Network Engineer

Job Title: Palo Alto Network Security Engineer - AWS

Job Summary:

We are seeking a skilled and experienced Palo Alto Network Security Engineer to join our dynamic cybersecurity team. The ideal candidate will be responsible for the design, implementation, maintenance, and support of our Palo Alto Networks security infrastructure. This role is critical in protecting our organization's data, systems, and networks from cyber threats. You will serve as a subject matter expert on our next-generation firewalls and related security technologies, ensuring the confidentiality, integrity, and availability of our network.

Key Responsibilities:

• Understand Architectural Notes and deploy Palo Alto NGFW in AWS (VM-Series).
• Configure firewall policies, NAT, VPNs, and routing to meet security and compliance requirements.
• Integrate NGFW with AWS native services (VPC, Transit Gateway, ELB, Auto Scaling, etc.).
• Experience handling PANAMA

Develop automation scripts ( Terraform, Ansible) for firewall deployment and configuration.

• Implement Infrastructure-as-Code (IaC) for repeatable, scalable firewall provisioning.
• Build automation for ongoing operational tasks such as policy updates, health checks, and scaling.
• Monitor, troubleshoot, and optimize Palo Alto NGFW performance in AWS.
• Manage security logging, monitoring, and integration with SIEM tools.
• Ensure compliance with enterprise cloud security standards.
• Manage firewall configurations, templates, and device groups throughPanorama.
• Automate policy push and updates across multiple NGFW instances.
• Implement centralized logging, monitoring, and compliance reporting.

• Firewall Management: Design, deploy, configure, and maintain Palo Alto Networks next-generation firewalls (NGFWs), including physical and virtual appliances (VM-Series).
• Policy and Rule-Set Administration: Develop, implement, and manage security policies, application filtering, URL filtering, and threat prevention profiles (Anti-Spyware, Anti-Virus, Vulnerability Protection).
• Centralized Management: Utilize Panorama for the centralized management of firewalls, policy deployment, and software/content updates.
• Threat Prevention: Proactively monitor and respond to security alerts from WildFire, Threat Prevention, and other security services. Analyze traffic and logs to identify and mitigate potential threats.
• VPN and Remote Access: Configure and manage GlobalProtect VPN solutions, including site-to-site VPNs and remote access for end-users, ensuring secure and reliable connectivity.
• Troubleshooting and Incident Response: Act as a key resource for troubleshooting complex network and security issues. Participate in incident response activities, including investigation, containment, and remediation of security events.
• System Health and Performance: Monitor the health and performance of the Palo Alto infrastructure, performing regular maintenance, software upgrades, and hardware refreshes as needed.
• Documentation: Create and maintain comprehensive documentation for network security architecture, configurations, policies, and procedures.
• Collaboration: Work closely with the networking, systems administration, and application teams to ensure security is integrated into all aspects of the IT infrastructure.
• Stay Current: Keep up to date with the latest cybersecurity trends, threats, and Palo Alto Networks features and best practices.

Required Qualifications and Skills:

• Experience: 3-5+ years of hands-on experience with Palo Alto Networks firewalls and Panorama in an enterprise environment.
• Technical Expertise:
• In-depth knowledge of Palo Alto Networks NGFW features, including App-ID, User-ID, Content-ID, and SSL Decryption.
• Strong understanding of core networking concepts, including TCP/IP, DNS, DHCP, routing (BGP, OSPF), and switching.
• Experience with VPN technologies (IPSec, SSL).
• Proficient in network traffic analysis and troubleshooting using tools like Wireshark and packet captures.
• Problem-Solving: Strong analytical and problem-solving skills with the ability to diagnose and resolve complex technical issues under pressure.
• Communication: Excellent written and verbal communication skills, with the ability to explain complex technical concepts to both technical and non-technical audiences.

Preferred Qualifications:

• Certifications: Palo Alto Networks Certified Network Security Engineer (PCNSE) is highly preferred. Other relevant certifications such as CISSP, CCNA/CCNP Security are a plus.
• Cloud Security: Experience with Prisma Access (SASE) or securing cloud environments (AWS) additional knowledge on Azure and Google Cloud Platform are welcome, but AWS is a must, with Palo Alto VM-Series firewalls.
• Automation: Experience with scripting languages (e.g., Python, Ansible) for automating security tasks and configurations.
• Endpoint Security: Familiarity with Cortex XDR or other endpoint detection and response (EDR) solutions.
• Education: Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.