Palo Alto Prisma Engineer - U.S. Citizenship Required

About The Position

Requirements

• Due to the nature of the contract requirements, US citizenship and successful passing of CGI background check is required prior to beginning work. In addition, candidates must have the ability to obtain and maintain a DHS EOD/Public Trust clearance.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of hands-on experience in network security engineering/architecture, including firewalls, routers, switches, load balancers, and sensors.
• Deep expertise with the Palo Alto Prisma suite (Access, SD-WAN, Cloud), including multi-tenant architecture, MSSP models, and Strata Cloud Manager.
• Proven experience designing and implementing Zero Trust architectures aligned with NIST 800-207 and CISA ZTMM 2.0.
• Strong knowledge of SASE, cloud networking, ZTNA, SD-WAN, and VPN alternatives, with hands-on configuration of DLP, SSL inspection, URL filtering, sandboxing, and SaaS security.
• Proficiency in automation tools such as Terraform, Ansible, or Python for infrastructure-as-code and reusable Prisma configurations.
• Solid understanding of network security monitoring, threat detection, incident response, and compliance with federal standards.
• Demonstrated ability to lead technical projects, manage tasks, and deliver solutions independently or within cross-functional teams.
• Strong documentation skills and the ability to quickly adapt to evolving Prisma features, including AI-driven threat detection.
• Excellent communication and collaboration skills for working with cross-functional teams, stakeholders, and vendors.

Nice To Haves

• CISSP certification strongly preferred to demonstrate expertise in security architecture and Zero Trust.
• MSSP experience preferred, especially in scaling Prisma solutions for shared-tenant federal environments.

Responsibilities

• Design secure network architectures featuring ZTNA, SD-WAN topologies, VPN alternatives, and MSSP frameworks for scalable, shared-service deployments.
• Automate deployments using Terraform, Ansible, and Python, creating reusable configurations and policy templates in Strata Cloud Manager for streamlined onboarding.
• Implement advanced threat prevention: inline DLP, SSL decryption, URL filtering, malware protection, and sandboxing via Prisma Cloud for zero-day threat detection.
• Enforce SaaS security through Prisma Access using API-based discovery, access controls, and inline inspection to mitigate shadow IT risks.
• Communicate architectural solutions and Zero Trust roadmaps to stakeholders, addressing integration and support challenges in multi-tenant and MSSP contexts.
• Coordinate Agile workflows across cross-functional teams (Build, Integrate, Security, Agency Support), leveraging Strata Cloud Manager for centralized visibility and reporting.
• Maintain documentation including deployment guides, architecture diagrams, security policies, incident reports, and configuration templates.
• Conduct security audits, monitor network traffic, and lead incident response (investigation, containment, eradication, recovery) using Prisma’s analytics tools.
• Configure and manage firewalls, IDS/IPS, endpoint protection, and network sensors to enforce Zero Trust perimeters with advanced threat intelligence.
• Collaborate with IT teams to evolve secure architectures, deliver Prisma training (e.g., DLP tuning, SSL inspection), and stay current on emerging security trends.

Benefits

• Competitive compensation
• Comprehensive insurance options
• Matching contributions through the 401(k) plan and the share purchase plan
• Paid time off for vacation, holidays and sick time
• Paid parental leave
• Learning opportunities and tuition assistance
• Wellness and well-being programs