Job for Network Security Architect / Lead – Palo Alto at San Diego CA

Role: Network Security Architect / Lead – Palo Alto (Cisco Data, Meraki & DNA)

Location San Diego CA (onsite)

Duration 6 plus months Contract

Role Overview

The Network Security Architect / Lead is responsible for end‑to‑end ownership of network security architecture, with Palo Alto Networks as the primary security platform.
The role also requires solid working knowledge of enterprise network data infrastructure, including Cisco switches, Meraki wireless, and Cisco DNA Center, to ensure security designs are fully integrated with campus, branch, and data center networks.

This role provides technical leadership, architectural governance, and hands‑on guidance to engineering teams while working closely with security, network, cloud, and operations stakeholders.

Key Responsibilities

1. Network Security Architecture & Leadership (Primary)

• Act as the technical authority for enterprise network security architecture
• Design, standardize, and maintain Palo Alto NGFW architectures, including:
  • Zones and segmentation
  • Security and NAT policy design
  • IPS/IDS, threat prevention, URL filtering, and decryption
  • Remote access and site‑to‑site VPNs
• Lead Panorama architecture and governance (templates, device groups, standards)
• Review and approve firewall changes, designs, and security exceptions
• Guide firewall migrations, upgrades, and modernization initiatives
• Ensure adherence to security best practices and regulatory frameworks (e.g., NIST, CIS)

2. Network Data Architecture – Cisco Switching (Secondary)

• Maintain strong architectural understanding of Cisco enterprise switching:
  • Core, distribution, and access layer design
  • VLANs, trunking, routing (OSPF/BGP/EIGRP), port‑channels
• Ensure secure integration between Cisco switching and Palo Alto firewalls
• Advise on segmentation, resiliency, and performance from a security‑first perspective
• Support network design reviews where security and data networks intersect

3. Wireless & Campus Networking – Meraki / Cisco DNA

• Provide architectural oversight for Cisco Meraki Wi‑Fi environments
  • Wireless policies, segmentation, and access control
  • Dashboard governance and design standards
• Support and guide Cisco DNA Center deployments for:
  • Network automation and assurance
  • Visibility, telemetry, and compliance
• Ensure wireless and campus networks align with enterprise security strategy

4. Governance, Risk & Compliance

• Define and maintain security architecture standards, SOPs, and diagrams
• Support audits and compliance efforts (government / regulated environments)
• Translate technical security risks into clear business impact for leadership
• Review vendor solutions and provide architectural recommendations

5. Collaboration & Mentorship

• Work closely with:
  • Network engineering teams
  • Security operations and SOC teams
  • Cloud and infrastructure teams
• Mentor engineers and provide technical guidance
• Serve as escalation point for complex network security issues

Required Skills & Experience

Must‑Have (Primary)

• Strong hands‑on and architectural experience with Palo Alto NGFW & Panorama
• Deep understanding of network security concepts and enterprise design
• Proven experience designing security for large enterprise or government environments
• Ability to lead technical discussions and make architecture decisions

Secondary / Supporting Skills

• Solid working knowledge of:
  • Cisco enterprise switching (Data networks)
  • Cisco Meraki wireless
  • Cisco DNA Center
• Understanding of how network data, wireless, and security architectures integrate
• Experience working with cross‑functional infrastructure teams

Preferred / Nice to Have

• Exposure to Infoblox (DNS/DHCP/IPAM)
• Cloud networking/security experience (AWS / Azure)
• Familiarity with Zero Trust, SASE, or Prisma Access
• Experience in public sector, city, or regulated environments

Certifications (Preferred)

• PCNSE or PCNSA (Palo Alto Networks)
• CCNP / CCIE (Enterprise or Security)
• CISSP / CISM (strongly preferred for Architect/Lead roles)

Experience Level

• 10–15+ years overall network & security experience
• 5+ years in senior engineering, architect, or technical lead roles

Ideal Candidate Profile

• Thinks in architecture and risk, not just configurations
• Can explain complex security topics in simple, business‑friendly language
• Comfortable leading design decisions and guiding teams
• Strong documentation and governance mindset