Secure Technology Integration Group
Senior Firewall Engineer
Secure Technology Integration Group, Palo Alto, California, United States, 94306
Location: Remote with occasional on-site support (as required)
Department: Managed Security Services / Network Security Engineering
Reports To: Security Engineering Manager
Overview We are seeking a highly experienced Senior Firewall Engineer to support enterprise-grade firewall operations for a customer environment leveraging Palo Alto Networks (PAN-OS) and Cisco Firepower (FTD/FMC). This role is responsible for lifecycle management, policy design and analysis, rule implementation, configuration governance, troubleshooting, and continuous improvement of perimeter and internal network security controls.
The ideal candidate brings deep technical expertise across multiple firewall platforms, strong analytical and documentation skills, and the discipline to ensure all changes align with the customer’s corporate security policies, compliance requirements, and industry best practices.
Key Responsibilities Firewall Policy & Configuration Management
Design, implement, and manage firewall policies across Palo Alto and Cisco Firepower platforms.
Conduct policy reviews, cleanup, and optimization (rule recertification, de-duplication, shadowed rules, object hygiene).
Evaluate and implement change requests, ensuring alignment with security policies, segmentation strategies, and least-privilege principles.
Maintain configuration baselines, version control, and platform standardization across environments.
Operations, Monitoring & Troubleshooting
Monitor firewall and security appliance health, performance, logs, and threat events.
Perform advanced troubleshooting of connectivity, performance, NAT, routing, VPN, and threat-prevention issues.
Respond to escalations from SOC, NOC, or customer teams as a subject-matter expert for firewall and network security incidents.
Platform Upgrades & Lifecycle Management
Plan and execute software upgrades, patches, and hardware refresh activities.
Ensure high availability (HA) design integrity and failover testing.
Evaluate new features, platform capabilities, and security enhancements.
Security Requirements & Governance Alignment
Translate business and technical requirements into secure firewall policies.
Ensure all changes comply with corporate security policies, regulatory controls, and architectural standards.
Participate in architecture discussions, risk assessments, and solution design reviews.
Provide technical guidance and best-practice recommendations for segmentation, micro‑segmentation, and secure connectivity patterns.
Documentation, Reporting & Continuous Improvement
Produce and maintain documentation including diagrams, rule sets, procedures, and configuration inventories.
Develop runbooks, SOPs, and policy standards for consistent platform management.
Identify opportunities for automation, efficiency, and improved security posture.
Provide periodic reports on firewall health, performance, rule usage, and risk findings.
Required Qualifications
7+ years of hands‑on firewall engineering experience in large or complex enterprise production environments.
Extensive experience with
Palo Alto Networks
(PAN-OS, Panorama, security profiles, URL filtering, WildFire, VPN/GlobalProtect).
Strong experience with
Cisco Firepower
(FTD, FMC, access control policies, intrusion policies, NAT, VPN).
Proficiency with routing, switching, NAT/PAT, VPN (IPSec/SSL), BGP/OSPF, and network design fundamentals.
Experience with security policy analysis and governance, including least‑privilege access design and segmentation strategies.
Demonstrated ability to resolve complex issues across multi‑vendor network security stacks.
Expertise with configuration management, change control processes, and structured operations practices (e.g., ITIL).
Ability to interpret logs and threat events and work effectively with SOC teams.
Strong written and verbal communication skills, including documentation and customer‑facing communication.
Must be a US citizen / permanent resident.
Preferred Qualifications
Palo Alto Networks certifications (PCNSE, PCNSA).
Cisco security certifications (CCNP Security, CCIE Security a plus).
Experience with automation or scripting (Python, API, Terraform, Ansible).
Familiarity with cloud firewalls and hybrid network integrations (AWS, Azure, GCP).
Experience supporting managed security services or multi‑tenant environments.
BENEFITS Health Insurance. Paid time off. Corporate Holidays. Sick leave. Competitive 401K. Training and Learning. Telecommuting. We continue to expand our benefits and programs, offering some of the best support, guidance and coverage for a diverse employee population.
#J-18808-Ljbffr
Overview We are seeking a highly experienced Senior Firewall Engineer to support enterprise-grade firewall operations for a customer environment leveraging Palo Alto Networks (PAN-OS) and Cisco Firepower (FTD/FMC). This role is responsible for lifecycle management, policy design and analysis, rule implementation, configuration governance, troubleshooting, and continuous improvement of perimeter and internal network security controls.
The ideal candidate brings deep technical expertise across multiple firewall platforms, strong analytical and documentation skills, and the discipline to ensure all changes align with the customer’s corporate security policies, compliance requirements, and industry best practices.
Key Responsibilities Firewall Policy & Configuration Management
Design, implement, and manage firewall policies across Palo Alto and Cisco Firepower platforms.
Conduct policy reviews, cleanup, and optimization (rule recertification, de-duplication, shadowed rules, object hygiene).
Evaluate and implement change requests, ensuring alignment with security policies, segmentation strategies, and least-privilege principles.
Maintain configuration baselines, version control, and platform standardization across environments.
Operations, Monitoring & Troubleshooting
Monitor firewall and security appliance health, performance, logs, and threat events.
Perform advanced troubleshooting of connectivity, performance, NAT, routing, VPN, and threat-prevention issues.
Respond to escalations from SOC, NOC, or customer teams as a subject-matter expert for firewall and network security incidents.
Platform Upgrades & Lifecycle Management
Plan and execute software upgrades, patches, and hardware refresh activities.
Ensure high availability (HA) design integrity and failover testing.
Evaluate new features, platform capabilities, and security enhancements.
Security Requirements & Governance Alignment
Translate business and technical requirements into secure firewall policies.
Ensure all changes comply with corporate security policies, regulatory controls, and architectural standards.
Participate in architecture discussions, risk assessments, and solution design reviews.
Provide technical guidance and best-practice recommendations for segmentation, micro‑segmentation, and secure connectivity patterns.
Documentation, Reporting & Continuous Improvement
Produce and maintain documentation including diagrams, rule sets, procedures, and configuration inventories.
Develop runbooks, SOPs, and policy standards for consistent platform management.
Identify opportunities for automation, efficiency, and improved security posture.
Provide periodic reports on firewall health, performance, rule usage, and risk findings.
Required Qualifications
7+ years of hands‑on firewall engineering experience in large or complex enterprise production environments.
Extensive experience with
Palo Alto Networks
(PAN-OS, Panorama, security profiles, URL filtering, WildFire, VPN/GlobalProtect).
Strong experience with
Cisco Firepower
(FTD, FMC, access control policies, intrusion policies, NAT, VPN).
Proficiency with routing, switching, NAT/PAT, VPN (IPSec/SSL), BGP/OSPF, and network design fundamentals.
Experience with security policy analysis and governance, including least‑privilege access design and segmentation strategies.
Demonstrated ability to resolve complex issues across multi‑vendor network security stacks.
Expertise with configuration management, change control processes, and structured operations practices (e.g., ITIL).
Ability to interpret logs and threat events and work effectively with SOC teams.
Strong written and verbal communication skills, including documentation and customer‑facing communication.
Must be a US citizen / permanent resident.
Preferred Qualifications
Palo Alto Networks certifications (PCNSE, PCNSA).
Cisco security certifications (CCNP Security, CCIE Security a plus).
Experience with automation or scripting (Python, API, Terraform, Ansible).
Familiarity with cloud firewalls and hybrid network integrations (AWS, Azure, GCP).
Experience supporting managed security services or multi‑tenant environments.
BENEFITS Health Insurance. Paid time off. Corporate Holidays. Sick leave. Competitive 401K. Training and Learning. Telecommuting. We continue to expand our benefits and programs, offering some of the best support, guidance and coverage for a diverse employee population.
#J-18808-Ljbffr