Senior Network Security Engineer – Palo Alto Firewall

Role Overview

• Design, deploy, implement, and support Palo Alto Networks firewalls across enterprise environments
• Lead and execute firewall migration projects from Cisco ASA and Cisco Firepower to Palo Alto firewalls, including assessment, rule translation, migration planning, testing, cutover, and post-migration support
• Analyze existing Cisco ASA / Cisco Firepower firewall configurations, policies, objects, NAT rules, VPN settings, and security controls, and map them to Palo Alto firewall architecture and policy constructs
• Plan and implement firewall migration strategies with minimal business disruption, including dependency analysis, phased migration, validation testing, and rollback planning
• Configure, optimize, and troubleshoot Palo Alto security policies, NAT rules, application controls, URL filtering, decryption policies, and threat prevention profiles
• Implement and manage Palo Alto Advanced Threat Prevention (ATP) and related security subscription services and features to strengthen protection against advanced threats
• Lead firewall implementation projects, including new deployments, upgrades, policy standardization, and rule-base optimization
• Review, analyze, and optimize firewall rule sets to ensure alignment with security standards, least privilege principles, and operational best practices
• Troubleshoot complex network security issues related to traffic flow, policy enforcement, application dependencies, connectivity issues, and threat prevention controls
• Support secure network architecture initiatives including segmentation, high availability, redundancy, and disaster recovery design considerations
• Collaborate with network, cloud, infrastructure, and application teams to define and implement effective firewall and IPS controls based on business and technical requirements
• Provide operational support for mission-critical production environments, including incident response, root cause analysis, and problem management related to firewall technologies
• Review logs, alerts, and security events to identify threats, anomalies, misconfigurations, and opportunities for improving the firewall security posture
• Participate in change management activities, including creating, reviewing, and implementing technical procedures, test plans, and rollback strategies
• Develop and maintain automation scripts using Python, PowerShell scripting, or similar technologies to improve firewall operations, reporting, policy validation, migration activities, and repetitive administrative tasks
• Support audit and compliance activities by providing required firewall evidence, configuration details, rule review outputs, and policy validation documentation
• Collaborate with internal teams and vendors to implement new security capabilities, improve operational efficiency, and adopt best practices in firewall engineering and automation
• Mentor junior engineers and contribute to documentation, process standardization, and knowledge-sharing initiatives across the team
• Contribute to a global support model, including rotational on-call support and coordination with cross-functional teams as required
• Additional expertise is desired in the technologies used in the environment to maintain enterprise network security.

Requirements

• Bachelor’s degree in computer science, Information Security, Information Technology, or a related field
• 10 to 12 years of overall IT experience, with at least 8+ years of strong hands-on experience in network security engineering
• Strong hands-on experience in the design, deployment, and administration of Palo Alto Networks firewalls in enterprise environments
• Proven experience in migrating Cisco ASA and/or Cisco Firepower firewall environments to Palo Alto firewalls
• Good operational experience with Palo Alto Advanced Threat Prevention (ATP) and related threat prevention and security subscription services
• Experience in firewall policy creation, rule review, NAT, VPN, segmentation, application control, logging, and troubleshooting
• Good knowledge of Cisco ASA, Cisco Firepower, and other firewall technologies such as Fortinet, Check Point, Juniper SRX, or similar platforms
• Strong understanding of Intrusion Prevention Systems (IPS) and associated network security concepts
• Strong understanding of network security fundamentals, including TCP/IP, routing, switching, NAT, VPN, segmentation, access control, and secure network design
• Experience troubleshooting complex firewall and network security issues in enterprise production environments
• Hands-on experience with automation and scripting using Python, PowerShell scripting, or similar technologies
• Experience integrating firewall controls with logging, monitoring, SIEM, or security operations platforms
• Experience with change management, implementation procedures, technical documentation, and operational runbooks
• Strong troubleshooting, analytical, and problem-solving skills
• Strong verbal and written communication skills, with the ability to work effectively across technical and non-technical teams
• Ability to work in shifts, support rotational on-call, and handle priority incidents or planned activities outside regular business hours when required
• Experience supporting audit, compliance, and risk management requirements in enterprise environments
• Familiarity with cloud network security concepts in AWS and Azure environments is a plus
• Exposure to security operations, threat prevention, and enterprise network segmentation
• Experience integrating automation with APIs, ticketing systems, or workflow platforms is an added advantage
• Industry certifications such as: PCNSE Palo Alto Networks Cybersecurity Associate/Professional certifications CCNP Security CISSP

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• Firewalls
• Python
• Switching
• TCP/IP

Benefits

• Professional development opportunities
• Flexible working hours