Network Security Architect (Palo Alto Networks)

Type: Contract (1 year+)
Focus: Network Segmentation & Firewall Deployment

Overview

We are seeking an experienced Network Security Architect to support a large-scale Network Segmentation initiative. This role will focus on designing, building, deploying, and operationalizing Palo Alto Networks firewalls across multiple sites. You will partner closely with Networking, Data Center Operations, and Cyber Security teams to ensure secure, scalable, and well-documented implementations.

This is a hands-on role that spans pre‑production build, production deployment, discovery, and segmentation cutover phases.

Responsibilities

Network Segmentation – Phase 1

Build Phase

• Prepare Palo Alto firewalls for production deployment (1–3 firewalls or HA pairs per week)
• Collaborate with Data Center Operations to unbox, rack, cable, and verify hardware
• Validate power redundancy, cabling, and SFPs
• Upgrade PAN‑OS to approved standard versions
• Configure security policies, UTM profiles, and logging
• Create and manage change requests in ServiceNow
• Coordinate vulnerability scans with Cyber Security teams
• Label devices, assign hostnames, and update asset inventory
• Integrate firewalls with:
  • Panorama
  • Splunk SIEM
  • Log retention platforms
• Package and ship firewalls to designated sites

Run Phase

• Support on‑site or remote firewall and HA pair implementations
• Verify interface status, HA health, and routing
• Confirm traffic flows according to defined security policies
• Validate management-plane connectivity and standards compliance
• Ensure documentation, topology diagrams, and monitoring are complete
• Add devices to monitoring platforms

Network Segmentation – Phase 2

Discovery Phase

• Create firewall zones, interfaces, and VLAN mappings
• Configure monitoring rules to observe traffic patterns
• Analyze firewall and SIEM logs to identify required traffic flows
• Build and refine allow rules based on observed traffic
• Maintain runbooks and segmentation documentation

Cutover Phase

• Implement deny rules to block unidentified traffic after monitoring period
• Support cutovers during off-hours as required (early mornings, nights, or mid-day)
• Monitor traffic and adjust rules during and after cutover
• Update support, escalation, and operational documentation

Qualifications

Minimum Qualifications

• Hands-on experience with Palo Alto Networks firewalls
• Experience deploying and managing HA firewall pairs
• Strong knowledge of PAN‑OS, security policies, and UTM features
• Experience administering Panorama
• Experience with network segmentation projects
• Familiarity with SIEM platforms (Splunk preferred)
• Experience working in change-controlled environments (ServiceNow)
• Ability to collaborate across Network, Security, and Data Center teams

Preferred Qualifications

• Experience in healthcare or regulated enterprise environments
• Large-scale, multi-site firewall deployments
• Experience with vulnerability scanning and asset inventory processes
• Strong documentation and operational readiness skills

Work Requirements

• Ability to support production cutovers outside of normal business hours
• Comfortable working in fast-paced, project-based environments
• Willingness to support multiple firewall deployments per week

Apply now