Summary
Overview
Work History
Education
Skills
Certification
Timeline
Skillset
Professional Training (SANS)
Generic

Niroj Khadka

Fremont,CA

Summary

Accomplished Senior Network Security Engineer with over 10 years of experience in enterprise network security and Zero Trust architecture. Expertise in designing and optimizing secure network architectures across diverse environments including cloud and data centers. Skilled in next-generation firewalls, SD-WAN, AWS networking, and security governance automation, with a strong focus on risk assessment, incident response, and compliance alignment.

Overview

1
1
Certification
12
12
years of professional experience

Work History

Senior Network Security Engineer

Intuitive Surgical
Sunnyvale, CA
04.2022 - Current
  • Lead enterprise Zero Trust architecture strategy across campus, data center, WAN, cloud, and remote workforce environments.
  • Design and maintain enterprise security reference architecture integrating identity providers, firewall enforcement, NAC, and application-layer security controls.
  • Implement identity-driven segmentation policies to reduce lateral movement and improve east-west traffic security.
  • Architect and deploy SASE-based secure remote access solutions supporting hybrid workforce scalability.
  • Conducted infrastructure risk assessments, threat modeling, and security control gap analysis to identify vulnerabilities and enhance security posture.
  • Lead major incident response efforts for network outages, security events, and performance degradation.
  • Managed AWS cloud connectivity, including VPC configuration and secure network access, to facilitate reliable data flow and maintain security.

Senior Network Engineer

Intuitive Surgical
Sunnyvale, CA
04.2021 - 04.2022
  • Led the deployment, management, and operation of campus LAN, WAN, WLAN, and Data Center with Nexus vPCs and SD-WAN utilizing Silver Peak.
  • Engineered dual-ISP high-availability WAN architecture with SD-WAN traffic steering and failover.
  • Managed Palo Alto NGFW and GlobalProtect VPN, optimizing centralized management through Panorama.
  • Administered Cisco Nexus data center switching and routing infrastructure, supporting high-availability network operations.
  • Integrated firewall, VPN, and cloud logs into SOC monitoring platforms, enhancing threat detection capabilities.
  • Managed and maintained URL filtering and SSL interception with Symantec ProxySG and Cloud SWG solutions.
  • Supported Okta identity integrations and network authentication systems.

Network Engineer

Intuitive Surgical
Sunnyvale, CA
06.2016 - 04.2021
  • Deployed Prisma Access for secure mobile user and branch connectivity.
  • Migrated legacy AAA systems to centralized Cisco ISE identity-based authentication architecture, enhancing security protocols.
  • Led next-generation firewall (NGFW) modernization across perimeter and data center environments.
  • Implemented micro-segmentation and advanced traffic visibility solutions.
  • Designed and implemented secure WAN optimization and SD-WAN branch connectivity solutions, improving network performance.
  • Managed campus LAN/WAN/WLAN infrastructure including Nexus switching and NAC deployments.
  • Configured SSL inspection, URL filtering, and secure web gateway solutions to strengthen internet security measures.
  • Contributed to the support of Broadcom (formerly Symantec) SG and ASG Proxy appliances for Internet Security and Cloud applications.
  • Administered Cisco AnyConnect and managed its DAP via Ansible.

Network Engineer

Agilent Technologies
Santa Clara, CA
09.2015 - 05.2016
  • Built scalable enterprise routing architecture using BGP, OSPF, and EIGRP to support increased network performance and reliability.
  • Designed high-availability data center network architecture using Cisco Nexus platforms.
  • Implemented IPS, VPN, and perimeter firewall security controls to enhance network security posture.
  • Designed, deployed, and managed secured WAN with traffic engineering, DC segmentation, and optimization using Riverbed Steelhead to improve data flow efficiency.
  • Deployed Riverbed WAN optimization and hybrid WAN solutions.
  • Managed Cisco ISE for 802.1X authentication and remote VPN access control.

Network Engineer

Chevron
Bakersfield, CA
04.2014 - 08.2015
  • Supported ISP backbone and MPLS VPN services through segmentation and redundancy, ensuring robust network availability.
  • Implemented WAN optimization, NAC, and traffic engineering solutions to improve network performance and reliability.
  • Migrated RADIUS authentication to Cisco ISE, enhancing security and streamlining access management.
  • Designed enterprise wireless, bridging, and firewall security architectures.
  • Managed URL filtering, SSL interception, and secure proxy solutions.

Education

Master of Science - Cybersecurity

Georgia Institute of Technology
Atlanta, GA

Bachelor of Science - Cybersecurity

Bellevue University
Bellevue, NE
01-2022

Bachelor of Science - Mathematics

Tribhuvan University
Kathmandu, Nepal
01-2006

Skills

  • Security Architecture & Frameworks
  • Zero Trust Architecture
  • Defense-in-Depth
  • Micro-Segmentation
  • Identity Access Control
  • Least Privilege Access
  • East-West Traffic Inspection
  • Secure Access Edge
  • Secure Service Edge
  • Network Access Control (NAC)
  • Network Security Technologies
  • Next-Gen Firewalls
  • Panorama
  • Prisma Access
  • GlobalProtect
  • IDS/IPS
  • SSL/TLS Decryption
  • URL Filtering
  • Secure Web Gateway (SWG)
  • IPsec VPN
  • Site-to-Site VPN
  • Remote Access VPN
  • Cloud & Hybrid Networking
  • AWS VPC
  • VPC Peering
  • Transit Gateway
  • Hybrid Cloud Connectivity
  • Direct Connect
  • Cloud Network Segmentation
  • VXLAN
  • Leaf-Spine Architecture
  • Cisco Nexus
  • Virtual Private Cloud
  • High Availability Design
  • Redundancy Architecture
  • WAN & Enterprise Infrastructure
  • SD-WAN (Silver Peak)
  • WAN Optimization
  • QoS
  • Campus LAN/WLAN
  • 8021X Authentication
  • Cisco ISE
  • RADIUS
  • AAA Migration
  • Monitoring & Operations
  • SOC Integration
  • Log Analysis
  • Root Cause Analysis
  • Change Control
  • Configuration Control
  • Policy Review

Certification

  • CCNP Enterprise
  • CCIE Routing & Switching (Written) (Expired)
  • Cisco Security Identity Management Specialist
  • Certified Wireless Network Administrator (CWNA)
  • AlgoSec AFA Expert & Master
  • Palo Alto Networks Certified Network Security Engineer (PCNSE) (Expired)
  • Aruba ClearPass Professional – ACCP (Expired)
  • Microsoft Certified Technology Specialist

Timeline

Senior Network Security Engineer

Intuitive Surgical
04.2022 - Current

Senior Network Engineer

Intuitive Surgical
04.2021 - 04.2022

Network Engineer

Intuitive Surgical
06.2016 - 04.2021

Network Engineer

Agilent Technologies
09.2015 - 05.2016

Network Engineer

Chevron
04.2014 - 08.2015

Master of Science - Cybersecurity

Georgia Institute of Technology

Bachelor of Science - Cybersecurity

Bellevue University

Bachelor of Science - Mathematics

Tribhuvan University

Skillset

Network Security Tools:

  • Snort, Wireshark, Tcpdump, Netfilter, Packet Filter (pf)
  • NMAP Fuzzing Frameworks: Sulley, Peach, SPIKE
  • Penetration Testing Tools: Kali Linux, Scapy, sqlmap, Metasploit Framework, Debuggers Ollydbg, Immunity Debugger, GNU Debugger (GDB), Burp
  • Networking services and protocols: TCP/IP protocol stack, DNS, NFS, FTP, SMTP, SSL, HTTP/HTTPS, routing protocols (RIP, OSPF, BGP)
  • Digital Forensic Tools: EnCase v7, Autopsy and Sleuth Kit, WinHex

Operating Systems

  • Linux, other UNIX variants, and the Microsoft Windows family.
  • Linux Server Administration.

Network and Internet Technology

  • Networking (TCP/IP Protocols, including ARP/RARP, IP, UDP, TCP, DNS, HTTP, FTP, SSH), Services (Apache, HTTP Proxies, MySQL, POP, IMAP, SMTP, DNS), and Cloud Services

Professional Training (SANS)

  • SEC450: Blue Team Fundamentals: Security Operations and Analysis
  • SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise