Network Engineer

A federal agency client is seeking a Network Engineer to serve as the senior technical authority for enterprise Palo Alto firewall operations. This is a firewall-ownership role with full responsibility for policy management, network segmentation, secure remote access, and incident response across the security perimeter. The role also carries secondary responsibility for Cisco switching and routing operations, and includes technical mentorship of junior engineers.

Palo Alto Firewall Operations

• Own the full lifecycle of the enterprise Palo Alto firewall environment, including hardware refresh, PAN-OS upgrades, and HA pair management
  
• Design, implement, and maintain security policies, NAT rules, and application/URL filtering
  
• Manage site-to-site VPN tunnels and GlobalProtect remote access infrastructure
  
• Perform log analysis, packet captures, and firewall troubleshooting in support of incident response
  
• Maintain rule hygiene through periodic policy reviews, unused-rule cleanup, and business justification documentation
  
• Coordinate with the security team on IPS/IDS tuning and threat intelligence integration
  

Network Security and Segmentation

• Design and maintain network segmentation architecture including security zones, microsegmentation, and trust boundaries
  
• Develop and enforce network security standards and access control models aligned to federal compliance frameworks
  
• Support audit, assessment, and compliance activities involving network security controls
  

Network Operations (Secondary)

• Support operation and troubleshooting of Cisco Catalyst and Nexus switching platforms
  
• Support BGP and EIGRP routing operations where they intersect with firewall infrastructure
  
• Participate in network change management including planning, peer review, implementation, and post-change verification
  

Documentation and Monitoring

• Produce and maintain configuration baselines, architecture diagrams, rule sets, runbooks, SOPs, and KBAs
  
• Monitor firewall platform health, capacity, and performance
  
• Contribute to operational reporting on firewall posture, rule changes, and security event trends
  

Technical Leadership

• Serve as the senior SME for Palo Alto firewall operations across the organization
  
• Lead firewall change reviews evaluating risk, compliance impact, and alignment with standards
  
• Serve as the primary escalation point for complex firewall and segmentation incidents, including off-hours response
  
• Mentor junior engineers and network support staff
  

Requirements

Required Qualifications

• 7+ years of enterprise network engineering experience, with 4+ years focused on Palo Alto firewall administration
  
• Extensive hands-on experience with Palo Alto configuration, policy management, NAT, VPN, HA, and lifecycle support
  
• Working knowledge of Cisco Catalyst and Nexus switching
  
• Working knowledge of BGP and/or EIGRP as they relate to firewall infrastructure
  
• Demonstrated experience leading technical reviews and mentoring junior staff
  
• Strong documentation skills
  
• Ability to obtain and maintain a Public Trust clearance
  
• CompTIA Security+ or equivalent IAT Level II certification (required within 90 days of start; active cert strongly preferred at hire)
  
• PCNSE certification or ability to obtain within 6 months of placement
  
• Bachelor's degree in a relevant field or equivalent professional experience
  

• Experience with Microsoft Azure networking (ExpressRoute, VPN Gateway, Virtual WAN)
  
• Familiarity with VXLAN and modern data center networking concepts
  
• Advanced BGP/EIGRP routing experience
  
• Experience with F5 load balancers or Cisco DNA Center
  
• Network automation experience with Python, Ansible, or PowerShell
  
• Additional certifications: CCNP Security, CCNP Enterprise, Azure Network Engineer Associate, or CISSP
  
• Familiarity with Zero Trust architecture, Agile, or ITIL frameworks
  
• Experience supporting federal IT environments under FISMA Moderate or NIST 800-53