TOMORROW HIRERemote
Cloud Network Security Architect
District of Columbia, United States of America
Full Time
3 weeks ago
$160,000 - $190,000 USD
No Visa Sponsorship
Key skills
AWSCloudFirewallsTerraformCloudFormationNetwork SecurityZero Trust
About this role
Role Overview
- Architect and manage complex AWS network environments to meet TIC 3.0 and federal security standards.
- Deploy and manage Palo Alto VM-Series firewalls in AWS, including configuration of GlobalProtect, Panorama, and security policy orchestration.
- Use Terraform or CloudFormation to deploy major networking components via Infrastructure as Code (IaC), ensuring repeatable, documented, and auditable environments.
- Configure, troubleshoot, and maintain hybrid connectivity solutions, including AWS Direct Connect, Site-to-Site VPNs, and SD-WAN integrations.
- Design and implement Transit Gateway architecture and VPC Peering in multi-account AWS environments.
- Apply Zero Trust principles and TIC 3.0 requirements within AWS and Palo Alto ecosystems to enhance application and network security.
- Serve as the primary (or sole) Network Architect/Engineer responsible for discovery, documentation, design, and execution of network security solutions with minimal supervision.
- Collaborate with stakeholders to ensure secure, compliant network designs that support mission-critical federal applications.
Requirements
- 5+ years of experience architecting and managing complex AWS network environments
- 3+ years of experience deploying and managing Palo Alto VM-Series firewalls within a public cloud environment (AWS), including with Global Protect, Panorama, and security policy orchestration
- 2+ years of experience with Terraform or CloudFormation, including using IaC to deploy major networking components to ensure repeatable, documented environments
- Experience with Hybrid Connectivity and WAN, including configuring and troubleshooting AWS Direct Connect, Site-to-Site VPNs, and SD-WAN integrations to maintain hybrid-cloud connectivity
- Knowledge of Transit Gateway architecture and VPC Peering in multi-account environments
- Knowledge of implementing Zero Trust AND TIC 3 principles within an AWS or Palo Alto ecosystem
- Ability to function as the sole Network Architect or Engineer to be responsible for discovery, documentation, and execution with minimal supervision
- Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
- HS diploma or GED
Preferred Qualifications
- AWS Certified Advanced Networking – Specialty Certification
- Palo Alto Networks Certified Network Security Engineer (PCNSE) Certification
- Bachelors degree
- Active Secret clearance
Tech Stack
- AWS
- Cloud
- Firewalls
- Terraform
Benefits
- Health, Vision, and Dental Insurance
- PTO