Lokesh Reddy
Alpharetta,GA
Summary
Cyber Security Engineer with over 7 years of experience specializing in information security, AWS, DevOps, endpoint security, network security, micro-segmentation, Illumio, WAF, Zscaler, Palo Alto, zero trust network security, security architecture and design. As a Senior Security Engineer, role involves developing content and enhancing IT service support to ensure robust security measures are in place for safeguarding systems. Background as a network, system, micro-segmentation, zero trust security, and cyber security specialist has greatly contributed to team's success in delivering top-tier service. Determined, action-oriented individual driven by new challenges and a desire for success in all endeavors. Performed security design and architecture reviews for micro-segmentation and zero trust security. Ability to handle multiple tasks and work independently or as part of a team, efficient team player in challenging and creative environments. Excellent adaptability to new technologies and skills.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Senior Security Engineer
FannieMae
03.2017 - Current
- Lead Illumio/ microsegmentation project to protect Fanniemae's legacy systems and high risk applications by installing Illumio agents on servers and analyzing inbound/outbound traffic to write policies on achieving host level segmentation.
- SME for Micro-Segmentation tool Illumio, which uses host based ‘ring-fencing’ technology to protect and isolate Fannie Mae High Risk Applications and restrict lateral movement within the on-premises network.
- Responsible for Installation, Operation and Upgrades of Illumio Core VEN agents and Illumio Core PCE management console.
- Experience in installing, upgrading 2x2 and 4x2 Illumio core PCE cluster and deploying Illumio PCE software, restoration and migration of policy and traffic database in case of any failover.
- Deployed Illumio, PaloAlto and other security products in AWS using Cloudformation templates, code pipeline and automation.
- Developed application dependency mapping and Explorer traffic reports in Illumio PCE console prior to deploying and configuring enforcement policies to restrict traffic between applications and various environments.
- Configured and managed firewall rules and policies in Illumio PCE management console.
- Enforced Illumio VEN agents by enabling host-based firewalls like iptables for Unix/ Linux and Windows Filtering platform (WFP) for Windows.
- Written Bash and Shell scripts for automation of VEN agent installations on Unix/ Linux and Windows.
- Experience in troubleshooting Illumio traffic blocked events, VEN and PCE related issues.
- Experience with security logging and monitoring SIEM tool Splunk.
- Educated client teams on zero trust concepts and best practices, supported clients in responding to security incidents by applying zero trust principles to investigate and mitigate breaches.
- Developed and enforced security policies aligned with zero trust principles that cover microsegmentation.
- Designed and deployed Palo Alto Network physical/ virtual firewalls in Public/ private cloud infrastructures and datacenters.
- Expertise in Conducting security policy rule review to identify and remove rules that are not needed to reduce Palo Alto firewall policy lookup.
- Configured & monitored Global Protect and Gateways to create IPSec and SSL VPN's Tunnels with Users & Customers on Palo Alto Firewall.
- Created Rules (Pre, Post and Default), Objects, Device Groups and Templates on Panorama.
- Troubleshot complex technical issues using tools such as Wireshark and/or TCPDump on network devices and/or various client/servers.
- Created local admin accounts for ZIA and ZPA for all the Security Group and the Operational folks, Configured Connectors along with Zscaler TAM And DAS team.
- Created locations for each site once the GRE Tunnel is up on the respected location for the traffic flow, to granulize the traffic created Sub-locations for each site.
- Created URL category for each service based on the requests, URL Policies for each URL Category, SSL Inspection Bypass for particular internal Sites, Firewall Control Policies as per organization and requester choice.
- Configuration of web filtering and managed firewall service.
- Created Hosted PAC Files based on the organization request what to be accessed before and after authentication.
- Added Network Services to the Firewall filtering in Administration, Created IP&FQDN groups.
- Troubleshot firewall rules in Illumio, Palo Alto, Checkpoint, Zscaler
- Involved in designing and deploying multitude applications utilizing almost all the AWS stack (Including EC2, Route53, S3, RDS, Dynamo DB, SNS, SQS, IAM) focusing on high-availability, fault tolerance, and Auto-scaling in AWS CloudFormation.
- Managed UNIX, RHEL and SUSE as a blend of systems architecture and development.
- Worked on GIT and Subversion (SVN) version controls.
- Set up the GIT and SVN repos for Jenkins build jobs.
- Deployed application using Jenkins server & CI to run the unit tests.
- Troubleshot build and release job failures, resolved, worked with engineering on resolution.
- Worked in implementation team to build and engineer servers for Unix, Suse Linux, Redhat Linux & AIX operating systems.
- Worked on AWS to provision new instances, S3 Storage Services, AWS EC2 & Cloud watch services.
- CI/CD pipeline management through Jenkins.
- Developed scripts, automated solutions and built deployment using Scripting languages such as BASH, RUBY and PYTHON.
- Developed a continuous delivery PIPELINE with Docker, Jenkins and GITHUB and AWS AMIs.
- Actively coordinated and communicated with the corresponding teams, as the developed Interface has the dependency with other team’s interfaces.
- Set up and configured Linux (Redhat) and Solaris servers/workstations for clients.
- Administered and Maintained RHEL 6.x/7.x/8.x/9.x, Solaris 10/11, SLES 11/12/15 and Windows 2008/2012/2016/2019/2022 using kick start based network installation.
- Worked in a LAMP environment (Linux Apache, MySQL, PHP).
- Installed, Configured and Maintained the DNS, DHCP, NFS, LDAP and FTP Servers.
- Hands-on Experience in using configuration management tools like Puppet.
- Configured VPC, security groups, launching instances, databases and configuration of storage in AWS using EC2, Route 53.
- Used Puppet for automation of Illumio VEN agent installs and upgrades.
- Experience with PowerShell, Bash Shell Scripting to automate system administration jobs.
- Experience in configuring and implementing load balancing features to Web server clusters.
- Implemented and maintained firewalls and F5 load balancers, F5 ASM.
- Wrote iRules to maintain persistence based on session and for testing in production environment.
- Experience in build and deploying Symantec Protection Engine for antivirus scanning via ICAP and Rest API scanning.
- Reviewed logs for all networking devices for unresolved abnormalities and problems and documented all server and network problems and other unusual events in detail.
- Communicated with vendors to resolve network outages and periods of reduced performance.
- Troubleshot LAN/ WAN/ WLAN infrastructure that included routing protocols.
- Involved in SSL Security certificate management for enterprise, maintaining certificates across multiple SSL providers, and integrating certificates into products such as Apache, Tomcat, AWS-ELB.
- Automated Weekly releases with ANT/Maven scripting for compiling Java Code, Debugging and Placing Builds into Maven Repository.
- Assisted in the design and executed the processes for certificate issuance process using Venafi Certificate Management System (CMS) tools as a front-end to external 3rd party Comodo digital certificates in the backend.
- Partnered with vendors to evaluate new products that offer improved security features while maintaining cost effectiveness.
- Recommend improvements in security systems and procedures.
- Performed risk analyses to identify appropriate security countermeasures.
Security Analyst Intern
SHIVAM MEDISOFT
08.2014 - 07.2015
- Implemented IBM AppScan standard, source editions, HP WebInspect, Nessus, and QualysGuard web application and Infrastructure scanning tools. In addition, security tools like Nmap,Metasploit, enumeration tools in Kali and BurpSuite were utilized for manual penetration testing.
- Participated in penetration testing exercises to identify weaknesses and recommend strategies for remediation.
- Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with development teams for the implementation of mitigating controls.
- Performed security assessments for client-facing apps. Associated IT infrastructure such as database management systems, middleware systems, web services (SOA) were also included in security assessments.
- Implemented Secure Software Development Life Cycle (S-SDLC) processes; developed secure coding practices for web, mobile applications, including database and middleware systems.
- Pentested external and Internal Infrastructure using open source kali tools to detect vulnerabilities in the versions running and OS and helped strengthen security by filtering ports using firewalls and updating the Versions working with server team.
- Performed Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments.
- Generated executive summary reports showing the security assessments results, recommendations and risk mitigation plans and presented them to respective business sponsors and senior management.
- Reviewed Android and iOS mobile source code, API's Testing and recommended code fixes.
- Performed risk analyses to identify appropriate security countermeasures.
Education
Master’s in Computer Engineering -
Cleveland State University
Cleveland, OH12.2016
Bachelors in Electronics & Communications Engineering -
JNTU Hyderabad
Hyderabad, India05.2015
Skills
- Network Security Management
- Micro segmentation
- Network segmentation
- Endpoint security
- Zero trust security
- Vulnerability Assessment
- Security Compliance Auditing
- Operating System Hardening
- Firewall Configuration and Management
- Security policy development
- Illumio
- Palo Alto
- Zscaler
- F5 ASM/ WAF
- Symantec protection engine Antivirus
- Bluecoat proxy
- Git
- LINUX, Windows
- VMware
- Databases (Oracle, SQL, PSql)
- IPtables, WFP
- Extrahop
- AWS
- Devops, CI/ CD, Jenkins
- Puppet
- Power Shell Scripting, Bash, Python
- Wireshark
Certification
- Certified AWS Solutions Architect Associate
- Certified AWS Developer Associate
Timeline
Senior Security Engineer
FannieMae
03.2017 - Current
Security Analyst Intern
SHIVAM MEDISOFT
08.2014 - 07.2015
Master’s in Computer Engineering -
Cleveland State University
Bachelors in Electronics & Communications Engineering -
JNTU Hyderabad
Similar Profiles
Tejasri IppalaTejasri Ippala
Senior Full Stack Software Engineer at FanniemaeSenior Full Stack Software Engineer at Fanniemae
Allen ChenAllen Chen
Application Integration Service Senior Associate at FannieMaeApplication Integration Service Senior Associate at FannieMae
Jimmy MauldinJimmy Mauldin
Deputy Chief of Mission at U.S. Embassy, Department Of StateDeputy Chief of Mission at U.S. Embassy, Department Of State
Kuriakose Jacob KandathilKuriakose Jacob Kandathil
Data Streaming Engineer — Risk Platform at Options Clearing Corporation (Contract)Data Streaming Engineer — Risk Platform at Options Clearing Corporation (Contract)
Anoushka JasaparaAnoushka Jasapara
Student Volunteer at FurkidsStudent Volunteer at Furkids