Sr Sys Engineer Palo Alto Firewall Engineer

Senior Palo Alto Firewall Engineer

Fully Remote

The Senior Firewall Engineer is responsible for managing, designing and improving the enterprise network firewall infrastructure. He or she will assist network architects with design and implementation of firewall network technologies. This role is responsible for senior level firewall engineering implementation and providing technical principles guidance to peer engineers, proactively taking technology project delivery from 0 to 100% with little to no supervision. General duties include leading buildout of firewall focused security solutions and driving innovation for implementation of new modern security technologies in the enterprise network. Partners with management and peer engineers to drive infrastructure modernization projects to completion and provides Tier3 technical support using extensive expertise to take on work assignments the team is engaged in. Strong people skills and the ability to balance/prioritize between multiple tasks and projects are essential. This position does involve both routing and switching as well as network firewall implementation projects for both on-prem and cloud infrastructure.

Design, improve and innovate:

Primary focus is to implement new technologies or changes to existing technologies as identified by enterprise direction.

Researches and recommends innovative technologies and approaches for enterprise infrastructure management, upgrades, or improvements.

Utilize and integrate network components such as switches, routers, firewalls, wireless AP/Controllers, SDN fabric components, load balancers, NAC servers and cloud infrastructure network elements.

Proactively identify and implement network improvements to assure the performance, resiliency and redundancy of the network.

Utilizes blueprints to engineer solutions and adhere to enterprise standards (engineering focused, architecture supported).

Take disaster recovery and business continuity plan aspects into consideration for any new technology implementation or change.

Monitor, document and offer proactive support:

Provides ad-hoc support for incidents requiring Tier 3 level resources (engineering/architecture) and knowledge.

Use Microsoft Visio to produce and maintain documentation with regards to implementation of new systems or system changes

Participate in 24x7 on call rotation for SME Tier 3 support requirements as needed.

Maintains service level agreements of departmental metrics, key performance indicators and adhering to strict project timelines.

Maintain/Improve security posture, promptly addressing issues, vulnerabilities and security requirements according to regulatory guidelines (PCIDSS, PII, CIS, NIST)

Collaborate and coach:

Work collaboratively across a variety of business units to implement new technologies.

Coordinate and take lead of assigned projects in all technical and communication aspects.

Collaborate with peer engineers towards achieving common goals in assigned projects.

Coach peer engineers and effectively perform knowledge transfer/cross training activities.

Skills Required:

7+ years of experience in network design, implementation and documentation of medium-large scale enterprise networks (30,000 - 40,000 users)

7+ years of experience with designing, implementing and maintaining Palo Alto.

Centrally managed firewall platforms.

Panorama policy management (NGFW PanOS); Threat Prevention; UserID; Global Protect (Client VPN, LSVPN); HA setup

Prisma Access (preferred – Cortex, Data Lake, Cloud Identity Engine)

Deployment from 0 to 100% of enterprise firewall clusters

Experience with routing and switching enterprise technologies (CCNA level required, CCNP level desirable):

Knowledge of Layer2 LAN technologies (STP, VLANs, VTP, LACP)

Knowledge of modern high availability technologies (VPC, SVL, HSRP, VRRP)

Knowledge of routing protocols concepts (BGP, EIGRP, OSPF)

Desirable:

Administering F5 Clusters, Load balancing, SSL decryption policies, DNS Geolocation (LTM, GTM, APM, ASM/Cloud WAF).

Remote Access VPN solutions (Global Protect, F5 BIG-IP Edge)

Certificate management (Venafi), Cryptographic protocols and algorithms, certificate PKI.

Implementing NAC solutions (Forescout/Cisco ISE)

Experience with Infoblox DNS/IPAM

Experience in designing, implementing and maintaining data center spine leaf fabrics (Arista/Cisco)

Experience with Cisco DNA Center Experience with SDWAN technologies (Palo Alto ION, Cisco)

Experience with Cisco Wireless technologies in a large enterprise environment (Cisco WLC, FlexConnect, CAPWAP)

Familiarity with cloud computing principles and experience in designing secure and scalable network solutions for cloud environments.

Automation/scripting experience (Python, Ansible)

Network security protocols, architecture and design principles; intrusion detection, prevention systems, secure socket layer (SSL) protocols, virtual private networks (VPNs), Network performance optimization, capacity planning and load balancing.

Familiarity with the following monitoring platforms: Microsoft SevOne, SolarWinds, DataDog, Splunk)

Education:

Bachelor's degree in computer science, MIS or related degree.

7+ years of relevant experience in Network or Information Security, or a combination of education, training and experience.

Technical certifications: PCNSE required, CCNP desirable, Arista ACE L3 desirable, Security and control certifications desirable (CISSP, CISM, CISA, CRISC)

Technical skills to oversee hardware and software systems.