Cloud Network Security Engineer (Terraform)

We are seeking a highly skilled Cloud Network Security Engineer to design, deploy, and operate Palo Alto Networks Next-Generation Firewalls (NGFWs) across Microsoft Azure and Google Cloud Platform (GCP) environments. This role will be hands-on and delivery-focused, supporting: · Palo Alto firewall deployments using Terraform · Migration of existing GCP mesh network topology to a hub-and-spoke architecture · Standardization of cloud perimeter, egress, and inter-VPC/VNet security controls The engineer will work closely with Security Architecture, Cloud Platform, and Network Engineering teams to implement secure, scalable, and repeatable cloud network security patterns. Key Responsibilities Palo Alto Firewall Deployment & Operations · Design and deploy Palo Alto NGFWs (VM-Series) in Azure and GCP (perimeter, shared services, and hub networks) · Implement and manage firewall policies using App-ID, Threat Prevention, URL Filtering, and logging · Support north-south and east-west traffic inspection use cases · Integrate firewall logging with centralized SIEM platforms (e.g., Splunk) Terraform & Infrastructure as Code · Develop and maintain Terraform modules for: o Palo Alto firewall deployments o Hub-and-spoke networking (VPCs/VNets, routing, NAT, load balancers) o Security policy and rule standardization · Follow Git-based workflows (PRs, code reviews, versioning) · Ensure repeatability, consistency, and automated deployments across environments GCP Network Topology Migration · Assist in migrating from GCP mesh VPC topology to a hub-and-spoke model · Design and implement: o Centralized ingress and egress VPCs o Shared firewall hubs o VPC peering / cloud routing strategies · Minimize application downtime and reduce blast radius during migration Cloud Networking & Security Integration · Collaborate with architecture teams to implement approved cloud security patterns · Support routing, NAT, load balancing, and high-availability designs · Implement secure connectivity between: o Cloud-to-cloud (Azure * GCP) o Cloud-to-on-prem environments · Participate in troubleshooting complex network and firewall issues Documentation & Operational Readiness · Produce clear technical documentation: o Terraform modules o Firewall design diagrams o Deployment and rollback procedures · Support operational handoff to NOC/SOC teams · Participate in change management and CAB processes

Core Technical Skills · 5+ years of experience in network security or cloud networking · Hands-on experience deploying Palo Alto Networks firewalls (VM-Series) · Strong experience with Terraform in production environments · Solid knowledge of GCP networking: o VPCs, subnets, routing, firewall rules, NAT, load balancers · Working experience with Azure networking: o VNets, UDRs, Azure Load Balancer, Azure Firewall or NVA patterns · Understanding of hub-and-spoke cloud architectures Security & Networking Fundamentals · Strong TCP/IP, routing, and firewall fundamentals · Experience with: o North-south and east-west traffic control o Centralized egress and ingress models · Familiarity with logging, monitoring, and SIEM integrations Collaboration & Communication · Experience working with US-based teams in a global/offshore model · Ability to follow architecture standards and security patterns · Strong documentation and verbal communication skills Comfortable working in Agile or sprint-based delivery model

Nice to Have Skills & Experience

· Palo Alto certifications (PCNSA, PCNSE) · Experience with: o GCP Shared VPCs o Azure Landing Zones · Exposure to Zero Trust or segmentation concepts · Experience supporting large-scale cloud migrations · Familiarity with CI/CD pipelines for Terraform

Pay Rate: $6-$10 an hour depending on skills and experience, Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.