Network Security Engineer (Palo Alto)

Network Security Engineer (Palo Alto) 443340

DETAILS

Location: Addison, TX 75001 (onsite 4-days per week)

Position Type: 6M C2H

Hourly / Salary: to $140K

JOB SUMMARY

Vaco Technology is currently seeking a Network Security Engineer for a 6M C2H that is located in Addison, TX 75001 (onsite 4-days per week). The Network Security Engineer will plan, design, develop, evaluate, test, and integrate the security infrastructure, including implementation and design of multiple security solutions. The Network Security Engineer will collaborate on multiple security-related projects, interfacing with multiple teams, business units, and external clients / partners.

Working with Engineers / Architects and DevOps / Networking / Application Teams - Securely Deploying / Managing Physical / Virtual Firewalls within Private / Public Clouds

Peer / Route / Segment Core Computing Infrastructure - Optimizing Network Performance / Promoting Minimum Necessary Design

Remain Current on Industry Trends - New Attack Vectors / Zero-Day Vulnerability Releases / Recommend/Deploy Packages to Address Vulnerabilities, etc.

Lead Network Security Design for Public Clouds - Utilizing Automation / IaC to Support Expansion While Maintaining the Segmentation Strategy / Layered Security Approach

Designing Zero Trust Architecture / Perimeter Security / Minimizing Internet Attack Surface

Ensure Monitoring / Reporting is Configures for Security Infrastructure - Alert to Anomalies / System Outage Events / Appropriate Systems Capacity Maintenance

Create / Maintain Accurate Systems / Design Documentation / Diagrams

Evaluate New Security Technologies - Improving efficiencies / Security Posture / Meeting Business Objectives

Tier III Triage Support - Providing Hands-On Support During Major Incident Events

Deploying Firewalls / Infrastructure (hands-on) - GITLab / Terraform

Firewall Support / Application Delivery (advanced) - Support Firewall / Application Delivery from Vendors (Palo Alto / VMware / Citrix / AWS / Azure) Full-Stack Support for Application Delivery

Develop Deployment Standards / Guidelines for Teams to Follow

Guide / Mentor Security Team Members

Ability to Handle Multiple Projects / Workstreams Simultaneously

About the Project: The Network Security Engineer will be joining a newly established team, where this role will be their first outside hire. The organizations overall goal for 2025 is optimization, standardization, and modernization. The addition of this team, is no exception. They have 1-2 internal resources have been shifted over to this team but what they really need out of this person, is someone who is senior enough to help drive the creation and foundation of this team, from technology selection and optimization to eventually helping to build out the team. They need someone who is a forward thinker. A critical thinker. Someone who asks why they are doing things a certain way to dig in and really gain an understanding. They currently have several projects spun up under this new team. They are currently managing and supporting the Firewalls (primarily Palo Alto) but are also in the middle of a VMware NSX migration and are in the middle of a Microsegmentation project (Zero Trust). They are a Palo Alto Shop, utilizing Prisma Cloud, Cortex XDR, firewalls, and GlobalProtect VPN Client. They have interest in adding additional Palo Alto Products, including WildFire and AI functionality down the line. While they utilize functions within Cortex XDR, they are not using it as a complete MDR platform but the end-goal is to get there. Currently, they also utilize Carbon Black where everything gets pushed to Splunk ES, which is then pushed to the SOC team for firewall support and Splunk monitoring. They utilize both AWS and Azure, where AWS is more heavily utilized and Azure is more-so utilized to manage M365 tasks. Additionally, they have not moved heavily into IaC (Terraform) as of yet but that is the end-goal. They are looking for someone who is ready to hit the ground running, assist in the technology selection process and how to best utilize it, as well as mentor the security team members.

JOB REQUIREMENTS

Network Security Engineer - Palo Alto / VMware / Citrix / Cloud (Azure / AWS) / M365

Microsegmentation Projects / Zero Trust Security Model - Architecture / Cloud Security (VMware NSX / Prisma Cloud) IAM (MFA / Azure AD / Entra ID / RBAC) Endpoint Device Security (EDR / Cortex XDR / Defender) Security / Orchestration (Cortex XSOAR / Terraform) Threat Detection / Monitoring (Cortex XDR / Splunk) Policy Definition / Management (Zero Trust) Incident Response / Remediation Change Management

Palo Alto - Firewall Support/Deployment (GITLab / Terraform) / Prisma Cloud / Cortex XDR / GlobalProtect VPN Client / Monitoring (Cortex XDR / Splunk)

Cloud Platform / Security - AWS / Azure / Prisma Cloud / VMware NSX / Kubernetes / Terraform (IaC)

Pubic / Private Cloud - Securing Large Sophisticated Private Cloud Enterprise Architectures and/or Systems Deployed in Public Cloud

Networking Technologies (understanding) - TCP/IP / BGP / VPN / NAT / Routing / Switching / LAN / WAN / vLAN / Subnets / Microsegmentation

PREFERRED (not required)

MDR Platform Experience (strongly preferred) - Palo Alto Cortex XDR (as a complete MDR Platform) / CrowdStrike Falcon / Rapid7, etc.