Job Description

Role: Firewall Engineer with Palo Alto, Cisco ASA

Location: NYC, NY

Setting: Hybrid - 4 onsite / 1 Day Remote

Who are we looking for?

We are looking for a highly skilled and experienced Firewall Engineer with deep expertise in Palo Alto, Cisco ASA, and Cisco Firepower Threat Defense (FTD) firewalls, along with hands-on experience in firewall automation and network security design. The ideal candidate will have a proven track record in designing, implementing, troubleshooting, and managing complex enterprise firewall infrastructures, preferably within large financial organizations. The candidate should be passionate about network security, automation, and operational excellence, with a strong understanding of enterprise-grade architectures, segmentation, and compliance-driven environments.

Indicative Activities:

• Lead the design, configuration, and deployment of firewall solutions across enterprise and data center environments.
• Perform firewall rule analysis, optimization, and migration for large-scale network and security transformation projects.
• Design and implement segmentation, VPNs, and advanced security policies in alignment with compliance and audit requirements.
• Manage and support Palo Alto NGFWs, Cisco ASA, and Cisco Firepower Threat Defense (FTD) platforms.
• Develop and maintain firewall automation frameworks to streamline policy deployments, rule reviews, and reporting.
• Conduct firewall refresh and migration projects (e.g., ASA to FTD or legacy to Palo Alto).
• Collaborate with security architecture and network teams to ensure consistent and secure designs across hybrid and on-prem environments.
• Provide tier-3 escalation support for complex firewall and network security incidents.
• Maintain detailed documentation of configurations, network diagrams, and change management logs.
• Participate in security audits, vulnerability remediation, and compliance assessments.
• Coordinate with vendors (Palo Alto, Cisco, etc.) for TAC escalations, bug fixes, and platform upgrades.
  
  

Technical Skills:

Must Have

• Strong hands-on experience with Palo Alto Networks Firewalls (physical and virtual), including:
• Security policies, NAT, VPN (site-to-site & remote), App-ID, User-ID, Threat & URL Filtering.
• Panorama centralized management.
• Experience with dynamic routing (BGP/OSPF) and virtual systems.
• Expert-level experience with Cisco ASA and Cisco Firepower Threat Defense (FTD) platforms, including:
• Access control policies, NAT, VPNs, and cluster/high-availability configurations.
• Cisco FMC (Firepower Management Center) operations and troubleshooting.
• Proven expertise in firewall automation and scripting (Python, Ansible, REST API integrations).
• Strong understanding of network security architectures including segmentation, zero trust, and micro-segmentation principles.
• Solid grasp of networking fundamentals TCP/IP, VLANs, routing, switching, DNS, DHCP, and IP addressing.
• Experience working in large enterprise or financial environments with strict security and compliance requirements.
• Demonstrated ability to handle large-scale firewall refresh/migration projects end-to-end.

Good To Have

• Experience with F5 load balancers (LTM/GTM configuration and troubleshooting).
• Knowledge of Cisco routing and switching (Catalyst/Nexus platforms).
• Familiarity with SIEM, IDS/IPS, and network monitoring tools (Splunk, SolarWinds, etc.).
• Exposure to cloud-based firewalls and integrations (Palo Alto Prisma, Cisco Secure Cloud Analytics).
• Understanding of SD-WAN, Network Access Control (NAC), and Zero Trust architectures.
• Experience in security compliance frameworks (PCI-DSS, ISO 27001, SOC2).

Process Skills:

• Strong understanding of ITIL processes, including Change, Incident, and Problem Management.
• Ability to create and maintain technical documentation, SOPs, and runbooks.
• Proven track record of managing firewall lifecycle, including upgrades, patches, and migrations.
• Skilled in capacity planning, performance analysis, and proactive issue prevention.
• Familiarity with change control and risk assessment in production environments.
• Ability to perform peer review and governance of firewall policies and configurations.

Behavioral Skills:

• Strong analytical and troubleshooting skills, capable of resolving complex issues independently.
• Excellent communication and documentation abilities-able to translate technical findings into clear reports.
• Highly detail-oriented, organized, and disciplined in operational execution.
• Demonstrated leadership and mentoring capabilities for junior engineers.
• Ability to work effectively under pressure in high-availability, mission-critical environments.
• Collaborative mindset with a focus on teamwork, accountability, and continuous improvement

Qualification :

• Professional with a minimum of 10+ years of experience in firewall engineering roles.
• Bachelor's degree in computer science, Information Technology, or a related field.
• Relevant certifications preferred:
• Palo Alto Networks PCNSE / PCNSA
• Cisco CCNP Security / CCIE Security
• Cisco Firepower Certification (FTD/FMC)
• F5-CA or F5-CTS (optional).
• Experience working in regulated enterprise or financial institutions is highly desirable.

Job Tags

Hourly pay, Full time, Contract work, Part time, Internship, Seasonal work, Remote work,

Similar Jobs