Kartik Galhotra

Sam@lavsun.com
214-699-6298
Visa: H1B
PROFFESIONAL SUMMARY

 Over 11 years of experience in Designing, Implementing and Troubleshooting Service

Provider Networks and Enterprise Networks. High level understanding of LAN, WAN, ISP
circuits, Network Security, Application Delivery Controllers, SSL VPN and Wireless LAN.
 Worked on projects that include deployment of new devices, life cycle projects, migration from
legacy to new solutions, Engineering, Operations, Incident Management and Software upgrade
procedures in various client environments.
 Thorough Understanding of Switching and Routing protocols in Campus and Data Centers
environments with multi-vendor equipment.
 Expertise in installing, configuring, and maintaining Cisco Catalyst 2960, 3560X ,3750X,
3850, Cat 9K, 4500-X, 6509, Nexus 2k, 5K, 7K and 9K. Juniper Switches that include EX
and QFX series. Aruba Campus Switches.
 Good understanding of Network Protocols that include STP, RSTP, MST, PVST+, ARP, VLAN,
VTP, 802.1Q, Ether Channel, HSRP, VRRP, GLBP, DNS, DHCP, REST API.
 Expertise in installing, configuring, and troubleshooting of Cisco Routers (ASR1K, 7200vxr,
3900, 3800, 3600, 2900, 2800, 1800, 800 series), Juniper MX series routers, Arista 7000
Series Routers.
 Configured Cisco-based devices such as NX-OS, IOS-XE, IOS, and IOS-XR platforms.
 Strong understanding and experience on Nexus 9K, 7K, 5K and 2K series hardware.
 Experience in migration from traditional Cisco solution to Meraki SDWAN design
 Experience in configuring redundancy protocols such as HSRP, GLBP, and VRRP.
 Worked on configuration related to VDC, vPC on Nexus 9K, 7710 and 7010 series.
 Expertise in configuration of routing protocols and deployment of OSPF, EIGRP, BGP.
 Expertise in working on network monitoring solutions such as Wire shark, WinMTR, Pathping,
TCP dump, Solar Winds.
 In-depth knowledge and hands-on experience on IP Addressing, Subnetting, VLSM, ARP,
reverse & proxy ARP, ICMP, VLAN, NAT/PAT, DDNS, DNS sinkhole, DHCP options concepts.
 In-depth knowledge in deploying, configuring with best practices on Next-gen IDS/IPS based
firewalls such as Palo Alto Networks, Checkpoint and Cisco Firepower.
 Cisco router platforms include: 2600 Series, 2800 Series, 3700 Series, 3800 series, and 4000
series.
 Experience in configuring and managing Cisco 9800, 5800 and 5500 wireless controllers.
 Configured, managed and troubleshooted Layer 7 features such as AV, Anti-Malware,SSL\TLS
decryption, DoS protection, URL Filtering, File-blocking, High-Availability, User-ID features
in various firewalls, Reverse Proxy Solutions
 Background in performing packet level traffic analysis and implementing data security
solution.
 Key stakeholder in performing implementation of Security Policies, NAT policies, Decryption,
Application override, Authentication and DoS policies
 Spearheaded critical P0/P1 escalations and driving them until customer satisfactory
resolutions.
 Experienced in Analytical, Problem Solving, Technical Troubleshooting, Decision-Making,
Customer Service Skills, Results-Driven.
 Assume full responsibility for resolving Network and security issues by providing innovative,
dependable, and trusted solutions after understanding business requirements, analyzing
HLD&LLD while assisting organizations worldwide.
 Creating (SOPs) Standard Operating procedure, server readiness, project implementation plan
document, verification and validation documentations, rollback plans.
 Replication of environment such as creation of proxy servers, HA clusters, File-blocking policies,
Palo Alto firewall management tool such as Panorama, syslog in order to troubleshoot issues
encountered by customers.

TECHNICAL SKILLS:

Routers & Cisco Routers 4000, 3800, 3700, 2800, 2600, 2500, 2400 Series, Nexus
Switches 9K,7K,5K, 2K, Cisco Catalyst switches 9k series, 6500, 4500,3850, 3560, 3750,
2960
Protocols: TCP/IP, EIGRP, OSPF, BGPv4,IPSEC VPN, Multicast, dot1q, DNS, ARP, SNMP,
MAC, ICMP, DHCP, DNS, UDP, RIPv2,PAT, NAT,FTP, RSTP, NAT, GRE, HTTP,
HTTPS, SSL/TLS, QUIC, Ping, LDAP, DDNS, Telnet.
LAN technology Ethernet (IEEE 802.3), Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet,
Light weight access points, Port- channel
Operating Windows 2000/2003/2008/12 Servers, Linux/Unix, Cisco IOS, Gaia, PAN-OS
Systems: 8+, Linux
AAA Architecture TACACS+, RADIUS, Cisco ISE, OKTA, Cisco ACI
Security Protocols IKEv1/ IKEv2, IPSEC, SSL-VPN, RA-VPN, Cisco- VPN
Firewall Palo Alto firewall- PAN OS 8+, Checkpoint Firewalls with Gaia-R80.30, R80.40,
Security& VPN: Cisco ASA, Firepower, FortiGate Firewall
Switching VLANs, VTP, STP, RPVST,802.1Q Inter VLAN routing, PVST+ and multi-Layer
Switching, Layer3 switches, layer 2, Ether channels, Dot1Q, Port Security, CEF.
Redundancy HSRP, VRRP, GLBP
Tools Traffic Analysis, Wire shark, TCPDUMP, Solar Winds, Putty, GNS3, Cisco
Packet tracer, JIRA, Confluence, Salesforce, Path Ping
Azure Cloud Virtual Machines, Virtual Networks, Virtual Subnets, Express Route, Network
Security Groups, Virtual Peering, Azure Migration.
Firewall – Palo PA-3000, PA-5000, PA-800, PA-3200, PA-5200, PA-200, PA-220, PA-400
Alto Networks series, PA-3400 series, PA-5400 series, PA-VM, log collectors, panorama,
Prisma, Security policies, Decryption Policies, High-Availability Clusters,
Global Counters, IKEv1/IKEv2, IPSEC VPN, Global Protect, Authentication
using AD, SAML 2.0, User-ID, Application-ID, URL Filtering, SSL/TLS
Certificate, Logging & Monitoring, Backup and Upgrade.
Firewall – Policies and Objects, Network Interface configuration, Security Profiles,
FortiGate Fort iOS Inspection modes, SSL decryption, Deep-packet inspection, Web filtering,
Blocking Malware, FortiGate IPS, IPSEC VPN, Application Access, Security
Fabric
Programming Python, REST API

PROFESSIONAL EXPERIENCE:
T-Mobile, Atlanta, GA May 2022 – Till Date
Sr. Network Security Engineer
Responsibilities:
 Design, implement and providing troubleshooting support of multiple sites usingWired and
Wireless Security Solutions, Cisco VPN, Cisco Umbrella, Palo Alto Prisma,Zscaler Private Access
and Network Management Solutions across LAN, WLAN and WAN
 Upgraded the infrastructure from Cisco catalyst 2900, 3500, 3600, 4500, 6500 series to
Catalyst 9200, 9300, and 9400 series.
 Built VPN tunnels to both 3rd party vendors like AWS, Azure and trusted remote sites using
both IPSec and GRE. Extensive experience in reverse proxy solutions
 Configured, installed and delivered support of Cisco's ASR 1001-X, 1002, ISR 4311, 4351, 2911,
2921 & 1921 routers.
 Experience with working on Cisco ACI infrastructure, configuring new leaf and spine switches
for storage environments.
 Design, install and document the Cisco Wireless Access Point models both3700/3800 series.
 Working on Network and Security to Build, Upgrade and Migration Projects with the
Architectural Expertise in Cisco ASA FW 5500-X Series, Cisco NGFW - Firepower Threat
Defense (FTD) 2100, 4100 and 9000 firewalls; Palo Alto firewalls, Cisco Routers - ASR, ISR;
Cisco Switches - 9k/7K/5K/2K Series of Nexus and 6K/4K Catalyst; VPN, Cisco ACI
infrastructure, Zscaler ZIA and ZPA.
 Extensive and expert level experience supporting LAN/WAN design, implementation and
delivered support for BGP, OSPF, IS-IS, EIGRP, MPLS, static routing.
 Profound experience in working with Nexus-OS, VPC, VDC, OTV, FEX in the datacenters.
 Working on implementing wireless controllers such as 9800, 8500, 5500 and 2504.
 Managed standalone and wireless controller-based access points, including models 4800,
3800, 2800, and 2700.
 Configuring WLANs, SSIDs, AP groups and actively troubleshooting for issues on using both
Cisco prime and ISE as needed.
 Integrated Configuring Cisco Wireless LAN Controllers WLC with ISE to perform Dot1x
authentication for Wireless users.
 Configured, managed and troubleshooted Cisco 7600 routers at data center for remote sites
issues. Configured and managed through REST API
 Migrated Catalyst 3500 switches to Nexus 7k, 5K, 3K on DMZ environment.
 Providing daily network support for country wide area network consisting of MPLS L3VPNand
point-to point site.
 Deployed and enabled High Availability (HA) with Session and Configuration synchronization
on multiple Palo Alto firewall pairs.
 Managed multiple Palo Alto firewalls using Palo Alto Panorama M-500 centralized Management
appliances.
 Advertised networks in BGP, leverage path manipulation, load balance traffic with ISPs and
ensured that routes are protected via VRFs.
 Address and resolve requests from internal ticketing systems. Working on Incident
management.
 Assisted in deploying and troubleshooting L7 Solutions, Remote Access VPN and IPSec
deployments with Dual ISP failover designs.
 Use Microsoft Visio as technical documentation and presentation tool.
 Responsible for health monitoring, reviewing and address security alerts and notifications.
 Collaborate with different teams to exchange technical trouble shooting knowledge to teams.
 Preparation of documents such as manuals, SOPs, policies as per the organization standards.
Environment: Routers (Nexus 1K, 5K,7K, Juniper MX-960), switches (6500/3750/3550
3500/2950), F5 Load balancing (LTM, GTM, APM, AFM, ASM), EIGRP, RIP, OSPF, BGP, VPN, Unified
Contact Center Enterprise (UCCE), MPLS, Cisco Catalyst Switches, Firewalls (Cisco ASA, Palo Alto,
Zscaler Private Access), Cisco Voice (CCM, UCCE, UCCX), Cisco VPN and Umbrella, Citrix

Molina Healthcare, San Diego, CA March 2020 – April 2022

Senior Network Engineer
Responsibilities:
 Configured& managed around 300+ Network &Security Devices that includes Cisco Routers&
Switches and Cisco VPN solution, Nexus Switches, Juniper and Palo Alto Firewalls, Cisco
Umbrella, Zscaler Private Access, Reverse Proxies and WAN Optimizers.
 Worked on cloud platforms such as AWS, Azure connectivity and Security and maintain Zero
Trust.
 Installed, configured and maintained Palo Alto Firewalls, FortiGate firewalls in data center as
well as perimeter.
 Migrated legacy firewalls to NGFW and VPNs, MPLS to SD-WAN.
 Designed, implemented and troubleshooting of Site-to-Site VPNs & backup VPN tunnels
 Hands-on experience working on Cisco ASR, NX-OS 9K and 7K, Cisco ISE.
 Implement, build and Support Cisco partners training labs based on various
Routing/Switching/Datacenter architectures using Cisco and VMware Virtualized
Infrastructure.
 Configured OTV layer 2 connections between Data centers, VPC, VDC and FEX on Nexus.
 Responsible for Cisco ACI configuration, tenant policies, VXlan, VNI, Bridge domains.
 Develop and provision firewall security policies, NAT policies, decryption policies, application
layer policies using, Prisma Access, Panorama and Forti-Manager.
 Implemented VM series firewalls in customer’s environment – VM-50, VM-100, VM -200, VM-
300, VM-500, and VM-700.
 Implemented, managed and troubleshooted hardware series Palo alto firewalls such as PA-
3000, PA-5000, PA-800, PA-3200, PA-5200, PA-200, PA-220, PA-400 series, PA-3400 series, PA-
5400 series.
 Routing and Switching: BGP, OSPF, EIGRP, RIP, Static and Dynamic Routing, DHCP, DNS, LAN
Switching, NAT/PAT.
 Configuring and implementing Remote Access VPN - Global Protect in client’s environment.
 Restored VPN down sites, network down sites, intermittent High- Availability failovers.
 Created, deployed and managed SSL\TLS certificate chain of trust to ensure seamless
authentication between Remote Access devices and OKTA (SAML)
 Recommended and deployed configurations related to Security, NAT, Application override,
decryption, DoS, IDS/IPS, AVs, policies, layer 7 Security profiles, procedures and ensuring
migration of configuration from one device to another during down-time.
 Assisting with log forwarding to different devices from Palo Alto products such as panorama,
log collectors.
 Documenting issues/ queries and providing resolutions/ suggestions via email, meetings or
telephonic conversation.
 Developed SOPs and Internal Knowledge Base articles to share new learning’s from various
scenarios.
 Resolved latency, network slowness and bottlenecks, bandwidth, slow file downloading
issues.
Environment: Cisco ASA5580/5540/5520, Cisco VPN and Umbrella, Checkpoint R70, R75, R77.20
Gaia, Palo Alto PA-5000/3000, IEEE 802.11, Big IP F5 LTM/GTM, Nexus switches, TCP/IP, VPN,
Cisco WSA, Bluecoat Proxy servers, IDS/IPS, REST API.

Cargill, Minneapolis, MN June2018 – Feb 2020

Network Security Engineer
Responsibilities:
 Palo Alto design and installation (Application and URL filtering, SSL decryption, SSL Forward
Proxy). Configured and maintained IPSEC and SSL VPNs on Palo Alto Firewalls. Successfully
installed PA-5000 series firewalls in Data Center as perimeter Firewalls.
 Migration of ASA firewalls to PA next gen Firewalls using migration tool in PA. Migrated all
IPSEC tunnels, ACL’s, NAT rules and policies.
 Experience working on Cisco ASR 9K, Nexus 7k and 9K. Configured and designed OSPF, EIGRP
and BGP at Distribution and Core layers. Configured OTV layer 2 connection between Data
centers on Nexus.
 Worked on Juniper devices like M, MX, T routers on advanced technologies like MPLS VPNs,
TE and other service provider technologies. Extensive experience in Cisco Umbrella.
 Troubleshooting of Linux and UNIX servers for application delivery servers. Install Dockers,
Cisco -and HP servers.
 Maintain shell scripts for Redhat Linux servers and perform patch upgrades for Redhat
Linux servers.
 Experience with configuring BGP, OSPF in Juniper M and MX series routers. Worked on several
BGP attributes like MED, AS-PATH, and Local Preference for route optimization. Worked on
Route-Reflector, Route-Redistribution among routing protocols.
 Experience working with Juniper devices like EX-2200, EX-4200, EX-4500, MX-480, M Series,
SRX650, SRX240
 Managed AD Domain Controller, DNS and DHCP Servers and configurations.
 Worked on Cisco ISE for user Authentication, Security Group Tags, MAC based authentication
for Wireless and Wired users, 802.1X, EAP, PEAP etc.
 Responsible for the IPAM (IP Address management) system for a very large WAN/LAN
network (QIP) using solar winds IPAM and Infoblox DNS and DHCP servers. Experience
with DHCP scopes, IP reservations, DNS host entries, pointers, delegations, Zones, DNSSec
etc.
 Provides expert level security and networking knowledge in the planning, researching,
designing, and testing of new networking technologies for perimeter firewall security, Intrusion
Prevention/Protection System (IPS), DNS and DMZ security, and Internet Security in support of
established Info Security program initiatives for the next 3 years.
 Provided operational support for network topologies and connections TCP/IP, ATM, VOIP
(Voice-over-IP) and UCCE.
 Supported the telephony specialist in the phased migration from PBX based systems to VOIP
(Voice-over-IP).
 Configured separate VLAN for VOIP to implement QoS and security for VOIP (Voice-over-IP).
 Worked on network design improvements involving BGP, EIGRP, OSPF, IP metric tweaking and
load balancing.
 Designing, configuring, and troubleshooting QoS, SIP, H.323, RTP, SCCP, Session Border
Controllers, Voice Gateways, Voice circuits IP /TDM, Cisco Telepresence Infrastructure,
QoS, NAT, PAT, and multicast.
 Design, implement, and develop network designs for applications used in TMO.
 Worked on Checkpoint Firewall to create new rules and allow connectivity for various
Applications. Checkpoint is used as an internal firewall for application security in Kodiak
network. Extensively worked on REST APIs for automation.
 Implemented Firewall rules and Nat rules by generating precise methods of procedure
(MOPs). Responsible for packet capture analysis, syslog and firewall log analysis.
 Experience with F5 load balancers LTM and GTM and reverse proxy design and setup. Migration
from A10 to F5.
 Experience in F5, Cisco ACE 4710 Load balancers. Migration Experience from ACE to F5 and
 NetScalers to F5. Worked on critical applications on Layer 4 and layer 7 load balancing.
 Experience with F5 GTM and in-depth knowledge of DNS, Global level load balancing, Wide
IP’ s, Zones, Prober pools, Delegation from Windows DNS server to listener IP.
Environment: Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800), switches
(6500/3750/3550 3500/2950), F5 Load balancing (LTM, GTM, APM, AFM, ASM), EIGRP, RIP, OSPF,
Voice Gateways, BGP, VPN, MPLS, Ether Channels, Cisco Catalyst Switches, Firewalls (Cisco ASA,
Palo Alto), Cisco Voice (CCM, UCCE), Shell Scripting.

Altisec technologies Pvt. Ltd, India Sep2016– May 2018

Network Engineer
Responsibilities:
 Implemented Data Classification tool for one of the largest Enterprise, HCL Technologies:
 Lead and Implemented the Data classification and protection project to develop and deploy
data classification infrastructure.
 Drive the project from Initial Phase-1 to Verification Phase -4 within 1.5 year of span.
 Prepare, execute implementation plans for CASB tool implementation for data in rest.
 Build configuration and Classification Schema for Data Classification tool in HCL technologies.
 Prepare Standard Operating Procedure (SOP) documents for server readiness/ pre-requisites,
implementation plan, verification plans, rollback plans for tool installation on server,
troubleshooting end-users’ issues for maintenance team.
 Leading the project progress meeting, weekly, bi-weekly, monthly and quarterly while
increasing the project pace by 45%.
 Installing, configuring, managing and troubleshooting data classification tool on 200+ HCL
servers across globe.
 Taking regular follow-ups for tool related issues and providing constructive updates to
customer.
 Handling and monitoring servers for CPU, memory and resources utilization of data
classification tool and performing firmware, SSL/TLS certificate, content updates.
 Analyzed, configured, and troubleshoot the windows server to Monitor Network traffic and
access logs to troubleshoot network access issues.
 Created necessary profiles that allowed unauthorized access to devices on the data
classification server.
 Addressed technical issues and management queries regarding Data Classification tool
including troubleshooting and feature changes and modifications.
 Coordinated with multiple internal teams i.e., Network teams, Server teams, Database team,
Data Loss Prevention team and vendors i.e. Titus (now Fortra).
 Monitor performance of servers to identify problems and troubleshoot problem areas as
needed.
 Primarily involved in Troubleshooting issues on a day-to-day basis & provide solution that
would fix the problems within the implementation of Data classification tool.
 Creating, managing, follow-ups and updating service requests to vendor on client’s behalf.
 Troubleshooting issues related to Data classification tool on end user’s machine as well as on
Servers.
 Building healthy client, service provider and vendor professional relationships.

Ernst & Young, India June 2014 – Aug 2016

Network Operations Engineer
Responsibilities:
 Designed and developed Network Automation tool, threat log analysis and log reporting with
data granularity.
 Developed, tested & deployed a Network Automation Tool using python and its libraries,
netmiko and sqlite3 database, helping Engineers to extract information from network devices
such as routers and L3 switches.
 Using Network Automation tool to configure multiple devices by running multiple commands
at once.
 Developed python scripts for daily activities & assisting team and managers with alerting
threats from checkpoint firewall with data granularity and segregation on weekly and monthly
basis.
 Monitoring network & security devices for health checkup, traffic flow and inventory
maintenance.
 Extracted the threat logs of checkpoint point firewall and generated reports on bi-weekly and
monthly basis to identify the areas of improvement in security posture in organization.
Environment: PIX, CISCO routers and switches, Access Control Server, VLAN, Trunk Protocols,
CISCO ASA, DHCP, DNS, SAN, Spanning tree, Nimsoft, Windows Server, Windows NT.

PROFESSIONAL EDUCATION:
 Bachelor of Technology in CSE, Kurukshetra University, and Haryana, India May 2014

CERTIFICATIONS
 Palo Alto Certified Network Security Engineer (PCNSE).
 Cisco Certified Network Associated (CCNA- R&S, SECURITY).
 Fortinet Network Security Expert (NSE1, NSE2, NSE 3)
 LinkedIn Learning - Red Hat Certified System Administrator (RHCSA)
 Infosec- Security Architecture (Zero Trust, SABSA, TOGAF, Threat modeling: STRIDE,
PASTA,OCTAVE, TRIKE)