Firewall Engineer (Palo Alto Networks)

Job Role: Firewall Engineer (Palo Alto Networks)

Location: McLean, VA OR Richmond, VA OR Plano, TX (Hybrid)
Duration: Contract / Long-Term (as applicable)
Interview Process:

1 round virtual/video

1 round in-person (in-person interview is mandatory)

Visa Status: , , or TN

Job Summary

We are seeking an experienced Firewall Engineer (Palo Alto Networks) to join a high-performing Network Security Engineering team responsible for designing, implementing, and supporting enterprise-grade firewall and VPN solutions. This role emphasizes hands-on Palo Alto firewall engineering, advanced troubleshooting, and strong collaboration across infrastructure, cloud, and security teams.

The ideal candidate is a subject matter expert in network security with deep experience in Palo Alto NGFWs, Prisma Access, and GlobalProtect VPN, capable of supporting large-scale enterprise environments and hybrid cloud architectures.

Key Responsibilities

• Design, implement, and troubleshoot dynamic routing configurations across enterprise firewall environments.
• Perform packet-level analysis and traffic flow reviews to support firewall design and issue resolution.
• Design, implement, and maintain security policies and firewall rules, including rule optimization and cleanup.
• Design and manage NAT policies to support enterprise applications and services.
• Review firewall logs and traffic flows using observability platforms; create monitoring dashboards as needed.
• Configure and support Intrusion Detection and Prevention (IDPS) solutions.
• Perform customer-requested firewall rule additions, modifications, and change management.
• Identify and remediate non-compliant firewall rules in accordance with security standards.
• Lead and support firewall rule migrations across platforms and environments.
• Serve as an SME for Palo Alto NGFWs, Prisma Access, and GlobalProtect VPN solutions.
• Design, build, migrate, and support enterprise VPN platforms for desktop (Windows, macOS) and mobile (iOS, Android) users.
• Support SASE-based security solutions, including proof-of-concept testing and enterprise deployments.
• Collaborate with network, cloud, and security teams to ensure secure and scalable solutions.

Required Qualifications

• Bachelor’s degree or equivalent practical experience.
• 3–5 years of experience in network security engineering.
• Minimum of 2+ years of hands-on Palo Alto firewall engineering experience.
• Strong verbal and written communication skills.

• Proven experience with Palo Alto firewall design, implementation, deployment, and management.
• Strong knowledge of dynamic routing, TCP/IP, OSI model, IPv6, and encryption technologies.
• Hands-on experience with IPSec VPNs, GlobalProtect, and enterprise VPN architectures.
• Experience designing and supporting cloud-based network security architectures.
• Practical knowledge of VPCs, VRFs, proxies, load balancers, DNS, and Route53.
• Experience with firewall rule migration and policy optimization.
• Familiarity with observability tools for log analysis and traffic monitoring.
• Experience with Python and/or Shell scripting for automation.
• Hands-on experience with Ansible and Terraform for infrastructure automation.
• At least one Palo Alto Networks certification (PCNSA, PCNSE, or equivalent).