profile-pic
Vetted Talent

Gaurang Hingladiya

Vetted Talent

I started my career in July 2011 and have over a decade of experience in the network and security domain. I’ve worked with major companies, including Rackspace. My experience includes managing enterprise-scale networks, handling data centers supporting over 12,000 associates, and working with Cisco, Juniper, HP, Palo Alto, Checkpoint, FortiGate, Azure, AWS, and private clouds.

  • Role

    Network Security III

  • Years of Experience

    11.2 years

Skillsets

  • Network Security
  • Cloud Security
  • Compliance Management
  • data protection
  • Firewall Configuration
  • risk analysis
  • SIEM Solutions
  • Threat Prevention
  • Vulnerability Assessment
  • Id/access control

Vetted For

16Skills
  • Roles & Skills
  • Results
  • Details
  • icon-skill_image
    Network Architect (Onsite, Ahmedabad)AI Screening
  • 64%
    icon-arrow-down
  • Skills assessed :Agile Methodology, Cloud networking, CCIE, CCNP, CISSP, LAN/WAN, Network Architecture, network implementation, Network Security, QOS, SDN, TCP/IP, VPN, AWS, Azure, Python
  • Score: 58/90

Professional Summary

11.2Years
  • May, 2022 - Present4 yr 2 months

    Network Security Engineer |||

    Rackspace Technology
  • Jun, 2019 - May, 20222 yr 11 months

    Network & Security Lead

    Tata Consultancy Services
  • Jun, 2017 - Jun, 20192 yr

    Senior Network & Security Engineer

    Tata Consultancy Services
  • Feb, 2015 - Jun, 20172 yr 4 months

    Network Administrator

    Tata Consultancy Services

Applications & Tools Known

  • icon-tool

    AWS (Amazon Web Services)

  • icon-tool

    Azure

  • icon-tool

    Azure Security

  • icon-tool

    MS Office

  • icon-tool

    MS Visio

  • icon-tool

    Python

  • icon-tool

    Cisco Prime

  • icon-tool

    VMware

  • icon-tool

    GTM

  • icon-tool

    FMC

  • icon-tool

    SIEM

  • icon-tool

    Citrix

  • icon-tool

    WinSCP

  • icon-tool

    TeamViewer

  • icon-tool

    Zoom

  • icon-tool

    Teams

  • icon-tool

    Crowdstrike

  • icon-tool

    Office 365

  • icon-tool

    Zimbra

Work History

11.2Years

Network Security Engineer |||

Rackspace Technology
May, 2022 - Present4 yr 2 months
    Recommend, design, implement, and support application delivery infrastructure integration into business solutions, while meeting the business goals and objectives. This includes supporting documentation and diagrams detailing the specific infrastructure. Design and implementation experience with F5 BigIP LTM and GTM appliances and virtual appliances. Excellent understanding of LTM configuration (VIPs, Persistence, SNAT, SSL, etc.). Analyse network topologies and traffic/capacity requirements. Integration and management of firewalls through firewall managers (includes Panorama, FMC, Fortimanager and Checkpoint Smart Console). Deployment and migration of legacy WAN networks to SD-WAN with virtual firewalls on WAN routers (Viptela SD-WAN). As a network security consultant, implement network perimeter security to comply with information security policy of the organization. This includes proposing the solutions to customers for approval and implementation. Design and implement ID based network access control methods for users to access private as well as public cloud. Implement remote access control methods using different VPN technologies including SSL, IPSEC, PPTP and L2TP with strong authentication using multifactor authentication. Vulnerability assessment and testing. Facilitate design, implementation and troubleshooting for host and network based IDS/IPS systems including SNORT. Design, deploy and manage threat-free network infrastructure by implementing Anti-Spam, Anti-Virus and Anti-Malware solutions. Design and deploy SIEM solution and event management solutions along with hands-on troubleshooting. Maintain security standards for all 22 data centres across the globe.

Network & Security Lead

Tata Consultancy Services
Jun, 2019 - May, 20222 yr 11 months
    Responsible for round the clock network operation for branch infrastructure supporting 10k+ associates spanned across 150+ projects with different domains like finance, healthcare, education, government and more. Managed and mentored team of 20 associates across 3 locations of Garima Park, GIFT city and Bhopal. Gathered requirements from different customers and cross functional team to give desired IT solutions with security controls in place. Support data center networks utilising Cisco ACI and Nexus 9000 platforms. Contribute to development and performance of a migration plan from traditional data center network designs to Cisco ACI. Integrate service appliances to Cisco ACI developments to include application delivery controls and firewalls. Responsible for network design and implementation of Local Area Network and Campus Area Network. Configuration ACL, site to site configuration, NAT/PAT, URL filtering, application filtering, content ID filtering profile firewall. Integration of Network Devices to Cisco ACS and Cisco ISE for device and end point authentication. Responsible for Availability & Capacity Management for branch network and security infrastructure. Handled Data Centre operation having 70 racks, 150+ network and security devices, 100+ physical & virtual server and 500+ TB storage spread across 3 sites in Gujarat & MP. Monitored and managed 1700 VDI users. Responsible for managing CAPEX & OPEX for IT infrastructure. Designed, tested and commissioned DRP for critical business units and enterprise applications along with formulation of BCP. Conducted regular DR mock drills to assure continuity of business. Prepared and deployed risk mitigation plans by identifying and tracking risks. Actively participated in preparing documents for triple external audit such as ISO 9001, ISO 20000 and ISO 27001 conducted at TCS Gandhinagar.

Senior Network & Security Engineer

Tata Consultancy Services
Jun, 2017 - Jun, 20192 yr
    Redesigned, updated, and established network topography standard. Deploying and configuring L2, L3 switch, router, firewall and load balancer. Replaced legacy routers with Cisco ASR series. Part of a firewall and security team in support of Checkpoint, Cisco and Palo Alto firewalls, Zscaler Proxy, Juniper Portals, SecAuth, Open LDAP and Active Directory. Configured Cisco 2821, 2921 and 3845 CE routers to change them from EIGRP to a complex MPLS environment that includes VRF, IPSEC VPNs, Broadband Tunnels, HSRP and VLANs. Configured Cisco and Juniper switches to add VLANs for wireless project, VLANs, LACP, RSTP, Dot1x and QoS protocols for MPLS. Configured Cisco Wireless Access Points 1100, 3600 through Cisco NCS Prime. Imported diagrams to create campuses, buildings and to map wireless APs location. Responsible for verifying change records of routers, firewalls, switches and DHCP configurations before applying. Prepared multiple routers simultaneously for circuit turn-up, pushing MPLS configuration, and MPLS migration using Cisco NCM and prescripted TCL configurations. Configured routers for Controller Card Preparation, applying MPLS Configurations, MPLS Circuit Turn-up, MPLS Circuit Migration, Broadband Migration, Post Migration Clean-up, PPP, PPP Multilink, QoS, VPNs and Broadband Tunnels. Network monitoring through Solar winds, Manage engine and Whatsup gold. Implemented network change request for VLAN, MAC binding, ACL, STP, Dot1x, vPC, VRF, OSPF, BGP for new project requirement. Configured IPSEC, SSL and Clientless VPN, static and dynamic routes, URL filtering, threat prevention, User-ID, App-ID, Antivirus policies, NAT and Access rules. Vulnerability assessment and penetration testing of network infrastructure and closure of vulnerability or open action item. Managed backup of network infrastructure devices through FTP Script and Cisco Prime tool. Performed syslog analysis of network devices. Firewall rule base reconciliation on quarterly basis. Prepare ITIL report on monthly basis. Coordination with various service provider for GCN/shared MPLS, dedicated MPLS, internet and P2P link setup. Network Device BCP drill execution. Actively participated for security & IQMS audits and project specific audits.

Network Administrator

Tata Consultancy Services
Feb, 2015 - Jun, 20172 yr 4 months
    Responsible for 24/5 IT support for 1200 users by maintaining SLA in Incident Management & TAT for Change Management. Maintained Security Compliance for Network Devices. Become Auditee in Quality and Security Audits. Developed Technical skills to T/S any network issues and resolve it on timely manner. Implemented change request for network related changes to support project requirement. Support Project for BCP & Mock Drills. Rollout new network and security changes post successful testing.

Achievements

  • Managed and mentored team of 20 associates across 3 locations
  • Maintained security standards for all 22 data centers across the globe
  • Designed and deployed SIEM solution and event management solutions
  • Handled Data Center operation with 70 racks, 150+ devices and 500+ TB storage

Major Projects

6Projects

VDI Infrastructure Setup - Gujarat Branch

Dec, 2019 - Mar, 2020 3 months
    Secure Borderless WorkSpaces (SBWS) setup for 11,000 employees due to Covid-19 pandemic. Designed the connectivity for 150+ projects. Enabled and configured OSPF and BGP properties on NSX DLR and edge routers. Configured vSphere distributed switch policies for NSX support and load distribution. Configured load balancer one-arm and transparent modes. Compared the physical network topology which supports NSX. Deployed 4 extra security agents on all the machines for SBWS. Conducted major changes in various project connectivity keeping security guideline for SBWS. Replaced 4 internet firewalls to keep higher bandwidth & throughput while accessing TCS VDI. Implemented MPLS VPN for the projects using MPLS for their connectivity with the help of ISPs. Upgraded internet bandwidth and servers.

Firewall Migration

Jun, 2014 - Sep, 20195 yr 3 months
    Constructed a plan for replacement of existing firewall with NextGen firewall with minimal downtime. Identified the perfect firewall for given infrastructure compared to other vendors. Planned, designed and implemented migration activity. Planned and tracked firewall migration plan along with project specific connectivity. Replaced more than 8 firewalls during this tenure. Used various tools to execute this activity such as Expedition tool for Cisco to Palo Alto.

VDI Infrastructure Setup - GIFT City

Sep, 2018 - Jan, 2019 4 months
    Implemented VDI infrastructure for 400 users and migrated users' data and applications from Desktop to VDI. Lenovo HCI hardware is used for computer and storage along with Nutanix and VMware. Installation of Lenovo HCI Server and Nutanix. Nexus 9k switches configuration for VDI Setup. Configured NSX load balancer for application servers. NSX Edge and DLR configuration for Virtual Edge security and router, Virtual Switch for VDI pool. Installation of ESXi and mapped storage LUNs. Created static and floating VM pools as per project requirement. App volume creation for application virtualization for VDI users.

BOA Project Setup - GIFT City

May, 2017 - Feb, 2018 9 months
    Setup of all IT infrastructure services like AD, DNS, DHCP, SEPM, DLP and more on new infrastructure for the framework of physical Airgap infrastructure for 400+ users at GIFT City location for additional floor. Vendor coordination, floor networking, Hub Room design, Server Room rack setup planning. Configured Access and Core Nexus switches with Dot1x, VPC, HSRP and Access list. Configured VMware infrastructure including vCenter for server virtualization. Installed and configured AD, DNS and DHCP service. Configured and deployed GPO. Installed and configured SEPM, Cisco ISE, Nessus VA Tool. RSA SecurID setup for multifactor authentication.

GIFT City Location Setup

Mar, 2016 - Aug, 2016 5 months
    Consolidated 3 locations across two different cities into new GIFT CITY location for 1400 users. Planned and tracked location migration plan along with project specific connectivity. Planned and designed floor network passive design along with Hub Room design with admin and IPD. Planned, designed and implemented fibre & ethernet backbone connectivity for Server Room racks. Coordinated with different ISP and admin team for their respective MUX setup inside server room. Installed and configured network, server and security device for basis infrastructure.

GarimaPark Datacenter Passive Cabling

Jun, 2016 - Jun, 2016
    Designed and implemented passive cabling for Garima Park Data centre having 70+ racks under the guidance of technical leaders and mentors. Designed and planned medius density raw, high density raw and storage raw. Requirement gathering for interconnectivity of network, server and storage racks. Designed and finalized fibre connectivity and ether connectivity requirement across all racks. Coordinated with IPD and cabling vendor for design finalization. Implemented and monitored cabling work by vendor.

Education

  • Diploma in Computeer Engineering

    Gujarat Technological University (2011)

Certifications

  • Ccsa - checkpoint

  • Az-900 - microsoft

  • Az-104 - microsoft

  • Nse 4 - fortinet

  • Az-700 - microsoft

  • Az-300 - microsoft

  • Pcnse - palo alto

  • Ccnp security - cisco

  • Ccna r&s - cisco

  • Itil v3 - axelos

  • Jncia-junos - juniper

  • Lean six sigma - tata consultancy services

AI-interview Questions & Answers

Myself, Goran. I have started my career back in July 2011. And since then, I've been working in the network and security domain. I have worked in two major companies: one in services and the other in Rackspace. Right now, I'm based in the UK and looking to relocate back to India. So I have applied for this opportunity. I do have hands-on experience in various domains at the enterprise level, with a network scale of enterprise. I have handled data centers capable of 12,000 associates, divided into 50 plus projects. I have hands-on experience with Cisco, Juniper, HP, Palo Alto, Checkpoint, FortiGate, Azure, AWS, and some private clouds where we host our clients' applications, which are exposed to the Internet. We have created a DMZ zone. I have hands-on experience with NetScaler and load balances as well. I'm CCNSCCNPPCNSCCSA, CCSA, JNCIA, and ITIL v3 certified. I do have CCIE routing and switching in progress, but I'm not certified yet.

To ensure the VPN solution is fully resilient between us here and on-premise environment, I will make sure that there are two links available, and two service providers are available. So if any of the VPN goes down, we can switch it to the different service provider with two routers and two firewalls, and the firewalls would be in place. Apart from that, auto-failover should be enabled between the two firewalls. Sometimes it happens that auto-failover may not work when using two service providers, so we need to make sure auto-failover works all the time. Like, if you're using two service providers, auto-failover may not work sometimes. So, we need to make sure auto-failover works all the time. Apart from that, if there is an express route available, like Azure to AWS, it should be there. If it's not there, we can use it as a secondary path apart from the VPN. And the bandwidth should be aligned and dedicated. Like, I'm not sure if it's given properly, but I assume the bandwidth should be sufficient to meet your requirements and based on your headcount and the applications you're using. That's how you can ensure the VPN solution is fully resilient.

Software defined network, which is quite handy for VoIP traffic. You can create a different VLAN for the VoIP over IP network. And, you can give them high priority in your SDNs. So, whenever you have that, it's on a voice WAN side, and SDN will work at the LAN side only. Okay. Yeah. So you can define a different VLAN or VoIP. And on the LAN side, you can allow that higher priority traffic, which you can define in Cisco DNAT, then there are options available for web traffic. You can give a higher priority to any web traffic, whether it's from Teams or any phone lines. So it will tag that traffic and particularly with the QoS and it will give you the highest priority when there's congestion. So that traffic will flow seamlessly when you have high traffic on the website.

We would use network implementations. So, here you can, when you are using a cloud-based VPN, you always need to make sure that you have defined all the security controls, like any access authentications, then you can deploy with an ISE solution and multifactor authentications while connecting VPN, or else you can go for certificate-based authentications when you are deploying any kind of VPN. So, that's how you can maintain the standards of CCI security standards, like access authentications, user authentications, and authorizations, and what kind of authorizations you are going to give the users. So, there are three methods. With AAA, you can put AAA solutions. You can identify like next solutions, and you can go for multifactor authentications.

Discuss your approach to automating network deployment in AWS and Azure environments considering event segregation. When you're going for VLAN segregation, you want to assign the VLAN automatically based on user authentications. For instance, if a user is connecting their virtual machines from Azure, then it should assign the VLAN automatically based on the user's authentication. To elaborate, if a user is logged into the Azure cloud and accessing their machine, then whenever they log in, it will assign the VLAN IP address from the assigned pool. This is how you can automate the process. To provide a clear answer, can you specify whether you want to implement VLAN segregation on servers or user machines in the AWS and Azure environments? When users log in or access Azure machines or virtual machines deployed on AWS and Azure environments, we can provide the IP pool from the defined VLAN based on authorizations. We can create rules on our automation to achieve this. Additionally, we can automate this through firewall rules, where if a user is accessing a particular server, they will have access to specific ports and servers. To answer your question clearly, can you please rephrase the question in a more specific sense?

So, it's also a broad area like CISP compliant network security. In terms of network security, you need to give us details like what kind of network devices you're using, whether it's a switch, firewalls, routers. Do you have high availability in that or not? Are you using a next-generation solution for that or not? And what kind of CISP compliance security network framework we need to provide the next solutions. We need to provide defined VLAN creations on that. We need to create firewalls, rule-based configurations, what are the firewall ratings, vulnerability assessments, PT assessments of those devices. So, those details we need to check and based on that we can go ahead and look into how we can approach to provide or deploy network security controls without service disruptions. Or, you can go ahead and have a totally different IP schema, whatever you're using. Based on that, you can create a totally different IP schema, creating a different VLAN with the next solutions provided on that, creating firewall rules on that, creating bindings for traffic, creating next-generation solutions, and based on that, you can create a whole new network which is completely different than what you're using, and the IP schema would be completely different. And after creating that, after having the vulnerability assessment, PT assessment of your devices, and then you can move users from their current VLAN to the different VLAN one by one.

Config current configurations. I'm not sure about that. There is an issue with the script or the command line you're using. Because if it's Cisco, then the command should be show hostname. So maybe it's a command line or the script itself. I don't have much idea about that script, but I can say that there is no command. I can see, like, show hostname if it is Cisco routers.

Check network response time. It should be 200. It says 150 here. Corrected transcript: Check network response time. It should be 200. It says 150 here.

It's a multi-cloud strategy to ensure a seamless global QoS system. Yeah. It would be difficult to configure QoS when you're using multiple clouds because VLAN tagging and traffic tagging processes differently when you're using Azure, AWS, or GCP. So, here, we can come up with a totally different solution where you can use network segmentations and either proxy. You're not going to use it. So, you can use your firewall to perform QoS when you're doing any kind of traffic or multi-cloud strategy because the firewalls can be a key feature. And I suggest we're not going to use any kind of proxy in between when you're configuring any QoS or that traffic should be bypassed from the proxy completely, then we'll route that traffic towards the firewall. And in the firewall, we're going to perform that QoS for this kind of traffic because firewalls are the key that connects the different clouds in between, whether you're using AWS or GCP. Because whenever you're going to interconnect, like, two clouds, you're going to use the firewall. So, I would perform QoS configurations on the firewall, and I prefer that traffic be bypassed from all the proxies, whether it's Teams or whether you're using Avaya or Cisco UC, CUCM. So, I'll bypass that all traffic and prioritize it towards the firewalls and configure QoS on my firewall.

I don't have an idea, but I will try to read those questions or brief of my knowledge about that.

In what way would I apply DevOps practices to you? So, you can follow the ITL process. Apart from that, network monitoring is rigorously done using tools and technologies available in the market, or you can go for Terraform and Zabbix. So, monitor your network rigorously. And if, any network device is down, then automation is the key point. When you're monitoring the network, there should be an automated process which should be integrated with your monitoring or ticketing tools. So, if any network device is down or something like that, it should trigger an alert. Apart from that, it should create a P1 or P2 prioritized ticket. So, it should be monitoring automation combined together. Apart from that, you can use ITL versions 4 or 3 based on your organization. And you can have a look at incident management, change management, and problem tickets. And you can improve those. So, you will have a demo practice combined, and you can have an agile methodology like a Kanban board, monitoring each performance, whether it's the devices or your employees.