Palo Alto Firewall Architect for San Clara, CA (Onsite)

Job Title: Palo Alto Firewall Architect

Location: San Clara, CA (Onsite)

Primary Skill Palo Alto Networks PAN-OS, security policies, NAT, VPN (IPSec/SSL), VLAN

Job Description

Operational Support & Troubleshooting

• Provide L3-level support for Palo Alto firewalls, including incident response and change management.

• Perform advanced configuration, rule base management, and policy optimization.

• Monitor firewall health, performance, and logs; proactively identify and resolve issues.

• Conduct root cause analysis for recurring or complex firewall/network problems.

• Manage upgrades, patches, and firmware updates for Palo Alto devices.

• Collaborate with SOC and IT teams to analyze and respond to security incidents.

• Mentor and guide L1/L2 support teams.

Architecture & Policy Management

• Work with network architects to design secure network segmentation and DMZ architectures.

• Review and implement change requests, ensuring compliance with security standards and ITIL processes.

• Maintain detailed documentation for configurations, operational procedures, and troubleshooting guides.

• Participate in audits and compliance activities related to network security.

Strategic Initiatives

• Device Group Hierarchy Implementation: Design and implement proper device group hierarchy across Palo Alto firewalls; eliminate redundant device groups (e.g., Internet and Internet_Syslog) to improve efficiency and reduce risk; address object limit commit issues and external dynamic list object limit avoidance; deduplicate security policies across device groups.

• Firewall Hardware Rationalization: Decommission legacy firewalls (e.g., CCASJC34-LAMR-UTM-1, 2, 3, 4) to reduce hardware footprint and cost; replace end-of-life PA-220 firewalls (3 units) to align with PAN-OS 11.1 standards; eliminate 25 IPS firewall devices and migrate IPS functionality to existing on-prem firewalls.

• Prisma Access Decommissioning: Plan and execute elimination of Prisma Access to reduce cost and complexity; implement India central VM firewall and coordinate with GIS team for network changes; transition internet access for sites currently using Prisma to on-prem solutions.

• Policy & Configuration Improvements: Analyze and recommend improvements for Internet Access Policies (workstations/servers), including on-prem and remote controls; address URL entry issues and provide analysis for a 'closed-door' approach; fix vWire interface configurations to ensure VLAN inspection consistency.

• Operational Monitoring & Best Practices: Recommend enhancements for operational monitoring and alerting (implementation not in scope); conduct health checks and best practices assessment; provide remediation recommendations.

Required Skills & Experience

• 10+ years of experience in network security operations, with at least 8 years focused on Palo Alto firewall administration.

• Strong expertise in Palo Alto Networks PAN-OS, security policies, NAT, VPN (IPSec/SSL), and threat prevention features.

• Proficient in troubleshooting complex firewall and network issues (routing, connectivity, performance).

• Experience with centralized management platforms (Panorama).

• Familiarity with integration of firewalls with SIEM, IDS/IPS, and other security tools.

• Solid understanding of TCP/IP, VLANs, DMZ, and network segmentation.

• Knowledge of change management and ITIL processes.

• Relevant certifications (PCNSE, PCNSA, CISSP, CCNP Security) preferred.

• Excellent communication and documentation skills.

Required Qualifications

• Bachelor's degree in computer science, Information Technology, or related field (or equivalent experience).

• Proven experience in device group hierarchy design and policy optimization.

• Hands-on experience with firewall hardware lifecycle management and migration.

• Familiarity with Prisma Access and VM firewall deployment.

• Strong knowledge of PAN-OS, security policies, and object management.

• Understanding of VLAN configurations and virtual wire interfaces.

• Ability to analyze and recommend improvements for security posture and operational resilience.

Preferred Skills

• Palo Alto Networks certifications (PCNSE, PCCSE).

• Experience with large-scale firewall deployments and global network environments.

• Strong troubleshooting and analytical skills.

Key Competencies

• Attention to detail and risk mitigation mindset.

• Ability to work collaboratively with cross-functional teams.

• Strong documentation and communication skills.

Thanks &Regards

Rahul Sharma | Team Lead
Amaze Systems Inc

E: |