Palo Alto Engineer (Prisma Exp. Required)

Role Summary
This position involves designing, deploying, and managing enterprise-grade Palo Alto Networks security solutions, including next-generation firewalls and cloud security platforms. The role offers an opportunity to lead complex security projects and serve as a technical expert in a remote work environment. The successful candidate will collaborate with cross-functional teams to deliver scalable, high-availability security infrastructure aligned with organizational objectives.

Responsibilities

• Lead the end-to-end design, deployment, and configuration of Palo Alto Networks NGFW solutions across physical, virtual, and cloud-native environments (PA-Series, VM-Series, CN-Series).
• Serve as the technical lead for firewall and cloud security implementations, guiding projects from architecture to production rollout and operational support.
• Develop and implement advanced security policies utilizing App-ID, User-ID, Device-ID, and Content-ID frameworks to ensure robust security posture.
• Manage SSL/TLS decryption, certificate management, and policy enforcement to facilitate secure communications.
• Configure and maintain Threat Prevention, WildFire, DNS Security, URL Filtering, and other advanced security services.
• Architect and oversee centralized firewall management solutions such as Panorama and Strata Cloud Manager, including policy optimization and security posture assessments.
• Lead deployment and integration of Prisma Access, including remote user access via GlobalProtect, ZTNA 2.0, and unified security policies for hybrid environments.
• Support Prisma Cloud initiatives related to CSPM, CWP, container, and serverless security, including CI/CD pipeline integration.
• Design and implement high availability architectures, including active/passive and active/active configurations with advanced routing protocols such as BGP and OSPF.
• Lead migration activities from legacy firewall platforms (e.g., Cisco ASA, Fortinet, Check Point) to Palo Alto Networks NGFW solutions.
• Troubleshoot complex security issues related to traffic flows, policy evaluation, decryption failures, and HA failover scenarios.
• Provide mentorship and technical leadership to team members, fostering knowledge sharing and best practices.
• Engage with stakeholders, vendors, and clients to ensure successful security solutions implementation and ongoing support.
• Create comprehensive documentation, runbooks, standard operating procedures, and deployment guides to support ongoing operations.

Qualifications

• 5–8+ years of experience in network security engineering with in-depth knowledge of enterprise firewalls and perimeter security.
• Hands-on experience with Palo Alto Networks NGFW products, including deployment, configuration, and management of PA-Series and VM-Series firewalls.
• Strong expertise in PAN-OS, including security policy design, NAT, routing, SSL/TLS decryption, and log monitoring.
• Proven experience managing Panorama at scale, including template stacks, device groups, and policy management.
• Deep understanding of network security fundamentals such as TCP/IP, VPN protocols (IPsec/SSL), and Layer 7 application control.
• Knowledge of Zero Trust principles and their implementation in enterprise environments.
• Ability to lead complex security projects and workstreams, demonstrating strong troubleshooting skills.
• Relevant Palo Alto Networks certifications such as PCNSA, PCNSE (preferred), or PCSAE.
• Familiarity with Prisma Access deployment, Prisma Cloud, cloud-native security tools (AWS, Azure, GCP), and SOAR platforms like XSOAR or XSIAM is a plus.
• Scripting or automation experience (Python, Ansible, Terraform) for API-driven workflows is desirable.
• Excellent communication skills and ability to interface effectively with stakeholders at various levels.
• In compliance with federal law, all persons hired must verify their identity and eligibility to work in the United States and complete the required employment eligibility verification form upon hire. Candidates must be legally authorized to work in the United States without employer sponsorship, now or in the future.

Publishing Pay Range: $80.00 – $90.00 hourly

This is a fully remote role and can be performed from an approved location.