Palo Alto Subject Matter Expert

CACI InternationalSt. Louis, MO
$75,200 - $158,100Onsite

About The Position

As a Palo Alto Subject Matter Expert (SME) on the Network Security Services (NSS) team, you will be the focal point for all Palo Alto-related tasks, operations, and projects. You will work with both corporate and customer leadership to research, analyze, and implement enterprise-wide network security solutions that bridge legacy and next-generation architectures. This role requires a unique blend of deep, hands-on expertise with traditional Gen 2/Gen 3 hardware platforms and modern, cloud-native solutions like Prisma Access (SASE) and Cortex XSOAR. You will provide critical technical oversight, ensuring the stability, security, and modernization of our firewall infrastructure.

Requirements

  • Must possess an active TS/SCI clearance and be able to successfully pass/maintain a U.S. Government Polygraph.
  • A minimum of 7+ years of hands-on experience administering, configuring, and troubleshooting Palo Alto Networks NGFWs in large-scale enterprise/global environments.
  • Must hold an active Palo Alto Networks Certified Network Security Engineer (PCNSE) certification.
  • Must be DoD 8140.01 and DoD 8570.01-M IAT Level II compliant (e.g., Security+ CE).
  • Must be able to successfully obtain/maintain a CSSP Infrastructure Support certification within 120 days of the start date.
  • Deep, practical knowledge of legacy Gen 2/Gen 3 hardware (e.g., PA-3000, PA-5000 series), including legacy CLI, physical hardware troubleshooting, and line-card replacements.
  • Direct experience deploying and managing modern PAN-OS architectures, including Prisma Access (SASE), Prisma SD-WAN, and virtual firewalls (VM-Series) in public/private cloud environments (AWS, Azure, or GCP).
  • Proven expertise utilizing Panorama for centralized policy management, template/device group inheritance, and pushing configurations across a hybrid fleet.
  • Advanced understanding of core networking protocols critical to firewall routing and legacy-to-modern transitions, specifically BGP, OSPF, IPSec VPNs, and NAT.
  • Bachelor’s degree in a related field (e.g., IT, Cybersecurity, Computer Science). Additional years of relevant experience may be considered in lieu of a degree.

Nice To Haves

  • Active Palo Alto Networks Certified Network Security Consultant (PCNSC) or Prisma Certified SASE Professional (PCSAE).
  • Proficiency in Python and experience automating firewall deployment, policy changes, and configuration backups using Ansible, Terraform, or Palo Alto XML/REST APIs.
  • Hands-on experience with Cortex XDR or Cortex XSOAR for automated threat response.
  • Proficiency using Palo Alto Networks Expedition to migrate and consolidate legacy rules to modern App-ID-based policies.
  • Background in designing Zero Trust Network Access (ZTNA) architectures across complex, segment-isolated enterprise environments.
  • Experience with other security platforms and technologies such as F5 (APM, AFM), Juniper SRX, and Cisco FTD/ASA.

Responsibilities

  • Lead the design, analysis, testing, and implementation of state-of-the-art secure network architectures centered on the Palo Alto Networks ecosystem.
  • Serve as the lead technical authority for administering, configuring, and troubleshooting Palo Alto Networks Next-Generation Firewalls (NGFWs) across a hybrid enterprise environment.
  • Manage the full lifecycle of Palo Alto hardware and software, including executing complex hardware refreshes and PAN-OS upgrades, especially on legacy platforms.
  • Develop, oversee, and maintain configuration management processes and Standard Operating Procedures (SOPs) for all Palo Alto security platforms.
  • Utilize Panorama for centralized policy management, ensuring consistent and efficient configuration across a diverse fleet of physical and virtual firewalls.
  • Configure and maintain master-level security profiles, including App-ID, User-ID, Content-ID, SSL Decryption, and WildFire threat prevention.
  • Oversee the reporting, documentation, and investigation of security-related incidents, and lead the development of corrective measures.
  • Act as a liaison to contract/customer management and the government Designated Approving Authority (DAA) regarding network security status, policies, and procedures.
  • Evaluate and report on new and emerging network security technologies to enhance the capabilities, performance, and reliability of the network.
  • Provide mentorship and technical oversight to junior engineers, and act as an escalation point for complex troubleshooting efforts.

Benefits

  • healthcare
  • wellness
  • financial
  • retirement
  • family support
  • continuing education
  • time off benefits
  • flexible time off benefit
  • robust learning resources
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service