Sr. Security Engineer – Palo Alto Strata Firewalls & Migration Specialist

Kyndryl is a company that designs, builds, manages, and modernizes mission-critical technology systems. They are seeking an experienced Palo Alto Networks Sr Security Engineer to lead large-scale firewall migrations and optimize security policies for enterprise customers.

Responsibilities:

• Lead end‑to‑end migrations from legacy firewall platforms (ASA, Check Point, Fortinet, SonicWall, etc.) to Palo Alto Strata NGFW
• Perform pre‑migration assessments, rule analysis, and configuration transformations using tools such as Expedition
• Design and implement clean, optimized Palo Alto configurations including zones, routing, NAT, VPNs, HA, and security profiles
• Execute cutovers, validate traffic flows, and provide post‑migration stabilization support
• Analyze and rationalize existing firewall rulebases to eliminate redundancies, unused rules, and excessive access
• Apply Zero Trust and least‑privilege principles using App‑ID, User‑ID, and identity‑based segmentation
• Tune Threat Prevention, URL filtering, and WildFire to improve detection and reduce risk
• Provide actionable recommendations to improve enterprise security posture
• Troubleshoot complex network and security issues across Layers 3–7
• Support firewall upgrades, best‑practice checks, and ongoing optimization initiatives
• Develop and maintain deployment documentation, runbooks, and standardized Methods of Procedure (MOPs)
• Partner with customers, architects, and internal delivery teams to gather requirements and validate designs
• Communicate technical plans, risks, and changes clearly to both technical and non‑technical stakeholders
• Mentor junior engineers and contribute to shared knowledge and delivery standards

Requirements:

• 5+ years of experience in network and security engineering with strong hands-on expertise in Palo Alto NGFW / Strata Firewalls
• Proven experience performing firewall migrations and rulebase optimization in enterprise environments
• Strong understanding of routing, NAT, VPNs, segmentation, and Layer 7 security controls
• Hands-on experience with Panorama, Expedition, and Palo Alto Best Practice Assessments
• Solid understanding of Zero Trust concepts and modern security architectures
• Exposure to Prisma Access, ZTNA, or cloud-delivered security services
• Experience integrating firewalls with AWS, Azure, or GCP environments
• Certifications such as PCNSE, PCNSA, CISSP, CCSP, or CISM
• Experience with automation or scripting (e.g., Python, Ansible)
• Bachelor's degree or equivalent professional experience