Home

Kalyan - Network Engineer

[email protected]

Location: Bristol, Connecticut, USA

Relocation: Yes

Visa: GC

Resume file: kalyanrr_ Senior Network Engineer _1769528014413.docx Please check the file(s) for viruses. Files are checked manually and then made available for download.

Kalyan Rangoju [email protected] 203 518 4097 PROFESSIONAL SUMMARY Qualified Sr. Network Engineer with 8 years of experience and strong expertise in datacenter, enterprise LAN/WAN and Cloud network architectures. Experienced in design, implementation, and operations. Experienced in Routing, Switching, Firewalls, Security, SDWAN, Wireless, Load balancers and Automation. Proven ability in leading projects and perform troubleshooting of complex problems in fast paced manner. Always stays on top of newly emerging technologies, proactive learning and bring innovative ideas to the table. Actively looking for a job opportunity as senior network engineer in a challenging corporate/cloud/lab environment with the latest cutting-edge industry-level networking technologies. QUALIFICATION HIGHLIGHTS LAN, WAN, VOIP, Wi-Fi design and operations DHCP, DNS, NTP, FTP, SNMP, QoS, IPv4 & IPv6 In-depth analysis and troubleshooting OSPF, EIGRP, BGP, MPLS, SDWAN, SD Access POC lab setup and evaluation experience UTM, Antivirus, URL filtering & SSL inspection Proficient in TCP/IP, L2 & L3 networking protocols Cisco IOS, Extreme Networks EXOS Palo Alto & Panorama PAN-OS, Fortinet firewalls Cisco, Avaya VOIP phones including soft phones. F5 LTM ADC and A10 load balancers Multi-vendor and Vendor-agnostic Working knowledge on AWS, Azure and GCP cloud Meraki & Mist Wireless AP, CBRS Private LTE 802.11 a, b, g, n, ac, 2.4g, 5g radios Wi-Fi cell size, heatmap, power, channels, Roaming. Cisco Umbrella, Zscaler Cloud Proxy MS Visio designs and Wireshark Packet Analyst Python, Yaml for Automation VMware ESX and NSX technologies Switches, Routers, WLCs, Firewalls, Load balancers. VXLAN, Spine-Leaf Architecture TECHNICAL SKILLS Routers: Cisco IOS series 1800 2800 3800, ASR 4000, ME 6500s, ASR 1K, Avaya VSP 4450, 4850, 8200, 8400s. Routing: BGP, OSPF, RIP, EIGRP, PBR, Static, Route Redistribution, Route Maps. Switches: Cisco IOS catalyst series 4500, 3850, 3750, 3560, Avaya ERS 4800s, Extreme X440, X450. Switching: VLAN, STP, PVST, RSTP, MSTP, 802.1D, 802.1Q, HSRP, VRRP, GLBP, vIST, MLT, SMLT, RSMLT, ISC, sharing, MLAG, Spine-Leaf Architecture. Aruba Wireless refers to Aruba Networks, a subsidiary of Hewlett Packard Enterprise (HPE), that provides high-performance wireless networking solutions. They specialize in products and technologies that help businesses build secure, scalable, and reliable wireless networks. Aruba Networks focuses on Wi-Fi access points, network switches, security solutions, and network management tools. Other Protocols: TCP/IP, UDP, DHCP, DNS, SSH, HTTP, SIP Firewalls: Palo Alto, Fortinet, Cisco ASA, Juniper SRX SDWAN: Viptela, FortiOS, Versa Networks. Analyzed Meraki firewall traffic analytics, IDS/IPS events, and security logs to investigate and contain malicious activity, data exfiltration attempts, and policy violations. Leveraged Meraki's cloud-managed nature to remotely troubleshoot and isolate faulty MR APs, MS switches, and MX appliances via SSID/VLAN pruning and remote packet captures. Diagnosed Wi-Fi connectivity and performance issues by analyzing site RF profiles, AP metrics, channel utilization, roaming statistics, and mesh replications. Utilized Meraki's built-in path analysis, cable tests, and PCAP tools to identify network fault domains and rectify EtherChannel, STP, and routing protocol issues. Proxy: Cisco Umbrella, Zscaler Cloud web Proxy, ZIA, PAC files, Z-APP Security: IPsec VPN, SSL VPN, Firewall Policies, Split Tunneling, DDoS Mitigation, NAT, PAT, NAC, Threat Prevention and Hunting. Data Security Audits: HIPAA, PCI compliance Wireless Access points: Cisco, Avaya, Xirrus Wireless: Corp, Guest, BYOD SSIDs, 2.4 & 5 GHz radios, 802.11a, b, g, n, ac, heat maps, cell size, power, channels, interference mitigation, roaming Networking Tools: Cisco ISE, Wireshark, Solarwinds, Scrutinizer, Librenms, Scalyr, GNS3, inSSIDer, Wi-Fi analyzer. Network Automation: Python, Ansible, pyATS automation testing. Virtualization: VXLAN, VMware ESX and NSX Automated Provisioning DNAC allows for the automated deployment of network devices and services, eliminating manual configuration errors and reducing setup time. Zero-Touch Provisioning (ZTP) Devices can be automatically discovered and configured without manual intervention, improving deployment efficiency. Analytics and Monitoring DNAC provides real-time monitoring and detailed analytics of network performance, helping to identify issues and optimize traffic flows. Health Scores Devices and network elements are continuously assessed for health, with scores indicating their operational status and highlighting potential issues. Cloud Networking: AWS, Azure and GCP Arista Networks is a leading provider of high-performance networking solutions, and they offer robust support for multicasting in their network devices. Multicasting is the efficient transmission of data to multiple destinations in a network, which is particularly useful in scenarios such as video streaming, financial data distribution, or large-scale software updates. Arista's experience with multicasting is reflected in their implementation of the Internet Group Management Protocol (IGMP) and Protocol Independent Multicast (PIM), which are key components in managing multicast traffic. VRF is particularly useful in large-scale networks, such as service provider networks, data centers, and enterprise environments, where different departments, customers, or services require their own isolated routing domains. Data Centers: VRFs are used in data centers to separate network traffic for different applications or departments. For example, one VRF could be dedicated to the finance department, another to the HR department, and another to public-facing web applications, each with its own routing table. Enterprise Networks: Large enterprises can use VRFs to separate traffic for different business units or even different geographic locations while keeping the network simple and efficient. BGP-EVPN (Border Gateway Protocol - Ethernet Virtual Private Network) is a Layer 2 and Layer 3 VPN technology that enables flexible and scalable network virtualization over large, multi-tenant, and geographically dispersed data centers and enterprise networks. It is based on the Border Gateway Protocol (BGP) and is designed to address challenges in traditional Layer 2 VPNs by integrating both Layer 2 (Ethernet) and Layer 3 (IP) services into a unified solution. BGP-EVPN offers several advantages over previous technologies like VPLS (Virtual Private LAN Service) and MPLS-based VPNs, making it popular in modern network architectures, especially in cloud and data center environments. Documentation tools: MS office suite MS word, MS excel, MS Visio Operating systems: Windows, Macintosh, Unix, Linux PURSUING CERTIFICATIONS Cisco Certified Network Professional (Route) Cisco Certified Network Associate (Routing & Switching) PROFESSIONAL WORK EXPERIENCE Position: Senior Network Engineer Client: State Of Rhode Island MAY2023-CURRENT Providence RI Project Name: Enterprise Network Modernization and Security Transformation Project Worked in a highly competitive large-scale environment with 20+ corporate offices, 4 data centers, 500+ yard offices with a global presence and also AWS and GCP hosted networks. Expert in working with Palo Alto firewalls like PA-440,3020,5200s, VM series and Panorama M100, M200 &VM series. Proficient in working with Fortigate 60F, 40F, 100Es; and Cisco ASA5555, Cisco Firepower 4112 firewalls. Expertise in working on ensuring perimeter security on Next-Gen Palo Alto Firewalls, deploy and implement security policies, NAT, SSL decryption policy, dynamic IP blocking DDOS policies and features like Multi-Vsys, Inter-VRF routing and Vulnerability threat prevention profiles etc. and also managed them via panorama through device groups and templates. Implemented network security audit on all datacenter palo alto firewalls improving network security and to reduce operational blockages during failover scenarios. Experienced with Palo alto Global Protect, Fortigate Forticlient and Cisco Anyconnect VPN technologies. Been a member in HIPAA and PCI compliance security audits and performed in quarterly audits. Set up and manage tunnels, performed SSO/SAML integration Zscaler cloud web proxy. Design and implement Cisco ACI in datacenters, create a strategy that allows use of containers, cloud orchestration tools for end users and developer. Deployed Zscaler cloud proxy with ZIA and PAC files and implemented security features SSL inspection and URL filtering. Deployed and managed Cloudflare, Arbor and Imperva DDOS mitigation implementations. Worked with Cisco IOS catalyst 2900, 3500, 4500, 9200, 9500 series, Nexus 7700 switches, ASR 4000 series routers, Cisco CBS 350s, Juniper EX2300, EX3400s and Fortinet switches. Configured spanning-tree protocols like STP, PVST, RSTP, MSTP etc., VTP, 802.1Q, DHCP, DNS, QoS, Static, BGP and OSPF routing methods, route maps, access control lists (ACLs), NAT on daily basis. Integrated all network tools to authenticate using Okta SAML SSO. Worked on ISE to configure Radius/Tacacs for network authentication and 802.1x and MAB for network access control. Great hands-on experience working on building network infrastructure at several Copart yards, built BGP with ISP, advertise and maintain public subnets and also run DC-to-yard BGP internally achieving network redundancy on tunnels through tailoring BGP attributes like AS path, local preference, MED, route-reflectors and communities. Worked on day-to-day tickets on network implementations on datacenter's load balancers, firewall policies and also yard's network gear configurations. Collaborate with application owners to define dependencies, map dependencies for better application workflow within ACI or public cloud use. Aruba Instant is solution for easy deployment and management of wireless networks, often used in small to medium-sized businesses. Aruba is a network access control platform that enhances security by managing and monitoring devices that access the network. Aruba Networks is widely used in various sectors, including education, healthcare, hospitality, retail, and large enterprise environments. Successfully conducted POC on multiple vendor monitoring platforms like Cisco ThousandEyes, New Relic, Libre NMS, PRTG, also NetFlow vendors like Scrutinizer, Elastic Flow, SolarWinds, documented the results, held presentations on the evaluations, coordinated with other teams like Ops and SRE and took active role in successful deployments of Scrutinizer for NetFlow and New Relic for Network Monitoring platforms. Conducted in-depth POC on Versa and Fortis OS SDWAN networks. Ability to bring new and efficient network design ideas to team, encourage and conduct high-level and low-level design discussions, design validations, MOP and CR implementation, troubleshooting and maintenance. Equipped with complex problem-solving skills and fast-paced escalated P1, P2 issue troubleshooting under pressure. Developed an all-in-one python script to automate and validate the password refresh configuration push to all multiple-vendor Copart network infrastructure. Arista switches can prioritize multicast traffic to ensure that it gets the appropriate Quality of Service (QoS) treatment. This is critical for applications like video conferencing or IPTV, where packet loss or latency can significantly impact user experience. CloudVision: Arista's network management platform that can provide visibility into multicast traffic and allow administrators to configure and troubleshoot multicast routing across large networks. EOS (Extensible Operating System): Arista's EOS provides advanced multicast features that allow for high levels of automation and programmability. Arista, known for its high-performance network switches, provides robust support for VRF implementations in both enterprise and service provider environments. Arista s EOS (Extensible Operating System) enables flexible VRF configurations, supporting the creation, management, and routing of multiple VRFs across its switches. Having good understanding of ACI (Cisco Application Centric Infrastructure) BGP-EVPN uses BGP as the control plane to distribute MAC addresses, IP prefixes, and other essential information across the network. The key components involved in BGP-EVPN operation are: BGP Route Types: MAC Advertisement Route (Type 2): Distributes MAC addresses to advertise which device is connected to which VXLAN (Virtual Extensible LAN) or VLAN segment. IP Prefix Advertisement Route (Type 5): Distributes IP address information associated with a particular EVPN instance. Ethernet Segment Route: Used to advertise an Ethernet segment (like a multi-homed device or multi-homed link). VXLAN (Virtual Extensible LAN): BGP-EVPN often operates in conjunction with VXLAN, a tunneling protocol that provides Layer 2 connectivity over Layer 3 networks. VXLAN encapsulates Ethernet frames within UDP packets and allows for scalable Layer 2 connectivity over a routed infrastructure. Control Plane and Data Plane Separation: The Control Plane is where BGP-EVPN handles the distribution of MAC addresses and IP prefixes via BGP. The Data Plane is where the actual traffic forwarding happens, typically using VXLAN for Layer 2 encapsulation. Multicast Handling: In traditional Layer 2 VPNs, multicast traffic (e.g., for IPTV) could be problematic as it would flood all endpoints. BGP-EVPN resolves this by providing more efficient multicast distribution, reducing the overall impact on the network. Built Python and ansible scripts to automate large-scale network configurations and Yaml Cisco Genie scripts for post maintenance network validation. Projects: Led Copart HQ core switch hardware migration from EOL switch chassis Cisco C4503-E to C9500 48y4c high performance switches and implemented VSS for stateful switchover and redundancy. Designed and built OSPF routing protocol with inter area, ABR, ASBR router features for Copart s inter-offices mesh communication network. Deployed Palo Alto Next-Gen firewalls and migrated Datacenter s core firewalls from Cisco ASA 5555 to Palo alto 5220. Performed Wi-Fi survey, developed heatmaps and Migrated Wi-Fi access points from Cisco Meraki to Juniper Mist APs in our corporate office. Designed and built a Simulated Datacenter Lab Network with VXLAN architecture, built Spine-Leaf network replicating DC architecture for conducting pre-staging deployment network testing. Conducted POC on GCP cloud technology, participated in google cloud event, took professional courses, and built many lab projects through the course. Thereby holding an active role in deploying and maintaining cloud network architecture and security for migrating Copart production services from on-prem to GCP cloud. Designed SDWAN Yard-to-DC full mesh architecture with underlay L3 and overlay IPsec networks, lab-tested and led project rollout to all US Copart yards (nearly 400). Led project in designing and deploying In-house built secure OOB network through Raspberry Pi technology for network infrastructure at all Copart yard locations in USA. Performed POC Lab evaluation on Wireless Private LTE technology vendors like BaiCells and Cradle point. Designed network architecture with detailed Visio diagrams and have been Lead Architect in deploying CBRS Private LTE network at 250 Copart yard locations to extend the LAN connectivity from main yard building to several miles away from it to lot areas around. Deployed SolarWinds IPAM, NPM, NCM from scratch. Developed Python script to automate password refresh project on quarterly basis. Role: IT Network Technician Engineer SEP2021-APR2023 Client: Cigna Bloomfield CT Project Name: Cloud & DevOps Security Implementation Responsibilities: Provide pro-active and operational support for network, infrastructure end points, and technology in University of Texas, research labs and several educational departments on campus making sure network is all-time healthy. Expertise in troubleshooting TCP/IP, DNS, Network & Application Latency issues using Wireshark Packet Analysis. Troubleshoot network connectivity to internal sites and Internet, Ethernet cables and switch ports. Experienced in using fluke networks Wi-Fi spectrum analyzer, to observe signal strength, SNR, interference and resolve Wi-Fi connectivity issues. Simplified automation by an application-driven policy model through ACI Administer centralized monitoring server (LabStats) to monitor server-client connectivity, alerts and logs for login sessions, and applications usage and peak utilization. Utilize structured troubleshooting methods to resolve end-point LAN/Wi-fi connectivity issues. Conducted live lab demos in GNS3 to educate junior technicians on advanced networking topics like BGP, VXLAN, SDWAN and python scripting through GNS3. Use Python scripting to automate network and endpoints maintenance and upgrades. Catalog IP addresses and MAC addresses in campus network. Planning network infrastructure upgrades. Centralized visibility with real-time, application health monitoring with ACI. Role: Network Engineer MAY2018-AUG2021 Client: Privia Health Group Arlington VA Project Name: Secure Electronic Health Records Access Control &HIPAA Compliance Responsibilities: Worked with multiple clients to deploy and operate a variety range of complex Campus , Data Center LAN, WAN and Wi-Fi networks. Experienced in working on Extreme Networks EXOS- X440s, X450s, Avaya/Nortel ERS and VSP switches and ME6504, 6524 routers, ASR 1K and other VM based virtual switches and routers. Successfully migrated and maintained Datacenter to remote sites connectivity network from DMVPN to Viptela SDWAN networks. Implemented BGP routing for WAN, used BGP attributes like MED, Local preference, and AS path length; BGP confederations; Communities; Clusters and Route reflectors; Regular expressions and Multipath load balancing. Worked on hybrid cloud environment between On-premises and Azure by implementing Azure ExpressRoute circuits and ExpressRoute global reach. Provided network support for deploying AVS (Azure VMware Services). Create Method of Procedures (MOPs) for network change activities. Worked on Avaya 9133 and Xirrus Wireless Access points, utilized Wi-Fi spectrum analyzer tools, developed heat maps, adjust 2.4G and 5G channels, Radios to resolve Wi-Fi connectivity issues. Designed lab networks to perform POC (Proof of concept) to evaluate features like Pulse Secure s NAC and radius solutions, Extreme networks switching/routing hardware platforms, document tested results and initiate pilot deployments. Managed Infoblox IPAM, DHCP and DNS services. Configured BIG-IP s F5 LTM ADC load balancers. Been primary source of contact for production impacting escalated troubleshooting issues. Installed network switches/routers, wireless access points, and laid inter-device fibers, ethernet cables to employees' workstations. Role: Junior Security Analyst AUG2017-APR2018 Client: Nuwellis Health Group Eden Prairie, MN Project Name: Healthcare Newtork Traffic Monitoring & Threat Detection Configured Wireshark and Snort IDS in a lab-simulated hospital network to capture and monitor real-time traffic. Collected and analyzed network packets to identify abnormal activities such as port scans, ARP spoofing, and failed login attempts. Set up basic alert rules in Snort to detect suspicious traffic patterns (e.g., repeated login failures, SQL injection attempts). created a log review process to track unauthorized access attempts to healthcare systems containing Electronic Health Records (EHR). Documented security findings in a threat detection report with clear recommendations for remediation. Ensured monitoring setup aligned with HIPAA security requirements for safeguarding Protected Health Information (PHI). Presented findings to IT/security team and suggested simple improvements such as network segmentation and strong password policies. Performed baseline traffic analysis to understand normal hospital network activity and flag anomalies. Configured automatic log forwarding from endpoints to a centralized logging server for easier review. Created a daily incident summary report highlighting alerts, false positives, and verified threats. Tested encryption in transit (HTTPS, TLS) to verify that patient data was not being transmitted in plain text. Conducted a risk assessment of common threats (ransomware, phishing, brute-force attacks) and mapped them to healthcare risks. Collaborated with mock IT staff (or teammates in lab) to demonstrate incident escalation procedures. Documented the entire project in a step-by-step guide, serving as a knowledge base for junior analysts. REFERENCES Will be provided if needed. Keywords: information technology ffive fiveg fourg microsoft mississippi Connecticut Minnesota Pennsylvania Rhode Island South Dakota Virginia Wisconsin