Senior Network Engineer - Palo Alto Firewall

We are seeking a Network Engineer to own the design, configuration, operation, and lifecycle support of the enterprise Palo Alto firewall environment. This role is centered on firewall ownership and enterprise network security, with responsibility for policy management, segmentation, secure remote access, and incident response across the network security perimeter.The Network Engineer serves as the senior subject matter expert and primary technical authority for Palo Alto firewall operations, providing technical leadership across firewall architecture, security policy, and incident response. The role partners with network and infrastructure engineers to ensure secure, reliable, and compliant connectivity across the enterprise, and provides mentoring and technical direction to junior engineers and network support staff. The role also supports core Cisco switching and routing operations as a secondary but important responsibility., Palo Alto Firewall Management (Primary)

• Own the configuration, operation, and lifecycle support of the enterprise Palo Alto firewall environment, including hardware refresh, PAN-OS upgrades, and high-availability (HA) pair management.
• Design, implement, and maintain firewall security policies, NAT rules, and application/URL filtering in alignment with enterprise security standards.
• Manage site-to-site VPN tunnels, GlobalProtect remote access, and associated authentication and certificate infrastructure.
• Perform firewall troubleshooting, log analysis, and packet capture review to support incident response and operational issue resolution.
• Maintain firewall rule hygiene, including periodic policy reviews, unused-rule cleanup, and documentation of business justification for active rules.
• Coordinate with the security team on threat intelligence integration, IPS/IDS tuning, and response to security events involving firewall infrastructure.

Enterprise Network Security and Segmentation

• Design and maintain network segmentation architecture, including security zones, microsegmentation, and trust boundaries between enterprise environments.
• Develop and enforce network security standards, access control models, and segmentation policies that support compliance with applicable federal frameworks.
• Support security incident response by providing firewall logs, packet captures, and network telemetry to the security operations team.
• Partner with the security team to support audit, assessment, and compliance activities involving network security controls.

Network Operations Support (Secondary)

• Support operation and troubleshooting of Cisco Catalyst and Nexus switches in coordination with the network engineering team.
• Support routing operations involving BGP and EIGRP as they intersect with firewall and security infrastructure.
• Participate in network change management, including planning, peer review, implementation, and post-change verification of approved changes.
• Respond to network and security incidents, perform root-cause analysis, and lead remediation efforts within areas of primary responsibility.

Documentation, Standards, and Monitoring

• Develop and maintain firewall and network security documentation, including configuration baselines, architecture diagrams, rule sets, and operational runbooks.
• Author and maintain Standard Operating Procedures (SOPs) and Knowledge Base Articles (KBAs) for firewall and network security tasks.
• Monitor firewall and network security platform health, capacity, and performance, addressing issues to ensure high availability.
• Contribute to operational reporting on firewall posture, rule changes, vulnerability remediation, and security event trends.

Technical Leadership

• Serve as the senior subject matter expert (SME) for Palo Alto firewall operations and enterprise network security across the organization.
• Provide technical mentoring and guidance to junior engineers and network support staff on firewall, segmentation, and network security topics.
• Lead firewall and network security change reviews, evaluating proposed changes for risk, compliance, operational impact, and alignment with established standards.
• Serve as the primary escalation point for complex firewall, segmentation, and network security incidents, including off-hours response when required.
• Represent the firewall and network security domain in technical reviews, audits, assessments, and vendor engagements.
• Contribute to firewall infrastructure planning, including capacity monitoring, hardware refresh recommendations, and identification of operational improvements.

Do you have experience in Zero Trust security?, Do you have a Bachelor's degree?, * Extensive hands-on experience with Palo Alto Networks firewalls, including configuration, policy management, NAT, VPN (site-to-site and GlobalProtect), high-availability (HA), upgrades, and lifecycle support.

• Strong understanding of enterprise network security principles, including segmentation, zone-based security, and access control.
• Working knowledge of Cisco Catalyst and Nexus switching platforms sufficient to support operations and troubleshoot issues at the network/security boundary.
• Working knowledge of routing protocols (BGP and/or EIGRP) as they relate to firewall and security infrastructure.
• Demonstrated experience with network monitoring tools and structured troubleshooting methodologies.
• Demonstrated documentation skills, including the ability to produce clear configuration baselines, architecture diagrams, and operational runbooks.
• Demonstrated ability to lead technical reviews, mentor junior staff, and serve as a subject matter expert in cross-functional discussions.

Clearance & Certifications

• Ability to obtain and maintain a Public Trust clearance.
• CompTIA Security+ certification (or equivalent DoD 8140/8570 IAT Level II certification). Candidates without Security+ at hire will be granted a 90-day grace period to obtain it.
• Palo Alto Networks Certified Network Security Engineer (PCNSE) certification, or ability to obtain within six (6) months of placement., * Bachelor's degree in Computer Science, Information Technology, Network Engineering, Cybersecurity, or related field; equivalent professional experience will be considered.
• Minimum of seven (7) years of progressive experience in enterprise network engineering, with at least four (4) years focused on Palo Alto firewall administration.
• Demonstrated experience leading firewall and network security initiatives in an enterprise environment, including ownership of change reviews, technical mentoring, and incident response leadership.
• Experience supporting enterprise environments with high-availability and compliance requirements.

Preferred Qualifications

• Familiarity with VXLAN, network overlays, and modern data center networking concepts.
• Advanced routing experience with BGP and EIGRP in enterprise environments.
• Experience with Microsoft Azure networking, including hybrid connectivity (ExpressRoute, VPN Gateway, Virtual WAN) and security best practices.
• Familiarity with F5 load balancers for application delivery and traffic management.
• Experience with Cisco DNA Center for network automation and assurance.
• Familiarity with network automation tools and scripting (Python, Ansible, PowerShell).
• Additional certifications such as CCNP Security, CCNP Enterprise, Microsoft Certified: Azure Network Engineer Associate, or CISSP.
• Familiarity with Zero Trust architecture principles.
• Familiarity with Agile delivery frameworks and ITIL service management practices.
• Experience supporting federal IT environments, particularly under FISMA Moderate or NIST 800-53 control frameworks., * Palo Alto Firewall Administration : 4 years (Required)
• Cisco Catalyst/Nexus switches: 5 years (Required)
• BGP or EIGRP routing: 5 years (Required)

License/Certification:

• CompTIA Security+ (Required)

Work Location: Hybrid remote in Washington, DC 20426

888 1st Street NE, Washington, DC 20426, Hybrid work $76 - $85 an hour - Contract, * Hybrid schedule with a minimum of two (2) days per week on-site at 888 First Street NE, Washington, DC.

• Occasional after-hours, weekend, or holiday work to support maintenance windows, change events, and incident response.
• Participation in an on-call rotation may be required.

Pay: $76.00 - $85.00 per hour