Bharath Katta

Senior Network Security Engineer with 8+ years of experience protecting enterprise infrastructure across healthcare and financial services. Specializing in Zscaler Zero Trust architecture (ZIA/ZPA/ZCC/ZDX), Palo Alto NGFW/Panorama, and cloud security across AWS and Azure. Proven track record as Level 3 escalation points for P1/P2 incidents, leading vulnerability remediation programs, and building automation pipelines that strengthen compliance posture and operational efficiency.

ZDTA and PCNSE certified with deep hands-on delivery across regulated, high-stakes environments.

Senior Network Security Engineer - Fiserv (via Grid Dynamics Holdings) - OH, USA

(2025-05 - 2026-05)

Own the Palo Alto estate at Fiserv. PA-3430, PA-5450, PA-7080 all running through Panorama. 4,000+ active rules across the environment. Day to day is policy requests, object cleanup, profile tuning, WildFire submissions, and keeping the rule base from turning into a mess. Own Zscaler end to end at Fiserv. ZIA for internet security, ZPA for private app access, ZDX for digital experience monitoring.

Deployed App

Connectors across multiple on-prem DCs and AWS. Handle access rule work, identity scoping, and platform health daily across a large enterprise user base. Leading ZIA and ZPA migration at Fiserv. Mapping legacy proxy and VPN patterns into Zero Trust.

Cleaned up 100+ PAC file entries and forwarding rules. Making sure nothing business-critical breaks at cutover. Own ZCC across a large Windows and Mac endpoint fleet spanning multiple business units. Manage agent profiles, handle rollouts, keep SSL Inspection Exemption list current for cert-pinned apps.

Support DLP policy testing once policies go live. Set up SAML SSO in ZIA and ZPA tied to Active Directory and Entra ID. Every session is identity-bound before anything connects. No implicit access anywhere in the environment.

Built

• Ran the ASA to Palo Alto migration using Expedition across multiple firewall clusters. Identified and removed hundreds of shadow rules and redundant objects before cutover. Nothing moved until policy parity was fully confirmed across every segment.
• Rebuilt zone segmentation in Panorama from scratch. Moved workloads behind NGFWs, reduced overly permissive any-any rules by over 40%, and restructured policies to enforce least-privilege between every segment.
• Level 3 for all P1/P2 Zscaler incidents. Pull ZCC diagnostics, packet captures, proxy logs, ZDX path traces. Work directly with Zscaler TAMs until the case is closed. Every P1 gets a post-incident writeup with root cause documented.
• Run quarterly Tufin rule lifecycle reviews across the full Palo Alto estate. Each cycle surfaces unused rules, risky permissive entries, and compliance gaps across 4,000+ rules.

Senior Network Security Engineer - Renown Health (IT Corpz / ClickSoft Solutions) - Chicago, IL, USA

(2024-07 - 2025-05)

Deployed Zscaler ZIA and ZPA at Renown Health. ZPA segments scoped by clinical app ownership. ZIA policies tied to AD groups, so access followed identity, not IP address. Stood up FortiGate 7121F, 4800F, and 3700F with Fortinet Security Fabric integration.

Built HA clustering with proper failover, then layered web filtering and application control on top once HA was solid. Handled BGP and OSPF routing across the Renowned Health WAN and data center. Worked through route redistribution, summarization, and prefix filtering.

When routing behavior was unexpected during firewall or cloud changes, this was the first place to check. Managed VLAN configs and trunking across the switching environment at Renown Health. Provisioned new VLANs for clinical and administrative workloads, updated trunk policies, and resolved L2 issues that were causing intermittent connectivity problems for endpoint and server teams.

• Pushed Cisco ISE 802.1x to 95% of wired endpoints. Set up automated quarantine for posture failures. Unauthorized device incidents dropped over 50%. Security leadership flagged it as a major win in the annual risk review.
• Reviewed 500+ AWS resources in Prisma Cloud CSPM, tightened IAM permissions, turned on GuardDuty, and closed 200+ high-risk findings in 60 days. Compliance team used the output directly for HIPAA and SOC 2 Type II reviews.
• Managed AWS Direct Connect, Transit Gateway, and VPN for hybrid connectivity. Handled VPC design including subnets, route tables, and security groups for every new workload that came in.
• Fed Palo Alto, Zscaler, and ISE logs into the SIEM with user and asset context on every event. Worked with SOC to build detection rules that surfaced real threats instead of alert noise.
• Used Prisma Cloud Compute for container and Kubernetes security. Got container vulnerabilities down 40% and cut manual remediation by about 30% once policies were in place.
• Wrote a Python tool to keep asset and config records accurate across 1,000+ devices. Automated AD tasks with PowerShell to reduce manual work on the security team.
• Used Tufin for firewall audits across Palo Alto and ASA.

Managed

FortiAnalyzer for log collection and compliance reporting across the FortiGate fleet.

Senior Network & Support Engineer - Hexagon Capability Center - Remote, USA

(2019-07 - 2022-11)

Owned the DC switching fabric.

Cisco

Nexus 5K, 7K, 9K and Arista 7300 and 7368. VPC, LACP, HSRP, firmware upgrades. When something went down in the DC this was the first call. BGP, OSPF, and EIGRP across the enterprise WAN. Route maps, prefix lists, redistribution between domains. Replaced a set of static IPsec tunnels with DMVPN across branch sites, made adding new locations much simpler.

Built

Cisco ACI from the ground up. Tenants, bridge domains, EPGs, application profiles, Filter Taboo rules. East-west traffic controlled at the policy layer, not just VLAN separation.

Managed

FortiGate 1500D, 2000E, and 2500E for IPsec and