Senior Network Engineer - Palo Alto Firewall

Job Description

Requirements
- -----------

### Must have:

### - We require extensive hands-on experience managing Palo Alto Networks firewalls, including configuration, policy administration, NAT, VPNs, high-availability pairs, upgrades, and full lifecycle support. - We need strong knowledge of enterprise network security practices, including segmentation, zone-based protection, and access control models. - We require working familiarity with Cisco Catalyst and Nexus switching platforms to support operations and troubleshoot issues at the network-security boundary. - We need working knowledge of routing protocols such as BGP and/or EIGRP as they relate to firewall and security infrastructure. - We require proven experience with network monitoring tools and disciplined troubleshooting methods. - We need demonstrated documentation skills, including the ability to create configuration baselines, architecture diagrams, runbooks, SOPs, and knowledge articles. - We require the ability to lead technical reviews, mentor junior staff, and serve as a trusted subject matter expert in cross-functional discussions. - We require the ability to obtain and maintain a Public Trust clearance. - We require CompTIA Security+ certification or an equivalent DoD 8140/8570 IAT Level II certification, with completion within 90 days if not held at hire. - We require Palo Alto Networks Certified Network Security Engineer (PCNSE) certification, or the ability to earn it within six months of placement. - We require a bachelors degree in Computer Science, Information Technology, Network Engineering, Cybersecurity, or a related discipline, or equivalent professional experience. - We require at least seven years of progressive enterprise network engineering experience, including a minimum of four years focused on Palo Alto firewall administration. - We require experience leading firewall and network security initiatives in an enterprise setting, including change review ownership, technical mentoring, and incident response leadership. - We require experience supporting highly available, compliance-driven enterprise environments.

Responsibilities:
- ----------------

- We own the configuration, operation, and lifecycle support of our enterprise Palo Alto firewall environment, including hardware refreshes, PAN-OS upgrades, and HA pair administration. - We design, implement, and maintain firewall policies, NAT rules, and application/URL filtering in line with our security standards. - We manage site-to-site VPNs, GlobalProtect remote access, and the related authentication and certificate services. - We troubleshoot firewall issues, analyze logs, and review packet captures to support incident response and restore operations. - We maintain rule hygiene through periodic policy reviews, removal of unused rules, and documentation of business justification for active rules. - We coordinate with our security team on threat intelligence integration, IPS/IDS tuning, and response to security events affecting firewall infrastructure. - We design and sustain network segmentation, including security zones, microsegmentation, and trust boundaries across enterprise environments. - We develop and enforce network security standards, access control approaches, and segmentation policies that support compliance obligations. - We support security incident response by providing firewall logs, packet captures, and telemetry to the security operations team. - We partner with our security team on audits, assessments, and compliance efforts related to network security controls. - We support the operation and troubleshooting of Cisco Catalyst and Nexus switches alongside our network engineering team. - We assist with routing activities involving BGP and EIGRP where they intersect with firewall and security infrastructure. - We participate in network change management, including planning, peer review, implementation, and post-change validation. - We respond to network and security incidents, perform root-cause analysis, and help drive remediation within our areas of ownership. - We create and maintain firewall and network security documentation, including baselines, diagrams, rule inventories, and operational runbooks. - We author and update SOPs and KBAs for firewall and network security processes. - We monitor the health, capacity, and performance of our firewall and network security platforms to maintain availability. - We contribute to reporting on firewall posture, rule changes, vulnerability remediation, and security event trends. - We serve as the senior SME for Palo Alto firewall operations and enterprise network security across the organization. - We provide technical guidance and mentoring to junior engineers and network support staff. - We lead change reviews to evaluate risk, compliance impact, operational effect, and alignment with our standards. - We act as the primary escalation point for complex firewall, segmentation, and network security incidents, including after-hours support when needed. - We represent our firewall and network security function in technical reviews, audits, assessments, and vendor discussions. - We contribute to capacity planning, hardware refresh recommendations, and process improvements for firewall infrastructure.
- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Company:
- -------

We are hiring a Network Engineer to serve as the senior technical authority for our enterprise Palo Alto firewall environment and broader network security perimeter. This is a hybrid role based in Washington, DC, with a minimum of two on-site days per week at 888 First Street NE, and it may require occasional after-hours, weekend, holiday, or on-call support for maintenance windows and incident response. The compensation range is $76.00 to $85.00 per hour. We are looking for a local candidate who can bring strong firewall expertise, solid networking knowledge, and leadership capabilities to help us maintain secure, reliable, and compliant connectivity across our enterprise.
- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------