Danish Khan

Client: Cepheid

• Architected and implemented enterprise-grade network infrastructures, designing scalable and resilient solutions that supported business growth and digital transformation initiatives.
• Integrated advanced security controls into network design, embedding firewalls, IDS/IPS, segmentation, and zero-trust principles to ensure compliance and protect sensitive data.
• Led migration projects from legacy infrastructure to modern platforms, delivering improved system reliability, reduced latency, and enhanced cloud-readiness.
• Designed and optimized secure wireless architectures using Cisco 9130X/9120X APs and 9800 WLC, achieving seamless coverage and fortified protection against unauthorized access.
• Implemented automation and proactive monitoring frameworks, streamlining operations, accelerating incident response, and reducing downtime.
• Collaborated with executives, vendors, and cross-functional teams to evaluate technologies, negotiate cost-effective solutions, and align architectures with security and business goals.
• Documented standards, authored best practices, and mentored junior engineers, building organizational resilience through knowledge transfer and secure design principles.
• Championed innovation and security-first strategies, assessing risks, adopting emerging technologies, and delivering future-ready, compliant network solutions.
• Managed multiple high-priority projects simultaneously, consistently meeting deadlines while maintaining attention to detail.
• Provided exceptional customer support, resolving complex technical issues with effective communication skills.

• Architected and enforced advanced security policies on Palo Alto firewalls, ensuring secure, compliant, and optimized communication across multiple financial exchanges.
• Led L3 incident response and escalation support, resolving high-severity network and security issues with minimal downtime and business impact.
• Analyzed traffic flows and threats using Wireshark, Panorama, and Palo Alto Threat Logs, proactively identifying vulnerabilities and mitigating potential cyber risks.
• Designed and optimized network segmentation and zero-trust security models, strengthening perimeter defense and internal traffic isolation.
• Collaborated with compliance and risk teams to align firewall configurations and network security strategies with regulatory standards (PCI-DSS, ISO 27001, etc.).
• Developed BCP and DR (Disaster Recovery) strategies, including controlled power shutdown procedures and failover testing, ensuring maximum resilience and uptime.
• Coordinated with external vendors and service providers to expedite resolution of critical connectivity and performance issues across global exchanges.
• Implemented continuous performance monitoring and automated alerting, improving visibility into latency, packet loss, and potential attack vectors.
• Authored L3-level troubleshooting guides and playbooks, streamlining escalation processes and enabling faster resolution by L1/L2 teams.

• Architected and managed multi-vendor security platforms including Palo Alto (User-ID policies), FortiGate (multi-VDOM, PBR, User-ID), Cisco ASA, Forcepoint Proxy, and F5 LTM, delivering secure, scalable, and resilient network infrastructures.
• Designed and implemented identity-aware access controls, configuring User-ID–based firewall policies and enforcing segmentation for enhanced security and regulatory compliance.
• Deployed and optimized Forcepoint Proxy to secure web traffic, enforce usage policies, and mitigate advanced threats across distributed user bases.
• Planned and executed upgrades, failover testing, and BCP/DR activities, ensuring compliance, resiliency, and operational readiness.
• Led and supported multiple concurrent projects, balancing priorities across security, infrastructure upgrades, and compliance initiatives while ensuring timely delivery.
• Collaborated with stakeholders, vendors, and cross-functional teams, aligning security architecture with business objectives while driving cost-effective solutions.
• Engineered secure connectivity through dynamic IPsec tunnels, SSL VPN deployments, PBR configurations, and optimized firewall rule sets, enhancing speed, security, and compliance.
• Implemented application-aware traffic shaping and proactive monitoring (SolarWinds), improving performance, reducing latency, and enhancing end-user experience.
• Resolved complex L3-level issues in VPN, routing, and reverse-routing environments, minimizing downtime and ensuring continuity of mission-critical services.
• Authored architecture diagrams, playbooks, and best practices, supporting consistent deployments and mentoring L1/L2 teams in escalation workflows.

• Led Data Center migration from Cisco Catalyst 3850 to Nexus 9500, delivering a more scalable, resilient, and high-performance core infrastructure.
• Designed and implemented network architecture for VDI systems, ensuring secure, reliable, and high-speed connectivity to support enterprise virtualization.
• Directed critical firewall migrations, including Cisco ASA → Palo Alto, Juniper → FortiGate, and ASA upgrade from IOS 8.2 → 8.4, enhancing security posture and compliance.
• Configured and optimized multi-vendor firewalls (ASA, Palo Alto, FortiGate) with advanced features such as User-ID policies, PBR, multi-VDOM, and traffic shaping, strengthening performance and security.
• Implemented security policies and performed vulnerability assessments, addressing compliance gaps and proactively mitigating risks across core infrastructure.
• Configured core, distribution, and access layer switches and deployed routers (ISR4321, Nexus 9K, ASA 5515X/5520, Cisco 1900), ensuring reliable enterprise-grade connectivity.
• Resolved NAT, routing, and server accessibility issues, improving application availability and user experience.
• Proactively monitored and optimized infrastructure using SolarWinds and TGIM, minimizing downtime and ensuring operational stability.

Client: Kotak Mahindra Bank.

• Configured routers for new branches, and coordinated link migration activities.
• Troubleshoot various network links, including VSAT, P2P, ISDN, and MPLS; monitor network devices using SolarWinds.
• Configured QoS, route maps, and access lists; managed routing and reverse routing issues; and tunnel configurations.

• Project: NOC Operations (Location: Mumbai) - Troubleshot VPN issues, ensuring secure and reliable network connectivity
• Conducted troubleshooting on Checkpoint Firewalls/UTM and Sonic Wall Firewall, proactively identifying and resolving complex problems
• Configured switches and access points, enhancing network performance and accessibility; worked on Proxy Servers and Load Balancers and conducted IOS image upgrades and password recovery on switches, ensuring optimal performance and reliability
• Upgraded firmware in Sonic Wall firewalls and checked and provided RFO/RCA, enhancing transparency and accountability.
• Client: Godrej Group