Palo Alto Network Security Engineer - Senior

SHR Consulting Group, LLC

10d•Remote

About The Position

SHR is a premier technology integrator solving our nation’s most complex modernization and readiness challenges across the defense, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and AI. With an intimate understanding of our customers’ challenges and deep expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. The Senior Palo Alto Network Security Engineer leads design, implementation, and sustainment of enterprise network security with primary focus on Palo Alto Networks firewalls and Panorama. This hands-on role supports federal government clients through Palo Alto-centric engineering, multi-vendor integration, technical assessments, and compliance readiness.

Requirements

7+ years in network/cybersecurity engineering with hands-on firewall experience.
4+ years engineering/implementing Palo Alto firewalls and Panorama in enterprise/federal environments.
Experience with firewalls, IDS/IPS, proxies (policy design/tuning/troubleshooting).
Hands-on with BIG IP, Gigamon, FireEye, CoreLight, and similar security products.
Technical assessments via Vendor Best Practices, STIGs, SRGs for network hardening.
Lifecycle management, health/monitoring for failures/intrusions.
Scripting (Python, PowerShell, Bash) for automation.
STIG/vulnerability remediation and best practices alignment.
Strong analysis/communication; leadership/mentoring skills.
Experience with Microsoft Productivity Suite
Education: Bachelor's in Computer Science, Information Systems, Engineering, Cybersecurity, or equivalent.
Required Certifications (at least one): CISSP, CISM, CISA, or similar IAT/IAM Level 3.
Clearance: Active DoD Secret Clearance

Nice To Haves

Preferred Certifications: PCNSE/PCNSA (highly desirable), CCNA, CCSP, or equivalent.

Responsibilities

Architect, deploy, and maintain Palo Alto firewalls (physical/virtual), Panorama, security policies, NAT, VPNs (site-to-site/remote), and advanced services including Threat Prevention, URL Filtering, WildFire, and GlobalProtect.
Lead Palo Alto-focused cybersecurity engineering across system requirements, design, development, testing, and sustainment for network security solutions.
Administer Palo Alto platforms and integrate complementary tools like BIG IP (load balancing/ADC), Gigamon (traffic visibility), FireEye (threat detection), CoreLight (NDR), IDS/IPS, proxies, and monitoring systems; handle upgrades, rules development, and system management.
Perform technical assessments using Vendor Best Practices, STIGs, SRGs, and similar standards to harden Palo Alto and supporting network/perimeter security.
Provide Security/IA support to clients, aligning Palo Alto architectures with agency policies; advise on network security for current/emerging systems.
Provide direct oversight and technical support to support the client Audit and Inspection program requirements such as engaging in Cyber Operational Readiness Assessment (CORA), Cyber Command Readiness Inspection (CCRI), Key Indicator of Risk (KIoR) assessments and status of the following technology areas of network and boundary security requirements.
Troubleshoot application/web connectivity with development teams using deep Palo Alto and network expertise (TCP/IP, routing, LAN/WAN, SNMP).
Research open-source/commercial innovations for Palo Alto-enhanced network modernization; facilitate security solution adoption.
Analyze performance, conduct cost/benefit evaluations, and document designs, runbooks, and SOPs; mentor junior staff.