Information Technology Enterprise Specialist
Description:
Information Technology Enterprise Specialist
Palo Alto Firewall Engineer
State of Connecticut Judicial Branch
East Hartford
The State of Connecticut Judicial Branch is seeking an experienced Palo Alto Firewall Engineer (Information Technology Enterprise Specialist) for the Information Technology Division, Cybersecurity Unit. The successful candidate will be tasked with designing and implementing next-generation firewall technologies, secure network design, and traffic management. The ideal candidate will have extensive hands-on experience with Palo Alto Networks firewalls, Microsoft Azure cloud computing, and enterprise network protocols, along with a passion for securing and optimizing modern IT infrastructures. The chosen candidate will play a crucial role in shaping the future of the organization's cybersecurity strategy.
Duties include, but are not limited to:
Firewall & Security:
Configure, deploy, and maintain Palo Alto Networks firewalls (hardware and VM series).
Implement and optimize security policies, NAT, VPNs, threat prevention, and application-based policies.
Conduct firewall rule audits, compliance checks, and risk assessments.
Manage SSL decryption, URL filtering, and Wildfire-based threat intelligence.
Monitor and analyze network traffic and logs to detect and respond to security threats.
Troubleshoot and resolve complex firewall and connectivity issues.
Load Balancing & Traffic Management:
Deploy, configure, and manage Citrix NetScaler (ADC) appliances.
Develop and maintain load balancing configurations, SSL offloading, health monitors, and traffic policies.
Microsoft Azure Cloud technologies:
Integrate Microsoft Azure connectivity using ExpressRoute, ensuring all cloud-bound traffic is routed through Palo Alto firewalls for full inspection, segmentation, and policy enforcement.
Design and implement secure hybrid network architectures, isolating Azure workloads by enforcing perimeter security controls and maintaining compliance through end-to-end encrypted and monitored ExpressRoute paths.
Qualified candidates will be proficient with:
Technical experience in the cybersecurity field.
Collaborate with cross-functional teams to design and implement secure network solutions.
Conduct firewall and network troubleshooting, performance tuning, and capacity planning.
Stay current on emerging threats, vulnerabilities, and best practices.
Document configurations, procedures, and troubleshooting processes.
Ensure junior team members are properly trained, mentored, and delegated tasks to build technical expertise and maintain operational efficiency.
Qualified candidates will possess the following:
Experience with Palo Alto firewalls (PAN-OS, Panorama).
Experience with Citrix NetScaler / ADC.
Strong knowledge of TCP/IP, routing protocols (BGP, OSPF), VLANs, and network protocols.
Proficiency in network security, firewall policies, VPNs, and SSL decryption.
Experience in packet capture analysis and traffic flow troubleshooting.
Familiarity with automation/scripting (Python, Bash, Ansible).
Understanding security frameworks (CJIS, NIST, PCI-DSS) and SIEM/IDS/IPS tools.
Preferred Qualifications:
Palo Alto PCNSA / PCNSE Certification.
Experience with cloud security (MS Azure, GCP) and infrastructure automation tools.
Knowledge of Zero Trust Architecture and micro segmentation principles.
In addition to the preferred qualifications, the successful candidate will have a positive attitude; proficient verbal skills; a collaborative approach to working in a close team environment; willingness to assist and share knowledge with peers and subordinates; strong writing skills, submit reports, proposals, and postmortem analyses.
Upon hire, hybrid remote work may be available.
Salary Range: $105,951 - $157,400/year - plus State of Connecticut benefits.
Starting salary may be commensurate with experience.
The State of Connecticut Judicial Branch offers its employees a top notch array of health and retirement benefits including but not limited to: paid holidays, vacation, sick and personal leave, group life insurance, 457 Deferred Compensation, voluntary flexible spending account programs, discounted auto and home insurance policies and long and short term disability.
EXPERIENCE AND TRAINING
General Experience: Ten (10) years of experience in information technology (IT), programming, systems/software development or another IT related field demonstrating a growing and broadening base of knowledge and experience.
Special Experience: Two (2) years of the General Experience must have been at the expert working level with responsibility for performing a full range of highly complex technical support functions.
Substitutions Allowed:
1) College training in management information systems, computer science, electrical engineering or information technology related area may be substituted for the General Experience on the basis of fifteen (15) semester hours equaling six (6) months of experience to a maximum of four (4) years for a Bachelor's degree.
2) A Master's degree in management information systems, computer science, electrical engineering or information technology related area may be substituted for one (1) additional year of the General Experience.
3) Relevant certification in management information systems, computer science, electrical engineering or information technology related area may be substituted for up to six (6) months of the general experience.
SPECIAL REQUIREMENT: Incumbents may be required to travel within the State in the course of their daily work.
Applications must be received by June 2, 2025. Applications must be submitted through the on-line application site at: (CLICK BELOW) Resumes or paper applications will not be accepted.
Careers at the Branch play an essential role for the public and society. Our meaningful, challenging, and interesting positions have a long-lasting effect that serves to advance justice and ultimately provides for the greater good of all.
Please reference posting number 25-4000-010
EOE
Permanent