Job Description
Palo Alto Engineer
PRIMARY RESPONSIBILITIES:
- Identify and remediate misconfigurations, conflicting rules, security gaps, firewall and load balancer security issues, optimize rule-sets, and enhance the overall security posture and performance of Firewalls and Load Balancers
- Provide Tier 3 support to members of the operations network administrations.
- Maintain all HW and SW components at vendor supported levels.
- Support mission-critical Continuity of Operations (COOP).
- Conduct a minimum of two (2) assessment of firewall each month on CESO and customer devices and generate assessment reports and provide recommendations for improvements.
- Support the creation of network device performance and traffic utilization monthly reports.
- Develop and/or participate in After Action Reports (AARs)
- Provide expert advice and direction regarding the management and operation of all Palo Alto devices in the DISA CESO enterprise architecture.
- Interact with the customer point of contact to set objectives/goals based on Palo Alto Networks technologies and available technology roadmap for architecture and design discussions.
- Evaluate current technologies and processes associated with DISA CESO to identify gaps.
- Provide requirements and strategies for future cybersecurity operations.
- Active participant in meetings with DISA CESO and mission partner working groups.
- Adhere to applicable DOD STIGs, DISA applicable orders, and JSIG policy, guidelines, and regulations.
Qualifications:
- Bachelor’s degree and 12+ years of directly relevant experience. Add’l experience may be considered in lieu of degree.
- 10+ years of hands-on Cisco / Palo Alto Firewall experience in both engineering and Operations and maintenance roles.
- Strong knowledge of Palo Alto concepts and best practices:
- Panorama Installation
- Panorama HA Config
- Panorama Template and Template Stacks
- Panorama Policy creation and push to group of Firewalls and Verify Push
- Palo Alto Route configuration
- Palo Alto IPSec Site to Site VPN Config and Troubleshooting
- Palo Alto VM in AWS
- Palo Alto IPS Configuration
- Palo Alto Virtual Router / Systems
- Palo Alto Firewall HA
- Experience working in a high op-temp, Top Secret environment.
- Candidate must possess an active DOD Top Secret level security clearance, and be eligible to obtain and maintain a TS/SCI
- Candidate must be willing to take and maintain a CI/Poly
- 8570 IAT Level II Baseline Certification (e.g. CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP)