Solution Cortex-XDR, VMware ESXi, AWS, etc., I developed
HLD/LLD/SOP for Network, Network security, Wireless networks & Endpoint security architecture.
 Investigate security event alerts by looking at logs from a variety of devices, including network firewalls,
endpoint security managers, Windows event logs, email security appliances, MDR appliances, etc.
 Solid knowledge of different security frameworks, attack vectors, and methodologies (such as MITRE ATT&CK,
NIST, CIS, etc.).
 Created S3 buckets for hosting static websites and used Route 53 to route applications while working on several
AWS accounts.
 Created IPSEC site-to-site VPN tunnels between on-premises network hardware and AWS VPCs.
 Implemented Security Groups for instance-level traffic filtering and NACLs for AWS VPC traffic filtering.
 Setting up route-based and policy-based IPSEC Site to Site VPN tunnels with a variety of vendors, including Palo
Alto Firewalls and Cisco ASAs. VPN connections are made between the firewalls and the AWS Transit Gateway.
 Configuring group policies, multi-factor authentication, and account/user permissions for greater protection in
IAM on the AWS dashboard.
 ServiceNow as a ticketing platform, with all network changes are due approval with Change approval board.
 Managed public key infrastructure (PKI) for trust forward & encryption between computer systems from a third-
party cert authority (CA).
 Conducted proof of concept (POC) testing for Palo Alto Networks' network firewall in the organization's
environment.
 Analyzing and troubleshooting the rules and traffic in the Cloud Genix system.
 Took part in the creation of switch automation scripts for Meraki and Cloud Genix.
 Loop in design calls for the construction of an SD WAN utilizing Cloud Genix to define the use of MPLS apps and
internet links.
 Discussed the needs of the company with the Palo Alto Networks vendor when negotiating the hardware and
license sales for network firewalls. Subscriptions for threat mitigation, Wildfire, DNS security, URL filtering, etc.
 Switched the HQ network firewall from Palo Alto Networks PA-3220 (HA pair) to Meraki MX400 (standalone).
 For Palo Alto firewall administration, a virtual instance of Panorama was deployed and configured at code
version 10.2.
 Confidential remote branches of Meraki SD-WAN solution were installed in order to maximize carrier circuit use
and reduce latency and packet loss.
 Knowledge of WAAS, VoIP, wireless, security, and next-generation datacenter networking ACI.
 Cisco ACI design and implementation in datacenters
 To deploy applications in the ACI fabric, write code in Python and JSON.
 ACI network support and design for Fortune 500 companies was contracted.
 Provide remote support to partners for instalation and configuration issues, as well as SDA-related concerns.
 For WAN connectivity, an SD-WAN network was deployed and managed.
 Firewall Policy Management: Use AlgoSec's firewall management system to effectively manage, create, and
optimize firewall policies.
 Rule Optimization: To improve security and performance, examine the current firewall rules, look for
redundancy, and optimize them.
 Compliance and Risk Assessment: Make that firewall policies minimize security risks and vulnerabilities while
adhering to industry standards and legal regulations.
 Change Management: Manage all aspects of the firewall rule lifecycle, including documentation, change
requests, and procedure adherence.
 Discontinued a company network that was part of a purchase and used a Cisco Firepower 2110 as its main
network security device. Helped the app team transfer the service.
 Initial setup of the PA-3220 appliance, including setting up security policies, NAT rules, routing, IDS/IPS profiles,
log management, etc.
 On the PAN firewall, configure and link security profile groups with security policies for IDS/IPS capability.
 Implement security policies for zone/ network/ service/ app-id/ URL category-based access control on the PAN
network firewall.
 Set up the PA firewall's decryption policy to allow for granular app-id-based access control rules and to enable
blocking of traffic using older, deprecated versions of transport layer security.
 Setup the PAN firewall's Global Protect portal and gateway for the employee VPN service, remote user VPN
service, and ras VPN service.
 familiarity with Fortinet FortiGate configurations.
 Putting in place Fortinet firewalls
 Use the Fortinet ForiGate firewalls 300, 1000, and 2000 appliances to maintain a secure network posture.
 FortiManager is used for firewall policy provisioning on Fortinet FortiGate appliances.
  Integrated Global Protect vpn's remote user identity authentication feature with Azure AD SSO. For faraway
users, an always-on VPN.
 Supported the Microsoft In-Tune tool's deployment of the Global Protect Client Agent across all devices.
 Constructed and/or upgraded IPsec VPNs between the corporate firewall and extranets, private clouds, disaster
recovery sites, etc.
 Using the BPA+ tool, the PAN firewall's Best Practice Assessment (BPA) was run, and the necessary
improvements were made to the device.
 Performed security posture reports on the network firewall and reported status to management.
 Developed a cloud app for PAN AIOPS to check the health posture of the PA network firewall.
 Setup and application of SD-WAN policies on Cisco Meraki and Palo Alto equipment.
 Changed the endpoint security solution from Palo Alto Networks Cortex-XDR to Fortinet FortiClient.
 Supported the deployment of the initial endpoint security agent bundle using Microsoft Intune.
 Completed initial configuration of the PAN Cortex-XDR endpoint security manager's dashboard and policies.
 Contributed to addressing incidents and alerts for PAN cortex-XDR on a daily basis.
 The topology of the headquarters network was changed from a standalone to a redundant high-availability
architecture.
 For a secure network topology, LAN segmentation and access control policies were implemented across the
segments.
 Worked on the procedure for switching all sites over to BGP or dynamic routing.
 To accommodate growth and expansion, new switch stacks, Cisco catalyst 9k, were configured and deployed.
 Configured Proofpoint ESA (Proofpoint E-mail Security Solution) initially and deployed it in the environment. This
was followed by the creation of a SOP for handling activities involving phishing incident investigation.
 Worked with iLand Zerto DRaaS on Disaster Recovery (DR) Site deployment, failover architecture, circumstances,
etc.
 Use Arctic Wolf Networks' Managed Detection & Response (MDR) service. I collaborated with the vendor on a
service subscription that, by absorbing the network traffic records, performs the functions of a conventional
SIEM platform. network firewall threat logs, endpoint security manager alert table data, cloud app logs (e.g.
Azure connector integration), endpoint event logs, etc.
 Conceived desktop and server hardening policies with the vendor and had desktop engineers put them in place.
 I worked on the Arctic Wolf Networks dashboard's day-to-day activities for the security alert inquiry.
 Conversion of Cisco Meraki's wireless access points (WAP) infrastructure to Aruba Networks hardware.
 Setup of the wireless network for the corporate headquarters in Aruba central, followed by the creation of the
guest network (authentication via the cloud captive portal of Aruba), which includes access control policies for
visitor devices such as bandwidth, segmentation, threat filtering, URL filtering, etc.
 Offer any necessary help with the move of the mobile device management (MDM) solution from Cisco Meraki
MDM to Jamf (for MacOS & IOS) and Microsoft In-tune for Windows platform.
 Take part in and support yearly PCI DSS audit procedures.

Freddie Mac, TX Sep 2018 – July 2019

Network Security Engineer

Responsibilities:
 Developed HLD/LLD/SOP for Network Security Infrastructure as a Lead for Products like Citrix VM, VMware NSX-
T, Crowd strike AV, Palo Alto Firewall, Imperia WAF, Zscaler Proxy, F5 BIG IP, etc.
 Setup Panorama, a centralized management system, with Palo Alto Firewall models PA-3k, PA-5k, and PA-7k to
control large-scale installations of firewalls.
 Managing significant projects for the clientele, such as system installations, VoIP migrations, expansions, and
decommissioning.
 Collaborated with Palo Alto engineering TAC to find an issue that prevented DP1 from being used when the DP0
queue was full in the 8.1.3 code on the PA 5020 device.
 Set up and keep up security policies on the Forti Analyzer and Fortinet firewall and manager.
 knowledge in setting up and maintaining physical Fortinet FortiGate firewalls.
 helped with the transition of security platforms from Cisco to Fortinet.
 upgraded the operating system of Fortinet firewalls using FortiGate Manager.
 Served as network support for all client public domains and web apps during the process of on boarding them
into the Imperva cloud web application firewall. Restricting network firewalls to only permit traffic from Imperia
networks is one of your additional duties.
 Offered network support for the deployment of Crowd strike Falcon endpoint security agents to all end points
and made the required network adjustments to enable end points to download updated antivirus software over
the internet.
 New workstations were deployed on the AWS cloud to meet COVID 19 remote work requirements, and a private
cloud architecture was used to connect the cloud network with the corporate network.
 Used Palo Alto Networks' best practices to upgrade the code on PA firewalls in global data canters to version 9.0.
 As a prerequisite for the Palo Alto networks-recommended firewall performance optimization, a security rule
clean-up was carried out on the global PA firewall devices based on the Palo Alto rule use feature.
 As part of a project to optimize the performance of the firewall, work was done to switch from port-based rules
to App-id-based rules based on the report from Palo Alto's app-id identifying feature.
 Locate, mark, and deactivate inactive B2B extranet VPN connections to streamline device configuration and stop
unwanted access to the company network.
 Documentation: Keep thorough records of firewall policies, including explanations for each rule and its
description.
 Work together with the security team to respond to and minimize security incidents that have an impact on
firewall policies.
 Integration: For a complete security approach, effectively integrate AlgoSec's solution with other security and
network management technologies.
 Performance Optimization: To increase network efficiency, keep an eye on firewall performance and apply rule
set optimizations.
 On a B2B VPN, switch from static routing to BGP to provide dynamic failover in the event of a primary server
failure.
 Assisted with the migration of the current infrastructure to a private cloud architecture by providing firewall
support.
 practical expertise in creating the feature and device templates required for SD-WAN deployment, as well as
configuring Meraki devices.
 Meraki SD-WAN was included into the infrastructure at the design stage.
 developed a migration plan and roadmap in coordination with internal support teams for the global deployment
of SD-WAN technologies.
 Assist with the transition of the RAS service from Palo Alto Global Protect VPN to Juniper Pulse Secure, and work
on integrating Okta cloud multi-factor authentication services with the PA GP client.Worked on transition of RAS
service from Juniper SA 6500 SSL VPN, PSA 5000/7000 (Active/Active & Active/Passive),
 Migration to Palo Alto Global Protect VPN and managed post-migration end user support.
 Installed and administered Panorama firewalls from the Palo Alto VM series for IPS and content analysis in an
AWS public cloud environment.
 Providing all-inclusive networking support using Cisco Catalyst and Nexus switches, Active Directory, SolarWinds
Orion, and VMware. Using Big IPs F5 LTM and GTM, I load balance web application traffic.
 Use Palo Alto firewalls to implement and enforce stronger IPS inspection over production traffic.
 Collaborated with the information security office to use scanning technologies including IBM Qradar, Nessus,
and Qualys vulnerability scanner to fix network vulnerabilities.
 Collaborated with HPNA's network automation to push minor network modifications and automate security rule
reporting and firewall configuration scanning.
  To push a python script to get retired IP network security rule base reporting and then clean up the rule base on
the PA firewall devices, work was done on this.
 For staff internet access, ZIA admin uses Zsclaer cloud proxy.
 Kept an eye on the Global Support Service Desk for any tickets filed regarding VoIP issues or modifications.
 Setting up and maintaining Panorama and Palo Alto firewall with the integration of Cisco routers, switches, and
WLAN components.
 Client ASA firewall migrations to Palo Alto and post-migration support, including establishing security policies on
Palo Alto firewalls based on User-ID, APP-ID, and Content-ID requirements.
 Monitoring networks and giving analysis utilizing a variety of tools, such as Wireshark and the Enterprise
Network Performance Monitoring Tool (CAPM).
 Be familiar with the architecture of Cyber Ark Privileged Access Management (CA PAM).
 Using the Palo Alto Expedition tool, the Tufin SecureTrack tool, and firewall audit reports, reporting, reviewing,
and optimizing the Firewall rule base.
 Investigated problems using packet capture tools like Wireshark and Net Scout.
 Working knowledge of MPLS VPN and (QoS) architecture using multi-layer switches from Cisco.
 Worked on installing Zscaler in Production and transitioning from BlueCoat proxy to Zscaler cloud proxy.
 Proven track record of connecting third-party businesses using an IPSEC VPN and Cisco routers.
 In the Palo Alto environment, virtual systems (Firewalls) were created and vsys from EOL PA devices were
transferred to newer boxes.
 Maintaining, improving, and resolving active directory problems.
 I assisted a DNS engineer in the migration of DNS, DHCP, and IPAM services to the BlueCat server.
 Collaborated with HPNA's network automation to push minor network modifications and automate security rule
reporting and firewall configuration scanning.
 Have worked on ServiceNow CMDB to manage and document network equipment.

Hewlett Packard, TX. March 2017–Aug 2018

Network Security Engineer

Responsibilities:
 Created HLD/LLD/SOP for network security infrastructure for Juniper, Bluecoat Proxy, Cisco, Check Point, and
Palo Alto firewall products. McAfee, the DLP antivirus program, Citrix VM ESXi, etc.Configured Palo Alto Firewall
models PA-3k, PA-5k, PA-7k and centralized management system (Panorama) to manage large-scale Firewall
deployments, including multi-vsys environment to protect Data Centre and provided L3 support for
routers/switches/Firewalls.
 Has expertise installing the AWS CLI, using AWS Cloud Formation Templates, and controlling a variety of AWS
services with SHELL/BASH programming.
 Setup and administration of FireEye CM 4400 and FX 5400 threat protection platforms for malware analysis
systems
 Proficiency in the analysis and monitoring of Solar Winds-based load balancing of network traffic.
 Providing all-inclusive networking support using Cisco Catalyst and Nexus switches, Active Directory, SolarWinds
Orion, and VMware. Using Big IPs F5 LTM and GTM, I load balance web application traffic.
 Maintained wireless switching, routing, and firewall setups using Meraki and Ubiquiti Networks.
 Participate in the implementation of the LLBs and GSLBs to guarantee that traffic is spread evenly utilizing
various load balancing strategies.
 Rule Lifecycle Management: Oversee the development, alterations, and termination of firewall rules, making
sure they comply with the security specifications of the enterprise.
 Troubleshooting & Problem Solving: Look into and fix firewall-related problems with the least amount of
disturbance to network functions.
 Implemented Fire eye Appliances for Whitelisting False Positive Malware Events and Malware File Detonation.
 Setting up Cisco routers, switches, and WLAN components while integrating Palo Alto firewall and Panorama, as
well as providing post-migration assistance.
  Setting up and configuring a Meraki network, including location, tags, DHCP, wired and wireless setup, firewall,
etc.
 Setting up a test setup using an IBM QRadar 3128 manager and 1628 event collector to forward X-Force alerts
and metrics.
 Set up User-ID, APP-ID, and Content-ID-based security policies on the Palo Alto firewall in accordance with
requirements.
 Set up traffic carrying older transport layer security versions to be blocked by the PA firewall's decryption policy
for encrypted traffic.
 Producing network firewall and router audit reports while reviewing and improving the firewall rule base using
the Tufin SecureTrack application.
 Assess, Plan, Test, and Implement Post Administration of DNS and DHCP Migration to Infoblox Appliances.
 Load balancing the web applications utilizing Cisco ACE and F5 LTM load balancers from BIG-IP.
 Setting up Cisco LAN, WAN, wired, and wireless network infrastructure for the distribution, access, and core
layers across all data centers.
 Expertise combining RSA tokens (physical and virtual) technology with Cisco VPN concentrators for multi-factor
authentication.
 Working knowledge of MPLS VPN and (QoS) architecture using multi-layer switches from Cisco.
 Extensive experience configuring firewalls, monitoring, and troubleshooting Cisco's ASA 5500/PIX security
appliance, as well as failover DMZ zoning and configuring VLANs, routing, and NAT.
 Carefully managed Network ACLs, EC2 and Security Groups when transferring legacy on-premises infrastructure
to AWS cloud services, which now houses more than 20 AWS services.
 Using AWS Identity Access Management (IAM) Group and Users, I created monitors, alerts, and notifications for
EC2 hosts. This enhanced login authentication.
 Switching to Zscaler from BlueCoat proxy and working to put Zscaler into production.
 Worked on developing advanced knowledge of Palo Alto PA-200, Checkpoint, Fortinet, Cisco ASA 5500 series,
and Fortinet.
 The installation of Meraki SD-WAN solution confidential remote branches aimed to optimize carrier circuit
utilization while lowering latency and packet loss.
 A managed SD-WAN network was set up for WAN connectivity.
 Resolved customer requests for Cisco ASA, Juniper SRX, Fortigate, and NX-OS firewall policies.
 Pre-migration work that involves regression testing of Palo Alto lab firewalls before releasing them into
production.
 Designed and deployed VoIP in small and medium-sized businesses, including IP phones and SIP trunks that
offered telephone services.
 Participated in setting up and installing equipment in the Data Center using Aruba Instant, Airwave, Clearpass,
Airglass, and other Aruba Hardware.
 Facilitated multi-location manufacturing UCCX (IPCCX) Express 4.X, Cisco Call Enterprise Manager 4.X, and Cisco
Emergency
 To speed up the onboarding process, automation scripts for the Cisco Meraki environment have been built.
 Setting firewall rules on Checkpoint up to GAIA R77.30 and Juniper SRX 3600, SRX 3400, and SRX 5800 on a
regular basis.

ACT Fibernet, INDIA, (Internship) May 2015 – Sep 2016

ACT Fibernet, INDIA Oct 2016-Feb 2017
Firewall Engineer

Responsibilities:
 Working knowledge of Panorama and Cisco ASDM-integrated PIX Firewall, Checkpoints, CISCO ASA, and Palo
Alto Firewall equipment.
 Vast knowledge of Juniper's product line, which includes JUNOS, EX switching, SRX firewall, and Palo Alto
network firewall.
 Jointly installed wireless controllers, FEX, UCS, ASIC, and Nexus 9K Pine and Leaf topology.
  Configure and troubleshoot wireless LAN controllers (WLC) and secured wireless access points (WAP)
throughout the corporate network.
 Expertise with Aruba, Cisco Meraki, Cisco ASA, ISR, Catalyst/Nexus, and HP switches.
 Knowledge of how to use KIWI SolarWinds to monitor and analyze network traffic load balancing.
 Designed and implemented QOS on all Cisco and Juniper LAN and WAN edge devices to replace the preexisting
inconsistent QOS policies.
 Design and configuration of OSPF, BGP, and SRX Firewalls on Juniper Routers.
 Using the network firewall and router audit reports produced by the Tufin SecureTrack tool.
 Created a plan for the AWS Security Group. In a promote-to-production environment, established the naming
standards, owners, and approval procedure for Security Group change requests.
 The FireEye Incident Response Tool set, manual evidence gathering, and alerts have all been used to perform
investigations on devices most successfully.
 Using Cisco Networks, design, develop, deploy, and support VoIP services, including call management and IP
phone-related difficulties.
 Financial Planning & Analysis: Examine the business cases for all significant product partner arrangements to
ensure that the major presumptions are well-considered, pertinent, and that all relevant parties are aware of
the related business commitments.
 Use the spectrum analyzer tools from Cognio and Airmagnet to conduct active and passive WLAN surveys.
 Implemented FireEye Appliances for Whitelisting False Positive Malware Events and Malware File Detonation.
 Practical implementation and deployment of LAN/WAN systems from Cisco, Juniper, Brocade, and Arista
 For 26 AWS accounts, CloudTrail logs were enabled and setup. All CloudTrail logs were created and handled in
an encrypted S3 bucket, and the bucket policy was changed to allow CloudTrail access to each account.
 Setup and installation of Amazon's Inspector. On all of the EC2 instances in the AWS account, Targets and
Templates were created, and Assessment runs were scheduled.
 Update Cisco IOS, Catalyst OS, and NX-OS on various Cisco switches and routers on a regular basis for best
performance and to prevent defects or existing vulnerabilities in code releases.
 F5 Big IP load balancers were set up and put into use to boost application performance.
 Use a variety of tools to monitor the network infrastructure, including SolarWinds Network Monitor, Entuity
(NMS), Avaya, and Enterprise Device Manager.
 Implemented on the Fortigate Firewall the Policy Rules, DMZ, and Multiple VDOM's for Multiple Clients of the
State.
 Maintained and monitored client VPN, intrusion detection, and firewall systems.
 Working knowledge of high-end devices such as ASA Firewalls 5585, 5580, 5540, 5520, and 5510 from the CISCO
ASA VPN Platform.
 Involved in scripting the I Rules using TCL (Tool command language) and Perl for HTTP redirection.

Educational Qualifications:
 Bachelor’s degree from JNT University, India with Bachelor of Technology in Computer science Engineering
graduated.