About this roleRole Summary
We are seeking a senior-level Network Security Subject Matter Expert with a strong cybersecurity mindset to support the design, configuration, and implementation of Zero Trust networking, starting with VPN access using Palo Alto Networks technologies.
This role is initially focused on transforming our VPN environment from a traditional network-based model to an identity- and role-based Zero Trust access model. For the right candidate, the role will expand into additional security and network architecture areas over time.
The ideal candidate is hands-on, security-focused, and comfortable working closely with cybersecurity and infrastructure teams in a regulated, audit-conscious environment.
Key Responsibilities
Zero Trust & VPN Engineering
Design and configure Palo Alto Networks VPN solutions to support Zero Trust principles
Implement least-privilege VPN access, where users can only access systems required for their role
Define and enforce user- and group-based access policies rather than broad network access
Partner with cybersecurity leadership to align VPN controls with Zero Trust strategy
Network Security & Visibility
Support network segmentation and secure access to sensitive systems (e.g., admin and infrastructure services)
Ensure configurations are fully auditable and defensible for future compliance reviews
Forensics & Access Context
Use AlienVault and Palo Alto to:
Analyze VPN traffic and user activity
Identify systems and applications accessed by ~ 100 VPN users for this engagement
Support forensic investigations related to VPN access
Provide actionable insights to help:
Build a VPN access context based on VPN traffic analysis of the 100 users
Assign users to the correct VPN groups as part of the Zero Trust initiative
Collaboration & Communication
Work closely with:
The IT Architecture team
The Cybersecurity team
Clearly communicate technical findings, access models, and design decisions
Participate in design reviews, scoping discussions, and implementation planning
Required Qualifications
U.S. Citizen
Ability to work onsite in San Jose, CA
Senior-level experience in network security engineering
Strong hands-on experience with Palo Alto Networks firewalls and VPN
Demonstrated understanding of Zero Trust networking concepts
Experience implementing identity-based and role-based access controls
Hands-on experience with utilizing SIEM (AlienVault preferred) for logging, analysis, and forensic investigations
Strong troubleshooting and analytical skills
Ability to communicate effectively with highly technical teams