Network Engineer III -Palo Alto Prism

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. The Network Engineer III is a senior technical engineer responsible for the 24×7 operational support and optimization of enterprise solutions, including Palo Alto, Cisco, Fortinet, F5, and Aruba within a Managed Services environment.

Responsibilities:

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE
• Troubleshoot and resolve complex issues across: Prisma SD‑WAN control and data planes, Prisma Access (Remote Networks, Mobile Users, Service Connections), GlobalProtect, IPsec, and cloud‑delivered firewalling
• Lead high‑severity incident response, customer communications, and root cause analysis (RCA)
• Act as a technical escalation point during major outages
• Lead support efforts of Palo Alto Prisma SASE architectures, including: Prisma SD‑WAN branch and hub designs, Prisma Access for ZTNA, SWG, and FWaaS
• Own the full service lifecycle: Customer onboarding, Change management, Platform upgrades and migrations, Decommissioning
• Validate and enforce: Security policies, Routing and segmentation strategies, High availability and resiliency standards
• Support advanced routing implementations: BGP (required) including policy control, filtering, and failover, OSPF
• Enable and support hybrid and cloud connectivity: AWS (VPC, Transit Gateway), Azure (vNET, vWAN, ExpressRoute), Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility
• Support: Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud‑delivered firewall policies (FWaaS)
• Integrate Prisma Access with: Identity providers (SAML, MFA), Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture
• Contribute to automation and standardization using: APIs, Python, Ansible, or Terraform (preferred)
• Improve observability through: Prisma dashboards, Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain: SOPs and operational runbooks, Troubleshooting and escalation guides, Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering

Requirements:

• 7+ years of hands-on network engineering experience
• Strong experience with configuration and support of: Routers, switches, firewalls, hubs, and WAN infrastructure
• Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
• Palo Alto Networks Certified SD-WAN Engineer required
• Bachelor's degree in a related field, or equivalent practical experience
• Hands-on expertise with: Prisma SD-WAN, Prisma Access
• Strong understanding of: Cloud-delivered security architectures, SD-WAN overlays, underlays, and service insertion models, Traffic steering and policy enforcement
• Advanced WAN and routing expertise: BGP (required), OSPF
• Strong knowledge of: High availability and redundancy design, QoS and application-aware routing, NAT and firewall concepts, TCP/IP and dynamic routing protocols
• Experience with one or more of the following (Prisma remains the primary focus): Fortinet Secure SD-WAN / FortiSASE, Cisco SD-WAN, Meraki, VMware VeloCloud, Juniper Mist / SSR
• Ability to translate architectures and concepts across vendors
• Prior experience in network design or sales engineering is a plus
• Proficiency with: Network monitoring and performance analysis tools, Visio for detailed network diagrams
• Familiarity with: Wireless technologies and site surveys, Security intelligence sources (e.g., CERT, BugTraq)
• Palo Alto Networks Certified Security Service Edge Engineer highly recommended
• Cisco certifications (CCNP or CCIE) highly recommended
• Contribute to automation and standardization using: APIs, Python, Ansible, or Terraform (preferred)