Senior Enterprise Security Engineer – Infosec
| Company | Palo Alto Networks |
|---|---|
| Location | Santa Clara, CA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior |
Requirements
- 4-7 years of hands-on experience in the Network and Infrastructure security technologies.
- 2+ years of experience with firewall technologies, including deep expertise with Palo Alto Networks Next-Generation Firewalls (NGFW) and security rule evaluation.
- 2+ years of experience managing and securing cloud environments across AWS, GCP, and Microsoft Azure, with knowledge of native security tools and multi-cloud architectures.
- Proven ability to design, build, and maintain scalable cloud infrastructure and secure cloud-native applications, leveraging infrastructure-as-code (IaC) principles.
- Experience working with public sector systems, setting up and maintaining security controls to meet government standards like FedRAMP.
- Strong working knowledge of IP networking, including routing, switching, VPNs, DNS, NAT, load balancing, and wireless for both on-prem and cloud environments.
- Proficient in virtualization platforms such as VMware, with experience securing virtualized and hybrid workloads.
- Experience working with REST APIs, automation scripting using Python or Go, and integration of security workflows into infrastructure tools.
- Ability to evaluate and optimize firewall rules and access control policies across complex environments, aligning with Zero Trust and least privilege models.
- Solid foundation in certificate management and PKI, including experience issuing and renewing certificates, managing key lifecycles, and enforcing secure communication using TLS and mutual authentication.
- Strong experience with OS-level security hardening and configuration management across Linux (RHEL, Ubuntu) and Windows Server, including patching, log monitoring, enforcing CIS/NIST baselines, and secure user access controls.
- Proficient in managing and securing Microsoft Active Directory (AD) environments, including Group Policy, LDAP integrations, role-based access control (RBAC), and identity federation for hybrid cloud architectures.
- Self-motivated, strong troubleshooting skills, and capable of working independently in fast-paced environments with minimal supervision.
- Strong communication skills with the ability to collaborate effectively with cross-functional teams, including network operations, cloud infrastructure, IAM, and compliance.
Responsibilities
- Providing advanced operations and engineering support for critical systems and services, including application and security infrastructure on-prem and in the cloud.
- Responsible for assessing and reviewing the security and cloud infrastructure in both IT and production environments.
- Coordinates with various teams to ensure appliances and services are configured with the correct posture to support business requirements.
- In-depth knowledge of designing and implementing a Zero Trust Network Architecture, including network and identity segmentation.
- Continuous monitoring and improvement of IT support practices to enhance scalability, reliability, and performance in the product infrastructure.
- Assist in maintaining strong oversight of cloud computing solutions to safeguard against undue risks from third-party or external integrations.
- Develop automation using SOAR tools to streamline repetitive tasks and improve the overall efficiency of the security team.
- Collaborate with teams outside the Security Fusion Center, including Vulnerability Management, Network Engineering, OS Engineering, and product SRE.
- Prioritize and respond to critical vulnerabilities and data exposures with urgency and effective risk mitigation strategies.
- Develop and maintain security baselines for infrastructure components (e.g., VMs, containers, network devices) in alignment with CIS Benchmarks, NIST, and internal standards.
- Support incident response activities, including containment, forensic investigation, root cause analysis, and post-incident documentation.
- Perform regular policy and firewall rule reviews to ensure alignment with access requirements and enforcement of Zero Trust principles.
- Contribute to governance, risk, and compliance (GRC) efforts, including audit participation, third-party risk assessments, and evidence collection for SOC 2, ISO 27001, or FedRAMP certifications.
Preferred Qualifications
- CISSP, AWS , GCP certifications preferred.
- PCNSE certification is a plus.