Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

SRINIJH Reddy CHENDI

Sr. Cloud Network Security Engineer
Austin,Tx

Summary

Senior Cloud Network Security Engineer with 7+ years of progressive experience across enterprise networking, network security, and multi-cloud environments. Experienced in firewall rule cleanup, ACL optimization, and legacy network remediation in large enterprise environments. Strong expertise in designing and securing hybrid infrastructures across AWS, Azure, and GCP using Palo Alto NGFW, Panorama, and VM-Series deployments. Proven in implementing App-ID and User-ID for identity-based, application-aware security policies, along with configuring Wildfire, Threat Prevention, and SSL Decryption to enhance advanced threat visibility and inspection across encrypted traffic. Hands-on experience with BGP, OSPF, EVPN/VXLAN, MPLS, VRF, and enterprise routing architectures supporting high-availability environments. Proven background in firewall migrations from Cisco ASA and Check Point to Palo Alto, including policy optimization and segmentation redesign. Experienced in implementing Zero Trust architectures using GlobalProtect, Zscaler ZIA/ZPA, and identity integrations with Okta and MFA solutions. Skilled in designing secure hybrid connectivity using IPsec VPN, Direct Connect, ExpressRoute, and Transit Gateway with deterministic routing controls. Strong automation mindset leveraging Terraform, Ansible, Python, and REST APIs to streamline deployments and maintain configuration compliance. Adept at L2–L7 troubleshooting, security policy management, and integrating cloud-native security services with centralized monitoring platforms such as Splunk and Sentinel.

Overview

7
7
years of professional experience
4
4
Certifications

Work History

Sr. Cloud Network Security Engineer

Palo Alto Networks
Dallas, TX
07.2024 - Current
  • Headed enterprise migration from Cisco ASA and Check Point to Palo Alto PA-Series NGFWs using Panorama and Expedition, consolidating over 3,000 security rules and reducing policy complexity by 55%.
  • Designed and deployed Palo Alto VM-Series firewalls across AWS, Azure, and GCP to enforce centralized east-west and north-south traffic inspection in multi-cloud environments.
  • Implemented AWS Transit Gateway hub-and-spoke connectivity with Gateway Load Balancer integration, placing Palo Alto VM-Series inline for scalable cloud traffic inspection.
  • Designed secure Azure VNet architectures leveraging ExpressRoute, UDRs, and Azure Firewall, ensuring deterministic routing and secure hybrid connectivity.
  • Implemented GCP VPC segmentation with Cloud Router and Cloud VPN, integrating Palo Alto VM-Series for advanced threat prevention and application visibility.
  • Configured and optimized BGP routing across AWS Direct Connect, Azure ExpressRoute, and GCP Cloud Router to maintain symmetric routing and predictable failover behaviour.
  • Deployed Prisma Access to provide secure remote access for enterprise users, integrating with Okta SAML and MFA for Zero Trust enforcement.
  • Engineered Zero Trust Network Access architecture using Palo Alto GlobalProtect and Zscaler ZPA, reducing dependency on legacy VPN tunnels.
  • Integrated AWS GuardDuty, Azure Defender for Cloud, and GCP logging into centralized SIEM (Splunk/Sentinel), improving multi-cloud threat detection and reducing MTTR.
  • Implemented SSL Decryption, Threat Prevention, Wildfire, DNS Security, and URL Filtering policies across Palo Alto NGFW platforms to enforce L7 security controls.
  • Standardized Panorama device groups and template stacks for multi-region deployments, improving policy consistency across cloud and on-prem environments.
  • Automated firewall policy deployments using Terraform and Panorama REST APIs, enabling version-controlled infrastructure as code workflows.
  • Built reusable Terraform modules for AWS VPC, Azure VNet, and GCP VPC deployments with embedded security guardrails using OPA and Checkov.
  • Tuned TLS cipher suites and implemented HTTP/2 on F5 BIG-IP integrated behind Palo Alto firewalls, reducing handshake latency by 18%.
  • Designed micro-segmentation strategies using Palo Alto security zones and cloud-native route controls, limiting lateral movement across production workloads.
  • Performed firewall rule recertification and cleanup initiatives using hit-count analysis and automated Python validation scripts to remove stale and shadowed rules.
  • Integrated Infoblox IPAM APIs with Terraform pipelines to automate IP allocation and DNS provisioning across AWS, Azure, and GCP.
  • Conducted high-availability firewall cluster deployments in active/passive and active/active modes, ensuring zero downtime during maintenance and software upgrades.
  • Collaborated with cloud engineering and DevOps teams to embed network security controls into CI/CD pipelines, preventing non-compliant infrastructure changes.
  • Authored high-level and low-level design documents for multi-cloud network security architecture, supporting audit readiness and compliance frameworks including NIST and ISO 27001.
  • Environment : Palo Alto PA-Series(PA-3220, PA-5250, PA-5260)& VM-Series((VM-100 / VM-300 / VM-500)), Panorama, Prisma Access, GlobalProtect, AWS (VPC, Transit Gateway, Direct Connect, Route 53, GuardDuty, Security Hub), Azure (VNet, ExpressRoute, NSG, Azure Firewall), GCP (VPC, Cloud Router, Cloud VPN), BGP, IPsec VPN, EVPN/VXLAN, Cisco Nexus (9200, 9300, 9500), Juniper SRX (SRX340, SRX1500, SRX4100, SRX4600), Zscaler ZIA/ZPA, Okta (SAML/OIDC), F5 BIG-IP (LTM, ASM, GTM), Terraform, Ansible, Python, REST APIs, GitLab CI/CD, OPA, Checkov, Splunk, Microsoft Sentinel, Infoblox IPAM.

Sr. Cloud Network Security Engineer

Southwest Airlines
Irving, TX
11.2023 - 06.2024
  • Implemented secure hybrid connectivity between on-prem data centres and AWS/Azure environments using IPsec VPN, ExpressRoute, and Direct Connect with BGP route control.
  • Engineered AWS VPC hub-and-spoke architecture leveraging Transit Gateway and Gateway Load Balancer for scalable Palo Alto VM-Series inspection.
  • Designed Azure VNet segmentation using NSGs, UDRs, and Azure Firewall to enforce east-west and north-south traffic inspection.
  • Implemented GCP VPC network segmentation and secure connectivity using Cloud Router and Cloud VPN for hybrid multi-cloud environments.
  • Engineered Palo Alto NGFW policies including App-ID, User-ID, Threat Prevention, Wildfire, DNS Security, and SSL Decryption across cloud and on-prem deployments.
  • Administered Panorama device groups and template stacks for centralized policy management across multi-region deployments.
  • Migrated legacy firewall policies from Cisco ASA and Check Point to Palo Alto PA-Series, optimizing rule base and eliminating redundant objects.
  • Designed Zero Trust access models integrating GlobalProtect, Zscaler ZIA/ZPA, and Okta SAML-based MFA authentication.
  • Tuned BGP attributes including Local Preference and AS-Path prepending to maintain deterministic failover between cloud and data centre environments.
  • Implemented AWS GuardDuty, Azure Defender for Cloud, and cloud-native logging integrations with Splunk and Microsoft Sentinel for centralized monitoring.
  • Automated firewall rule deployment and validation using Terraform and Panorama REST APIs within CI/CD pipelines.
  • Developed Python-based scripts to identify unused, shadowed, and overly permissive firewall rules across enterprise environments.
  • Standardized naming conventions and security object models across Palo Alto, Fortinet, and Cisco FTD platforms to improve audit readiness.
  • Integrated Infoblox IPAM with Terraform automation workflows to prevent overlapping CIDR blocks during cloud expansion.
  • Designed micro-segmentation strategies using security zones, VRFs, and cloud route tables to reduce lateral movement risk.
  • Engineered high-availability firewall clusters in Active/Passive configurations with synchronized session failover and minimal downtime during upgrades.
  • Deployed F5 BIG-IP LTM and ASM policies behind cloud firewalls, configuring SSL offload, WAF protections, and persistence profiles.
  • Conducted firewall rule recertification campaigns using hit-count analysis and automated reporting to align with compliance standards.
  • Supported disaster recovery testing across hybrid cloud environments, validating routing convergence and firewall redundancy during failover simulations.
  • Authored high-level and low-level design documentation covering cloud connectivity, segmentation strategy, Zero Trust architecture, and automation standards.
  • Environment : Palo Alto PA-Series, Panorama, FortiGate, Cisco ASA, AWS (VPC, Transit Gateway, Gateway Load Balancer), Azure (VNet, ExpressRoute, Azure Firewall), BGP, OSPF, IPsec VPN, Cisco Nexus 7K/9K, Arista EOS, Zscaler ZIA/ZPA, Prisma Access, F5 BIG-IP (LTM, ASM), Infoblox (DNS/DHCP/IPAM), SolarWinds, Splunk, Microsoft Sentinel, Terraform, Ansible, Python, Cisco DNA Centre.

Network Security Engineer

SiriusXM
Hyderabad, India
01.2021 - 07.2023
  • Engineered Palo Alto PA-Series firewalls using Panorama for centralized policy management across data center and branch environments.
  • Designed and implemented zone-based firewall architectures enforcing strict north-south and east-west traffic inspection.
  • Configured and optimized NAT, Security Policies, App-ID, User-ID, Threat Prevention, and SSL Decryption profiles across enterprise environments.
  • Migrated firewall rules from Cisco ASA and Check Point to Palo Alto NGFW platforms, eliminating redundant objects and optimizing rule order.
  • Implemented IPsec site-to-site VPN and GlobalProtect remote access VPN solutions for secure user and inter-site connectivity.
  • Integrated Zscaler ZIA and ZPA to enforce Zero Trust Network Access for internal and internet-bound traffic.
  • Tuned IDS/IPS signatures and threat prevention profiles to reduce false positives while maintaining strong security posture.
  • Designed micro-segmentation strategy using security zones, VRFs, and data centre access control policies to limit lateral movement.
  • Managed firewall high availability configurations in Active/Passive clusters ensuring session synchronization and seamless failover.
  • Performed firewall rule recertification using hit-count analysis to remove unused, shadowed, and overly permissive policies.
  • Integrated firewall logs with Splunk and Microsoft Sentinel for real-time alerting and correlation analysis.
  • Conducted packet capture analysis using Wireshark and NetFlow to diagnose asymmetric routing, latency, and application access issues.
  • Administered Cisco Firepower FTD and Check Point R80.x platforms alongside Palo Alto NGFW for multi-vendor security environments.
  • Implemented URL filtering, DNS Security, and Wildfire sandboxing to prevent malware and phishing-based attacks.
  • Collaborated with server and application teams to define secure access policies aligned with least-privilege principles.
  • Configured and validated BGP and OSPF routing adjacencies across firewall boundaries to maintain stable route propagation.
  • Hardened firewall management planes using role-based access control, TACACS+, and certificate-based authentication.
  • Supported disaster recovery exercises validating VPN redundancy, firewall failover, and policy replication across secondary sites.
  • Automated firewall configuration validation using Python and Ansible to reduce manual errors and configuration drift.
  • Authored high-level and low-level documentation covering firewall architecture, segmentation models, and VPN design standards.
  • Environment : Palo Alto PA-Series, Panorama, Cisco Firepower (FTD), Cisco ASA (5515-X, 5525-X, 5545-X), Check Point R80.x, Juniper SRX, GlobalProtect VPN, IPsec Site-to-Site VPN, BGP, OSPF, Cisco Nexus 9K, Arista, F5 BIG-IP (LTM, GTM, ASM, APM), Zscaler ZIA/ZPA, Splunk, Sentinel, NetFlow, Wireshark, SolarWinds, Python, Ansible.

Network Engineer

XPO Logistics
Hyde, India
03.2019 - 12.2020
  • Provided Tier 2 and Tier 3 support for enterprise WAN and LAN environments across multiple branch and warehouse locations.
  • Configured and maintained Cisco Catalyst switches and ISR/ASR routers supporting VLAN segmentation and inter-VLAN routing.
  • Supported BGP and OSPF routing environments, troubleshooting route advertisements, neighbour relationships, and path selection issues.
  • Assisted in MPLS circuit deployments and validated WAN redundancy and failover behaviour.
  • Configured Access Control Lists (ACLs) and basic firewall policies on Cisco ASA and Check Point platforms.
  • Established IPsec site-to-site VPN tunnels between branch offices and data centre environments.
  • Monitored network performance using SolarWinds, NetFlow, and SNMP tools to identify latency and bandwidth utilization issues.
  • Performed firmware upgrades and patching on routers, switches, and firewall appliances during scheduled maintenance windows.
  • Troubleshot routing loops, STP inconsistencies, and VLAN misconfigurations to restore network stability.
  • Assisted in onboarding new branch sites by provisioning VLANs, routing interfaces, firewall zones, and WAN circuits.
  • Coordinated with service providers for circuit installations, BGP turn-ups, and cross-connect configurations within colocation facilities.
  • Participated in disaster recovery validation exercises, confirming routing convergence and VPN failover functionality.
  • Documented network topology diagrams, IP addressing schemes, and change management records within ServiceNow.
  • Supported SD-WAN edge device deployments by validating transport connectivity and basic routing policies.
  • Performed firewall rule modifications and NAT updates under senior engineer guidance.
  • Assisted in troubleshooting DNS and DHCP issues using Infoblox and Windows-based services.
  • Provided on-call support rotation handling live network incidents involving WAN outages and VPN instability.
  • Validated QoS configurations to prioritize voice and business-critical traffic across WAN links.
  • Collaborated with senior engineers during data centre connectivity expansions and network upgrade projects.
  • Environment : Cisco Catalyst 9300, Nexus Switches, ISR/ASR Routers, BGP, OSPF, MPLS, VLAN, HSRP, STP, Cisco ASA, Check Point Firewall, IPsec VPN, SolarWinds, NetFlow, SNMP, Infoblox DNS/DHCP, SD-WAN Edge Devices, ServiceNow, Python, Bash.

Education

Masters in Information Technology Management -

Webster University
St. Louis, MO

Bachelor of Technology - Computer Science

JNTU
Hyderabad, India

Skills

  • Cloud Platforms & Hybrid Networking
  • Amazon Web Services (AWS): VPC, Transit Gateway, Direct Connect, Route 53, Security Groups, NACLs, Gateway Load Balancer, GuardDuty, Security Hub, CloudWatch, CloudTrail
  • Microsoft Azure: Virtual Networks (VNet), ExpressRoute, User Defined Routes (UDR), Network Security Groups (NSG), Azure Firewall, Azure Load Balancer, Defender for Cloud, Azure Monitor
  • Google Cloud Platform (GCP): VPC, Cloud Router, Cloud VPN, Cloud DNS, Cloud Armor
  • Hybrid Connectivity: IPsec VPN, BGP over Direct Connect & ExpressRoute, Multi-Cloud Routing Design
  • Firewalls & Network Security
  • Palo Alto Networks (PA-3220, PA-5250, VM-Series, Panorama, Prisma Access, GlobalProtect, Wildfire, DNS Security)
  • Fortinet FortiGate (300E, 600E, 1500D), FortiManager, FortiAnalyzer, Cisco ASA, Cisco Firepower (FTD), FMC, Check Point R80x, Juniper SRX, Security Policies, NAT, App-ID, User-ID, SSL Decryption, Threat Prevention, IDS/IPS, URL Filtering, Zero Trust Network Architecture (ZTNA), Micro-Segmentation
  • Routing & Switching

Certification

CCNP- Cisco Certified Network Professional

Timeline

Sr. Cloud Network Security Engineer

Palo Alto Networks
07.2024 - Current

Sr. Cloud Network Security Engineer

Southwest Airlines
11.2023 - 06.2024

Network Security Engineer

SiriusXM
01.2021 - 07.2023

Network Engineer

XPO Logistics
03.2019 - 12.2020

Bachelor of Technology - Computer Science

JNTU

Masters in Information Technology Management -

Webster University

Similar Profiles

CREATE PROFILE
SRINIJH Reddy CHENDISr. Cloud Network Security Engineer