Network Security Engineer IV

Summary

Join our team as a Network Security Engineer-IV and lead the migration of legacy Cisco ASA firewalls to Cisco Firepower and Palo Alto Networks NGFWs. This remote, full-time role demands deep hands-on expertise in Cisco ASA, Cisco Firepower/FTD, and Palo Alto NGFWs. You will lead end-to-end migration planning and execution, design migration workflows, and optimize policy conversion strategies. The position requires strong collaboration skills with enterprise architects and operations teams. You will also mentor junior engineers and drive automation efforts. Success in this role requires strong knowledge of change/incident management processes and troubleshooting complex post-migration issues.

Requirements

• Deep hands-on knowledge in: Cisco ASA, Cisco Firepower/FTD Palo Alto NGFW (VSYS, Panorama,Expedition, Migration Manager)
• Strong command of: Cisco ASA- ACL, VPN setup (IPSec/SSL), AnyConnect, HA Setup, NAT, Policy Management, OS Upgrade. Palo Alto- VPN setup (IPSec/SSL),Global protect, HA Setup, NAT, Security Policy Management, PANOS Upgrade
• Routing protocols (Static, OSPF,BGP) and switching fundamentals
• Policy migration planning,zero-touch deployment models
• Config conversion tools and scripting (Expedition, Python preferred)
• Experience in multi-vendor firewall strategy and enterprise segmentation
• Strong understanding of HA configurations, software upgrade planning, and rollback scenarios
• Sound knowledge of L3 routing (Static, OSPF, BGP) and switching concepts
• Excellent interpersonal and communication skills – able to clearly articulate ideas, processes, and technical concepts to both technical and non-technical audiences
• Strong documentation abilities – capable of creating and maintaining clear, concise technical documentation and procedures
• Flexible, proactive, and self-driven – demonstrates initiative, reliability, and adaptability in dynamic environments

Responsibilities

• Lead end-to-end planning and execution of ASA to Firepower and Palo Alto migrations
• Design migration workflows, HA topology, and optimize policy conversion strategy
• Perform or oversee conversion of configurations: ASA → Palo Alto (1410 VSYS, 1410 Single Tenant & VM-Series) ASA → Cisco Firepower with ASA Code or FTD
• Design, test, and validate: VPNs (IPSec/SSL), NAT policies,dynamic routing, IPS/IDS profiles
• Collaborate with enterprise architects, operations, and product teams for successful delivery
• Strong knowledge of change/Incident management process
• Guide L3 teams in execution, review configurations and scripts
• Troubleshoot complex post-migration issues
• Track project milestones and ensure documentation compliance

Preferred Qualifications

• Cisco Certifications: CCIE Security/ CCNP Security/ CCNP R&S
• Palo Alto Certifications: PCNSA/PCNSE