KRISHNA CHAVDA
Souderton,PA
Summary
Dynamic Senior Network and Security Engineer with over 9 years of experience in designing, implementing, and securing enterprise network and cloud infrastructures. Strong hands-on expertise in firewall security, intrusion detection and prevention (IDS/IPS), VPN security, identity and access management, and hybrid cloud networking. Proficient in utilizing industry-leading technologies such as Cisco Firepower (FTD/FMC), Palo Alto, Fortinet, AWS security services, and Microsoft Entra ID to ensure robust security postures. Proven ability to maintain high availability, mitigate risks, and support compliance through secure architecture and policy enforcement while actively transitioning into Cloud Security Engineering roles with a focus on infrastructure and identity security.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Senior Network Engineer / Security Engineer
SAFARI Montage
Conshohocken
05.2025 - Current
- Manage and secure enterprise LAN, WAN, virtual, and cloud-based network infrastructure, ensuring high availability and performance.
- Maintain and optimize MPLS WAN connectivity, Internet edge routing, and inter-site communications across multiple office locations.
- Design and deploy wired and wireless network solutions, including full lifecycle configuration and infrastructure upgrades.
- Lead migration from Cisco Nexus to Cisco Meraki switching architecture, improving network visibility, operational efficiency, and security monitoring.
- Administer and maintain Cisco Firepower Threat Defense (FTD) and FMC, managing firewall rules, NAT, access control policies, and security zones.
- Configure and tune Snort IDS/IPS policies, monitoring intrusion alerts and adjusting detection rules to improve threat visibility and reduce false positives.
- Perform Firewall DAP audits and access policy reviews to maintain compliance and enforce least-privilege access controls.
- Design and implement secure VPN authentication architecture using Cisco VPN, Duo MFA, and Microsoft Authenticator.
- Collaborate with infrastructure and system administration teams to migrate VPN authentication to Microsoft Entra ID, improving identity-based access security.
- Manage and troubleshoot F5 load balancers, ensuring application availability and optimized traffic distribution.
- Maintain and administer network monitoring and logging platforms, including SolarWinds and centralized syslog solutions.
- Support Microsoft Teams Unified Communications infrastructure, ensuring network reliability for voice and collaboration services.
- Serve as escalation and backup support for security and server infrastructure teams, assisting with incident response and system recovery.
- Participate in 24/7 on-call rotation responding to critical network and cybersecurity incidents.
Network Engineer / Network Security Engineer
Business Wire
San Francisco
07.2017 - 11.2024
- Supported global enterprise network infrastructure delivering 99.9% uptime across multiple data centers and remote workforce environments.
- Designed, deployed, and maintained IPsec VPN architecture supporting 15+ branch locations and secure remote connectivity.
- Implemented and maintained enterprise firewall policies, NAT rules, and access control configurations to strengthen perimeter security.
- Reduced security incidents by 40% through improved authentication controls and policy enforcement.
- Implemented Cisco ISE Network Access Control (NAC) enabling device and user identity enforcement.
- Conducted vulnerability assessments, compliance audits, and remediation planning aligned with corporate security policies.
- Performed security log analysis across firewalls, VPN gateways, and monitoring systems to identify potential threats.
- Assisted security teams with incident investigation and containment activities.
- Administered F5 and A10 load balancing solutions ensuring application high availability.
- Managed global wireless network deployments across 25+ facilities using Cisco Meraki and enterprise wireless controllers.
- Improved network performance through routing optimization, traffic engineering, and capacity planning.
Network Engineer
Procepernce
San Francisco
02.2017 - 07.2017
- Improved LAN/WAN performance using QoS and traffic prioritization techniques.
- Managed IP addressing, subnetting, routing configuration, and infrastructure troubleshooting.
- Monitored and maintained routers, firewalls, and network services.
- Performed firmware updates and infrastructure maintenance to improve reliability and security.
Education
Master of Technology (M.Tech) - Digital Communication
CHARUSAT
Gujarat, India05.2014
Bachelor of Engineering - Electronics & Communication
BMCET
Gujarat, India2012
Skills
- Routing & Switching: BGP, OSPF, EIGRP, VLANs, IPv4/IPv6
- Wireless Infrastructure: Cisco Meraki, Arista, Mojo
- Firewall Platforms: Cisco Firepower (FTD/FMC), Cisco ASA, Palo Alto, FortiGate
- IDS/IPS: Snort, Firepower intrusion policies, threat detection and tuning,Intrusion mitigation
- VPN Security: Site-to-Site VPN, Remote Access VPN, MFA-protected VPN
- Identity & Access Management: Cisco ISE, Duo MFA, Microsoft Entra ID (Azure AD), Conditional Access
- Security Operations: Log analysis, incident response support, vulnerability remediation, compliance audits
- AWS Security Services: IAM, Security Groups, CloudTrail, CloudWatch, VPC security
- Hybrid Cloud Connectivity: Site-to-Site VPN, Transit Gateway
- Azure / Entra ID Security: MFA deployment, authentication integration, identity governance
Certification
- AWS Certified Security – Specialty
- AWS Certified Solutions Architect – Associate
- Cisco Certified Network Professional (CCNP)
- Cisco Certified Network Associate (CCNA)
Timeline
Senior Network Engineer / Security Engineer
SAFARI Montage
05.2025 - Current
Network Engineer / Network Security Engineer
Business Wire
07.2017 - 11.2024
Network Engineer
Procepernce
02.2017 - 07.2017
Master of Technology (M.Tech) - Digital Communication
CHARUSAT
Bachelor of Engineering - Electronics & Communication
BMCET