All jobs

Palo Alto Subject Matter Expert

Caci23h ago
United StatesHybridFull-timeSenior Level7+ yrs exp

Job Title: Palo Alto Subject Matter Expert Travel: Local * * * The Opportunity: The Opportunity As a Palo Alto Subject Matter Expert (SME) on the Network Security Services (NSS) team, you will be the focal point for all Palo Alto-related tasks, operations, and projects.

You will work with both corporate and customer leadership to research, analyze, and implement enterprise-wide network security solutions that bridge legacy and next-generation architectures. This role requires a unique blend of deep, hands-on expertise with traditional Gen 2/Gen 3 hardware platforms and modern, cloud-native solutions like Prisma Access (SASE) and Cortex XSOAR.

You will provide critical technical oversight, ensuring the stability, security, and modernization of our firewall infrastructure

Responsibilities

  • Lead the design, analysis, testing
  • implementation of state-of-the-art secure network architectures centered on the Palo Alto Networks ecosystem. Serve as the lead technical authority for administering, configuring
  • troubleshooting Palo Alto Networks Next-Generation Firewalls (NGFWs) across a hybrid enterprise environment. Manage the full lifecycle of Palo Alto hardware and software, including executing complex hardware refreshes and PAN-OS upgrades, especially on legacy platforms. Develop, oversee
  • maintain configuration management processes and Standard Operating Procedures (SOPs) for all Palo Alto security platforms. Utilize Panorama for centralized policy management, ensuring consistent and efficient configuration across a diverse fleet of physical and virtual firewalls. Configure and maintain master-level security profiles, including App-ID, User-ID, Content-ID, SSL Decryption
  • WildFire threat prevention. Oversee the reporting, documentation
  • investigation of security-related incidents
  • lead the development of corrective measures. Act as a liaison to contract/customer management and the government Designated Approving Authority (DAA) regarding network security status, policies
  • procedures. Evaluate and report on new and emerging network security technologies to enhance the capabilities, performance
  • reliability of the network.
  • Provide mentorship and technical oversight to junior engineers, and act as an escalation point for complex troubleshooting efforts

Qualifications

  • Required: Security Clearance: Must possess an active TS/SCI clearance and be able to successfully pass/maintain a U.S.
  • Government Polygraph.
  • A minimum of 7+ years of hands-on experience administering, configuring, and troubleshooting Palo Alto Networks NGFWs in large-scale enterprise/global environments.
  • Must hold an active Palo Alto Networks Certified Network Security Engineer (PCNSE) certification.
  • Must be DoD 8140.01 and DoD 8570.01-M IAT Level II compliant (e.g., Security+ CE).
  • Must be able to successfully obtain/maintain a CSSP Infrastructure Support certification within 120 days of the start date.
  • Deep, practical knowledge of legacy Gen 2/Gen 3 hardware (e.g., PA-3000, PA-5000 series), including legacy CLI, physical hardware troubleshooting, and line-card replacements.
  • Next-Gen & Cloud Security: Direct experience deploying and managing modern PAN-OS architectures, including Prisma Access (SASE), Prisma SD-WAN
  • virtual firewalls (VM-Series) in public/private cloud environments (AWS, Azure
  • Proven expertise utilizing Panorama for centralized policy management, template/device group inheritance, and pushing configurations across a hybrid fleet.
  • Network Foundations: Advanced understanding of core networking protocols critical to firewall routing and legacy-to-modern transitions, specifically BGP, OSPF, IPSec VPNs, and NAT.
  • Bachelor’s degree in a related field (e.g., IT, Cybersecurity, Computer Science).
  • Additional years of relevant experience may be considered in lieu of a degree.
  • Desired: Advanced Certifications: Active Palo Alto Networks Certified Network Security Consultant (PCNSC) or Prisma Certified SASE Professional (PCSAE).
  • Automation & Scripting: Proficiency in Python and experience automating firewall deployment, policy changes, and configuration backups using Ansible, Terraform, or Palo Alto XML/REST APIs.
  • Security Orchestration: Hands-on experience with Cortex XDR or Cortex XSOAR for automated threat response.
  • Migration Tools: Proficiency using Palo Alto Networks Expedition to migrate and consolidate legacy rules to modern App-ID-based policies.
  • Enterprise Architecture: Background in designing Zero Trust Network Access (ZTNA) architectures across complex, segment-isolated enterprise environments.
  • Broader Experience: Experience with other security platforms and technologies such as F5 (APM, AFM), Juniper SRX, and Cisco FTD/ASA. - What You Can Expect: A culture of integrity.
  • At CACI, we place character and innovation at the center of everything we do.
  • As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
  • An environment of trust.
  • CACI values the unique contributions that every employee brings to our company and our customers - every day.
  • You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
  • A focus on continuous growth.
  • Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.
  • Pay Range : There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications.
  • Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
  • We offer competitive compensation, benefits and learning and development opportunities.
  • Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
  • At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.
  • Since this position can be worked in more than one location, the range shown is the national average for the position.
  • The proposed salary range for this position is: $75,200-$158,100 CACI is an Equal Opportunity Employer.
  • All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran
  • any other protected characteristic.

Required skills

Palo Alto NetworksNGFWPrisma AccessCortex XSOARPythonAnsibleTerraformBGPOSPFIPSec VPNNAT
Posted on JobRush — the end-to-end AI job-search platform.