Home

Tarun Reddy - Network Engineer

[email protected]

Location: Louisville, Kentucky, USA

Relocation:

Visa: H1B

Tarun Reddy Sr. Network Security Engineer Ph. No: 678-869-1899 Email Id: [email protected] Professional Summary: Network Engineer with 11+ years of experience in troubleshooting, implementing, optimizing and maintaining enterprise data network and service provider systems. Implementing IP addressing schemes, LAN/WAN protocols, IP Services, to fulfill network requisites in different environments. Proficient in Cisco IDS/IPS, ASA 5520, 5540, 5550, Checkpoint NGX R70,R75, R77 Gaia, R80.20, VSX, Provider-1/MDM/MDS, SPLAT, Nokia IPSO, Juniper Net screen Firewall, Juniper SRX, Palo Alto Pa-500, Pa-3000, Panorama, Snort IDS, Syslog analysis and Windows/Linux/Unix Security configurations. Experience in working with Juniper M-Series routers, SRX 240/550/1400/3400, SSG 140/550M firewalls, NSM, JUNOS and Screen OS. Proficient in Manage and maintain Check Point Cluster XL, VSX, VPN-1 firewall, strong abilities in installation and configuration of Check Point security Gateway, SmartConsole and SmartCenter server. Hands on experience in configuring Cisco Catalyst 2960, 3750, 4500, 6500 series Switches, Cisco 2600, 2800, 3600,3800, 7200 series routers & Cisco Nexus 7000 series, 5000 series, 2000 series data center switches. Proficient in Configuring Virtual Local Area Networks (VLANS) using Cisco routers and multi-layer Switches and supporting STP, RSTP, PVST, RPVST along with trouble shooting of inter-VLAN routing and VLAN Trunking using 802.1Q. Good working Experience with Aruba controller s configuration. Good working knowledge of Security Products like FireEye, Splunk, Zscaler (Application security). Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, Route Maps and route manipulation using Offset-list. Hands on in deployment of GRE tunneling, SSL, Site-Site IPSEC VPN and DMVPN. Managed inventory of all network hardware, Management and Monitoring by use of SSH, Syslog, SNMP, NTP. Strong experience on Juniper SSG series Firewalls and Checkpoint R77.30, R80.10 Firewalls. Experience with F5 load balancers - LTM, GTM series like 6800 and 8900 for the corporate applications and their availability. Knowledge of implementing and troubleshooting complex layer 2 technologies such as VLAN Trunks, VTP Ether channel, STP, RSTP and MST. Proficient in Cisco IOS for configuration & troubleshooting of routing protocols: MP-BGP, OSPF, LDP, EIGRP, RIP, BGP v4, MPLS. Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance, Failover DMZ zoning & configuring VLANs/routing/NATing with the firewalls as per the design. Successfully installed Palo Alto PA-3060 firewall to protect data center and provides L3 support for routers/switches/firewall. Cisco ASA and FWSM, Fortinet FortiGate; F5 AFM, A10 WAF, IDS/IPS systems, and general knowledge of security features and protocols. Performed Installation of Cisco ASA 5585 & 5520 series firewalls as well as Palo Alto 3500 series. Proficient in using SolarWinds Network Management tools like Network Performance Monitor (NPM), Netflow Traffic Analyzer, Network Configuration Manager (NCM) and Cisco Prime. Provide 24/7 support. Education Qualifications: Bachelors in Electronics and Communication Engineering, India. Master s in information technology, Wilmington University, DE. Professional Experience: Cisco, RTP, NC July20 Present Sr. Network Security Engineer Responsibilities: Configuring rules and Maintaining Palo alto Firewalls & Analysis of firewall logs using Panorama. Designing and implementing new network solutions and/or improving the efficiency of current networks. 24x7 continuous Services monitoring performance metrics, and alerting. Access to a Service portal to view and manage customer end users, review reports, create review support tickets, and other Service-related information Cloud-based, scalable, infrastructure, configured for high resiliency and connected to a scalable, redundant, cloud-based infrastructure, designed to provide scalable remote access Establish and monitor site-to site-connectivity, providing secure access to customer systems and applications to locations defined as sites One or more sites can be configured for diversity, redundancy, and bandwidth requirements through optional sites configured. Customers are able to use an existing AnyConnect Client configuration with the Service. Use of Service Portal: Cisco Defense Orchestrator (CDO) Remote Access Virtual Private Network monitoring portal, and the Remote Access problem and incident management portal, (Collectively, Portal ). This system uses single sign-on access to authorized users. Optional Additional Services: Cisco Umbrella (UMB): Cloud Enterprise Network Security Implemented Zscaler firewall for all remote sites in Asia and Europe. Designing, deploying and supporting Zscaler Cloud based Infrastructure across various Data Centers and Disaster Recovery environments. Working on Palo Alto, ASA and Checkpoint Firewalls. Cisco Umbrella (UMB): Cloud Enterprise Network Security with Secure Internet Gateway (SIG) When CMS engages with Cisco TAC for support, CMS aids in triaging issues. This responsibility includes the following: Experience in installing, configuring and troubleshooting Firewalls and VPN issues. Capturing and providing the details of reported issues Triaging issues/providing evidence to Cisco TAC. Confirming that issues are not related to hardware, software, applications, or other sources provided by the end user. Auto Owners Insurance, Lansing, Michigan June19 June20 Sr. Network Security Engineer Responsibilities: Configuring rules and Maintaining Palo alto Firewalls & Analysis of firewall logs using Panorama. Successfully installed Palo alto PA-3000/PA-5000 firewalls to protect Data Center and provided L3 support for routers/switches/firewalls. Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls and implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall. Exposure to wild fire feature of Palo Alto. Worked with Palo Alto firewalls PA250, PA4050, PA3020 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Technical assistance for LAN/WAN management and complex customer issues. Worked on Paloalto APP-ID, User-ID and other security profiles like Anti-virus, Threat Prevention, URL-filtering and Wildfire etc. Working on Zscaler policies, cloud app control policies, advanced threat, malware, sand box based polcies. Working on Azure AD SAML authentication for Zscaler authentication and AD group based policies. Worked on SCIM provisioning from Azure AD to Zscaler ZIA for users and groups sync. Worked on ZPA for replacing traditional ssl vpn. Replacing Checkpoint VPN and Bluecoat proxy with Zscaler and worked on implementing Zscaler in Production Configured systems log on the Palo Alto firewall and moved the logs to Splunk. Worked with Palo Alto firewalls PA5050 using Panorama servers, performing changes to monitor/block/allow the traffic on the firewall. Responsible for Palo alto and Cisco ASA firewall administration across our global networks Maintenance and configuration of Cisco ASR1000 series Converted Cisco ASA firewalls to Paloalto firewalls using Palo Alto conversion tool. Extracted the logs, perform real time log analysis using SPLUNK SIEM technologies during troubleshooting. Worked on the Bluecoat proxies for URL and content filtering solutions. Performed firewall clean up using Tufin Secure track firewall optimization tool. Responsible in troubleshooting on Cisco ISE added new devices on network based on policies on ISE. Configured Cisco ISE for Domain Integration and Active Directory Integration. Implemented and supported Cisco Identity Services Engine (ISE) with the Cisco ASA 5500 series for VPN connectivity. Strong experience in creating firewall policies as per the requirements on Palo Alto, Cisco ASA, Juniper and Fortinet firewalls. Implemented and configured Fortinet Firewall FortiGate 600, 800 series. Worked on Fortinet, Fortigate firewall, Forti-Manager, Forti-Analyzer. Hands on experience with Cisco 3560, 3750X, 3850, 4500, 9300 & 9407 series switches with Cisco Hardware/Software upgradations, configuring, deploying and fixing them with various network modules. Involved & supported in the team for maintenance in connectivity for approximately 200+ switches. Migration of core DNS, DHCP and NTP services from Microsoft to Infoblox. Handling various trouble tickets, firewall rule changes, assisting other teams to bring the device to production, making DNS changes in InfoBlox and routing changes. Configuring, upgrading and deployment of Nexus 7010, 5596 and 2248. Worked on Cisco IOS for configuration & troubleshooting of routing protocols: OSPF and BGP. BCBS, Jacksonville, FL Nov 18 May19 Network Security Engineer-3 Responsibilities: Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow Diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio. Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools. Implemented many numbers of security policy rules and NAT policy rules on Palo Alto, created Zones, Implemented Palo Alto Firewall interface, Palo Alto IDS and VLAN. Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall Worked on Panorama M100 Implemented Panorama and created devices groups and template groups to manage remote firewalls. Upgraded Palo Alto Firewalls PA-7000 to PA-9000. Troubleshooting of protocol-based policies on Palo Alto firewalls and changing the policies as per the requirement and as per traffic flow. Primarily worked on Checkpoint Security Gateways running R77.30 and Fortinet Firewall running Forti OS 5.2 Completed a wired ISE deployment for a medical devices company ensuring network segmentation and posture impacted the security classification of the device. Worked on upgrading Cisco ISE 3300 Appliances and 1.0.4 Cisco ISE software on VMware's. Worked with Cisco ISE to identify threats in the network for rapid containment and remediation Created Virtual Servers on F5 Load balancer. Provided application level redundancy and availability by deploying F5 load balancers LTM. Implementation of F5 includes configuration/creation of Network Element, Pool, pool members and virtual servers. Worked on Zscaler Cloud proxies, Implementation of Policies, PZen Configuration, GRE tunnels to Cloud, PAC file configuration, DLP policies. Developed ACI (Cisco Application Centric Infrastructure) based Cisco Validated Designs for Enterprises and Service Providers to transform Traditional 3 Layer Architecture to ACI based (Spine, Leaf and APIC) Architecture. Implemented Cisco and Aruba Wireless Controllers, Aruba Wireless Access Points at corporate site as a part of WLAN Infrastructure. Worked on issues with IPS/IDS servers, Zscaler and Bluecoat Proxies. Experience with designing and managing SDN and hybrid networks, designed an SDN overlay network and enabled traffic manipulation by push of a button using RYU controller and REST APIs. Hands on experience in implementation and deploying BIG-IP F5 LTM load balancers for load balancing and network traffic management for business applications. Experience with working on latest cisco switches like Nexus 2000, 5000 and 7000 series switches while implementing advanced features like VDC and VPC. Responsibilities include software upgrade, license activation, configuring/installing new GSR router 7000,12000, Nexus switch 9000, 5000,3000, 9504, 9300, 3200, 2308, F5-5050 and maintaining network documentation. Implementation of Juniper Firewall, SSG Series, Net screen Series ISG 1000, SRX Series. Experience in layer 3 routing protocols including BGP and OSPF. Troubleshooting, optimizing and documenting LAN/WAN technologies and T1/T3 WAN technologies. Upgraded Virus definition on messaging and enterprise servers MacAfee. Experience in Solarwinds Network Performance Monitor, Network Configuration Manager, Network Traffic Analyzer (Netflow) and IP Address Manager. Performed network analysis using various tools like Wireshark and Solarwinds. Implemented Solarwinds groups as required for monitoring. Experienced with IP Address management (IPAM), DNS, DHCP by using Infoblox. Worked on Infoblox for creating the DNS entries, A records and CNAMEs. Provided network support for the core network including MPLS, DMVPN and Datacenters. Provided redundancy to the network, implemented hot standby routing protocol (HSRP) and Load sharing for effective utilization of router. Installing, Configuring and troubleshooting Cisco Routers (ASR1002X, 3945, 3845, 2800, 3600) to perform functions at the Access, Distribution, and Core layers. Vangaurd, Malvern, PA Mar 17 Nov 18 Network Security Engineer Responsibilities: Expertise in Palo Alto design and installation for Application, URL filtering, Threat Prevention and Data Filtering. Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls. Successfully installed Palo Alto PA-3060 firewalls to protect Data Center. Experience with deployment of Palo Alto firewalls for different NAT, video conferencing traffic. Utilized Check Point smart-dash board for Firewall and troubleshooting Successfully completed Firewall cleanup project consisting of multi-vendor like Checkpoint and Palo Alto. Drafting and Installation of Checkpoint Firewalls rules and policies. Experience in adding Rules and Monitoring Checkpoint Firewall traffic through Smart Dashboard and Smart View Tracker applications. Hands on experience on all software blades of Check Point firewall. Using Smart Update, User Management and Authentication in CheckPoint Firewall. Configuring & Administration of the Checkpoint Firewall that includes creating Hosts, Nodes, Networks, Static & Hide NAT's. Checkpoint Firewall upgraded from Checkpoint R77.20 to R77.30 Gaia. Configuring Static, IGRP, EIGRP, and OSPF Routing Protocols on Cisco 1600, 2600, 2800, 3600, 7300 series Routers. Deployed on Nexus 7000, 5000 and 2000 series with V-Block servers and Cisco UCS E-series. Experience in working with Cisco Nexus 2148 Fabric Extender and Nexus 7010, 5000 series to provide a Flexible Access Solution for datacenter access architecture. Switching related tasks included implementing VLANs, VTP and configuring and maintaining multi VLAN environment and inter-VLAN routing on Fast-Ethernet channel. Worked with different vendors and implement Site-to-Site VPNs over the Internet. Implementing, configuring and troubleshooting routing protocols such as OSPF (v3, v2), RIPv2, BGPv4, EIGRP, HSRP, GLBP and MPLS. Experience in configuring, upgrading and verifying the NX-OS. Implemented site to site VPN in Juniper SRX as per customer Worked on Route-Reflectors to troubleshoot BGP issues related to customer route prefixes also route filtering using Route-maps. Worked on migration of existing PIX firewall to ASA firewall and with converting PIX rules over to the Cisco ASA solution. Configured and implemented dynamic routing protocols, ACL and Object Groups on Cisco ASA Firewall. Implemented CTP using TACAS+ and RADIUS on Cisco ASA Firewall. Configure various LAN switches such as CISCO CAT 2900, 3550, 4500, 6509 switches and Access layer switches such as Cisco 4510, 4948, 4507 switches for VLAN, Fast Ether Channel configuration. Performed load balancing and application level redundancy by deploying F5 BIG-IP LTM 3900. Creating Virtual IP address, Pools and Persistence profiles on F5 LTM. Involved in deployment of new F5 LTM for Datacenter and Implementation and troubleshooting F5 Load balancers. Working with Checkpoint Support for resolving escalated issues. Management of corporate Checkpoint Firewall implementing security protocols and alleviating network attacks Mapped, Network Diagrams and physical identification in MS Visio. Worked with engineering team to resolve tickets and troubleshoot L3/L2 problems efficiently. United Airlines, Elk Grove Village, IL Jan 16 Feb 17 Network Engineer Responsibilities: Troubleshooting the TCP/IP networks for connectivity, outages and slow network issues and recommended appropriate and cost-effective solutions for the congestion. Network consists of Heavy Cisco equipment such as: Cisco 3560, 2950, 2924 switches, Cisco 6509, 6513, 5500 series Layer 3 switches, Cisco 3825, 3640, 7200 series routers. Worked on F5 BIG-IP LTM 8900, configured profiles, provided and ensured high availability. Responsible for deploying various network security & High Availability in Checkpoint Firewall R76 Responsible for Cisco ASA firewall administration across our global networks Documenting and Log analyzing the Cisco ASA 5500 series firewalls Configuration and troubleshooting of Site to Site as well as Remote Access VPN on Cisco ASA. Configuring failover and working on ssl-vpn when in active/standby failover on ASA. Upgraded Cisco Routers, Switches and Firewall (ASA) IOS using TFTP. Extensively involved in .Net Exception Handling Management, Debugging and Tracing of the application Worked on 2600, 3500, 7613 Cisco Routers and 4500 and 6500 series Cisco Switches. Configured STP for loop prevention and VTP for Inter-VLAN Routing. Experience in configuring DNS Properties and maintaining DNS Database. Responsible for managing DHCP services, creating DHCP network templates and DHCP pool. Responsible for all routing, switching, VPN, network security, and server load balancing. Configured PPP, HDLC, BGPv4, EIGRP, MPLS and OSPF routing. Configuring HSRP between VLANs, Configuring Ether-Channels, Port Channel on 6500 catalysts Configured various BGP attributes such as Local Preference, MED, Extended Communities, Route-Reflector clusters, Route-maps and route policy implementation. Actively participated in upgrading fast Ethernet, Layer 3 switched/routed LAN infrastructure from Cisco 3640 to Cisco 2811 ISR routers and switches at access level to 2950, 3550. Configured Nexus 5020, 5548 7010 and 7702 with multiple distribution VDC s running EIGRP for route propagation between them. Infotech, India Jun13 Dec15 Network Engineer Responsibilities: Connected switches using trunk links and Ether Channel. Used Network Monitoring tool to manage, monitor and troubleshoot the network. Configured Cisco IOS Feature Set, NAT and Simple Network Management Protocol (SNMP) for Network Security implementation. Provided 24/7 rotational on call supports for branch offices. Configured Routing protocols such as RIP, OSPF, EIGRP, static routing and policy-based routing, infrastructure and configured the entire network Infrastructure devices including network printers. Configured RIP, OSPF and Static routing Configured VLAN, Spanning tree, VSTP, PSTP, SNMP on switches. Installed and configured workstations for IP based LAN's Configured and resolved various OSPF issues in an OSPF multi area environment. Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP addressing. Generating RCA (Root Cause Analysis) for critical issues of layer1/layer2/layer3 problems. Ability to analyze, configure and troubleshoot networks. Performing troubleshooting on slow network property problems, routing problems that involves OSPF, BGP and distinctive the foundation reason for the problems. Participated in Installation and configuration of Bluecoat Proxy SG in the network for web traffic management and policy configuration. Performing URL filtering and content filtering by adding URL s in Bluecoat Proxy SG s. Installed and configured DHCP Client/Server. Keywords: active directory ffive microsoft Delaware Florida Idaho Illinois North Carolina Pennsylvania