Sr. Network Security & Firewall Engineer
3B Staffing LLC, Washington, District of Columbia, United States
Job Description
As a Sr. Network Security & Firewall Engineer, you will serve as the technical authority and primary "self-starter" for a premier Washington, DC-based infrastructure. This role is designed for a high-level practitioner who can hit the ground running on Day 1, bridging the gap between legacy networking and modern, AI-powered security. You will be responsible for the end-to-end lifecycle of a sophisticated Palo Alto Networks ecosystem-utilizing Strata Cloud Manager and Prisma Access-while ensuring seamless identity-based access via Cisco ISE. By combining elite Layer 3 routing expertise with cloud-native security across AWS and Azure, you will drive the transition to a Zero Trust architecture, optimizing the environment through automation and deep-packet analysis to protect mission-critical enterprise assets.
Core Responsibilities
Firewall Ecosystem Leadership: Design, deploy, and manage the full Palo Alto suite (NGFW, Panorama), pivoting management to Strata Cloud Manager for centralized policy governance and AI-driven visibility.
Network & Routing Authority: Manage complex Layer 3 networking, including BGP and OSPF routing protocols, ensuring high availability and resilient connectivity across the enterprise.
Identity & Access Enforcement: Own the implementation and fine-tuning of Cisco ISE for Network Access Control (NAC), device posture, and secure identity-based access.
Web Application Defense: Configure and tune WAF solutions (e.g., Akamai, Alert Logic, or Imperva) to protect application-layer traffic and mitigate OWASP Top 10 threats.
Cloud Security Architecture: Secure multi-cloud environments in AWS and Azure by managing VPC/VNet peering, Security Groups, and hybrid connectivity via ExpressRoute or Direct Connect.
Zero Trust & SASE Strategy: Architect and enforce Prisma Access and ZTNA principles to secure remote workforces and enable granular network segmentation.
Advanced Threat Mitigation: Maximize the value of security subscriptions-including Advanced Threat Prevention, DNS Security, and WildFire-to stop zero-day exploits inline.
Core Infrastructure & DDI: Oversee DDI management using Infoblox (DNS/DHCP/IPAM) and perform deep-packet analysis (PCAPs) for advanced troubleshooting.
Operational Automation: Leverage APIs and scripting (Python, Ansible, or Terraform) to implement Infrastructure-as-Code (IaC) concepts and streamline security workflows.
Key Qualifications
Elite Technical Depth: 10+ years of enterprise-scale experience in network security; must be a definitive "Network God" capable of working with total autonomy.
Palo Alto Mastery: Proven hands-on expertise with the Palo Alto Strata and Prisma platforms; PCNSE certification is highly desirable.
Identity Specialist: Demonstrated experience implementing and maintaining Cisco ISE in complex, multi-site environments.
DDI & WAF Proficiency: Strong technical knowledge of Infoblox and enterprise-grade Web Application Firewalls.
Cloud-Native Fluency: Deep understanding of security controls and networking architecture within major cloud providers (AWS/Azure).
Automation Mindset: Experience using automation tools or scripts to optimize security investments and reduce manual overhead.
Analytical Problem Solver: Expert-level ability to perform root-cause analysis on complex network faults and security anomalies.
Professional Standards: Significant experience in Agile/SAFe environments, utilizing ServiceNow for change management and ITIL-based operations.
As a Sr. Network Security & Firewall Engineer, you will serve as the technical authority and primary "self-starter" for a premier Washington, DC-based infrastructure. This role is designed for a high-level practitioner who can hit the ground running on Day 1, bridging the gap between legacy networking and modern, AI-powered security. You will be responsible for the end-to-end lifecycle of a sophisticated Palo Alto Networks ecosystem-utilizing Strata Cloud Manager and Prisma Access-while ensuring seamless identity-based access via Cisco ISE. By combining elite Layer 3 routing expertise with cloud-native security across AWS and Azure, you will drive the transition to a Zero Trust architecture, optimizing the environment through automation and deep-packet analysis to protect mission-critical enterprise assets.
Core Responsibilities
Firewall Ecosystem Leadership: Design, deploy, and manage the full Palo Alto suite (NGFW, Panorama), pivoting management to Strata Cloud Manager for centralized policy governance and AI-driven visibility.
Network & Routing Authority: Manage complex Layer 3 networking, including BGP and OSPF routing protocols, ensuring high availability and resilient connectivity across the enterprise.
Identity & Access Enforcement: Own the implementation and fine-tuning of Cisco ISE for Network Access Control (NAC), device posture, and secure identity-based access.
Web Application Defense: Configure and tune WAF solutions (e.g., Akamai, Alert Logic, or Imperva) to protect application-layer traffic and mitigate OWASP Top 10 threats.
Cloud Security Architecture: Secure multi-cloud environments in AWS and Azure by managing VPC/VNet peering, Security Groups, and hybrid connectivity via ExpressRoute or Direct Connect.
Zero Trust & SASE Strategy: Architect and enforce Prisma Access and ZTNA principles to secure remote workforces and enable granular network segmentation.
Advanced Threat Mitigation: Maximize the value of security subscriptions-including Advanced Threat Prevention, DNS Security, and WildFire-to stop zero-day exploits inline.
Core Infrastructure & DDI: Oversee DDI management using Infoblox (DNS/DHCP/IPAM) and perform deep-packet analysis (PCAPs) for advanced troubleshooting.
Operational Automation: Leverage APIs and scripting (Python, Ansible, or Terraform) to implement Infrastructure-as-Code (IaC) concepts and streamline security workflows.
Key Qualifications
Elite Technical Depth: 10+ years of enterprise-scale experience in network security; must be a definitive "Network God" capable of working with total autonomy.
Palo Alto Mastery: Proven hands-on expertise with the Palo Alto Strata and Prisma platforms; PCNSE certification is highly desirable.
Identity Specialist: Demonstrated experience implementing and maintaining Cisco ISE in complex, multi-site environments.
DDI & WAF Proficiency: Strong technical knowledge of Infoblox and enterprise-grade Web Application Firewalls.
Cloud-Native Fluency: Deep understanding of security controls and networking architecture within major cloud providers (AWS/Azure).
Automation Mindset: Experience using automation tools or scripts to optimize security investments and reduce manual overhead.
Analytical Problem Solver: Expert-level ability to perform root-cause analysis on complex network faults and security anomalies.
Professional Standards: Significant experience in Agile/SAFe environments, utilizing ServiceNow for change management and ITIL-based operations.