Palo Alto Network Administrator

We are seeking a Palo Alto Networks Firewall Administrator to support a DoW organization in operating, optimizing, and securing next-generation firewall (NGFW) capabilities. This role focuses on policy lifecycle management, rule optimization and block implementation, ensuring configurations meet security and compliance requirements, and implementing directives in a mission environment.

Key Responsibilities

• Administer and support Palo Alto Networks NGFWs in production environments. This includes creating, maintaining, and analyzing Palo Alto Networks' NGFW traffic reports to support internal security analysis and operational decision-making.
• Manage centralized configuration and operations using Panorama (templates, device groups, policy push, commits, and upgrades as applicable).
• Create, maintain, and document policy-based security rules, including lifecycle ownership (request intake, analysis, implementation, validation, and periodic review).
• Perform rule optimization (cleanup, consolidation, shadowed/unused rule remediation, recertification support, and performance-aware tuning).
• Implement blocks and directives (e.g., mandated deny policies, emergency blocks, and governance-driven changes) with clear validation and rollback planning.
• Build and maintain rules leveraging App-ID, including application-based segmentation and least-privilege access patterns. This also includes converting legacy firewall rulesets to App-ID rulesets in order to improve visibility, control, modernization, and effectiveness.
• Develop, tune, and maintain Palo Alto Networks security profiles to balance production traffic requirements with organizational risk tolerance.
• Ensure firewall configurations align with security requirements (hardening, logging standards, auditing, and control evidence as required). Recommend/implement changes if intended requirements/security outcomes are not met.
• Troubleshoot traffic and policy behavior using logs and tools (e.g., Traffic logs, Threat logs, URL logs; policy match reasoning; session troubleshooting). Maintain and manager URL and IP whitelists/blacklists based on threat intelligence, security reports, and organizational needs.
• Partner with security operations, network teams, and stakeholders to support change management, incident response, and continuous improvement.
• Maintain accurate documentation (network/security diagrams as needed, rule justification, standard operating procedures, and change records).

Qualifications

• At least 5 years experience with hands-on administration Palo Alto Networks firewalls in an enterprise environment. Additional networking experience outside of Palo Alto does not count towards this requirement, but additional networking experience is beneficial/preferred.
• Demonstrated experience with Panorama administration and centralized policy management.
• Strong working knowledge of App-ID and designing/enforcing application-based rules.
• Proven ability to execute rule optimization and implement/validate deny blocks and operational directives.
• Experience developing and maintaining policy-based rules aligned to security requirements and audit expectations.
• Familiarity with firewall concepts: zones, routing, NAT, security profiles, SSL decryption (if applicable), URL filtering, logging/monitoring, and change control.
• Ability to write clear technical documentation and communicate risk/impact to stakeholders, management, peers, and junior staff.
• Familiarity with Oracle Cloud will elevate a candidates' likelihood to receive an offer.
• A background in Agile teaming, with practical Jira usage is preferred.
• Active Secret clearance required

Preferred Certifications

• Palo Alto certifications (e.g., PCNSA/PCNSE)