SME - Azure & Cloud Security, Palo Alto Firewall

Job Summary

We are looking for an experienced Network Security Engineer with strong hands-on expertise in Palo Alto Networks firewalls to support enterprise firewall operations in a complex managed services environment. The role will be primarily responsible for advanced troubleshooting, firewall policy administration, rule lifecycle management, change execution, incident resolution, compliance support, and operational optimization. Hands-on experience with Algo Sec for policy analysis, risk assessment, and compliance validation is essential/preferred depending on the exact role scope. This role also requires strong knowledge of Panorama, VPN technologies, TCP/IP, routing, NAT, and broader network security operations.

Key Responsibilities

DETAILED RESPONSIBILITIES:

• FIREWALL OPERATIONS and MANAGEMENT
• Own and manage the enterprise-grade Palo Alto Networks firewall infrastructure, including PA-Series, VM-Series, and CN-Series devices.
• Configure, implement, and maintain robust security policies, NAT rules, zones, and routing via Panorama and device-level interfaces.
• Lead advanced troubleshooting for firewall-related incidents, utilizing packet captures, flow analysis, and comprehensive log reviews.
• Administer Global Protect VPN, SSL decryption, URL filtering, App-ID, and User-ID policies to safeguard network access and integrity.
• Manage L3 escalations from L1/L2 teams, driving issues to timely resolution in alignment with SLAs.
• SECURITY POLICY and COMPLIANCE
• Conduct regular firewall rule reviews, cleanup, and optimization to minimize the organization’s attack surface.
• Leverage Algo Sec tools (Firewall Analyzer, Fire Flow) for automated policy analysis, risk assessment, and streamlined change management.
• Ensure configurations adhere to CIS benchmarks, internal security standards, and compliance frameworks such as PCI-DSS, ISO 27001, and NIST.
• Actively participate in internal and external security audits to maintain compliance and reduce risk.
• CHANGE MANAGEMENT and PROJECTS
• Evaluate, implement, and test firewall rule change requests end-to-end, ensuring seamless integration and minimal disruption.
• Lead firewall migration and upgrade initiatives, including OS upgrades, hardware refreshes, and data center migrations.
• Collaborate with network, cloud, and security architecture teams on new deployments and security enhancements.
• Develop and maintain comprehensive runbooks, SOPs, and technical documentation for operational consistency.
• MONITORING and INCIDENT RESPONSE
• Monitor firewall health, performance, and security events through SIEM integration and Panorama dashboards.
• Participate in an on-call rotation, responding efficiently to P1/P2 security incidents and driving rapid remediation.
• Conduct thorough root cause analysis (RCA) and post-incident reviews to prevent recurrence and strengthen defenses.

Skill Requirements

• Minimum 8 years of hands-on experience with Palo Alto Networks firewalls (NGFW, Panorama).
• Deep expertise in security policy management, zone-based architectures, and advanced traffic inspection techniques.
• Proficiency with Algo Sec Firewall Analyzer and Fire Flow for policy automation and compliance.
• Strong understanding of TCP/IP, routing protocols (BGP, OSPF), VLANs, and network segmentation principles.
• Demonstrated experience with VPN technologies (IPSec, SSL/TLS, Global Protect).
• Familiarity with Syslog, SNMP, and SIEM platforms (e.g., Splunk, QRadar).
• Practical knowledge of ITIL-based change management processes.

EDUCATION:

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent professional experience.
• REQUIRED CERTIFICATIONS
• Palo Alto Networks Certified Network Security Engineer (PCNSE) – Mandatory

Other Requirements

• Experience with Cisco ASA/FTD, Fortinet, or Check Point firewalls.
• Knowledge of cloud security controls, such as AWS Security Groups, Azure Firewall, or equivalent.
• Familiarity with scripting or automation (Python, Ansible) for firewall policy management.
• Experience with Tufin or Fire Mon as alternatives/complements to Algo Sec.
• Understanding of Zero Trust Architecture principles.
• Additional certifications such as PCNSA, CCNP Security/CCIE Security, Algo Sec Certified Engineer, CompTIA Security+, CEH, or ITIL Foundation (v3/v4).