Network Engineer
Description:
Job Description
A federal agency client is seeking a Network Engineer to serve as the senior technical authority for enterprise Palo Alto firewall operations. This is a firewall-ownership role with full responsibility for policy management, network segmentation, secure remote access, and incident response across the security perimeter. The role also carries secondary responsibility for Cisco switching and routing operations, and includes technical mentorship of junior engineers.
Responsibilities:
Palo Alto Firewall Operations
Own the full lifecycle of the enterprise Palo Alto firewall environment, including hardware refresh, PAN-OS upgrades, and HA pair management
Design, implement, and maintain security policies, NAT rules, and application/URL filtering
Manage site-to-site VPN tunnels and GlobalProtect remote access infrastructure
Perform log analysis, packet captures, and firewall troubleshooting in support of incident response
Maintain rule hygiene through periodic policy reviews, unused-rule cleanup, and business justification documentation
Coordinate with the security team on IPS/IDS tuning and threat intelligence integration
Network Security and Segmentation
Design and maintain network segmentation architecture including security zones, microsegmentation, and trust boundaries
Develop and enforce network security standards and access control models aligned to federal compliance frameworks
Support audit, assessment, and compliance activities involving network security controls
Network Operations (Secondary)
Support operation and troubleshooting of Cisco Catalyst and Nexus switching platforms
Support BGP and EIGRP routing operations where they intersect with firewall infrastructure
Participate in network change management including planning, peer review, implementation, and post-change verification
Documentation and Monitoring
Produce and maintain configuration baselines, architecture diagrams, rule sets, runbooks, SOPs, and KBAs
Monitor firewall platform health, capacity, and performance
Contribute to operational reporting on firewall posture, rule changes, and security event trends
Technical Leadership
Serve as the senior SME for Palo Alto firewall operations across the organization
Lead firewall change reviews evaluating risk, compliance impact, and alignment with standards
Serve as the primary escalation point for complex firewall and segmentation incidents, including off-hours response
Mentor junior engineers and network support staff
Requirements
Required Qualifications
7+ years of enterprise network engineering experience, with 4+ years focused on Palo Alto firewall administration
Extensive hands-on experience with Palo Alto configuration, policy management, NAT, VPN, HA, and lifecycle support
Working knowledge of Cisco Catalyst and Nexus switching
Working knowledge of BGP and/or EIGRP as they relate to firewall infrastructure
Demonstrated experience leading technical reviews and mentoring junior staff
Strong documentation skills
Ability to obtain and maintain a Public Trust clearance
CompTIA Security+ or equivalent IAT Level II certification (required within 90 days of start; active cert strongly preferred at hire)
PCNSE certification or ability to obtain within 6 months of placement
Bachelor's degree in a relevant field or equivalent professional experience
Preferred
Experience with Microsoft Azure networking (ExpressRoute, VPN Gateway, Virtual WAN)
Familiarity with VXLAN and modern data center networking concepts
Advanced BGP/EIGRP routing experience
Experience with F5 load balancers or Cisco DNA Center
Network automation experience with Python, Ansible, or PowerShell
Additional certifications: CCNP Security, CCNP Enterprise, Azure Network Engineer Associate, or CISSP
Familiarity with Zero Trust architecture, Agile, or ITIL frameworks
Experience supporting federal IT environments under FISMA Moderate or NIST 800-53
Full-time