CONTACT

  • +1 (908) 324-8631
  • gangaprasadnarla@gmail.com
  • www.linkedin.com/in/gangaprasad-narla
  • Princeton, NJ (Open to Relocation)
  • Open for Full Time, W2, C2C roles
  • Work Authorization – Green Card

CERTIFICATIONS

  • CCNP (Cisco - CSCO14697872)
  • CCNA
  • PCNSE – Palo Alto
  • AWS Certified Cloud Practitioner

TOP SKILLS

  • Protocols
    LAN, WAN, EIGRP, OSPF, BGP, MPLS, MP-BGP, QOS, EVPN, ISIS, Nexus VPC VDC, SSL, ECMP, GRE,IPSEC, DMVPN, HSRP, SPAN, 802.1X,802.11, VX-LAN, VoIP, NetFlow, SNMP, Cisco PRIME, Linux, ATM, VMWare,

  • Programming
    Python, Ansible, Kubernetics, TCL, Perl, GitHub


  • Security
    Anomaly Detect attack prevention system, IPS/IDS, Penetration Testing and Web application testing, Buffer Overflows, Cross Site Scripting, Session Management, and Security attacks like DoS, DDoS, Spoofing, Nessus, Cisco Works, Cisco ASA/Firepower, Palo Alto, FortGate Fortinet, IDS, IPS, Traffic Anomaly, Internet Gateways, AAA TACACS, RADIUS, Cisco ISE, F5 WAF, AWS Cloud, NetFilter, IPTables, NSX

  • Internetworking Tools
    Splunk, Wireshark, Solarwinds Service NOW, Remedy, Lucid Charts, MS Office, Sharepoint, Inflobox, Panorama, Netbrain , IXIA, Spirent, Metasploit, Cobalt Strike, Bloodhound, Burp Suite, Microsoft Purview

GANGA PRASAD NARLA

Network Security Engineer • Data Center • Firewalls • F5 • AWS Cloud

PROFESSIONAL SUMMARY

Infrastructure Specialization: Over 18 years of expertise in IT Network Security, I specialize in designing, deploying, and troubleshooting complex infrastructures across branch, campus, cloud, and data center environments.

Multi-Vendor Technical Experience: My proficiency spans multi-tenant data centers, routing, switching, SD-WAN and firewall infrastructure, along with multi-vendor technologies Cisco, Juniper, Palo Alto, AWS, F5, and Arista.

Automation & Security: Utilize Python & Ansible scripting to drive automation and security enhancements while consulting for major financial institutions, conducting penetration testing, and vulnerability assessments.

Strategic Team Work: As an instructor and mentor for CCNA, CCNP, and Cisco deployments, I excel in communication and collaboration, also working independently with cross-functional teams

EXPERIENCE SUMMARY

Golars Networks, Princeton, New Jersey
Aug 2014 – Present
Sr Network and Security Engineer

Citigroup Financial,Warren, New Jersey
Dec 2008 – Apr 2014
Network Consultant Engineer

CNBC Universal, Rockefeller, New York
Sep 2008 – Nov 2008
Design Architect

Citigroup Financial, Warren, New Jersey
Jan 2008 – Aug 2008
Network and Security Engineer

NetMonastery Network Security, Mumbai, India
Aug 2006 – Sep 2007
Network Deployment Engineer

EDUCATION QUALIFICATIONS

  • Masters in Networking and telecommunication incorporating wireless technology from International Institute of Information Tech Pune, India, 2007

  • Masters in Mathematics with specialization in Computer Science form SSSIHL, Sri Sathya Sai Institute of Higher Learning, Puttaparthi, India, Year 2004

  • Bachelors in Mathematics from Sri Sathya Sai Institute of Higher Learning, Puttaparthi, India, Year 2002

  • Post Graduate Diploma in Software technology from C-DAC, Mumbai, Year 2006
PROFESSIONAL EXPERIENCE
Golars Networks, Princeton, New Jersey
Aug 2014 – Present
Golars Networks specializes in creating innovative applications within the fields of networking and security solutions. The company operates computer security, data centers, application software development, and offers consulting services.
Sr Network and Security Engineer
Responsibilities:
  • Designed a Network infrastructure leveraging OSPF and BGP on ASR 9k devices, incorporating Policy-Based Routing and path manipulation for ingress and egress traffic and Implemented MPLS, MP-BGP, and EVPN configurations within a Multi-Homed ISP peering
  • Engaged in both brownfield and greenfield deployments, as well as migration projects, leveraging technical expertise in Cisco Firepower NGFW (FTD, FMC), Cisco ASR1002 and ISR4431 Routers, Cisco Catalyst Series (9k and 3k), IPsec VPN, Cisco ACI, IPS, IDS, and various security appliances including Palo Alto and Juniper
  • Worked on data center technologies with Cisco ACI, including creating application profiles, bridge domains, policy groups, tenants, EPGs (End Point Groups), contracts, VRFs, MP-BGP, and EVPN in a 2-tier Spine-Leaf architecture, as well as configuring new leaf and spine switches within the Cisco ACI/APIC environment
  • Configure NX-OS Nexus 5k, 9k for Fabric path, port channels, QOS, VPC, VDC, VX-LAN technologies
  • Designing and configuring Netscaler Load Balancer to effectively distribute application traffic across servers and resource & Utilizing Python Scipts to automate tasks.
  • Implemented NAC solutions using Cisco Identity Services Engine (ISE) to manage BYOD and IT-related issues for both wired and wireless devices, including 802.1X authentication, node configuration, user profiles, and AAA (TACACS+) for user and client authentication
  • Configured EVPN and Multi-Chassis Link Aggregation (MCLAG), BFD, OSPF and BGP on Arista EOS backbone core devices 7280, 7170, 7060 to enhance redundancy and implemented OSPF and BGP protocols
  • Deployed F5 BIG-IP i2000, i4000, and i5000 LTM/GTM appliances, along with virtual models (VM).
  • Configured Virtual Servers (VIP), Pools, Nodes, Application Profiles, iRules, custom monitors, application visibility, and monitoring. Implemented web application and WAF API protection and client-side and server-side SSL certificates for offloading server processing and enhancing overall performance. also supported server farms, added nodes/ servers to existing DMZ environments
  • Deployed new installations, templates, and security policies using Panorama Centralized Management while configuring Palo Alto Firewalls for URL filtering, threat prevention, data filtering, and High Availability (HA) to ensure failover for both inbound and outbound traffic, including the migration from Cisco ASA to Palo Alto
  • Implemented zone-based firewall policies and configured Address Groups, Security Groups, Application Groups, Templates, GlobalProtect, IKE, IPSec VPNs, Security policies, Virtual Routers (VR), Virtual Wire, and High Availability (HA) failover on Palo Alto Firewalls & Centrally managed via Panorama M-100, M-200, M-600 device
  • Experience working on AWS Cloud VPC, EC2 Instances, EBS, Security Group, Direct Connect, Load Balancer, Lambda, CloudWatch, AWS S3 Storage, Route53, Transit Gateway, IAM and CloudFormation. Worked with utilizing AWS Direct Connect, Transit Gateway and Site-to-Site VPN to enable end to end IPSEC Encrypted connections between networks regional centralized router & Working with create scripts with Python, Ansible
  • Configured AWS Security Groups and Network Access Control Lists (NACLs) to enforce firewall rules and control inbound and outbound traffic at the instance and subnet levels, ensuring privilege access and in-depth security
  • Established encrypted connections between on-premises networks and AWS VPCs using Virtual Private Network (VPN) and AWS Direct Connect services, implementing secure communication channels for hybrid cloud.
  • Experience working with Cisco Catalyst SDWAN (Viptela) and its components vBond, vEdge, vSmart, VManage. Involved in replacing WAN edge routers & to upgrade, activating and Onboarding branch devices.
  • Configured 802.1X for WLAN, including Meraki and Meraki SD-WAN, Cisco Wireless LAN Controller (WLC) 9800 clusters. Deployed new installations, performed access point upgrades (WAP 9130, 9216, 3802, 2800), resolved end-user connectivity issues and Layer 3 roaming challenges, while managing operations with Cisco Prime
  • Implemented Zero Touch Provision (ZTP) from Forti Cloud to FortiGate Firewalls and Managed FortiGate Firewall deployments into production. Involved in FortiGate implementation-policy, configuration, preimplementation, and post-implementation, deployed High Availability HA on 1500D, 200D, 101E and 90D.
  • Executed Zero Touch Provisioning (ZTP) from FortiCloud to FortiGate Firewalls and further deployment of FortiGate Firewalls into production environments. Managed FortiGate implementation, including policy creation, configuration, pre-implementation planning, and post-implementation optimization.
  • Deploy VMs and virtual networks (VNETs), VNET Peering on the Azure platform. Configured IPSEC VPN tunnels between on-premises infrastructure & Azure cloud, employing VNET Gateways and ExpressRoute connections
  • Implementing Juniper EX, QFX switches and MX480, MX960 routers into the IP/MPLS core network, along with EX4200, EX4300, QFX5100 switches and Juniper SRX 3600 firewalls for security firewall filters
  • Configured Ether Channel LACP, RSPAN, VRRP on Catalyst 9200, 9300, 9500 devices including Cabling support.
  • Experienced working with Infoblox Grid Manager for DNS Forward and Reverse Lookup zones, commissioning & decommissioning IP management for DNS updates. Administer and troubleshoot DNS/ DHCP records
  • Initiates network tasks and operations, designs topologies and configurations, plans and deploys new devices and services, Automation and manages security policies and configurations—all within DNA Center.
Citi Financial, Warren, New Jersey
Dec 2008 – Apr 2014
Citi Financial the world’s largest financial service provider with 2400 branch offices in both U S and Canada
Network Consultant Engineer
Responsibilities:
  • Data center migration was involved in Access, Distribution and Core layers
  • Implemented IPsec site-to-site VPNs over the internet utilizing 3DES, AES/AES-256 with ASA firewalls 5545.
  • Experience with network segmentation using VMWARE NSX and palo alto firewalls for traffic filtering
  • configuring Virtual Server, Pools, Nodes, iRules, Profiles, Persistence, SSL and monitor on F5 LTM
  • Implemented l4/l7 services and network Microsegmentation using ASA, Palo alto virtual firewalls and integration with ACI fabric and Arista VXLAN fabric.
  • Knowledge of IDS/IPS, DMZ, encryption, IPsec, proxy services, MPLS/VPN, SSL/VPN.
  • Implementation of VPC, VDC, FEX link, VX-LAN, Switch profiles on Nexus 2k, 5k and 7k
  • Ability to collaborate with third-party vendors (3P) to establish VPN tunnels and manage B2B connectivity.
  • Configured and monitored Palo Alto Firewall models across branch, campus, and data center environments. Converted standalone devices to Panorama-managed systems and deployed VM devices in AWS cloud
  • Configured Network security by managing Users Profiles, ACLs/ Policies, NAT, Threat prevention and URL filtering on Palo Alto, ASA Firewalls, Meraki MX security Appliances
  • Experience in configuring checkpoint for security features like URL filtering, Application control, Identity awareness and Anti-spoofing and upgrading Checkpoint GAIA
  • Automation using REST WebAPI, PerlAPI, KornShell, and shell scripting on Red Hat Linux and Infoblox
  • Configuring Nexus 2k fabric extender (FEX) which act as a remote line card for the Nexus 5k
  • Experience with configuring VDC and VRF on cisco equipment and set up BGP on ASR9k and CRS1
  • Addressed daily operational tickets and collaborated with the operations team to resolve break-fix issues and ensure service delivery across various locations associated with data center operations
  • Applied Agile methodology to execute Move/Add/Change/Decommission processes and developed comprehensive Method of Procedure (MOP) documents
CNBC Universal, Rockefeller, New York
Sep 2008 – Nov 2008
NBC Universal is one of the world’s leading media and entertainment companies in the development, production, and marketing of entertainment, news, and information to a global audience.
Design Architect
Responsibilities:
  • Experience with design and implementation of Data center migration at NBC Universal
  • Experience with design and implementation of Virtual Switching System (VSS) for both User segment and server segment using 6509-V-E catalyst switches
  • Working knowledge with 10 gigabit Supervisor Engine 720, 2T on 6500 catalyst switches
  • Implementing 3750 Rack/Stack switches using Cisco StackWise technology
  • Experience with migration Hybrid based Cisco CatOS and Native Cisco IOS on 6500 catalyst switches
  • Converting access-lists to Firewall rule sets on FWSM module with 6509-E Catalyst switches
  • Configuring HSRP, VRRP, Ether-Channels LACP, PAGP and BFD Link Detection on 6500 catalyst switches
  • Working knowledge of PPP Protocol with Enhanced FlexWAN module on 6500 catalyst switch
  • Invloved configuring ppp multilink group, dialer group, PPP authentication protocols like PAP, CHAP
  • Installation of L3 Switching Engine policy Feature Card & Distributed Forwarding Card DFC3C
Environment: 3750, 3550, 3560, 2924, 6500 series switches, 7206, 2611, 6748, 6708, 2960, T1/T3 Controllers
Citi Financial, Warren, New Jersey
Jan 2008 – Aug 2008
Citi Financial the world’s largest financial service provider with 2400 branch offices in both U S and Canada
Network and Security Engineer
Responsibilities:
  • Experience in migration of Frame-relay based branches to MPLS based technology using multi layer stackable switch like 6500 series and 2800 series router
  • Involved in design of Data Center Migration & implementation strategies for the expansion of the MPLS VPN
  • Involved in designing L2VPN services and VPN-IPSEC authentication & encryption system.
  • Implementing & Troubleshooting of T1, MUXES, CSU/DSU and data circuits
  • Hands on experience with Cisco 3500, 3750, 4500, 6500 series equipment and configuring and deploying and fixing them with various modules like Gig card, VPN SPA card, WIC card.
  • Experienced in WAN environments, installing and troubleshooting data circuit problems (MPLS, T1)
  • Involved in designing and applying QOS and policy map to 2800 series routers for all the branches
  • Involved in designing GRE tunnels for encapsulation of data flow from source to destination
  • Implementing VoIP solutions using SIP & H.323, also have sound knowledge of Avaya VoIP products
  • Understanding & Implementation of IPSEC & GRE tunnels in VPN technology
Environment: Router 2800, 3800, 7200, 7600; Cisco Catalyst Switch 6500, 6509, 3550
NETMONASTERY NETWORK SECURITY, MUMBAI, INDIA
Aug 2006 – Sep 2007
NetMonastery is an all Indian products company in the computer security space. Working on latest technology in the network based intrusion prevention space, provides efficient detection system & prevents damaging worm attacks on a large enterprise network
Project 1: Traffic Anomaly Engine: Design and Development using Linux kernel module programming
Position: Lead Kernel Developer, Network Security Research and development division
Responsibilities:
  • Experience in design and development of Product ZoneVAXIN®, Traffic Anomaly System from NetMonastery Network Security Pvt. Ltd and Creating LiveCD for the product ZoneVAXIN®
  • Design implementation involving Netfilter, a powerful packet filter implemented in the standard Linux kernel.
  • It is real-time traffic anomaly detection and prevention system. It analyzes all the traffic for checking the anomalous behavior, detects unknown attack vectors in real-time network traffic
  • Detection algorithm forms the heart of the Traffic Anomaly Sys. That can be used to (i) prevent DoS and DDoS floods (ii) prevent port scan traffic and network anomalies (iii) make complex decisions in real-time.
  • Setup a remote SVN repository for source control, Involved in training of new software programmers.
  • Security Consulting involving web application testing and penetration testing.
  • Provide Support for Clients like BSE India, Kotak Securities, ICICI InfoTech and Saraswat Bank
Environment: Implemented in C Lang, Linux kernel Module programming and Netfilter: Linux packet filter

Project 2: Designing, Implementing and Monitoring of LAN/WAN with security implementation
Position: Network Engineer
Responsibilities:
  • Responsible for designing, implementing & monitoring NetMonastery customer Co-Location environment
  • Redistribution of routing protocols, Frame-Relay configuration and Network Migration from RIP to OSPF
  • Configure Switches for layer 2, 3 and 4 switching, also Configure Cisco Switches (3560, 3524, and 2900)
  • Upgrade Cisco Routers, Switches and Firewall (PIX) IOS via TFTP & Implement Cisco Firewall IDS using 2600
  • Experienced in using IXIA test hardware to generate and measure IPv4 performance, categorize IPv4 traffic, and connect appropriate Ixia load modules to align with port density requirements
  • Installed workstation for IP/IPv6 based LAN & Redesign customer office copper & fiber cable plant for scalability
Environment: Router 1800, 2600, 800; Cisco Switch 2960, 3550; Cat5 & 6 Cabling; ZoneVAXIN Anomaly Engine