Key skills
PythonAWSAzureGoogle CloudTerraformAnsiblePrismaSAMLChange ManagementSalesZero TrustFirewall
About this role
CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. The Network Engineer III is a senior technical engineer responsible for 24×7 operational support and optimization of enterprise solutions, including Palo Alto, Cisco, Fortinet, F5, and Aruba within a Managed Services environment.
Responsibilities:
- Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE
- Troubleshoot and resolve complex issues across:
- Prisma SD‑WAN control and data planes
- Prisma Access (Remote Networks, Mobile Users, Service Connections)
- GlobalProtect, IPsec, and cloud‑delivered firewalling
- Lead high‑severity incident response, customer communications, and root cause analysis (RCA)
- Act as a technical escalation point during major outages
- Lead support efforts of Palo Alto Prisma SASE architectures, including:
- Prisma SD‑WAN branch and hub designs
- Prisma Access for ZTNA, SWG, and FWaaS
- Own the full service lifecycle:
- Customer onboarding
- Change management
- Platform upgrades and migrations
- Decommissioning
- Validate and enforce:
- Security policies
- Routing and segmentation strategies
- High availability and resiliency standards
- Support advanced routing implementations:
- BGP (required) including policy control, filtering, and failover
- OSPF
- Enable and support hybrid and cloud connectivity:
- AWS (VPC, Transit Gateway)
- Azure (vNET, vWAN, ExpressRoute)
- Google Cloud Platform (VPC)
- Ensure optimized traffic steering, SLA adherence, performance, and application visibility
- Support:
- Zero Trust Network Access (ZTNA)
- Secure Web Gateway (SWG)
- Cloud‑delivered firewall policies (FWaaS)
- Integrate Prisma Access with:
- Identity providers (SAML, MFA)
- Remote and mobile user access models
- Partner with security teams to align network enforcement with enterprise security posture
- Contribute to automation and standardization using:
- APIs, Python, Ansible, or Terraform (preferred)
- Improve observability through:
- Prisma dashboards
- Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
- Develop and maintain:
- SOPs and operational runbooks
- Troubleshooting and escalation guides
- Service readiness documentation for new Prisma releases
- Mentor Tier‑1 and Tier‑2 engineers
- Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering
Requirements:
- 7+ years of hands-on network engineering experience
- Hands-on expertise with Prisma SD-WAN
- Hands-on expertise with Prisma Access
- Strong understanding of cloud-delivered security architectures
- Strong understanding of SD-WAN overlays, underlays, and service insertion models
- Strong understanding of traffic steering and policy enforcement
- Advanced WAN and routing expertise: BGP (required)
- Advanced WAN and routing expertise: OSPF
- Strong knowledge of high availability and redundancy design
- Strong knowledge of QoS and application-aware routing
- Strong knowledge of NAT and firewall concepts
- Strong knowledge of TCP/IP and dynamic routing protocols
- Experience with one or more of the following: Fortinet Secure SD-WAN / FortiSASE, Cisco SD-WAN, Meraki, VMware VeloCloud, Juniper Mist / SSR
- Ability to translate architectures and concepts across vendors
- Strong experience with configuration and support of routers, switches, firewalls, hubs, and WAN infrastructure
- Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
- Proficiency with network monitoring and performance analysis tools
- Proficiency with Visio for detailed network diagrams
- Familiarity with wireless technologies and site surveys
- Familiarity with security intelligence sources (e.g., CERT, BugTraq)
- Palo Alto Networks Certified SD-WAN Engineer required
- Bachelor's degree in a related field, or equivalent practical experience
- APIs, Python, Ansible, or Terraform
- Prior experience in network design or sales engineering
- Palo Alto Networks Certified Security Service Edge Engineer highly recommended
- Cisco certifications (CCNP or CCIE) highly recommended