Sr. Network Security and Firewall Engineer

job summary:

As a Sr. Network Security & Firewall Engineer, you will serve as the technical authority and primary "self-starter" for a premier Washington, DC-based infrastructure. This role is designed for a high-level practitioner who can hit the ground running on Day 1, bridging the gap between legacy networking and modern, AI-powered security. You will be responsible for the end-to-end lifecycle of a sophisticated Palo Alto Networks ecosystem-utilizing Strata Cloud Manager and Prisma Access-while ensuring seamless identity-based access via Cisco ISE. By combining elite Layer 3 routing expertise with cloud-native security across AWS and Azure, you will drive the transition to a Zero Trust architecture, optimizing the environment through automation and deep-packet analysis to protect mission-critical enterprise assets.

location: Washington, Washington, D.C.

job type: Contract

salary: $60 - 65 per hour

work hours: 9am to 5pm

education: Bachelors



responsibilities:

Firewall Ecosystem Leadership: Design, deploy, and manage the full Palo Alto suite (NGFW, Panorama), pivoting management to Strata Cloud Manager for centralized policy governance and AI-driven visibility.

Network & Routing Authority: Manage complex Layer 3 networking, including BGP and OSPF routing protocols, ensuring high availability and resilient connectivity across the enterprise.

Identity & Access Enforcement: Own the implementation and fine-tuning of Cisco ISE for Network Access Control (NAC), device posture, and secure identity-based access.

Web Application Defense: Configure and tune WAF solutions (e.g., Akamai, Alert Logic, or Imperva) to protect application-layer traffic and mitigate OWASP Top 10 threats.

Cloud Security Architecture: Secure multi-cloud environments in AWS and Azure by managing VPC/VNet peering, Security Groups, and hybrid connectivity via ExpressRoute or Direct Connect.

Zero Trust & SASE Strategy: Architect and enforce Prisma Access and ZTNA principles to secure remote workforces and enable granular network segmentation.

Advanced Threat Mitigation: Maximize the value of security subscriptions-including Advanced Threat Prevention, DNS Security, and WildFire-to stop zero-day exploits inline.

Core Infrastructure & DDI: Oversee DDI management using Infoblox (DNS/DHCP/IPAM) and perform deep-packet analysis (PCAPs) for advanced troubleshooting.

Operational Automation: Leverage APIs and scripting (Python, Ansible, or Terraform) to implement Infrastructure-as-Code (IaC) concepts and streamline security workflows.

qualifications:

Elite Technical Depth: 10+ years of enterprise-scale experience in network security; must be a definitive "Network God" capable of working with total autonomy.

Palo Alto Mastery: Proven hands-on expertise with the Palo Alto Strata and Prisma platforms; PCNSE certification is highly desirable.

Identity Specialist: Demonstrated experience implementing and maintaining Cisco ISE in complex, multi-site environments.

DDI & WAF Proficiency: Strong technical knowledge of Infoblox and enterprise-grade Web Application Firewalls.

Cloud-Native Fluency: Deep understanding of security controls and networking architecture within major cloud providers (AWS/Azure).

Automation Mindset: Experience using automation tools or scripts to optimize security investments and reduce manual overhead.

Analytical Problem Solver: Expert-level ability to perform root-cause analysis on complex network faults and security anomalies.

Professional Standards: Significant experience in Agile/SAFe environments, utilizing ServiceNow for change management and ITIL-based operations.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.