profile-pic
Vetted Talent

Gaurang Hingladiya

Vetted Talent

I started my career in July 2011 and have over a decade of experience in the network and security domain. I’ve worked with major companies, including Rackspace. My experience includes managing enterprise-scale networks, handling data centers supporting over 12,000 associates, and working with Cisco, Juniper, HP, Palo Alto, Checkpoint, FortiGate, Azure, AWS, and private clouds.

  • Role

    Network Security III

  • Years of Experience

    12.1 years

Skillsets

  • Network Security
  • Cloud Security
  • Compliance Management
  • data protection
  • Firewall Configuration
  • risk analysis
  • SIEM Solutions
  • Threat Prevention
  • Vulnerability Assessment
  • Id/access control

Vetted For

16Skills
  • Roles & Skills
  • Results
  • Details
  • icon-skill_image
    Network Architect (Onsite, Ahmedabad)AI Screening
  • 64%
    icon-arrow-down
  • Skills assessed :Agile Methodology, Cloud networking, CCIE, CCNP, CISSP, LAN/WAN, Network Architecture, network implementation, Network Security, QOS, SDN, TCP/IP, VPN, AWS, Azure, Python
  • Score: 58/90

Professional Summary

12.1Years
  • May, 2022 - Present3 yr 4 months

    Network Security III

    Rackspace Technology
  • Jun, 2019 - May, 20222 yr 11 months

    Network Security Lead

    Tata Consultancy Services
  • Jun, 2017 - Jun, 20192 yr

    Senior Network & Security Engineer

    Tata Consultancy Services
  • Feb, 2015 - Jun, 20172 yr 4 months

    Network Administrator

    Tata Consultancy Services

Applications & Tools Known

  • icon-tool

    AWS (Amazon Web Services)

  • icon-tool

    Azure

  • icon-tool

    Azure Security

  • icon-tool

    MS Office

  • icon-tool

    MS Visio

  • icon-tool

    Python

  • icon-tool

    Cisco Prime

  • icon-tool

    VMware

  • icon-tool

    GTM

  • icon-tool

    FMC

  • icon-tool

    SIEM

  • icon-tool

    Citrix

  • icon-tool

    WinSCP

  • icon-tool

    TeamViewer

  • icon-tool

    Zoom

  • icon-tool

    Teams

  • icon-tool

    Crowdstrike

  • icon-tool

    Office 365

  • icon-tool

    Zimbra

Work History

12.1Years

Network Security III

Rackspace Technology
May, 2022 - Present3 yr 4 months
    Recommend, design, implement, and support application delivery infrastructure integration into business solutions, while meeting the business goals and objectives. This includes supporting documentation and diagrams detailing the specific infrastructure. Design and implementation experience with F5 BigIP LTM and GTM appliances and virtual appliances. Excellent understanding of LTM configuration (VIPs, Persistence, SNAT, SSL, etc.). Analyse network topologies and traffic/capacity requirements. Integration and management of firewalls through firewall managers (includes Panorama, FMC, Fortimanager and Checkpoint Smart Console). Deployment and migration of legacy WAN networks to SD-WAN with virtual firewalls on WAN routers (Viptela SD-WAN). As a network security consultant, implement network perimeter security to comply with information security policy of the organization. This includes proposing the solutions to customers for approval and implementation. Design and implement ID based network access control methods for users to access private as well as public cloud. Implement remote access control methods using different VPN technologies including SSL, IPSEC, PPTP and L2TP with strong authentication using multifactor authentication. Vulnerability assessment and testing. Facilitate design, implementation and troubleshooting for host and network based IDS/IPS systems including SNORT. Design, deploy and manage threat-free network infrastructure by implementing Anti-Spam, Anti-Virus and Anti-Malware solutions. Design and deploy SIEM solution and event management solutions along with hands-on troubleshooting. Maintain security standards for all 22 data centres across the globe.

Network Security Lead

Tata Consultancy Services
Jun, 2019 - May, 20222 yr 11 months
    Responsible for round the clock network operation for branch infrastructure supporting 10k+ associates spanned across 150+ projects with different domains like finance, healthcare, education, government and more. Managed and mentored team of 20 associates across 3 locations of Garima Park, GIFT city and Bhopal. Gathered requirements from different customers and cross functional team to give desired IT solutions with security controls in place. Support data center networks utilising Cisco ACI and Nexus 9000 platforms. Contribute to development and performance of a migration plan from traditional data center network designs to Cisco ACI. Integrate service appliances to Cisco ACI developments to include application delivery controls and firewalls. Responsible for network design and implementation of Local Area Network and Campus Area Network. Configuration ACL, site to site configuration, NAT/PAT, URL filtering, application filtering, content ID filtering profile firewall. Integration of Network Devices to Cisco ACS and Cisco ISE for device and end point authentication. Responsible for Availability & Capacity Management for branch network and security infrastructure. Handled Data Centre operation having 70 racks, 150+ network and security devices, 100+ physical & virtual server and 500+ TB storage spread across 3 sites in Gujarat & MP. Monitored and managed 1700 VDI users. Responsible for managing CAPEX & OPEX for IT infrastructure. Designed, tested and commissioned DRP for critical business units and enterprise applications along with formulation of BCP. Conducted regular DR mock drills to assure continuity of business. Prepared and deployed risk mitigation plans by identifying and tracking risks. Actively participated in preparing documents for triple external audit such as ISO 9001, ISO 20000 and ISO 27001 conducted at TCS Gandhinagar.

Senior Network & Security Engineer

Tata Consultancy Services
Jun, 2017 - Jun, 20192 yr
    Redesigned, updated, and established network topography standard. Deploying and configuring L2, L3 switch, router, firewall and load balancer. Replaced legacy routers with Cisco ASR series. Part of a firewall and security team in support of Checkpoint, Cisco and Palo Alto firewalls, Zscaler Proxy, Juniper Portals, SecAuth, Open LDAP and Active Directory. Configured Cisco 2821, 2921 and 3845 CE routers to change them from EIGRP to a complex MPLS environment that includes VRF, IPSEC VPNs, Broadband Tunnels, HSRP and VLANs. Configured Cisco and Juniper switches to add VLANs for wireless project, VLANs, LACP, RSTP, Dot1x and QoS protocols for MPLS. Configured Cisco Wireless Access Points 1100, 3600 through Cisco NCS Prime. Imported diagrams to create campuses, buildings and to map wireless APs location. Responsible for verifying change records of routers, firewalls, switches and DHCP configurations before applying. Prepared multiple routers simultaneously for circuit turn-up, pushing MPLS configuration, and MPLS migration using Cisco NCM and prescripted TCL configurations. Configured routers for Controller Card Preparation, applying MPLS Configurations, MPLS Circuit Turn-up, MPLS Circuit Migration, Broadband Migration, Post Migration Clean-up, PPP, PPP Multilink, QoS, VPNs and Broadband Tunnels. Network monitoring through Solar winds, Manage engine and Whatsup gold. Implemented network change request for VLAN, MAC binding, ACL, STP, Dot1x, vPC, VRF, OSPF, BGP for new project requirement. Configured IPSEC, SSL and Clientless VPN, static and dynamic routes, URL filtering, threat prevention, User-ID, App-ID, Antivirus policies, NAT and Access rules. Vulnerability assessment and penetration testing of network infrastructure and closure of vulnerability or open action item. Managed backup of network infrastructure devices through FTP Script and Cisco Prime tool. Performed syslog analysis of network devices. Firewall rule base reconciliation on quarterly basis. Prepare ITIL report on monthly basis. Coordination with various service provider for GCN/shared MPLS, dedicated MPLS, internet and P2P link setup. Network Device BCP drill execution. Actively participated for security & IQMS audits and project specific audits.

Network Administrator

Tata Consultancy Services
Feb, 2015 - Jun, 20172 yr 4 months
    Responsible for 24/5 IT support for 1200 users by maintaining SLA in Incident Management & TAT for Change Management. Maintained Security Compliance for Network Devices. Become Auditee in Quality and Security Audits. Developed Technical skills to T/S any network issues and resolve it on timely manner. Implemented change request for network related changes to support project requirement. Support Project for BCP & Mock Drills. Rollout new network and security changes post successful testing.

Achievements

  • Managed and mentored team of 20 associates across 3 locations
  • Maintained security standards for all 22 data centers across the globe
  • Designed and deployed SIEM solution and event management solutions
  • Handled Data Center operation with 70 racks, 150+ devices and 500+ TB storage

Major Projects

6Projects

VDI Infrastructure Setup - Gujarat Branch

Dec, 2019 - Mar, 2020 3 months
    Secure Borderless WorkSpaces (SBWS) setup for 11,000 employees due to Covid-19 pandemic. Designed the connectivity for 150+ projects. Enabled and configured OSPF and BGP properties on NSX DLR and edge routers. Configured vSphere distributed switch policies for NSX support and load distribution. Configured load balancer one-arm and transparent modes. Compared the physical network topology which supports NSX. Deployed 4 extra security agents on all the machines for SBWS. Conducted major changes in various project connectivity keeping security guideline for SBWS. Replaced 4 internet firewalls to keep higher bandwidth & throughput while accessing TCS VDI. Implemented MPLS VPN for the projects using MPLS for their connectivity with the help of ISPs. Upgraded internet bandwidth and servers.

Firewall Migration

Jun, 2014 - Sep, 20195 yr 3 months
    Constructed a plan for replacement of existing firewall with NextGen firewall with minimal downtime. Identified the perfect firewall for given infrastructure compared to other vendors. Planned, designed and implemented migration activity. Planned and tracked firewall migration plan along with project specific connectivity. Replaced more than 8 firewalls during this tenure. Used various tools to execute this activity such as Expedition tool for Cisco to Palo Alto.

VDI Infrastructure Setup - GIFT City

Sep, 2018 - Jan, 2019 4 months
    Implemented VDI infrastructure for 400 users and migrated users' data and applications from Desktop to VDI. Lenovo HCI hardware is used for computer and storage along with Nutanix and VMware. Installation of Lenovo HCI Server and Nutanix. Nexus 9k switches configuration for VDI Setup. Configured NSX load balancer for application servers. NSX Edge and DLR configuration for Virtual Edge security and router, Virtual Switch for VDI pool. Installation of ESXi and mapped storage LUNs. Created static and floating VM pools as per project requirement. App volume creation for application virtualization for VDI users.

BOA Project Setup - GIFT City

May, 2017 - Feb, 2018 9 months
    Setup of all IT infrastructure services like AD, DNS, DHCP, SEPM, DLP and more on new infrastructure for the framework of physical Airgap infrastructure for 400+ users at GIFT City location for additional floor. Vendor coordination, floor networking, Hub Room design, Server Room rack setup planning. Configured Access and Core Nexus switches with Dot1x, VPC, HSRP and Access list. Configured VMware infrastructure including vCenter for server virtualization. Installed and configured AD, DNS and DHCP service. Configured and deployed GPO. Installed and configured SEPM, Cisco ISE, Nessus VA Tool. RSA SecurID setup for multifactor authentication.

GIFT City Location Setup

Mar, 2016 - Aug, 2016 5 months
    Consolidated 3 locations across two different cities into new GIFT CITY location for 1400 users. Planned and tracked location migration plan along with project specific connectivity. Planned and designed floor network passive design along with Hub Room design with admin and IPD. Planned, designed and implemented fibre & ethernet backbone connectivity for Server Room racks. Coordinated with different ISP and admin team for their respective MUX setup inside server room. Installed and configured network, server and security device for basis infrastructure.

GarimaPark Datacenter Passive Cabling

Jun, 2016 - Jun, 2016
    Designed and implemented passive cabling for Garima Park Data centre having 70+ racks under the guidance of technical leaders and mentors. Designed and planned medius density raw, high density raw and storage raw. Requirement gathering for interconnectivity of network, server and storage racks. Designed and finalized fibre connectivity and ether connectivity requirement across all racks. Coordinated with IPD and cabling vendor for design finalization. Implemented and monitored cabling work by vendor.

Education

  • Diploma in Computeer Engineering

    Gujarat Technological University (2011)

Certifications

  • Ccsa - checkpoint

  • Az-900 - microsoft

  • Az-104 - microsoft

  • Nse 4 - fortinet

  • Az-700 - microsoft

  • Az-300 - microsoft

  • Pcnse - palo alto

  • Ccnp security - cisco

  • Ccna r&s - cisco

  • Itil v3 - axelos

  • Jncia-junos - juniper

  • Lean six sigma - tata consultancy services

AI-interview Questions & Answers

Uh, myself, Goran. I have started my career back in July 2011. And since then, I've been working in network and security domain. I have worked in, uh, 2 major companies. 1 is services and one in Rackspace. Uh, right now, I'm based in the UK and, uh, looking to relocate back to India. So I have applied for this opportunity. So I do have hands on experience, uh, in various domain at enterprise level enterprise scale of the network. I have, uh, handle the data centers which are capable of 12,000 associates, uh, divided into 2 50 plus projects. I have hands on experience on Cisco, Juniper, HP, Palo Alto, Checkpoint, FortiGate, Azure, AWS, and some of the private clouds where we host our client's applications, uh, which are face to Internet. Uh, we have created the DMZ zone. I have hands on experience on NetScaler, uh, load balances as well. I'm CCNSCCNPPCNSCCSA, CCSA, uh, JNCIA, and ITLV 3 certified. I do have, uh, I'm pursuing CCIE routing and switching, but I'm not certified yet. Thank you.

How would you ensure VPN solution is full portion between us here and on premise environment? I will make sure that there are 2, uh, links are available, and there is 2 service providers are available. So if if any of the VPN goes down, we can switch it to the different service provider with 2 routers and 2 firewalls, and firewalls would be in. Apart from that, uh, autofillor should be enabled between 2 firewalls. Sometimes it happens. Like, if you are using 2 service providers, auto failover will not work sometimes. So you need to make sure that auto failover should work all the time. Uh, apart from that, if there is any express route available like Azure, then it should be there, uh, to AWS. If it is not there, so you can use it as the secondary path apart from the VPN. And bandwidth should be aligned, uh, dedicated. Like, uh, I'm not sure it is not given properly, like, uh, what could be the bandwidth. So I I'm assuming that bandwidth should be there, which, uh, which is suffice to your requirement and, uh, based on your headcount and the applications which you are using. That's how you can ensure that VPN solution is fully resilient.

So software defined network, uh, which is quite handy for VoIP traffic. You can create a different, uh, VLAN for the VoIP over, uh, voice or IP network. And, uh, you can give them, you know, high priority in your SDNs. So, uh, whenever you are going to have that, uh, it's on a voice. WAN side, and SDN will work at the LAN side only. Okay. Yeah. So you can define a different VLAN or WIP. And on LAN side, you can allow that at higher priority traffic, uh, which you can define in if you are using Cisco DNAT, then there is a, uh, what you can say. There is options available for the web traffic. You can give a higher priority to any of the web traffic, whether it is from the teams or you are using any of the phone lines. So it would be, uh, it will tag that wheel and particularly with the wipe and it will give you the highest priority when you have congested when. So that traffic will flow seamlessly when you have higher traffic at the website.

Would use network implementations. So, uh, here you can when you are using a cloud based VPN, uh, you always need to make sure that you have defined, uh, you have put all the security controls like any, uh, access authentications, uh, then you can deploy with I'm solution and, uh, multifactor authentications while connecting VPN, uh, or else you can go for the sick, uh, certificate based authentications when you are deploying any kind of the VPN. So, uh, uh, that's how you can maintain the standards of the CCI security standards, like access authentications, uh, then user authentications and authorizations, and what kind of the authorizations you are going to give the users. So 3 method. Uh, with AAA, you can put AAA solutions. You can identify like next solutions, and you can go for the multifactor authentications.

Discuss your approach to automating network deployment in AWS and Azure environments considering the event segregations. So here, you need to elaborate more like, uh, you want when you are going for if any of the user is connecting their virtual machines from Azure, then it should assign the VLAN automatically based on the user authentications. Like, if I I am logged into the Azure cloud and I'm accessing my machine, then whenever I log in, it will assign the VLAN IP address from the assigned pool or that's how you can automate the process. But you need to elaborate more while providing that questions like it is the servers you want to go for the VLAN segregation. It is the user machines you want to go for the automations or have actually because it's the broad area. You cannot, like, answer the questions not giving that much of the you need to be specific while you ask these questions. So I'll take as, uh, like, uh, any of the users when they are going to log in or accessing any of the Azure machines or virtual machines deployed on AWS Azure environments. So based on the authorizations, we can provide the IP pool from the defined VLAN creating the rules on our automations like you can say. And, uh, you can automate that through the firewall rules as well. Like if this user is coming, then, uh, that kind of the access it would have that user will have, like, some kind of the servers and some kind of the port so you can create the firewalls automations. Apart from that, I, uh, you will need to elaborate the questions uh, and ask in a particular sense so we can answer that.

So, uh, it's also broad area like, uh, CISP compliant network security. So in terms of the network security, you need to give us the details like what kind of the, uh, network devices you are using, whether it is the switch, firewalls, routers. Do you have high availability in that or not? Uh, are you using the next solution for that or not? And, uh, what kind of the, uh, like, CASSP compliance security network framework, uh, we need to provide the next solutions. We need to provide the defined VLAN creations on that. Uh, we need to create the firewalls, rule based reconciliations, what is the firewall ratings, uh, vulnerability assessment, PT assessment of those devices. So that details we need to check and based on that we can go ahead and look into that like how we can approach to provide the or deploy the network security controls without service disruptions or else you can go ahead and have a different IP schema totally different IP schema or whatever you are using. Based you are using, then totally different IP schema creating a different VLAN with the next solutions provided on that, creating a firewall rules on that, creating binding the traffic, creating next solutions and based on that you can create a whole new network which is completely different than what you are using, and IP schema would be completely different. And after creating that, after having the vulnerability assessment, p t assessment of your devices, and then you can move, uh, users from their current VLAN to the different VLAN 1 by 1.

Config current configurations. I'm not sure about that. I guess there is there is issue with the script or the command line which you're using. Because command if it is Cisco, then it should be show host name. So maybe it's a command line or the script itself. I I don't have much idea about that script, but I can say that there is no command. I can see, like, uh, show host name if it is Cisco routers.

Examine the JavaScript function that should print ping if my request takes less than 2. This seems to be logical. What it is actually. Correct. If response time is less than 200. Yeah. Check network response time is it should be 200. It says 150 here.

It's a multi cloud, uh, strategy to ensure and seamless give us prioritization for a global wipe system. Yeah. It would be, uh, difficult to configure the QS when you are using multiple cloud because the VLAN tagging and the traffic tagging process differently when you are using Azure, AWS, or the GCP. So here, we can come out with a totally different solutions where you can use the network segmentations and the network, uh, either proxy. Uh, you are not going to use it. So you can use your firewall to perform the QoS when you are doing any kind of the traffic or the multi cloud, uh, when you are going to have multi cloud strategies because the firewalls can be key feature. And I will suggest we are not going to use any kind of the proxy in between when you are configuring any QoS or that traffic should be bypassed from the proxy completely and then we will go ahead and route that traffic towards firewall. And in firewall we are going to perform that QoS for this kind of the traffic because the firewalls would be the key which are going to connect the what do you say, uh, the different clouds in between whether you are using AWS or TCP. Because whenever you are going to interconnect, like, you are 2 VCPs, you are going to use the firewall. So I would perform that QS configurations on the firewall, and I will prefer that traffic should be bypassed from all the proxies, whether it is Teams or whether you are using Avaya or Cisco U, uh, CUCM. Uh, so I'll bypass that all the traffic and prioritize that towards the firewalls and configure QS on my firewall.

I do not have idea, but I will try to read those questions or brief of my knowledge about that.

In what way would you apply DevOps practice to me? So, uh, you can follow ITL process. Uh, apart from that, uh, network monitoring rigorously using tools and technologies available in the market. Or you can go for the Terraform and Zebesk. So monitor your network, uh, rigorously. And if, uh, act on those monitoring, like, any of the network devices is down, then each automations is the key point. When you're monitoring the network, there should be automatic automation process which should be integrated with your monitoring or the ticketing tools. So any of the network devices are down or something like that, it should trigger alert. Apart from that, it should create a p 1 or p 2 prioritize ticket. Uh, so it should be monitoring automation combined together. Uh, apart from that, you can use the ITL versions 4 or 3 based on the your organization. And you can have a look at incident management, change management, and the problem, uh, problem tickets. And you can improve that. So you will have, uh, you know, a demo practices combined and you can have a agile methodology like Kanban board, uh, monitoring each of the performance, uh, whether it is the devices or your employees.