Network Security Architect

About The Position

Requirements

• A minimum of 10 years' progressive experience in a Network Security related field
• Cisco certifications such as CCNP Security, CCIE Security, or equivalent
• Palo Alto certifications such as PCNSA or PCNSE
• Experience with SD-WAN, SASE, or cloud security platforms (AWS, Azure)
• Familiarity with ITIL change management processes
• Scripting or automation experience (Python, Ansible) for network security tasks
• 5–10 years of experience in network security architecture and engineering
• Hands-on expertise with Cisco Firepower (FTD/FMC) — policy management, IPS, and threat inspection
• Strong proficiency with Cisco ASA — configuration, NAT, VPN (site-to-site and remote access), and troubleshooting
• Deep experience with Cisco ISE — endpoint profiling, posture assessment, RADIUS/TACACS+, and guest access
• Proven experience producing LLDs and design documentation to a professional standard
• Demonstrated ability to write clear, accurate MOPs for complex network changes
• Strong understanding of network protocols — BGP, OSPF, EIGRP, VLAN, spanning tree, and QoS
• Experience with network segmentation, micro-segmentation, and zero-trust principles

Nice To Haves

• Hands-on experience with Palo Alto Networks OEM hardware — NGFW deployment, PAN-OS configuration, security policy management, and threat prevention
• Familiarity with Panorama for Palo Alto firewall management
• Experience with Palo Alto GlobalProtect VPN and URL filtering
• Working knowledge of Palo Alto Cortex or WildFire threat intelligence platforms

Responsibilities

• Design and architect enterprise network security solutions including firewalls, access control, and network segmentation
• Develop Low-Level Designs (LLDs) and High-Level Designs (HLDs) for network security infrastructure
• Build and deliver detailed Methods of Procedure (MOPs) for implementation and change activities
• Deploy, configure, and manage Cisco Firepower Threat Defense (FTD) and Cisco ASA firewalls
• Design and implement network access control solutions using Cisco Identity Services Engine (ISE), including 802.1X, MAB, and policy enforcement
• Deploy and manage Palo Alto Networks OEM hardware including Next-Generation Firewalls (NGFWs) and associated security platforms
• Lead end-to-end project delivery from requirements gathering through build and go-live
• Conduct security assessments and provide recommendations to improve the overall security posture
• Collaborate with stakeholders to translate business requirements into technical security designs
• Provide technical guidance and mentorship to junior engineers
• Maintain documentation standards and ensure designs align with industry best practices and compliance requirements