Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Sharath Setty

Milpitas,CA

Summary

Highly skilled Network and Security Engineer with 7 years of experience in designing, implementing, and troubleshooting complex network systems. Extensive experience with Cisco Nexus switches (9800, 9400, 7018, 5600) and Cisco routers (2900, 8200, 8600, ASR 9922, 1002) for optimal network performance and WAN connectivity (MPLS, VPN, point-to-point). Experienced in deploying and managing Cisco Meraki solutions for streamlined network management and cloud-managed infrastructure. Demonstrated proficiency in designing and managing secure and scalable network architectures within AWS, Azure, and GCP. Specifically, experienced with AWS VPCs, Azure Virtual Networks, and GCP VPCs, including subnetting, route table configuration, and network security groups. Implemented and managed cloud-based VPNs, direct connect/ExpressRoute/Cloud Interconnect, and cloud firewalls to ensure secure hybrid cloud connectivity and protect cloud resources. Complementing this strong networking foundation is a deep expertise in network security. Proficient in configuring and managing Palo Alto Networks (PA-3060, PA-7080, PA-5450), Juniper SRX (SRX1600, SRX2300, SRX1500), and FortiGate (3700F, 4200F, 6300F) firewalls for advanced threat prevention, intrusion detection/prevention, and application control.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Sr. Cloud Network Engineer

Caterpillar
11.2023 - Current
  • Improved communication efficacy, inter-VRF networking was included to the Cisco ACI shared-services architecture
  • Monitoring connections and traffic may be aided by configuring and maintaining safety groups, VLANs, and VRFs alongside to following the availability guidelines of the ACI system
  • Utilize quickly identify and fix security vulnerabilities, use FortiAnalyzer to create reports and carry out comprehensive analysis of log files
  • Worked on Cisco Secure Firewalls 3105 and 3110 employed comprehensive security research, firewall policy tests, and risk analyses to find issues and enhance system security
  • Using Cisco Firepower's SM-56 and 3xSM-56 capacities, secured network topologies were developed and put into operation in an integrated clouds atmosphere
  • Developed distinction methods and management by user rules to provide secured networking borders on Cisco Nexus switches
  • Deployed and configured Infoblox DDI solutions to streamline DNS, DHCP, and IP Address Management (IPAM) for centralized control and increased network efficiency
  • Deploying Nexus devices, including those in the 7010, 7018, and 5548 series, it might be easier to learn about layer 2 and 3 switches and routing
  • Configuring Cisco Nexus switches for effective firmware updates and ISSU to minimize disruptions and maintain optimal performance
  • Working on Juniper routers MX-2010, MX-204, and MX-304, security measures and firewall rules were configured using Junos OS to control traffic and enforce security measures at the system's edge
  • Designed to assess the reliability and adaptability of Cisco routers in order to identify and fix safety flaws
  • Developed and implemented Cisco routers to provide customizable routing, improve availability, and expand connectivity
  • Managed and installed Cisco routers; resolved problems at different OSI layers and performed regular service on router versions belonging to the 8100, 8200 and 8600 series
  • Improved reliability and security by configuring and maintaining the firewalls, switches, and routers for the Palo Alto PA-7020, PA-3410, and PA-5450 appliances
  • Applied comprehensive information and logging analysis from Palo Alto firewalls in collaboration with various fields to tackle complicated safety challenges
  • Maintaining a check on the evaluation of security and privacy requirements in order to better detect and remove unnecessary data and optimize the Palo Alto firewall's installation
  • Setting up Palo Alto Networks firewall groups, diversion strategies, and conversations to allow linked routing and IPv4 and IPv6 procedures disobeying commands
  • Implemented routine assessments of networks and effectively identified and resolved security flaws through the use of pertinent ISEC tools or antivirus software
  • Assisted the security team with the configuration of monitoring systems, approval or protection of unidentified hardware discovered on the internet, and development of Cisco ISE checks and alarms
  • Implemented and managed security groups and network ACLs within AWS VPCs to control inbound and outbound traffic effectively
  • Worked on AWS Network Firewall and Web Application Firewall (WAF) to enhance security for applications deployed in VPC environments
  • Configured DNS security extensions (DNSSEC) and threat intelligence in Infoblox, enhancing the network’s resilience against DNS-based attacks and data exfiltration
  • Installation of Infoblox security documents, that track and stop unauthorized IP addresses, DNS requests, and locations, enhances its ability to identify threats
  • Improved the advantages of SD-WAN for internet activities and applications, Viptela SD-WAN was incorporated with cloud-based services
  • Utilize multi-factor authentication and IPsec safety in your safe information connections; these features have been built in the Viptela SD-WAN architecture
  • Successfully designed and delivered secure cloud solutions for some of the Major organizations on AWS Cloud
  • Maintaining to business ethical standards and utilizing Active Directory appropriately are necessary for keeping conformity to legal rules
  • Developed an AWS Security Group strategy
  • Determined naming conventions, owners, and approval process for Security Group change requests in a promote-to-production environment
  • Enabled and configured CloudTrail logs for 26 AWS accounts
  • Created and managed an encrypted S3 Bucket for all CloudTrail logs and adjusted bucket policy for each accounts CloudTrail to access
  • Installed and configured Amazon’s Inspector
  • Created Targets and Templates and scheduled Assessment runs on all EC2 instances in the AWS account
  • Configured data loss prevention (DLP) policies within Zscaler to prevent sensitive data from leaving the organization, ensuring compliance with data protection regulations
  • Implemented Zscaler Private Access (ZPA) to ensure secure access to internal applications without the need for traditional VPNs, improving remote access security
  • Adaptive to cloud strategies based on AWS (Amazon Web Service)
  • Expertise in setting up and maintaining Arista switches 7170, 7170B, 7130, and 7280 to create safe and efficient networking setups for commercial settings
  • Configured Amazon Route 53 to manage DNS for internal and external domains, ensuring reliable domain resolution and routing
  • Implemented health checks and DNS failover mechanisms in Route 53 to automatically route traffic to healthy endpoints, enhancing service availability
  • Maintaining updating advanced Access Control Lists (ACLs) and virtual private networks (VPNs) for S3 folders, Route 53, EC2 systems, and other AWS connectivity features
  • Designing an internet architecture in AWS requires configuring VPCs, subnetting, deploying routing devices, carrying out NAT, and maintaining forwarding statistics
  • Utilizing immediate accessibility and authentication monitoring information using Splunk in combination with Aruba AP65, AP70, and AP12 Clear Pass to deliver proactive security and handling incidents
  • Configured AWS Identity Access Management (IAM) Group and users for improved login authentication
  • Developed an AWS security roadmap which included the AWS Services and 3rd party tools to be utilized in the AWS Cloud for Security monitoring
  • Improved automation's comprehensive efficiency; Netmiko script errors, program production, and SSH connection management were configured and managed
  • Developed new Ansible roles that enhance vulnerability tracking processes, contributing to and improving safety of devices
  • Monitored and analyzed web traffic using Zscaler's advanced threat protection features to identify and mitigate potential threats
  • Applied security best practices in AD, such as implementing strong password policies, enabling auditing, and securing domain controllers
  • Enabled DNSSEC for Route 53 domains and configured IAM policies to control access to Route 53 resources, improving security and compliance
  • Monitored the health and performance of AD using tools like AD replication status tool, and addressed any issues proactively
  • Improved the F5 Viprion 2400, 4480, and 4300 with additional safety capabilities to continually monitor networks performance and divert data from improper equipment
  • Performed comprehensive logging and analysis with Palo Alto firewalls to proactively identify and mitigate security vulnerabilities
  • Configured virtual systems (VSYS) and high availability (HA) setups on Palo Alto fire
  • Utilized F5 iRules to acquire comprehensive oversight of program connections, allowing platform customization for adherence to standards of privacy and effective traffic administration
  • Installed F5 Viprion devices to improve traffic allocation and control, considerably enhancing productivity and dependability
  • Implemented advanced Python technology to streamline network utilization tracking, develop accurate safety movements, and spot possible threats.

Sr. Network and Security Engineer

Terumo
09.2021 - 10.2023
  • Adding more tools and vendors to Active Directory in order to increase safety and streamline administration activities
  • Implemented secured ways, particularly the improved encryption approved, or AES, to Netmiko scripts to securely communicate and save passwords
  • Working with administration methods and instruments provided by Arista EOS, this includes reviewing network connectivity, detecting issue structures, and determining the troubles' source
  • Added additional connection options, established and managed distinct firewalls, virtualization setups, and different classes on Fortinet firewalls
  • Designed the FortiGate 7121F, 4400F, and 3700F firewalls, which employ security measures and safety screens to identify and halt potentially harmful software and network activity
  • Assisted to administer FortiGate firewall setups and kept an eye on all traffic sources to ensure the safety of the business's online connectivity
  • Worked on implementing GCP Load Balancing solutions (HTTP (S), TCP/UDP, SSL Proxy) to distribute traffic efficiently and ensure high availability of applications
  • Developed Ansible scripts to automate network configuration and security tasks, improving operational efficiency and compliance
  • Implemented secured ways, particularly the improved encryption approved, or AES, to Netmiko scripts to securely communicate and save passwords
  • Employed Cloud DNS for scalable and resilient domain name resolution services, optimizing the performance and reliability of applications
  • Deployed and optimized Google Kubernetes Engine (GKE) clusters with advanced network policies, ensuring secure container orchestration in a cloud environment
  • Implemented and managed Infoblox DDI systems, optimizing DNS and DHCP services within a large enterprise network
  • Collaborated with IT teams to integrate Zscaler's security services with other security tools, providing a comprehensive security solution
  • Set up Zscaler's secure web gateway to protect users from web-based threats and ensure secure internet access
  • Experienced in creating intricate multi-ISP systems for Cisco routers (8600, 8200, 8100, ASR 9910, and 9906 series) and switches (8200, 8500, 9300, and 9400 series)
  • Improved connection and guaranteed dependable communication by creating and implementing scalable network layouts with Cisco routers
  • Skilled in handling expansive, multi-tiered networking platforms familiar with Palo Alto Panorama ability to create and execute scalable security policies
  • Integrated autonomous threat management, leveraging the adaptable area lengths and security requirements of Palo Alto Panorama to adjust to changing network circumstances in real time
  • Developed and managed security measures for IPv4 and IPv6, involving traffic monitoring and assessment using Palo Alto Networks gateway data
  • Configuration and administration to consistent network control, a number of Palo Alto firewall models, including the PA-7000, PA-5250, and PA-3430, were installed, maintained, and created accessible
  • Installed and oversaw Infoblox DDI (IP Address Management, DHCP, and DNS) systems to improve safety measures and streamline network functions
  • Integrated AD with other systems and applications, such as email servers and enterprise applications, to streamline authentication and authorization processes
  • Diagnosed and resolved Active Directory-related issues, including replication problems, authentication failures, and permission errors
  • Implemented Cisco ISEC standards to offer durability and reliability, hence satisfying the ever-changing requirements of the company's secured network architecture
  • Set up GCP Firewall rules in order to allow or deny traffic to and from the VM’s instances based on specified configuration and used GCP cloud CDN (content delivery network) to deliver content from GCP cache locations drastically improving user experience and latency
  • Established a VPN tunnel between the corporate data center and the GCP environment to enable secure access to cloud resources
  • Developed and applied security policies using ISE to control user and device access based on roles, ensuring adherence to organizational security standards
  • Developed, executed the behavior, and oversaw the Cisco ACI fabric to provide network connectivity management and automation that is unified and policy-based
  • Integrated current networks with ACI fabric by configuring Cisco ACI in System Central modes, enabling integration and progressive transition of policy-driven and conventional network
  • Designed the data center's basic architecture, deploying the Nexus 7010, 9300, 9400, and 9800 switches as a single working architecture
  • Creating a single platform that lowers device delay and improves management effectiveness, Cisco Nexus switches have been used along with Cisco UCS servers and Fiber Channel SANs
  • Improved the internal network connection of the company by switching from server systems built on 6500 switches to those using Nexus switches
  • Integration Viptela SD-WAN with virtualized systems facilitates efficient communication and seamless usage of cloud-based applications for global clients and regions
  • Developing and maintaining SD-WAN support for Viptela growth led to better connections and easier control processes
  • Configured and maintained GCP Identity-Aware Proxy (IAP) to secure access to web application hosted on GCP, ensuring compliance with security policies
  • Working with DevOps teams to set up an GCP environment for apps using Google Kubernetes Engine Clusters in east and west regions respectively sitting behind a HTTPs Load balancer
  • Developed and implemented security policies using Terraform and cloud-based APIs, demonstrating proficiency in infrastructure as code
  • Designed an exclusive set of Ansible scripts to maximize productivity and interface with the most cutting-edge security available
  • Configuring, evaluation, and implementing Cisco Meraki MS 225, MS 250, and MS 350 layer 2 and layer 3 switches
  • Adding to enhanced security protocols, Python was used to create algorithmic methods for detecting risks and trends in internet activity.

Network Security Engineer

Huntington Bank
12.2019 - 07.2021
  • Install standard safety protocols into place, reduce the risk on remote networks, and incorporate Silver Peak SD-WAN into the existing security configuration
  • Assisted with on-site assessments and connection simulations to minimize transmission costs, optimize cable assignment, and comply with existing laws
  • Managed comprehensive network operations, including firewall deployments, Azure cloud infrastructure implementation, wireless network configurations, and network device upgrades for both internal and external client environments
  • Executed data center migrations to Azure cloud infrastructure, collaborating with server teams to ensure seamless transitions, which involved configuring Cisco ASA high-availability (HA) virtual machine pairs and establishing VNET peering and site-to-site VPN connections between on-premises and Azure environments
  • Configured Network Security Groups (NSGs) for each Virtual Network (VNET) and implemented User Defined Routes (UDRs) in routing tables, while also deploying and managing Windows and Linux virtual machines (VMs) within the Azure cloud
  • Developed and implemented Python automation scripts for Cisco network devices in a lab environment, enhancing network management efficiency and automation capabilities
  • Designed and established the architectural framework for multiple on-premises data centers, contributing to the overall enterprise network strategy and infrastructure design
  • Established site-to-site VPN connections from remote sites utilizing Meraki firewalls to the Azure cloud, ensuring secure and reliable connectivity for distributed network environments
  • Deployed and configured Azure virtual machines (VMs) for essential network services, including DHCP, DNS, and Syslog servers, to support network operations
  • Implemented an on-premises data center infrastructure featuring Cisco 3850 core switches and a Meraki MX 150 gateway, directing network traffic towards the Azure cloud for optimized performance and resource utilization
  • Configured AnyConnect client functionalities on Meraki firewalls to enable secure remote access for users, facilitating remote network connectivity
  • Deployed an additional on-premises data center with a FortiGate high-availability (HA) pair and established IPsec tunneling to the Azure cloud, ensuring robust and secure connectivity
  • Deployed over 200 Meraki MR-45 access points, adhering to meticulously prepared Method of Procedure (MOP) documentation to ensure successful and efficient implementation
  • Configured AWS VPN and customer gateway connections with remote Palo Alto PA-450 series firewalls, and implemented firewall policies and AWS security groups to secure cloud resources and network traffic
  • Integrated services such as GitHub, AWS CodePipeline, Jenkins, and AWS Elastic Beanstalk to develop a comprehensive continuous integration/continuous deployment (CI/CD) pipeline, automating software deployment processes
  • Empowered users to effectively manage software development, deployments, and infrastructure by implementing and supporting tools such as Jenkins and GitHub/Bitbucket, streamlining development workflows
  • Deployed containerized applications using Docker onto a Kubernetes cluster managed by Amazon Elastic Container Service for Kubernetes (EKS), optimizing application deployment and scalability within the cloud environment
  • Worked with incident response teams by assisting Wireshark in gathering information for risk analysis and protocol data collecting for inquiries
  • Configured and managed NetScaler Integrated Interface, providing secure remote access to corporate applications, showcasing experience with edge networking technologies
  • Implemented special rules to the Tetration architecture to identify unusual traffic patterns and attempts to enter networks without authorization, therefore thwarting potential invasions
  • Demonstrated expertise in network analysis and troubleshooting using Wireshark, aiding in protocol analysis and incident response
  • Development of secure checking connections with Azure VNets has made it possible for practical applications and Azure resources to connect instantly and reliably via Azure ExpressRoute circuits
  • Implementing additional safety mechanisms and equipment into SolarWinds products, response times, connectivity, and transparency have all improved
  • Proficient load transfer between networks and expertise applications was made feasible by using the cutting-edge BIG-IP 7000, 6400, and 6800 series and F5 Viprion networking controlling systems
  • Assisting with the resolution of Cisco ASA 5585, 5555, and 5540 firewall problems and requested policy modifications for recently added IP segments or those that had been altered as a consequence of approved upgrade processes
  • Developed policies and safety precautions using Terraform in conjunction with cloud-based APIs and security management tools.

Network Support Engineer

Kanerika Software Pvt Ltd
04.2018 - 11.2019
  • Worked on RIP, EIGRP, OSPF, and BGP (single area and multi area) are a few examples of techniques for routing that provide structure, administration, and tracking
  • Deployed Meraki Access Points (MR45, MR55, MR33) across the enterprise network, improving wireless performance and coverage
  • Upgraded Cisco ISE server from 2.1 to 2.7, including migration and deployment of a two-node cluster, ensuring high availability and improved functionality
  • Created and maintained comprehensive network diagrams, ensuring accurate documentation of network infrastructure
  • Migrated 45+ sites from Cisco ASA firewalls to Meraki firewalls (MX250, MX67, MX80, MX100), streamlining network management and security
  • Implemented Aruba APs for Proof of Concept (POC) testing, evaluating Wi-Fi 6 technology and its potential benefits
  • Performed circuit cutovers on firewalls, transitioning from old circuits to new circuits involving Cradlepoint, Inseego modems, and fiber links
  • Executed wireless and firewall deployments, configuring Cisco switches (3750, 3850, 9316, Catalyst 9200) for optimal performance
  • Deployed and configured SolarWinds and PRTG monitoring tools, enhancing network visibility and performance monitoring
  • Performed Cisco ASA firmware upgrades and deployed AnyConnect remote access VPN solutions.

Education

Master of Science - Applied Computer Science

Southeast Missouri State University
Cape Girardeau, MO
12-2022

Skills

  • Proficient in Routing Protocols
  • Switch Platforms
  • LAN networks
  • Multicast
  • Multi-Layer Switching
  • Firewall Platforms
  • Palo Alto Networks
  • Security Protocols
  • Standard ACLs
  • Extended ACLs
  • SolarWinds NetFlow Traffic
  • Load Balancers
  • AWS
  • Azure
  • GCP

Certification

  • CCNP
  • AWS Certified DevOps Engineer – Professional
  • GCP

Timeline

Sr. Cloud Network Engineer

Caterpillar
11.2023 - Current

Sr. Network and Security Engineer

Terumo
09.2021 - 10.2023

Network Security Engineer

Huntington Bank
12.2019 - 07.2021

Network Support Engineer

Kanerika Software Pvt Ltd
04.2018 - 11.2019

Master of Science - Applied Computer Science

Southeast Missouri State University

Similar Profiles

CREATE PROFILE
Sharath Setty