Professional Summary:

 Built highly available network solutions using Cisco ACI, Azure Virtual WAN, and AWS Transit
Gateway. Enabled seamless hybrid connectivity between cloud and on-prem.
 Automated daily network tasks with Ansible and Python to minimize manual errors. Created
reusable playbooks for firewalls, routers, and VLAN provisioning. Improved operational efficiency by
60%.
 Deployed SD-WAN using Cisco Viptela across multiple branch offices. Enhanced application
performance with intelligent path control and cloud on-ramp integration.
 Migrated on-prem workloads to AWS using Transit Gateway, VPN, and Direct Connect. Configured
BGP failover and integrated CloudWatch for monitoring. Ensured zero data loss during cutovers.
 Implemented Fortinet and Palo Alto firewalls with advanced threat protection and SSL inspection.
Centralized management using FortiManager and Panorama.
 Led network modernization efforts at financial and healthcare clients using Terraform and GitOps.
Standardized IaC templates for consistent deployment across environments.
 Managed F5 BIG-IP for load balancing critical apps across multiple data centers. Tuned health
monitors and SSL profiles for optimal performance and security.
 Configured Azure Firewall, NSGs, and Application Gateway for segmented access. Deployed private
endpoints and managed identity-based rules for compliance.
 Built secure VPN tunnels with BGP failover using Cisco ASA and Palo Alto firewalls. Used IP SLA and
tracking for dynamic routing failover in production.
 Integrated Prisma Access for secure remote access and cloud-delivered firewall capabilities.
Streamlined onboarding through SAML SSO and policy automation.
 Provisioned Juniper MX routers for ISP-level routing and peering. Designed BGP sessions with route
maps and prefix filtering for clean routing tables.
 Built network telemetry stack using SNMP, NetFlow, and syslog for real-time visibility. Integrated
logs into Splunk and SolarWinds for dashboard alerts.
 Deployed NAC using Cisco ISE for user authentication and posture compliance. Integrated with AD
and MDM for dynamic VLAN assignment and guest access control.
 Optimized Azure network peering and UDR for spoke-hub architectures. Applied route filtering and
service endpoints for secure resource access.
 Designed and documented DR and high-availability scenarios using active-active load balancing.
Participated in quarterly failover drills with 100% recovery rate.
 Used Terraform modules to deploy AWS Network Firewall and route tables across multiple accounts.
Managed state files via remote backend in S3 and DynamoDB.
 Maintained tight control over network ACLs and security groups across cloud platforms. Used AWS
Config and Azure Policy to audit and enforce compliance.
 Worked with Cisco DNA Center for policy-based automation, assurance, and inventory management.
Reduced network downtime with proactive insights.
 Created custom Python scripts for real-time route checks and interface monitoring. Used APIs to
automate health status across multiple vendors.
 Participated in security audits and ensured networks met PCI and HIPAA compliance. Remediated
findings through segmentation and logging improvements.
 Engineered VPC landing zones with centralized ingress/egress filtering in AWS. Configured Transit
Gateway for shared services and spoke VPC access.
 Built Azure Virtual Desktop connectivity with hybrid AD, firewall rules, and VPN integration.
Optimized user latency by deploying regional gateways.
 Configured dual-homed firewalls with high-availability across Fortinet and Palo Alto stacks.
Performed zero-downtime firmware upgrades and policy sync.
 Collaborated with app and security teams to align firewall rules with application behavior. Used flow
logs and packet captures for rule justification.
 Implemented micro segmentation using NSX-T and Azure Policy-based routing. Applied tags and
dynamic groups to manage east-west traffic securely.
 Reviewed and cleaned up firewall rulesets during audits, removing unused policies. Reduced overall
rule count and improved appliance performance.
 Coordinated with global teams for MPLS to SD-WAN migration planning and cutovers. Provided
rollback plans and traffic impact assessments.
 Designed secure internet breakouts with Zscaler and Cisco Umbrella for roaming users. Integrated
with identity providers for user-based policy enforcement.

Technical Skills:
Category Technologies, Skills & Tools
Cloud Platforms AWS, Azure
Networking BGP, OSPF, EIGRP, MPLS, VRF, IPSLA, NAT, PAT
 Protocols
Firewalls & Palo Alto, Fortinet, Cisco ASA, Cisco ISE, Security Groups, NSG, Access Control
Security Lists (ACL), Port Security, DHCP Snooping, Storm Control
Load Balancing & F5 BIG-IP, Site-to-Site VPN, SSL Offloading, NAT Gateways, ExpressRoute,
VPN Direct Connect
Switching & Cisco Catalyst, Cisco Nexus, Cisco ISR, VLANs, STP, HSRP, EtherChannel,
Routing L2/L3 Routing, Route Maps, Static/Dynamic Routing
Infrastructure Panorama, Terraform, Ansible, Python, Syslog, NetFlow, SNMP, NTP, DHCP,
Tools DNS, MAC Filtering, Webhooks
Monitoring & SolarWinds, Azure Monitor, Log Analytics, Flow Logs, Syslog Servers,
Logging CPU/Interface Monitoring, Traffic Shaping
Automation & Ansible, Terraform, Python, Bash, CLI Templates, Automation Scripts
Scripting
Access IAM Roles (AWS), Cisco ISE, Azure Role-Based Access Control (RBAC),
Management Authentication Integration
Compliance & Security Audits, Risk Assessments, Firewall Logging, Policy Reviews, DR Drills,
Auditing Rule Documentation, SOC Collaboration
High Availability HA Firewall Clusters, Redundant Links, BGP Failover, VRRP, HSRP
DevOps DevOps Collaboration, DNS Routing, Private Link Integration, Conditional
Integration Forwarding
Network Design Network Segmentation, Hybrid Network Design, Peering Strategies,
Logical/Physical Topology, UDRs, VPC/VNet Architecture
Performance QoS Policies, Packet Capture, Traffic Shaping, Interface Tuning, Bandwidth
Optimization Utilization, Route Optimization
Documentation & Topology Diagrams, Rack Layouts, Cable Maps, Change Logs, Monitoring
Reports Reports, Runbooks

Certification:
 Cisco Certified Network Associate (CCNA)
 Cisco Certified Network Professional (CCNP)
 Palo Alto Certified Network Security Engineer (PCNSE)

Professional Experience:

Catalent, Baltimore, MD Sep

Responsibilities:
 Deployed hybrid cloud connectivity using AWS Transit Gateway and Azure Virtual WAN. Configured
BGP and VPN tunnels to ensure low-latency performance across environments.
 Automated switch, firewall, and router configurations using Ansible and Python. Reduced
configuration drift and improved network rollout time.
 Implemented Cisco Viptela SD-WAN to modernize WAN architecture and replace MPLS circuits.
Enabled dynamic path selection and cloud on-ramp features for branch locations.
 Migrated data center workloads to AWS using Direct Connect and Transit Gateway. Built highly
available routing policies using BGP and AWS route propagation.
 Designed and deployed firewall infrastructure using Palo Alto and Fortinet for both on-prem and
cloud workloads. Integrated Panorama and FortiManager for centralized control.
 Built Terraform modules to automate the deployment of AWS Network Firewall and VPC components.
Managed multi-account provisioning using remote state backends.
 Performed deep packet analysis using TCP/IP headers to troubleshoot random connection resets
between Azure VMs and on-prem applications; identified MSS/MTU mismatch as the root cause.
 Used Panorama templates to standardize firewall configurations and reduce manual errors during
rollouts.
 Developed and executed automated test cases using Pytest to validate network automation scripts
and configurations across multi-vendor platforms (Cisco, Juniper, Palo Alto).
 Delivered end-to-end support for Cisco SD-WAN and DNA Center rollouts, coordinating closely with
cloud and security teams to align policies and automate branch provisioning.
 Integrated Arista EOS switches into core and edge environments alongside Cisco and Juniper
platforms to support high-speed east-west traffic.
 Tuned OSPF cost metrics across core Nexus and Catalyst switches to optimize east-west traffic flow
during peak manufacturing cycles.
 Maintained F5 BIG-IP appliances for load balancing internal and external applications. Tuned health
checks, SSL profiles, and iRules to optimize traffic delivery.
 Troubleshot high-latency traffic flows using packet captures and flow data; worked with application
owners to isolate network vs. application-layer delays.
 Used EIGRP route summarization at the data center edge to reduce routing table size and prevent
unnecessary query flooding to remote branches.
 Configured BGP on Arista EOS, Cisco IOS-XR, and Cisco IOS using Python script
 Integrated Panorama with LDAP and SAML for role-based access and audit logging during security
reviews.
 Designed consistent security policies across multi-cloud environments using Azure NSGs, AWS
Security Groups, and Terraform-based templates to enforce unified segmentation and threat
inspection.”
 Configured Azure Firewall, NSGs, and Application Gateway for layered security and controlled
access. Deployed Private Endpoints and Service Endpoints to isolate traffic.
 Monitored routing protocols using Juniper MX routers, BGP route reflectors, and prefix lists. Ensured
loop-free topology and efficient route convergence across core networks.
 Created network visibility dashboards with SolarWinds and integrated syslog/NetFlow into Splunk for
real-time monitoring and alerting.
 Reviewed IPv6 rollout scenarios with cloud architects and implemented dual-stack routing within
AWS VPCs and internal segments, ensuring backward compatibility
 Led VPN integration using Cisco ASA and Palo Alto GlobalProtect with BGP failover. Used IP SLA and
object tracking to manage route failover for production workloads.
 Documented complex firewall changes and routing policies using topology diagrams, change logs,
and rollback instructions; reduced review time during audits.
 Deployed Prisma Access and Zscaler to secure remote access for a globally distributed workforce.
Enabled SAML-based authentication and contextual policies.
 Designed network segmentation using Cisco ISE for dynamic VLAN assignments and posture
assessments. Integrated with Active Directory and mobile device platforms.
 Optimized Azure UDR and peering for spoke-hub architectures. Managed route tables with
propagation controls and route summarization.
 Participated in disaster recovery strategy and implemented active-active failover using redundant
firewalls and load balancers. Validated through quarterly DR tests.
 Maintained Git-based repositories for network configurations. Integrated Jenkins pipelines to
validate and test configs before production deployment.
 Enhanced cloud security by auditing AWS security groups, NACLs, and route tables. Used AWS
Config rules and CloudTrail to monitor and enforce compliance.
 Designed cloud network architectures with compliance in mind, applying segmentation, encryption,
and logging controls to meet PCI, HIPAA, and SOX mandates.
 Managed Cisco DNA Center to perform network assurance, manage inventories, and apply intent-
based policies with automation.
 Developed custom Python scripts for interface monitoring and BGP route health checks. Triggered
alerts via Slack and email using REST APIs.
 Worked on regulatory compliance tasks ensuring HIPAA and PCI DSS adherence. Conducted regular
firewall audits and rule cleanup exercises.
 Configured PIM Sparse Mode on Cisco core switches to enable multicast routing for internal video
distribution to remote offices.
 Implemented shared VPC architecture in AWS for centralized egress and service access. Controlled
inter-VPC traffic using route tables and firewalls.
 Managed Azure Virtual Desktop connectivity using hybrid DNS, NSGs, and VPN. Reduced user
latency with traffic redirection and optimized gateway placements.
 Handled lifecycle management for Fortinet and Palo Alto devices, performing zero-downtime
upgrades. Maintained HA pairs and active-active clusters.
 Deployed certificate-based authentication on Cisco ASA and Palo Alto VPN gateways using internal
PKI and external CA integrations for posture validation.
 Tuned IGMP snooping and querier roles on access layer switches to support multicast traffic flow
without unnecessary flooding.
 Collaborated with cloud, app, and security teams to fine-tune firewall rules. Captured traffic using
PCAPs and flow logs to verify policies.
 Introduced micro segmentation using NSX-T and Azure policies. Grouped workloads based on tags
and service roles for dynamic access control.
 Using Cisco Viptela and Palo Alto firewalls across AWS and Azure; ensured secure segmentation and
identity-based access policies across platforms.
 Regularly reviewed security policies and firewall rules to remove stale entries. Improved
performance and reduced policy processing overhead.
 Conducted MPLS to SD-WAN migration with global teams. Provided rollback documentation and test
plans to ensure smooth transition.
 Implemented ACLs and multicast boundary filters to prevent unnecessary multicast flooding across
L2/L3 boundaries.
 Deployed secure internet breakout with Cisco Umbrella and Zscaler. Integrated with Azure AD and
Okta for user identity-based access control.
 Designed high-availability topologies using dual-homed firewalls, IP SLA-based failover, and BGP
route convergence to ensure zero-downtime operations during planned and unplanned failovers
 Deployed and managed site-to-site and remote-access VPNs using Cisco ASA and Palo Alto
GlobalProtect with integrated SAML and certificate-based authentication.
 Provided support for Cisco ACE load balancer migration, including policy translation and health
check verification before cutover to F5 appliance
 Monitored optical links using DOM and interface diagnostics to catch signal degradation early and
prevent link failures on high-availability circuits.
 Configured GlobalProtect VPN with dual-factor authentication and SAML integration for secure
remote access.
 Configured Cisco ISR routers with dual-BGP failover and object tracking to support dynamic WAN
edge routing in a hybrid cloud setup.
 Implemented version-controlled changes using Git and change automation pipelines. Reduced
outages and accelerated review processes with pre-check validations.
 Built and managed Cisco ASA site-to-site VPN tunnels with BGP failover and SLA-based tracking.
 Configured route maps, BGP communities, and filtering for external peering and transit scenarios.
Reduced BGP churn and ensured policy alignment.
 Managed IPv6 rollout across internal network and AWS VPCs. Designed dual-stack configurations
and verified compatibility across platforms.
 Supported dual-homed WAN links over fiber leveraging provider-based Metro Ethernet, enabling
active-active routing between campus and cloud edges.
 Participated in large-scale application cutovers and network maintenance events. Delivered detailed
implementation and rollback plans for flawless execution.

Environment: Cisco ACI, Cisco Viptela, Cisco ASA, Cisco ISE, F5 BIG-IP, Fortinet, Palo Alto, Prisma
Access, Azure Virtual WAN, Azure Firewall, Azure Application Gateway, AWS Transit Gateway, AWS
Network Firewall, Direct Connect, Ansible, Terraform, Git, Jenkins, Python, Splunk, SolarWinds, Zscaler,
ZPA, NSX-T, Juniper MX, Cisco DNA Center, Okta, Azure AD, Active Directory, SAML, BGP, OSPF, IP SLA,
SD-WAN, VPN, S3, CloudTrail, CloudWatch, AWS Config, Service Endpoints, Private Endpoints.

Kyyba, Detroit, MI Nov 2022

Responsibilities:
 Deployed secure Azure connectivity using Virtual WAN, ExpressRoute, and VPN Gateway. Enabled
seamless traffic flow between cloud and on-prem workloads.
 Managed routing with UDR, BGP, and custom route tables for hybrid architectures. Implemented
segmentation with NSGs and private endpoints.
 Integrated Cisco SD-WAN with Azure to modernize WAN architecture. Enabled centralized control
with vManage and automated route failover testing.
 Collaborated with SOC and compliance teams to review firewall logs, segment critical resources,
and ensure HIPAA-aligned traffic isolation across zones.
 Collaborated with infrastructure teams to isolate PCI-compliant traffic using VLANs and TCP/IP
segmentation across financial zones.
 Created custom Panorama dashboards to monitor threat activity and policy hit counts.
 Participated in wireless site planning and AP placement validation using predictive RF heatmaps;
aligned coverage for warehouse and office zones.
 Integrated GlobalProtect with internal PKI for certificate-based posture validation and user
authentication.
 Tuned QoS policies on WAN edge routers and switches to prioritize latency-sensitive traffic (VoIP,
Azure AD sync), reducing jitter and packet loss under peak loads.
 Configured remote access VPNs on Cisco ASA using AnyConnect and integrated MFA with Duo.
 Developed automation playbooks using Ansible for VLAN provisioning, firewall updates, and switch
configuration templates.
 Reviewed and streamlined firewall policies using Panorama and ACL audits, removing redundant
rules and improving appliance performance.
 Designed OSPF stub areas within branch locations to minimize LSA propagation and reduce
convergence delays.
 Configured Palo Alto firewalls with HA pairs, dynamic address groups, and URL filtering. Used
Panorama for centralized policy deployment.
 Integrated Pytest into CI/CD pipelines (GitLab/Jenkins) to automate validation of infrastructure as
code (IaC) using Ansible/Terraform.
 Designed and implemented Cisco ASA VPN infrastructure with IP SLA-based failover and certificate-
based posture validation using internal PKI and Okta integration.
 Implemented EIGRP with route filters and prefix-lists to control inbound routes received from partner
MPLS peers.
 Configured 802.11a/b/g/n parameters on Cisco wireless LAN controllers to align with client device
compatibility and roaming requirements.
 Migrated standalone Palo Alto configurations into Panorama with minimal downtime and full policy
preservation
 Led incident response for a VRRP failover issue; worked with ISP and cloud teams to verify route
path preference and restore symmetric routing.
 Migrated critical applications to Azure with proper routing, firewall rules, and identity integration.
Leveraged Azure Monitor and Log Analytics for visibility.
 Led secure network redesign initiative at Wells Fargo branch offices using Cisco SD-WAN and firewall
segmentation strategies to align with internal compliance and security frameworks.
 Tuned F5 BIG-IP LTM for HTTP/SSL load balancing and connection persistence. Supported blue-green
deployment strategies and zero-downtime cutovers.
 Supported multicast traffic troubleshooting across routed interfaces, adjusting PIM configurations
and verifying multicast routing tables.
 Built alerting dashboards with SolarWinds and Azure Monitor for real-time tracking of network health
and bandwidth trends.
 Collaborated with app and security teams to translate application flows into firewall rules and NAT
exceptions, ensuring frictionless rollouts.
 Created operational documentation including network rack layouts, cabling maps, and SNMP
monitoring configurations for new site stand-ups.
 Monitored WAN performance over Metro Ethernet circuits and escalated to carriers using SLA-based
latency and jitter baselines via SolarWinds.
 Supported deployment of Arista leaf-spine switches in a small data center migration project,
focusing on BGP EVPN integration and edge connectivity.
 Used Cisco ISE for access control with posture-based dynamic VLAN assignment. Integrated with
Windows AD for 802.1x authentication.
 Partnered with application teams to understand traffic flows during new rollouts; translated
requirements into ACL rules, NAT exceptions, and port mappings.
 Wrote Python scripts to validate BGP peering sessions and monitor interface errors across switches
and routers.
 Designed spoke-hub architecture in Azure with secure peering, DNS forwarding rules, and regional
segmentation. Reduced latency and improved failover paths.
 Monitored user/device authentication via 802.1x with Cisco ISE; implemented fallback to certificate-
based auth for trusted endpoints.
 Created Terraform templates for network provisioning across dev, staging, and prod. Ensured
version-controlled and peer-reviewed deployments.
 Supported VPN and remote access using GlobalProtect and Azure Point-to-Site VPN. Enabled MFA
and certificate-based authentication for users.
 Provided support for legacy ACE and CSM configurations during transition planning to modern load
balancing via F5 and cloud-native solutions.
 Collaborated with developers to understand app flows and translated requirements into network
and firewall policies.
 Worked with DevOps and automation teams to test Ansible playbooks for batch VLAN provisioning
across Arista EOS switches.
 Built network segmentation in Azure using route filters, service endpoints, and subnet-level NSGs.
Enabled isolation for sensitive workloads.
 Conducted routine firewall audits to identify obsolete rules and streamline traffic flow. Shared
findings with the security team for review.
 Designed and managed high-availability pairs of FortiGate firewalls for data centers and branch
offices. Tuned sessions, NAT, and policy lookup.
 Reviewed cloud security posture using Azure Defender and Microsoft Sentinel. Took proactive
actions based on alerts and recommendations.
 Managed BGP peerings with ISPs and cloud edge routers. Used prefix lists and communities to
enforce traffic engineering policies.
 Led quarterly DR tests with complete documentation, validating network redundancy, and business
continuity readiness.
 Implemented change management workflows using Git and Jenkins for network infrastructure
updates. Reduced misconfigurations and rework.
 Provided SME-level support for incidents involving latency, packet drops, and policy conflicts.
Coordinated with vendors for RCA.
 Monitored network traffic using NetFlow and syslogs. Integrated logs with Splunk for threat
detection and anomaly insights.
 Trained junior engineers on firewall rule creation, network zoning, and troubleshooting steps as part
of internal knowledge transfer.
 Migrated site-to-site tunnels from legacy ASA to Palo Alto NGFWs. Enhanced encryption policies and
simplified routing tables.
 Deployed Azure WAF with App Gateway for public-facing apps. Applied custom rulesets to block
malicious traffic.
 Optimized routing decisions using IP SLA and object tracking on core switches. Ensured automatic
failback post-outage.
 Introduced Cisco DNA Center for inventory, config compliance, and assurance features. Ran health
checks across fabric switches.
 Built hub-and-spoke VPN topology with Azure Virtual WAN and Cisco SD-WAN integration. Managed
regions via centralized templates.
 Integrated network provisioning workflows into CI/CD pipelines using Jenkins and Git to automate
config validation and reduce production rollout errors.”
 Supported app teams during rollouts by performing packet captures, latency analysis, and ACL
verifications.
 Handled lifecycle upgrades of network hardware and firmware for Fortinet, Cisco, and Palo Alto.
Conducted pre- and post-check validations.
 Participated in design sessions for cloud expansion, offering recommendations on routing, firewalls,
and cost-effective peering.
 Managed compliance for HIPAA and SOX audits by maintaining structured documentation and
system access control.
 Regularly optimized cloud routes, firewall throughput, and peer links based on monthly traffic
reviews and projections.

Environment: Azure Virtual WAN, Azure Firewall, Azure Monitor, Azure WAF, App Gateway, Private
Endpoints, NSGs, UDR, Terraform, Palo Alto, Panorama, FortiGate, Cisco ASA, Cisco ISE, Cisco SD-WAN,
Cisco DNA Center, F5 BIG-IP, Ansible, Jenkins, Git, SolarWinds, Splunk, Microsoft Sentinel, BGP, IP SLA,
Python, NetFlow, GlobalProtect, MFA, VPN Gateway, Service Endpoints, Log Analytics, AD, 802.1x,
SAML, SSL, Routing Tables, Prefix Lists, VPN Tunnels.

Best Buy, Richfield, MN Mar

Responsibilities:
 Deployed redundant site-to-site tunnels and transit connections to ensure failover between
corporate sites and cloud workloads.
 Built and managed routing policies using BGP with careful filtering and aggregation, improving route
stability and reducing convergence time.
 Implemented firewall clustering using Palo Alto appliances to protect both internal services and
internet-facing workloads.
 Designed logical network segmentation using VLANs and VRFs to separate PCI, development, and
public traffic zones.
 Used automation tools to configure switches and firewall policies, cutting manual effort and
standardizing deployments.
 Integrated AWS Direct Connect and Azure ExpressRoute into multi-cloud network fabrics for hybrid
access, using BGP for route control and redundancy
 Integrated IAM roles and network ACLs to enforce layered access controls across distributed
environments.
 Tuned F5 BIG-IP for SSL offloading, web traffic optimization, and WAF profiles to support customer-
facing applications.
 Collaborated with DevOps teams to ensure traffic shaping, DNS routing, and endpoint monitoring
during rollout phases.
 Install, configure TCP/IP and operate wired and wireless networks.
 Monitored inter-region latency, packet loss, and throughput with SolarWinds and used findings to
adjust policy routing.
 Enabled private IP connectivity across VPCs using centralized routing, saving on NAT costs and
reducing complexity.
 Used Terraform for repeatable network provisioning of VPCs, subnets, and security groups in dev,
staging, and prod.
 Participated in architecture reviews to improve peering strategies, firewall rules, and network
logging frameworks.
 Upgraded Fortinet devices with minimal downtime using HA and pre-validated rollout plans.
Performed end-to-end post-checks.
 Reviewed cloud routing and integrated with DNS resolvers to support internal domains and secure
app access.
 Led incident resolution for network outages, routing loops, and asymmetric path issues, ensuring
minimal business impact.
 Applied updates to firewall policies using Panorama and ensured they met traffic inspection and
compliance rules.
 Built monitoring pipelines using syslog, flow data, and endpoint logs for alerting and historical
analysis.
 Worked closely with SOC and compliance teams to align firewall logging and retention with
governance mandates.
 Managed multi-region network architecture to support scaling, availability zones, and global
performance tuning.
 Integrated cloud firewall rules with traditional perimeter devices, ensuring end-to-end traffic
visibility.
 Created custom Python scripts for BGP status polling, interface flaps, and automatic ticketing alerts
via webhooks.
 Handled cloud egress optimizations and aligned security groups with internal security baselines.
 Used SD-WAN to improve last-mile performance for warehouses and branch offices, dynamically
routing based on SLA.
 Deployed traffic shaping policies to prioritize order-processing apps and suppress bandwidth-heavy
non-critical tools.
 Performed regular ACL reviews and session table cleanup on firewalls to enhance performance and
reduce CPU spikes.
 Managed NAT policies and port forwarding rules to support service migration without client
reconfiguration.
 Conducted DR drills simulating region failures, verifying redundancy in routing, tunnels, and edge
firewall paths.

Environment: AWS, Palo Alto, Panorama, Fortinet, Cisco ASA, Cisco SD-WAN, F5 BIG-IP, Terraform,
SolarWinds, BGP, VPN, VRF, VLAN, Ansible, Python, Panorama, IAM, Security Groups, ACLs, NAT, DNS,
syslog, flow logs, routing tables, load balancers, private IP, DevOps integration, webhooks.

Birlasoft, India Jun 2017

Responsibilities:
 Supported hybrid cloud connectivity using ExpressRoute and managed route filters to allow
selective prefix advertisement.
 Built resilient architecture with active-passive tunnels and BGP route tuning to ensure automatic
traffic failover during outages.
 Configured Palo Alto firewalls to enforce identity-based rules and integrated them with internal
authentication systems.
 Used templates and shared objects to reduce repetitive configurations and improve consistency
across devices.
 Created custom route tables, peering connections, and firewall policies to control traffic between
multiple subnets.
 Monitored VPN health and tunnel stability using IPSLA-based route tracking to improve service
uptime.
 Collaborated with cross-functional teams to design secure traffic flows between internal applications
and third-party services.
 Routing Protocols, Networking Layer1, 2, 3 Switching concepts, LAN/WAN technologies, Wireless
Networking, TCP/IP concepts.
 Leveraged Azure DNS to simplify resolution of private endpoints and ensured conditional forwarding
for hybrid queries.
 Managed segmentation using VLANs and access ports across the switch fabric, supporting secure
device onboarding.
 Implemented posture-based access control using Cisco ISE to ensure compliance before granting
network access.
 Applied NAT and UDRs to direct outbound traffic through next-generation firewalls and avoid
asymmetric routing issues.
 Audited security rules and adjusted priorities to reduce rule shadowing, redundant entries, and risk
exposure.
 Used automation scripts for routine tasks like interface health checks, MAC address mapping, and
log extraction.
 Participated in regular change control sessions and ensured rollback plans were tested and
documented.
 Handled lifecycle replacement of aging switches and firewalls, ensuring minimal downtime through
phased migration.
 Built baseline configurations and golden images to maintain uniformity across newly deployed
network devices.
 Provisioned secure site-to-site VPNs and configured high-availability setups for critical edge devices.
 Enabled logging on all traffic rules and exported logs to centralized tools for monitoring and
forensics.
 Supported segmentation in cloud environments using NSGs and private link integrations for core
applications.
 Ensured firewall changes were tied to formal requests and performed peer reviews before
implementation.
 Provided L3 support for complex issues involving DNS resolution failures, asymmetric flows, or
packet drops.
 Created visual topology maps for troubleshooting and to document changes after major
deployments.
 Deployed monitoring alerts for bandwidth usage, CPU thresholds, and interface errors across
network gear.
 Tuned log retention settings and adjusted alert thresholds to minimize false positives and focus on
actionable issues.
 Designed logical topologies to integrate cloud firewalls with existing perimeter and internal zones
securely.
 Assisted with risk assessments by identifying open ports and reviewing inbound/outbound flows
across interfaces.
 Actively worked with compliance auditors to present access policies, VPN logs, and firewall rule
documentation.

Environment: Azure, ExpressRoute, Palo Alto, Cisco ASA, Cisco ISE, NSG, UDR, Azure DNS, VPN, BGP,
IPSLA, VLANs, NAT, Terraform, Python, Log Analytics, private link, network peering, access ports, DHCP
relay, route filters, MAC tables, authentication integration, topology design.

Polaris, India Oct 2015

Responsibilities:
 Handled WAN and LAN routing using OSPF and BGP, tuning metrics and route maps for optimized
traffic flow.
 Deployed high-availability firewall clusters with failover validation and health monitoring using
SNMP traps.
 Designed and maintained L2/L3 switching environments using STP, EtherChannel, and HSRP for
redundancy.
 Coordinated with NOC to improve incident response and created runbooks for frequent network
events.
 Supported voice and video traffic optimization using QoS policies, prioritizing latency-sensitive data.
 Conducted end-to-end packet captures to trace intermittent issues affecting application-level
performance.
 Maintained fiber and copper connectivity standards for edge devices and backbone links across
multiple sites.
 Implemented MAC address filtering and DHCP snooping to prevent rogue devices in the access
layer.
 Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment
 Reviewed ACLs across routers and switches to ensure proper segmentation between internal
departments.
 Performed firmware upgrades on Fortinet firewalls and ensured configurations were preserved
pre/post upgrade.
 Used NetFlow for flow-level monitoring and analyzed top talkers to detect anomalies in usage.
 Assisted with IPv6 readiness by testing address schemes and enabling dual-stack on access
switches.
 Automated VLAN provisioning and port configurations using Ansible to reduce manual errors.
 Created interface utilization reports and shared with teams during capacity planning meetings.
 Managed MPLS circuits for inter-office connectivity and resolved route leaks using RT/RD
refinements.
 Participated in vendor reviews to evaluate new edge router solutions and performance benchmarks.
 Performed security audits on switch ports, disabled unused interfaces, and applied storm control
policies.
 Delivered weekly status updates on key projects and risk areas to network leadership and PMO.
 Configured Syslog servers and synchronized time sources using NTP for accurate log tracking.
 Documented rack layouts, cabling diagrams, and logical network flows for better team onboarding.

Environment: Cisco Catalyst, Cisco ISR, Fortinet Firewalls, BGP, OSPF, MPLS, STP, EtherChannel, HSRP,
ACLs, QoS, NetFlow, Ansible, SNMP, Syslog, DHCP Snooping, MAC Filtering, IPv6, NTP, RSTP, port
security, interface monitoring, topology documentation.