AJAMATULLA KUBATUR
BANGALORE
Summary
Adept Senior Network Engineer with a proven track record at Sapiens, specializing in FortiGate Firewalls and Azure networking services. Demonstrated expertise in designing secure network architectures and managing complex migrations, enhancing system efficiency by 30%. Skilled in cross-team collaboration and innovative problem-solving, I excel in deploying scalable solutions and ensuring regulatory compliance.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Senior Network Engineer
Sapiens
Bangalore
12.2022 - Current
- Working on FortiGate Firewalls all over the global locations to maintain and manage security policies.
- Collaborated with project teams on the design of new networks or modifications to existing ones.
- Design, implement, and maintain complex network infrastructure using FortiGate firewalls and Azure networking services.
- Develop scalable and secure network architectures that support cloud and on- premises environments.
- Plan and execute network upgrades, expansions, and migrations.
- Configure and manage FortiGate firewalls, including creating and maintaining firewall rules, VPNs, and security policies.
- Monitor and respond to security alerts, ensuring that the firewall configurations align with security best practices.
- Perform regular audits and assessments of firewall rules and policies to maintain optimal performance and security.
- Ensure that network designs and implementations comply with industry standards and regulatory requirements.
- Collaborate with security teams to conduct risk assessments and vulnerabilities.
- Implement security measures to protect the network from internal and external threats, including DDoS protection and intrusion detection.
- Support day-to-day network operations, ensuring high availability and performance of the network infrastructure.
- Document network configurations, processes, and procedures for troubleshooting and knowledge sharing.
- Utilize FAZ for in-depth analysis of security events, network traffic, and system performance.
- Use FAZ to correlate events across multiple devices and identify potential security incidents.
- Manage and configure multiple FortiGate devices and Fortinet security products from a central console (FMG).
- Implement policy changes, firmware upgrades, and device configurations across the network using FMG.
- Maintain and manage device configurations, ensuring consistency and compliance across all managed devices.
- Use FMG for bulk policy deployment, device provisioning, and automated backups.
- Develop scripts and automation templates within FMG to streamline network management tasks.
- Design and deploy FortiGate SD-WAN solutions to optimize and secure network traffic across multiple WAN links.
- Monitor and manage WAN traffic, ensuring the best path selection for applications based on performance metrics.
- Integrate SD-WAN with Fortinet security features, such as firewalls, IPS, and antivirus, to protect network traffic.
- Deploy and manage FortiClient agents across the organization's endpoint devices using FortiEMS.
- Configure and enforce endpoint security policies, such as antivirus, web filtering, and application control.
- Utilize FortiEMS for real-time visibility into endpoint security posture and threat detection.
- Continuously monitor the health and performance of FAZ, FMG, SD-WAN, and FortiEMS deployments.
- Design and manage Azure Virtual Networks (VNets), subnets, and Network Security Groups (NSGs).
- Plan, design, and deploy the Azure Application Gateway for load balancing and application-layer security.
- Deploy and manage proxy servers to control internet access, enhance security, and monitor web traffic.
- Manage internal and external DNS zones, including creating and maintaining DNS records, such as A, CNAME, MX, and TXT records.
- Monitor DNS traffic, and resolve issues related to name resolution and DNS performance.
- Configure and manage Azure DNS zones for cloud-based applications, ensuring high availability and low latency.
- Integrate on-premises AD with Azure AD for seamless single sign-on (SSO), and cloud-based identity management.
- Manage and troubleshoot tools like Azure AD Connect for syncing on-premises AD with Azure AD, ensuring accurate and up-to-date identity information across environments.
- Implement security policies, such as HTTPS-only access, WAF rules, and protection against OWASP threats.
- Design and deploy Azure Virtual Networks (VNets) to support secure and isolated network environments in the cloud.
- Configure subnets, route tables, and Network Security Groups (NSGs) to control traffic flow and enforce security policies.
- Implement connectivity solutions like VPN Gateway, ExpressRoute, and VNet peering to connect VNets with on-premises networks.
- Integrate VNets with Azure services, such as Azure Bastion, Azure Firewall, and Azure Private Link.
- Design and deploy Azure Virtual WAN to create a global network architecture that connects on-premises networks, Azure regions, and remote users.
- Configure VWAN hubs, spoke VNets, and connectivity options like Site-to-Site VPN, Point-to-Site VPN, and ExpressRoute.
- Use SolarWinds Network Performance Monitor (NPM) to monitor network devices, such as routers, switches, firewalls, and servers, in real time.
- Analyze historical network performance data to identify trends and potential issues before they impact users.
- Maintain up-to-date documentation of network topology, device inventory, and configurations using SolarWinds' mapping and inventory tools.
- Use SolarWinds' forecasting tools to plan for growth, and prevent network bottlenecks.
- Design and implement data center network architectures using Cisco Nexus switches, focusing on scalability, performance, and redundancy.
- Set up VLANs, VXLANS, and associated routing protocols to enable layer 2 and layer 3 connectivity within and between data centers.
- Configure and manage VPCs on Nexus switches to provide link redundancy and load balancing across multiple physical switches.
- Troubleshoot VPC issues related to synchronization, consistency, and failure scenarios.
Deputy Manager Technical Support
Sagility India Private Limited (Formerly HGSHC)
Bangalore
03.2021 - 12.2022
- Implementation, administration, and L3 support of HCS network firewalls, routers, switches, and VPNs.
- Administering firewalls (Cisco ASA, FTD, FortiGate, and Palo Alto) and VPNs (Palo Alto PRISMA) as a part of day-to-day activity.
- Integration of firewalls with the Central Management Console (FMC) and Panorama.
- Implementation and maintenance of Meraki wireless network infrastructure all over the global infrastructure.
- Hardware migrations to cover EOL, or hardware limitations.
- OS upgrades and license management on firewalls and Cisco Nexus switches.
- Resolving incidents raised by the monitoring team.
- Responsible for approving change requests by the network team.
- Configuring and Monitoring VPNs (DMVPN, SSL, IPSEC).
- Maintaining MPLS links, customizing routing traffic according to the needs of infrastructure all over the globe.
- Analyze the root cause of failures, and develop solutions to address them within the shortest possible time
- New deployment of firewalls globally across HGS Healthcare.
- Involved in project setup, firewall port enabling, IPsec (client to site and site to site), VPN tunneling, etc.
- Permitting or denying traffic through ACLs from FMC, as well as FTDs.
- Responsible for maintaining the Network Uptime SLA for all of the global infrastructure.
- Tier 3 architecture designing and executing periodically, as per the needs of the organization.
- Monitoring network infrastructure through tools like OPManager, SolarWinds, and Cisco Prime.
- Good hands-on experience in Brocade ICX 7750, 6610, 7250, and 6430, 6450; implementation and maintenance of HP switches (HP ProCurve switches 7506, 10500).
Technology Specialist
Locuz Enterprise Solutions Ltd
Bangalore
09.2015 - 03.2021
- Working with network security incident tickets forwarded by the Helpdesk team (as per SLA).
- Working with Cisco ASA, FortiGate, and Palo Alto firewalls.
- Configuring and Managing Network and Security Devices.
- Implementing IPsec VPN in the firewall of all formats.
- Working on Checkpoint-FW in a distributed or standalone architecture.
- Deploying policy on firewall and NAT configuration.
- Working on site-to-site VPN connectivity over the IPsec protocol.
- Responsible for the remote update of licenses and patches.
- Responsible for configuring and maintaining the Cisco WLC setup (WLC-5508, Cisco 2700, 3700 access points).
- Gathering requirements from the client, architecting solutions, providing solutions to customers, and drafting Solution Documents.
- Creating BOM, POC, heat maps, solution, and technical documents as per the requirements of the project.
- Providing L2 and L3 support for new calls and escalation calls across the organization. Administering routing, switching, security, and wireless support/escalation calls across the organization.
- Designing LLD and HLD for customers with POA, and runbook.
- Directing IT networks as part of the team engaged in managing the data center, network, data, voice, and telephony infrastructure.
- Have an excellent skill set to deploy and configure VPC, VSS, and HSRP protocols.
- Delivering network maintenance support and responding to outages during off-hour software deployments within established Service Level Agreements (SLAs).
- Consulting end users in determining various network improvement needs based on system functional requirements.
Facility Management Engineer (Network)
Trimax IT Infrastructure & Services Ltd
Bangalore
03.2013 - 07.2014
- Configured and maintained network hardware, including routers, switches, firewalls, and wireless access points.
- Monitored network performance and troubleshot any issues that arose.
- Assisted in the design of local area networks and wide area networks.
- Installed software updates on servers, routers, firewalls, and other network devices.
- Configured routers, switches, firewalls, and other hardware to deploy and manage LAN, WAN, and wireless networks.
- Replaced faulty or damaged network hardware components to improve performance.
- Troubleshoot complex network issues, reduce downtime, and improve user satisfaction.
- Managed IP addressing and subnetting, ensuring efficient network operation and connectivity.
Education
B.E - Electronics And Communications Engineering
KBNCE Gulbarga
Gulbarga07-2012
Skills
- Firewalls: Fortigate, ASA, Palo Alto, SonicWall
- Central management consoles: FMG, FTD, FMC, PANAROMA
- Analyzers: FAZ, SolarWinds, OpManager, Cisco Prime, Azure Log Monitor
- Wireless, Cisco, Meraki, WLC, Aruba, Ruckus
- Switches: Cisco Nexus (2K, 5K, 7K, 9K), HP Switches, Brocade, Aruba, Cisco Catalyst 4500, Meraki, Juniper, etc
- Protocols: OSPF, BGP, EIGRP, MPLS, STP, ISIS
- VPN-ADVPN, DMVPN, P2P, IPSEC, Remote VPN, FortiClient VPN
- ACLS, QOS, PBR, VPC, Nexus, Wireshark, Packet Sniffer
- Tier 3 Architecture, POC, Cost Effectiveness, OFC, Capacity Planning
- Authentication (RADIUS) - Cisco ISE
- Cloud-VWAN, VNETS, APP GATEWAY, PROXY APP, DNS, WAF
Certification
- CCNA (R&S) CSCO 12704890
- Certified Meraki Network Operator
- Cisco Express Foundation for Field Support (CXFF)
- Palo Alto ACE 8.1
Languages
Hindi
First Language
English
Advanced (C1)
C1
kannada
Proficient (C2)
C2
Urdu
Upper Intermediate (B2)
B2
Timeline
Senior Network Engineer
Sapiens
12.2022 - Current
Deputy Manager Technical Support
Sagility India Private Limited (Formerly HGSHC)
03.2021 - 12.2022
Technology Specialist
Locuz Enterprise Solutions Ltd
09.2015 - 03.2021
Facility Management Engineer (Network)
Trimax IT Infrastructure & Services Ltd
03.2013 - 07.2014
B.E - Electronics And Communications Engineering
KBNCE Gulbarga
Similar Profiles
Farai BotshoFarai Botsho
Oracle Technical Consultant at SapiensOracle Technical Consultant at Sapiens
Arnav MishraArnav Mishra
Sr Business Analyst at SAPIENSSr Business Analyst at SAPIENS
Hritick BhuiyaHritick Bhuiya
Technical Analyst at SapiensTechnical Analyst at Sapiens