Network Security Engineer/Architect

Develop and implement network security automation including firewall/VPN automation

Develop network security technology strategy and roadmap

Develop and maintain automation scripts and tools using Python to configure network security devices, manage changes, and perform routine tasks.

Design and implement end-to-end automation workflows for network provisioning, changes, and upgrades.

Gather and document network security requirements

Design and implement network security solutions, including firewall and VPN architectures

Demonstrate expertise in deploying, configuring, and managing Palo Alto firewall and VPN solutions across on-premises, cloud, and remote access environments, ensuring seamless integration and security

Define, configure, and optimize firewall policies and rules

Design and implement segmentation and microsegmentation based on Zero Trust principles

Conduct vulnerability assessments and audits to identify and remediate security risks

Configure dynamic routing protocols, including RIP, OSPF, and BGP

Ensure compliance with security standards and collaborate with cross-functional teams to resolve network security issues

Required Skills:

10+ years of experience in network security engineering

Strong hands-on experience with Palo Alto firewalls and VPNs across on-premises, cloud, and remote access, with leadership capabilities

Extensive experience configuring Palo Alto Next-Generation Firewalls (NGFW) in on-premises, virtual, or cloud environments

Solid knowledge of firewall policies and rule optimization (IPS/IDS, Anti-Virus) to enhance security and performance

Proficiency in implementing and troubleshooting inbound and outbound SSL/TLS decryption

Experience managing firewalls centrally via Panorama, including policy deployment, log analysis, and updates

Experience managing VPN infrastructure, including portal/gateway configuration, user authentication, and integration with AD, LDAP, and MFA

Experience configuring and troubleshooting active/passive and active/active high-availability setups to ensure zero downtime

Familiarity with dynamic routing protocols (RIP, OSPF, BGP)

Knowledge of network segmentation and microsegmentation concepts

Understanding of network security architecture, protocols, and best practices

Strong proficiency in scripting (Python, Bash) for scripting and automation.

Proficiency in monitoring, troubleshooting, and responding to network security incidents, conducting root cause analysis, and implementing remediation actions

Excellent communication, analytical, and problem-solving skills

Nice to have: Certifications such as PCNSE, PCNSA, CISSP, or CCNP