Position Details:
Cybersecurity Engineer VPN, SD-WAN & Palo Alto Specialist
Columbus, Ohio (On-site)
Long Term
Exp: 8 to 10 years of experience
Job Description:
Overview
The Cybersecurity Engineer will be responsible for designing, implementing, and supporting secure network connectivity with a focus on site-to-site VPNs, SD-WAN, Palo Alto Networks NGFW, and Prisma Access. This role will lead the migration of IPsec tunnels from Cisco routers to Palo Alto firewalls while supporting SD-WAN integration to ensure resilient, secure, and optimized connectivity with business partners
Key Responsibilities
VPN & Connectivity Engineering
Design, deploy, and support site-to-site IPsec VPN tunnels for enterprise and third-party partner connectivity
Lead migration of IPsec tunnels from Cisco routers to Palo Alto NGFW
Validate tunnel configurations including:
Troubleshoot VPN issues including latency, packet drops, and tunnel instability
Coordinate with business partners to establish and test secure connectivity
SD-WAN Integration & Support
Assist in the design, deployment, and support of SD-WAN solutions for branch and partner connectivity
Integrate SD-WAN with IPsec VPN tunnels and Palo Alto firewalls
Support traffic steering, path selection, and failover policies across WAN links
Troubleshoot SD-WAN-related issues including path degradation, failover events, and performance bottlenecks
Collaborate with network engineering teams to align SD-WAN architecture with security controls
Ensure secure segmentation and enforcement of policies across SD-WAN fabric
Palo Alto Firewall Management
Configure and manage Palo Alto Networks NGFW (PAN-OS) including:
Security policies
NAT rules
Routing (static, BGP)
Zone-based segmentation
Implement best practices aligned with Palo Alto reference architectures
Perform firewall rule reviews, cleanup, and optimization
Prisma Access (SASE)
Support and maintain Prisma Access for remote users and branch connectivity
Configure and troubleshoot GlobalProtect VPN (portal & gateway)
Integrate Prisma Access with on-prem NGFW and SD-WAN environments
Assist with policy alignment between on-prem firewalls and Prisma Access
Migration & Transformation
Plan and execute migration of partner tunnels from Cisco to Palo Alto with minimal downtime
Develop migration runbooks, rollback plans, and validation procedures
Perform packet captures and traffic flow validation during cutovers
Ensure proper documentation of all migrated tunnels and configurations
Monitoring & Troubleshooting
Monitor VPN, SD-WAN, and firewall health using tools such as:
Troubleshoot issues using:
Packet capture (tcpdump, PAN-OS packet-diag)
Logs (traffic, system, IKE, GlobalProtect)
Partner with SOC/operations teams for incident response
Security & Compliance
Ensure configurations align with NIST, TSA, and enterprise security standards
Implement secure encryption standards and key management practices
Maintain audit-ready documentation for firewall, VPN, and SD-WAN configurations
Documentation & Collaboration
Create and maintain:
Network diagrams (Visio)
Tunnel inventories and SD-WAN topology documentation
Runbooks and knowledge base articles
Work closely with:
Network engineering
Security operations (SOC)
Business partners and vendors
Required Qualifications
5+ years of experience in network security engineering
Strong hands-on experience with:
Palo Alto Networks NGFW (PAN-OS)
Site-to-site IPsec VPNs
SD-WAN technologies (design or support)
Cisco VPN configurations (for migration context)
Experience with Prisma Access and GlobalProtect
Strong understanding of:
Routing (BGP, static routing)
NAT and security policy design
Encryption standards (AES, SHA, DH groups)
Experience troubleshooting VPN, SD-WAN, and firewall issues in production environments
Preferred Qualifications
Palo Alto certifications (PCNSE, PCCSE)
Experience with:
Experience in OT/critical infrastructure environments
Familiarity with zero trust and SASE architectures
Key Competencies
Strong troubleshooting and problem-solving skills
Ability to lead partner-facing technical discussions
Experience executing large-scale migrations with minimal downtime
Strong documentation and communication skills
Ability to operate in a fast-paced, incident-driven environment
Success Metrics
Successful migration of 100% of partner IPsec tunnels from Cisco to Palo Alto
Stable and optimized SD-WAN connectivity with minimal failover impact
Reduction in VPN/SD-WAN-related incidents and MTTR
Improved visibility and logging of partner traffic
Compliance with enterprise security standards and audit requirements
Accurate and up-to-date documentation of all connectivity
Never miss an opportunity! Create an alert based on the job you applied for.
