Resume : ANIRUDH
WORK SUMMARY:
· Around 10 years of experience in Routing, Switching and Firewall Security, including hands-on experience in providing network support, installation, and analysis for a broad range of LAN / WAN/MAN communication systems.
· Strong knowledge in Cisco Routing, Switching, and Security with Cisco hardware/software (heavy Cisco shop) experience.
· Experience in configuring Cisco Nexus, Catalyst and Cisco Switches, Cisco Routers, Aruba Access Points.
· Expertise in configuring and troubleshooting Cisco ASA, Palo Alto, and checkpoint firewalls.
· Experience in Configuring and troubleshooting BIG-IP F5 load balancer LTM Creating virtual servers, nodes, pool, and Rules on BIG-IP F5 in LTM module.
· Expert knowledge on Cisco Meraki.
· Experience in managing and troubleshooting Zscalar cloud and Cisco Umbrella proxies.
· Experience in implementing Site-to-site, remote access VPN, DMVPN technologies using GRE, IPSEC & MPLS.
· creating and deploying internal and external wireless and VoIP networks.
· Experience in Network Design, Implementations, Troubleshooting, Operations, and Network Support seeking a challenging position.
· Experience in configuring MPLS and SD WAN.
· Expertise experience in implementing and troubleshooting VLANs, VTP, STP, RSTP, DTP, Root Guard, BPDU Guard, Port Fast, Uplink Fast, Backbone Fast, Ether Channel, PAGP, LACP, and 802.1Q.
· Working experience of protocols Frame relay, MPLS, ATM, and PPP.
· Worked on MPLS-VPN designs for the migration of Frame relay to MPLS system.
· Identifying issues on the networks supporting Exchange and Outlook.
· Knowledge on Illumio’s ASP.
· Expert Level Knowledge about TCP/IP, Spanning tree, and OSI models.
· Solid understanding of networking protocols, including bridging, routing, TCP/IP, DHCP, ARP, DNS, NAT, and STP.
· Experience with cloud-native security tools such as AWS Security Hub, Azure Defender, and Google Chronicle for threat detection and compliance.
· Exposure to Zero Trust Security Models, SASE (Secure Access Service Edge) architecture, and XDR (Extended Detection and Response) integrations.
· Familiarity with SOAR platforms like Cortex XSOAR and Splunk Phantom to automate security operations.
· Strong understanding of containerized environments using Docker and Kubernetes security best practices.
· Configured network security policies IPSEC, SSL, NAT, PAT, VPN, Route-maps, distribute lists, Prefix lists, Access Control Lists (ACL), filters in Cisco ASA, Juniper SRX, Palo Alto environments.
· Experience with implementing, administering, and supporting network infrastructures using Cisco equipment, including ASA Firewalls, ASP Routers, Nexus switches, and Wireless Access Points.
· Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP, Ether channel, STP, RSTP, and MST.
· Experience in implementing Cisco ISE for wired authentication.
· Strong hands-on experience on Cisco ASA Firewalls Implementing and Troubleshooting NAT, ACLs, Failover Active-Active and Active-Standby), Security Contexts & Transparent firewall PBR, MPF, QoS, IPsec Site2Site VPN, SSL VPN, Remote Access VPN and OS Up-Gradation in failover pair as well as Stand-alone device.
· Proactively Monitor and Manage customer network on a 24/7 basis resolving the tickets within SLA.
· Documentation skills (Visio for architectural and network diagrams and preparing LLDs and HLDs).
· Experienced with various dynamic and static network protocols RIP, OSPF, EIGRP, HSRP, VRRP, BGP, VLAN, Spanning Tree, Frame-relay, MPLS, and IPsec VPN.
· Worked in OSI model, TCP/IP, UDP, IP addressing, and Subnetting.
EDUCATIONAL SUMMARY:
· B. Tech (Computer Science Engineering) completed from GITAM University
· Part-time Master’s in cyber security at University of Maryland, College Park.
CERTIFICATIONS:
· CCNA Certification (CSCO14112784).
· CCNP Certification (CSCO14112784).
· CISSP – Certified Information Systems Security Professional
· Certified Information Security Manager (CISM)
· PCNSA – Palo Alto Networks Certified Network Security Administrator
TECHNICAL SKILLS:
· Cisco Routers: ASR1000, 3900, 6008,9912, 3800, 3700, 7206VXR, 7500, 1800, 2500, 2600, 3600.
· Cisco Switches: 6500, 4510, 3750X, 3550, 3650, 3750G, 2960.
· Firewalls: Palo Alto, checkpoint, Cisco ASA, FortiGate.
· Routing Protocols: EIGRP, OSPF, BGP, RIPv2, ISIS, IGRP, TFTP, FTP, HTTP, SSH, HSRP, VRRP, ISL, CDP, SNMP, NAT, ICMP, TCP/IP, DNS, DHCP, ACL, VACL, VOIP (-H.323, H.248, SIP, MGCP, SCCP) SDN, CAS, Analog.
· Switching Concepts: VLAN, STP, RSTP, VTP, Ether Channel, Port Fast, IP access Control lists, Uplink Fast and Backbone Fast, HSRP, VRRP.
· Proxy: Zscaler, Cisco Umbrella
· Cloud Security: AWS Security Hub, Azure Defender, Google Chronicle, Prisma Cloud, Microsoft Sentinel, CrowdStrike Falcon, Sentinel One.
· DevSecOps & Automation: Terraform, Ansible, Jenkins (for IaC and automation), GitHub Actions.
· SIEM & SOAR: Splunk, Elastic SIEM, Microsoft Sentinel, IBM QRadar, Cortex XSOAR.
· Wireless: Aruba wireless controller and IAP’s 300 and 500 series.
· Network Topologies: Frame Relay, ISDN, Gigabit Ethernet, OSI, and TCP/IP layered architecture.
· LAN: 10/100/1000 & 10 GBPS Ethernet.
· WAN: MPLS, Frame Relay, Dialup, VoIP (Protocols-H.323, H.248, SIP, MGCP, SCCP, media-RTP/RTCP), Cisco Routers and Switches, CSU/DSU, SDN, CAS, Analog.
· SD-WAN: Cisco, Versa, Viptela.
· WLAN: IEEE 802.11, PHY and MAC layer functionality, WLAN controller/Aruba/Meru.
· Operating Systems: Windows Servers 2003/2008/2012, Windows 7, Windows Vista, Windows XP troubleshooting.
· Zero Trust & Identity: Okta, Azure AD, Duo Security, Cisco ISE, Zscaler ZPA/ZIA.
· SASE & CASB: Netskope, Palo Alto Prisma Access, Cisco Umbrella SIG.
· Endpoint Detection & Response (EDR/XDR): CrowdStrike, SentinelOne, Carbon Black, Microsoft Defender for Endpoint.
· Network Monitoring Tools: Net scout, Solar winds, Cascade, Wire shark, Packet tracer.
· Documentation: Microsoft Office, Excel & Visio.
PROFESSIONAL SUMMARY:
HCSC April 2023 – Present
Network Security Consultant Richardson,TX
Job Responsibilities:
· Responsible for integrating Panorama with Firemon and implementing changes on firewalls through Firemon.
· Working on firewall and Proxy related tickets assigned through Service Now ticketing tool.
· Configuring and providing support for carbon black cloud.
· Providing support in firewall cleanup activity by analyzing 30000+ security policies.
· Managing IP subnets using IPAM.
· Assess risk, threat, and vulnerability analysis from internal and external sources to develop mitigation strategies.
· Troubleshot and resolved firewall connectivity issues across multi-vendor environments including Palo Alto, Cisco ASA, and Check Point.
· Design and deployment of Zscaler Cloud Security Platform, integrating web security, firewall as a service (FWaaS), zero trust network access (ZTNA), and data loss prevention (DLP) solutions to fortify clients against advanced cyber threats.
· Performed in-depth log analysis using Splunk and Panorama to investigate security alerts and anomalies.
· Deployed and tuned web filtering policies and malware protection on Blue Coat (Symantec) ProxySG appliances.
· Conducted periodic vulnerability scans using Tenable Nessus and supported remediation activities with system owners.
· Performed firewall rule reviews and risk assessments in accordance with PCI-DSS and HIPAA compliance requirements.
· Worked on Zscaler Internet Access and Zscaler Private Access. Worked on Migrating from Cisco IronPort’s and Bluecoat to ZIA. Worked on setting up tunnels from f5 devices to Zscaler cloud.
· Provided technical support for secure site-to-site VPN tunnels and remote access configurations.
· Utilized Wireshark and packet captures to analyze traffic patterns and isolate security issues.
· Worked on cloud security configurations and monitoring across Azure and AWS environments.
· Participated in Change Advisory Board (CAB) meetings for network security-related changes.
· Assisted in zero trust implementation initiatives and micro segmentation planning using Illumio and Palo Alto firewalls
· Providing operational support by handling security incidents in the environment and documenting the resolution process.
· Managing and storing complex passwords using CyberArk password manager.
· Assistance and support in protecting the cloud environment by using Divvy Cloud.
SUBWAY May 2022 – Mar 2023
Network Security Consultant Milford, Connecticut
Job Responsibilities:
· Experience in firewall optimizing tool Firemon.
· Experience in integrating Firemon with Panorama.
· Analyzing the configuration of existing Palo Alto firewalls using Panorama and reviewing the changes performed by Network team.
· Utilized Cisco DNA Center to manage and monitor the health and status of network devices, reducing downtime and improving overall network performance.
· In order to optimize the existing subway network we proposed to implement SD-WAN.
· Participating in Palo Alto firewalls rule clean activity by analysing shadow rules.
· Experience in managing Akamai Web Application Firewall.
· Experience in integrating all network devices with Sepio tool to monitor the interface information of all devices.
· Hands on experience in Carbon Black Cloud and Preempt Security.
· Experience in protecting the organization data using Digital Guardian DLP tool.
· Monitoring and checking compliance status of spine and leaf in Cisco ACI (Application centric infrastructure).
· Participated in implementing Illumio’s adaptive segmentation platform, ensuring effective micro-segmentation.
· collaborated with cross-functional teams to integrate Illumio solutions seamlessly into existing infrastructure.
· Experience in using Thycotic secret server for PAM.
· Assisted in onboarding Palo Alto firewalls into centralized Panorama for unified policy management and log aggregation.
· Worked with Zero Trust Architecture principles to enhance segmentation and access control.
· Participated in access reviews and user privilege audits to support least privilege enforcement using PAM solutions.
· Utilized Splunk for log analysis and correlation of network and endpoint security events.
· Created firewall policy documentation and topology diagrams to support change management and audit readiness
· Hands on experience in Varonis data classification tool.
· Experience in Rapid7 IDR for vulnerability assessment.
Lumen Technologies Feb 2022 – May 2022
Network Security Engineer Herndon,V
Job Responsibilities:
· Experienced in Network Segmentation Project as a Palo Alto Engineer.
· Design expertise for the SD-WAN(cisco),SD-LAN and WAN optimization technologies for efficient delivery of the application data across LAN and WAN.
· Responsible for the traffic monitoring for these three applications in Dev environment.
· Integrated Cisco Duo with various identity providers (IdPs) such as Active Directory, LDAP, and cloud-based identity services to streamline user authentication processes across the organization.
· Writing policies and modify the existing policies based on the requirement.
· Allow the traffic and deny the traffic based on the ports as per the requirements.
· Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering.
· Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
· Successfully installed Palo Alto PA-3060 and –PA-5020 firewalls to protects Data Center and
provided L3 support for routers/switches/firewalls.
· Integrated Panorama with Palo Alto Firewalls along with managing multiple Palo Alto Firewall using
Panorama.
· Provided updates and upgrades to the Palo Alto Firewall and Panorama devices.
· Created documents for various platforms including Nexus 7K, 1k enabling successful deployment of
new devices on the network.
· Experience configuring Virtual Device Context in Nexus 7k series switch.
· Troubleshoot the network issues, restore and refactoring the original configurations by using Palo
Alto, Wireshark network analyzer.
HCL June 2018 – Jan 2022
Security Specialist
Client: Performance Food Group. March 2020 – Jan 2022
Richmond, Virginia
Job Responsibilities:
· Experience in Rule analysis and Rule Modification on ASA Firewall and FMC.
· Experience in Symantec Endpoint Protection, CISCO Umbrella proxy.
· Experience on Cisco AnyConnect VPN client.
· Used Network monitoring tools to ensure network connectivity and protocol analysis tools to assess the networking issues causing service disruption.
· Analyzed information provided from existing legacy AAA system to migrate to ACS.
· Worked on Authentication, access management, and Security rules upgrade for the authentication on Cisco ISE.
· Planning and executing changes and upgrades to the operating system of servers directly supporting firewall components and functionality.
· Performed security assessments of different web applications and network penetration testing using OWASP Top 10 standard (Like SQL injection, XSS, CRSF) and prepared detailed security reports.
· Experience in APM and ASM to enable policy enforcement and control who accesses your apps.
· Articulate the business drivers and translate those requirements into a detailed network design.
· Experience in Cisco MAB management in tracking user logging details and traffic.
· Responsible for implementing, managing, and maintaining Cisco ISE, ISE server, and Cisco Prime for NAC solutions.
· Maintaining and Updating inventory using Network Management Application layer software like SNMP, Wireshark, NTP, and Syslog.
Client: ELDERS June 2018 – March 2020
Melbourne, Australia
Job Responsibilities:
· Experience in installing, configuration, and maintenance of Cisco routers, catalyst switches, and firewalls.
· Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering). Configured and maintained IPsec and Palo Alto firewalls.
· Experience on Panorama centralized management.
· Deploying ISE Wired and Wireless Authentication, Authorization, and Accounting.
· Load Balancing on Web Applications using BIG-IP’s F5 LTM and Cisco ACE 4710 load balancer. Leveraging F5 LTMs >TMs to improve web application delivery speed and replication through global data centers.
· Authentication of network traffic by BIG-IP system using data stored on a remote server.
· Hands on experience in Cisco Meraki.
· Responsible for Palo Alto and ASA firewall management and operations.
· Worked on Authentication, access management, and Security rules upgrade for the authentication.
· Hands-on Experience in Cisco ACS and ISE and PKI management and administration.
· Experience on Symantec Endpoint Protection, Zscaler Cloud Proxy.
· Hands-on experience on RSA Net Witness SIEM Tool, Citrix Net Scaler, and CyberArk.
· Worked on Access control, Rules Upgrade RADIUS, and TACACS+ management in ACS.
Canny Technologies Jan 2016 – June 2018
Jr Network Security Engineer
Job Responsibilities:
· Upgrading Cisco 7200, 3600 Router IOS Software, backup Routers, and Catalyst 3560, 4500 switch configurations.
· Support 24×7 operations and answer calls from the customers on network emergencies and resolve issues.
· Install and manage Cisco Catalyst 3500XL, &2960 series Switches and Cisco 1800, 3900 series routers.
· Plans, coordinates, implements, and supports the LAN / WAN hardware, software, and Internet /Intranet integration network connectivity, diagnose network failures, and resolve any problems.
· Responsible for implementation and day-to-day operations of all associated hubs, routers, bridges, gateways, and related equipment.
· Monitoring the network, troubleshooting network problems, implementing changes, communicating, and working closely with vendors, customers, system administrators.
· Troubleshoot Frame Relay; T1, T3, IP, and OSPF-related router and circuit issues.
· Responsible for LAN and internet connection files and print servers.
· Maintained and installed new internet connections for customers.
· Handled installation of Windows NT Server and Windows NT Workstations.
· Handled Tech Support as it relates to LAN & WAN systems.
· Hands-on Experience in Inter- VLAN routing, redistribution, access lists, and dynamic Nat configurations.
· Log messages using the Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade the performance of the network.
· Involved in all technical aspects of LAN and WAN projects including, short- and long-term planning, implementation, project management, and operations support as required.
· Conduct thorough analysis, problem-solving, and infrastructure planning.
· Aided Network Manager and serve as Secondary Network support.
· Troubleshoot and fix any backup and monitoring systems-related issues in conjunction with the Systems team and external vendors.
· Active participation in operational support for routing/switching protocols in complex environments including BGP, OSPF, EIGRP, Spanning Tree, 802.1q, etc.
· Managed various teams involved in site surveys, cabling specifications, Network equipment installation, and configuration.
· Design OSPF areas for reliable Access Distribution and Core IP Routing.
· Used various scanning and sniffing tools like Wire-shark.
· Network Migration from RIP to OSPF and EIGRP.
