Work Preference
Summary
Overview
Work History
Education
Skills
Websites
Certification
Professional Highlights
Technical Skills
Personal Information
Work Availability
Languages
Timeline
Mahesh Kotla

Mahesh Kotla

Network Engineer
South River,NJ

Work Preference

Work Type

Full TimeContract Work

Location Preference

On-SiteRemoteHybrid

Important To Me

Team Building / Company RetreatsCareer advancementWork-life balanceCompany CulturePersonal development programsWork from home option

Summary

Results-driven Network Engineer with 7+ years of experience deploying, implementing, and securing enterprise, cloud, and data center networks. Skilled in Routing & Switching, SD-WAN, SASE, Zero Trust (ZTNA), and Network Reliability Engineering (NRE) across Cisco, Palo Alto, Fortinet, and Check Point platforms. Hands-on expertise in Infrastructure as Code (IaC) with Python, Ansible, and Terraform to automate provisioning, enforce compliance, and ensure high availability. Proficient in AWS, Azure, and GCP networking with exposure to CSPM and hybrid multi-cloud architectures. Strong background in High Availability, Disaster Recovery, and compliance frameworks (PCI-DSS, HIPAA).

Overview

7
7
years of professional experience
4
4
Certification

Work History

Network Engineer

AT&T
Middletown Township, NJ
01.2025 - Current
  • Migrated from Cisco ASA to Palo Alto NGFWs, optimizing rulebases, NAT policies, and security objects; administered PA-5445/7000 via Panorama, reducing config errors by 40% and improving security efficiency by 35%.
  • Enforced strict security compliance on Palo Alto PA-5445/7000 series by implementing Panorama templates, replacing manual changes with a centralized, error-free provisioning workflow.
  • Configured and supported Cisco ASA firewalls, managing ACLs, VPNs, and IPSec tunnels to secure the enterprise perimeter prior to migration to next-generation platforms.
  • Deployed FortiGate 6000 NGFWs with IPS, application control, and custom policies; integrated FortiClient and FortiManager for endpoint compliance and real-time threat visibility.
  • Integrated FortiClient, FortiGate, and FortiManager for centralized endpoint management, compliance enforcement, and policy synchronization.
  • Configured and supported Check Point firewalls (NGX R65, R80+), administering VPN connectivity, security policies, and log analysis to maintain compliance and secure remote access.
  • Applied micro-segmentation in Cisco ACI with APIC, integrated with VMware, vSphere, and deployed multi-pod architectures to streamline provisioning, reduce east-west threats by 40%, and boost compliance by 25%.
  • Implemented Cisco SD-Access with DNA Center, automating segmentation, reducing configuration time by 40%, and improving compliance metrics by 30%.
  • Configured Cisco ISE v3.x with Catalyst 9300, enforcing role-based, identity-driven access policies for wired, wireless, and VPN users.
  • Deployed Versa and Cisco Viptela SD-WAN on Catalyst 8000 Series, building scalable fabrics, application-aware routing, and multi-path optimization that improved branch-to-cloud resiliency by 30%
  • Built and configured SD-WAN fabrics, enhancing site-to-site connectivity, resilience, and security.
  • Implemented hybrid connectivity with AWS Transit Gateway and Direct Connect, Azure Traffic Manager with DDoS Protection, and Aviatrix multi-cloud architectures, while integrating Cloud Security Posture Management (CSPM) tools to strengthen visibility and compliance.
  • Configured hybrid connectivity and workload migration for Google Cloud Platform (GCP), integrating with AWS and Azure to enable secure multi-cloud architectures.
  • Configured Aviatrix Transit Gateway with Palo Alto VM-Series firewalls, centralizing inspection, enforcing inter-VPC policies, and securing multi-cloud traffic flows.
  • Migrated Blue Coat proxies to Zscaler ZIA/ZPA, configuring GRE tunnels, SSL inspection, and identity-driven access with Azure AD SSO.
  • Configured MPLS backbones with EBGP/IBGP and EIGRP on Juniper MX960, Cisco ASR 9000, and Arista 7800R, tuning policies for optimized traffic engineering.
  • Deployed IPv6 routing with OSPFv3 on Catalyst 8000, monitoring adjacencies via SolarWinds to ensure routing resiliency.
  • Migrated legacy Cisco switches to Aruba CX (8320, 8400, 6300, 6400) with VSX HA and ClearPass integration; deployed Aruba Wi-Fi 6 with Mobility Controllers and APs for high-density coverage.
  • Configured Cisco Meraki MX/MS appliances with Umbrella integration for distributed site security and simplified cloud management.
  • Configured F5 BIG-IP LTM/GTM and Citrix NetScaler ADC, designing SSL offload, iRules, GSLB, and MFA-secured VDI access to support high-availability application delivery across data centers.
  • Administered Infoblox DDI for DNS/DHCP/IPAM, automated workflows with APIs and Ansible, and ensured resilient IP address management across multi-region deployments.
  • Automated network and cloud operations with Python, Ansible, and Terraform, leveraging Infrastructure as Code (IaC) practices, version control, and CI/CD pipelines (GitHub/GitLab) to validate deployments and enforce compliance with PCI-DSS and NIST security frameworks.
  • Automated firewall provisioning using Ansible playbooks and integrated lifecycle management, reducing manual efforts and ensuring reliable deployments.
  • Containerized apps using Docker and Kubernetes (CNI with Calico/Flannel), enabling secure networking for microservices in hybrid cloud environments.
  • Implemented enterprise security toolchains with SAST/DAST scanning, WAF protections, and OAuth/SAML IAM integration to strengthen DevSecOps posture.
  • Implemented QoS policies and hierarchies across MPLS and LAN/WAN links to prioritize voice, video, telemetry, and unified communications traffic, ensuring consistent performance in critical environments.
  • Hardened switching and campus environments with BPDU Guard, Root Guard, VTP authentication, ACLs, ZBFW, and port security.
  • Performed and managed Equinix colocation operations, including rack-and-stack, structured cabling, and cross-connect provisioning, ensuring redundancy, compliance, and support for large-scale enterprise workloads.
  • Leveraged Cisco DNA Center Assurance with ThousandEyes AI for end-to-end network visibility, applying predictive analytics to preempt outages and reduce MTTR by 20% in multi-cloud environments.
  • Enhanced monitoring and visibility by leveraging SolarWinds (NetFlow, Cisco Prime, LEM, NCM) integrated with Splunk and NetScout for event correlation and compliance, while performing deep packet inspections with Wireshark to validate ACLs, firewall rules, and troubleshoot traffic flows, with documentation in Draw.io.
  • Executed RCA for high-severity L2/L3 incidents, delivering post-mortem reports with remediation plans to prevent recurrence.
  • Deployed Citrix NetScaler ADC for mission-critical web and VDI systems, implementing advanced load balancing, scripting, content switching, health monitoring, and MFA integration for secure distributed access.
  • Wrote iRules for redirecting traffic, configured Virtual Servers, Profiles, and Policies, and issued/created SSL server and client certificates.
  • Followed ServiceNow ITIL processes (incident, change, and configuration management) to maintain operational consistency across enterprise networks.

Network Engineer

State Street Bank and Trust Company
Princeton, NJ
05.2023 - 12.2024
  • Supported the migration from DMVPN to Cisco Viptela SD-WAN by deploying and configuring vSmart, vBond, and vManage controllers, and assisted in deploying Silver Peak SD-WAN to enable cloud-optimized routing, secure overlays, and SaaS acceleration, improving scalability, security, and user experience across distributed branches.
  • Assisted in migrating legacy networks to Cisco ACI, VXLAN EVPN, and SD-WAN, enabling automated policy enforcement, network segmentation, and improved overall performance.
  • Monitored network health using Cisco SD-WAN analytics, vAnalytics, and SolarWinds, identifying performance issues and ensuring SLA compliance.
  • Automated DNS/DHCP/IPAM operations with Infoblox for branch rollouts and hybrid WAN migrations.
  • Led implementation of Zero Trust Network Access (ZTNA) with Zscaler and Azure AD, enabling identity-driven access across cloud and branch environments as part of a SASE architecture.
  • Deployed and maintained GCP VPC networks with subnets, firewall rules, and inter-region routing; used Terraform to manage AWS VPCs, route tables, and security groups.
  • Expanded cloud automation by using Ansible and AWS CloudFormation to provision VPCs and security policies.
  • Configured Azure VNets, ExpressRoute, and Traffic Manager to enable secure hybrid connectivity and global load balancing for cloud-hosted applications.
  • Configured AWS Network Load Balancer (NLB) to distribute traffic across multiple EC2 instances, ensuring high availability and fault tolerance.
  • Designed and deployed F5 Global Traffic Manager (GTM) for global load balancing across data centers, enabling disaster recovery, failover, and geographic distribution of services to minimize downtime and latency.
  • Configured and supported Juniper SRX/vSRX firewalls for branch and cloud edge security.
  • Integrated Splunk with network logs for real-time event correlation and compliance reporting, enhancing end-to-end visibility across WAN and cloud environments.
  • Optimized routing and traffic engineering by configuring BGP features such as AS-Override, Split-Horizon, Local Preference, and Load Sharing on Cisco ISR and ASR routers.
  • Configured OSPF route summarization and virtual links on Cisco ASR 1000 and Nexus 7000 Series, reducing routing overhead and maintaining connectivity across OSPF areas.
  • Implemented QoS policies on CE/PE routers to prioritize voice, video, and business-critical traffic, reducing jitter and latency across MPLS links.
  • Configured IPsec VPN tunnels on Cisco ASA 5500-X firewalls for site-to-site and remote access, ensuring data confidentiality with strong encryption.
  • Integrated Cisco DNA Center with Cisco ISE to support automated access control, identity-based segmentation, and Zero Trust policies.
  • Configured NAT policies on Cisco ASA 5516-X firewalls, enhancing security and efficient IP address management.
  • Performed network failover and resiliency testing using ECMP, VRRP, and BFD across redundant paths in spine-leaf and edge environments.
  • Supported Check Point firewalls and integrated with Check Point Endpoint Security for unified threat management.
  • Installed, configured, and supported Palo Alto firewalls (PA-3000, PA-5000, PA-7050 Series), enabling LDAP/Active Directory integration for user-ID security policies.
  • Conducted wireless capacity planning with Ekahau tools to support required devices and apps while reducing interference using Cisco CleanAir.
  • Automated configuration backup and restore processes using Python and Ansible, reducing downtime and ensuring compliance.
  • Configured DHCP scopes and VLAN options on Cisco Catalyst 9500 Series switches to provide scalable IP address allocation.
  • Implemented RSTP and MST on Cisco Catalyst 9500 and Juniper EX4300 switches for fast convergence and VLAN optimization.
  • Monitored EIGRP adjacencies, OSPF processes, and STP events using SolarWinds NPM and Statseeker for proactive troubleshooting.
  • Configured SNMP monitoring on firewalls and routers, enabling real-time visibility of performance metrics.
  • Provided L3 support for routers, switches, firewalls, and load balancers (Cisco, Palo Alto, Check Point, Juniper Netscreen, F5 LTM/ASM) in enterprise environments.
  • Configured and supported A10 load balancers for application delivery, SSL offloading, and traffic optimization in enterprise data centers.
  • Integrated wireless NAC onboarding with Cisco ISE and Aruba ClearPass, ensuring identity-driven access to Wi-Fi networks.
  • Configured BlueCat for DNS/DHCP/IPAM, streamlining IP address management and ensuring high availability across enterprise networks.
  • Administered Blue Coat Secure Web Gateway (SWG), enforcing URL filtering, SSL inspection, and DLP controls to protect users from web-based threats.
  • Troubleshot network connectivity and packet flows using Wireshark, TCPdump, Gigamon, traceroute, and Linux tools, ensuring quick issue resolution.

Network Engineer

TCS
Hyderabad
12.2019 - 12.2022
  • Promoted from NOC Engineer within seven months due to demonstrated expertise in network troubleshooting, subsequently assuming full ownership of Layer 3 configuration projects and Tier-2 escalations.
  • Configured OSPF area segmentation on Juniper EX4300 switches to enable scalable routing, reduce convergence times, and improve overall network stability.
  • Maintained Git-based playbooks and rollback procedures, ensuring consistent deployments and simplifying change management processes.
  • Configured security rules and policies on Palo Alto Firewalls and performed centralized log monitoring and analysis using Panorama.
  • Configured and supported Palo Alto firewall HA pairs in active/passive clustering mode, ensuring seamless High Availability (HA), Disaster Recovery (DR), and business continuity for mission-critical enterprise applications, while validating synchronization of sessions, configuration, and dynamic updates across appliances.
  • Participated in next-generation firewall (NGFW) testing and validation to support network security upgrades and threat prevention strategies.
  • Administered Check Point firewalls (NGX R65, R80+), managing security policies and VPN configurations to ensure secure enterprise connectivity and compliance.
  • Supported pilot projects for the integration of IoT devices, ensuring secure onboarding and communication within enterprise networks.
  • Optimized Spanning Tree Protocol (STP) to prevent loops, balance network traffic, and improve reliability of switching environments.
  • Configured OSPF Fast Hello and Dead Intervals on Juniper MX480 routers to improve resiliency and minimize failover times.
  • Automated routine network tasks using Python and Ansible, including loopback provisioning, BGP peering templates, and SNMP setups.
  • Configured Cisco Nexus 5000/7000 switches to provide core Layer 2/3 connectivity and implemented VDC segmentation to optimize performance, scalability, and resource isolation in data center environments.

NOC Engineer

TCS
Hyderabad
05.2019 - 11.2019
  • Monitored Cisco ASA firewalls using SNMP and Syslog, forwarding logs to SIEM platforms and escalating alerts for threat detection and incident response.
  • Used basic STP monitoring tools to track topology changes and report potential switching issues to senior team members.
  • Provided basic enterprise Wi-Fi support, including initial troubleshooting, simple configurations, and performance checks.
  • Gained foundational exposure to AWS and Azure networking through lab exercises, setting up basic test VPCs, VPNs, and security groups.
  • Assisted senior engineers with BGP Route Reflector setup on Cisco Nexus 5000 series to reduce iBGP sessions within the AS.
  • Gained initial exposure to Cisco SD-WAN, helping with basic vEdge router provisioning and policy enforcement for WAN resiliency.
  • Contributed to the IPv4 to IPv6 migration project by performing basic compatibility checks and supporting transitions.
  • Resolved simple IP addressing conflicts and performed routine Cisco IOS image upgrades via TFTP on Catalyst 3850 and 4500 series switches.
  • Assisted in wireless site surveys using Ekahau and AirMagnet to help optimize basic coverage for enterprise deployments.

Education

Master of Science - Computer Science

University of Bridgeport

Skills

  • OSPF
  • EIGRP
  • BGP
  • RIP
  • DMVPN
  • Cisco Catalyst 9000
  • Cisco Catalyst 8000 series
  • Cisco Nexus 9000-3000 series
  • Cisco Meraki MS series
  • Arista 7000 series
  • ASR 9000 series
  • Juniper MX series
  • Cisco ISR 4000 series
  • Cisco IR models
  • Layer 2/3 technologies
  • VLANs
  • VTP
  • STP
  • RSTP
  • MST
  • 8021Q
  • Port-channel
  • PAGP
  • LACP
  • HSRP
  • VRRP
  • GLBP
  • VPC
  • VDC
  • MLAG
  • QoS
  • Palo Alto Networks
  • Cisco Firepower
  • Cisco ASA 5500 Series
  • Fortinet FortiGate
  • Symantec Blue Coat
  • Check Point
  • IKE
  • IPsec
  • SSL-VPN
  • IDS/IPS
  • URL filtering
  • SSL Forward Proxy
  • ACL
  • NAT/PAT
  • Port-security
  • SSH
  • HIPAA
  • F5 Networks
  • Citrix NetScaler ADC
  • A10 Networks ADC
  • Azure Load Balancer
  • SSL offloading
  • AWS
  • Azure
  • VNet
  • VMware vSphere
  • VMware NSX
  • VMware ESXi
  • Zscaler
  • Citrix ADC
  • ACI
  • Cisco Nexus Cloud
  • Cisco ACI
  • SD-WAN
  • Cisco WLC
  • Aruba ClearPass
  • Aruba Central
  • Ekahau
  • Ruckus
  • Cisco ISE
  • Air Magnet
  • AirWatch
  • Cisco DNA Spaces
  • Python
  • Ansible
  • Terraform
  • Git
  • GitHub
  • GitLab
  • Jenkins
  • GitHub Actions
  • GitLab CI/CD
  • Bash
  • PowerShell
  • Shell Scripting
  • AWS CloudFormation
  • Infrastructure as Code
  • CI/CD Pipelines
  • Wireshark
  • Splunk
  • SolarWinds NPM
  • NCM
  • SAM
  • Cisco DNA Center
  • NetScout
  • ThousandEyes
  • Nagios
  • Zabbix
  • Infoblox
  • ManageEngine OpManager
  • Dynatrace
  • Datadog
  • Logic Monitor
  • Grafana
  • Prometheus
  • PRTG Network Monitor
  • SAST/DAST Scanning
  • WAF
  • OAuth
  • SAML IAM
  • Zero Trust
  • Identity-Driven Access
  • Compliance

Websites

Certification

  • Cisco Certified Network Professional (CCNP)
  • AWS Certified Advanced Networking – Specialty
  • Palo Alto Networks Certified Network Security Engineer (PCNSE)
  • Cisco Certified Network Associate (CCNA)

Professional Highlights

  • Orchestrated comprehensive network security using Palo Alto (PA-7000/5400 series), FortiGate 6000, Check Point, and Cisco Firepower firewalls; managed centralized policy enforcement via Panorama and FortiManager with Ansible automation, achieving a 20% reduction in security incidents.
  • Executed complex multi-vendor migrations involving Cisco, Juniper, Aruba, Meraki, and Zscaler, successfully modernizing legacy environments to modern stacks while optimizing licensing costs and enhancing performance through VSX and AOS-CX solutions.
  • Managed carrier-grade routing platforms, including Juniper MX960 and Cisco ASR 9000 in telecom environments, deploying Segment Routing (SR) and ISIS to optimize low-latency traffic while engineering complex BGP route reflection for improved scalability.
  • Engineered secure, high-availability hybrid cloud architectures across AWS (Transit Gateway, Direct Connect), Azure (Traffic Manager, DDoS Protection), and GCP, utilizing Terraform and Python to implement automated Infrastructure as Code (IaC) workflows.
  • Developed robust automation frameworks using Ansible, Terraform, and Python scripting to build reusable playbooks that eliminated manual configuration errors, accelerated device onboarding, and supported complex Cisco ACI and SD-Access deployments.
  • Optimized application delivery and traffic management using F5 BIG-IP (LTM/GTM) and Citrix NetScaler; executed zero-downtime migrations from A10 to F5 and implemented iRules, SSL offloading, and global traffic management for mission-critical applications.
  • Deployed high-density wireless networks utilizing Aruba Wi-Fi 6 (802.11ax) supporting 1,500+ devices, integrating Cisco ISE and Aruba ClearPass for identity-based policy enforcement and secure micro-segmentation.
  • Ensured 99.99%+ network uptime through proactive monitoring and root-cause analysis using Wireshark, SolarWinds, Splunk, and Cisco DNA Center, providing Tier-3 support and real-time dashboards that significantly improved MTTR.
  • Modernized enterprise security architectures by deploying Zscaler Internet Access (ZIA) and Private Access (ZPA), migrating legacy Blue Coat proxies to cloud-native gateways, and enforcing strict compliance policies to protect distributed workforces.
  • Designed resilient WAN connectivity solutions using Cisco Meraki and Versa technologies, configuring automated failover for MPLS VPNs and implementing IPsec/GRE tunneling strategies to ensure seamless communication between branch sites and data centers.

Technical Skills

OSPF, EIGRP, BGP, RIP, DMVPN, Cisco Catalyst 9000, Cisco Catalyst 8000 series, Cisco Nexus 9000-3000 series, Cisco Meraki MS series, Arista 7000 series, ASR 9000 series, Juniper MX series, Cisco ISR 4000 series, Cisco IR models, Layer 2/3 technologies, VLANs, VTP, STP, RSTP, MST, 802.1Q, port-channel, PAGP, LACP, HSRP, VRRP, GLBP, VPC, VDC, MLAG, QoS, Palo Alto Networks (PA-2K, PA-3K, PA-5K, PA-7K Series), Cisco (Firepower, ASA 5500 Series), Fortinet (FortiGate 6000/600E Series), Symantec Blue Coat (ProxySG), Check Point, IKE, IPsec, SSL-VPN, IDS/IPS, URL filtering, SSL Forward Proxy, ACL, NAT/PAT, port-security, SSH, HIPAA, F5 Networks (BIG-IP LTM, BIG-IP GTM), Citrix NetScaler ADC, Cisco (CSM, ACE), A10 Networks ADC, Azure Load Balancer, SSL offloading, AWS (Transit Gateway, Direct Connect, Network Load Balancer), Azure (Traffic Manager, DDoS Protection, Load Balancer), VPC, VNet, VMware (vSphere, NSX, ESXi), Zscaler (ZIA, ZPA), Citrix ADC, ACI, Cisco Nexus Cloud, Cisco ACI, VMware NSX, SD-WAN, Cisco WLC, Aruba ClearPass, Aruba Central, Ekahau, Ruckus, Cisco ISE, Air Magnet, AirWatch (VMware Workspace ONE), Cisco DNA Spaces, Python, Ansible, Terraform, Git, GitHub, GitLab, Jenkins, GitHub Actions, GitLab CI/CD, Bash, PowerShell, Shell Scripting, AWS CloudFormation, Infrastructure as Code (IaC), CI/CD Pipelines, Wireshark, Splunk, SolarWinds NPM, NCM, SAM, Cisco DNA Center, NetScout, ThousandEyes, Nagios, Zabbix, Infoblox, ManageEngine OpManager, Dynatrace, Datadog, Logic Monitor, Grafana, Prometheus, PRTG Network Monitor, SAST/DAST Scanning, WAF, OAuth/SAML IAM, Zero Trust (ZTNA), Identity-Driven Access, Compliance & RCA Documentation

Personal Information

Title: Network Engineer

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Languages

English
Full Professional

Timeline

Network Engineer - AT&T
01.2025 - Current
Network Engineer - State Street Bank and Trust Company
05.2023 - 12.2024
Network Engineer - TCS
12.2019 - 12.2022
NOC Engineer - TCS
05.2019 - 11.2019
University of Bridgeport - Master of Science, Computer Science

Similar Profiles

CREATE PROFILE
Mahesh KotlaNetwork Engineer
Want your own profile? Create for free at MyPerfectResume.com