SME - Azure & Cloud Security, Palo Alto Firewall Job Details

SME - Azure & Cloud Security, Palo Alto Firewall

United States

Job Description

SME - Azure & Cloud Security, Palo Alto Firewall

Frisco, Texas

Job Summary

We are looking for an experienced Network Security Engineer with strong hands-on expertise in Palo Alto Networks firewalls to support enterprise firewall operations in a complex managed services environment. The role will be primarily responsible for advanced troubleshooting, firewall policy administration, rule lifecycle management, change execution, incident resolution, compliance support, and operational optimization. Hands-on experience with AlgoSec for policy analysis, risk assessment, and compliance validation is essential/preferred depending on the exact role scope. This role also requires strong knowledge of Panorama, VPN technologies, TCP/IP, routing, NAT, and broader network security operations.

Key Responsibilities

DETAILED RESPONSIBILITIES
FIREWALL OPERATIONS and MANAGEMENT
- Own and manage the enterprise-grade Palo Alto Networks firewall infrastructure, including PA-Series, VM-Series, and CN-Series devices.
- Configure, implement, and maintain robust security policies, NAT rules, zones, and routing via Panorama and device-level interfaces.
- Lead advanced troubleshooting for firewall-related incidents, utilizing packet captures, flow analysis, and comprehensive log reviews.
- Administer GlobalProtect VPN, SSL decryption, URL filtering, App-ID, and User-ID policies to safeguard network access and integrity.
- Manage L3 escalations from L1/L2 teams, driving issues to timely resolution in alignment with SLAs.
SECURITY POLICY and COMPLIANCE
- Conduct regular firewall rule reviews, cleanup, and optimization to minimize the organization’s attack surface.
- Leverage AlgoSec tools (Firewall Analyzer, FireFlow) for automated policy analysis, risk assessment, and streamlined change management.
- Ensure configurations adhere to CIS benchmarks, internal security standards, and compliance frameworks such as PCI-DSS, ISO 27001, and NIST.
- Actively participate in internal and external security audits to maintain compliance and reduce risk.
CHANGE MANAGEMENT and PROJECTS
- Evaluate, implement, and test firewall rule change requests end-to-end, ensuring seamless integration and minimal disruption.
- Lead firewall migration and upgrade initiatives, including OS upgrades, hardware refreshes, and data center migrations.
- Collaborate with network, cloud, and security architecture teams on new deployments and security enhancements.
- Develop and maintain comprehensive runbooks, SOPs, and technical documentation for operational consistency.
MONITORING and INCIDENT RESPONSE
- Monitor firewall health, performance, and security events through SIEM integration and Panorama dashboards.
- Participate in an on-call rotation, responding efficiently to P1/P2 security incidents and driving rapid remediation.
- Conduct thorough root cause analysis (RCA) and post-incident reviews to prevent recurrence and strengthen defenses.

Skill Requirements

- Minimum 8 years of hands-on experience with Palo Alto Networks firewalls (NGFW, Panorama).
- Deep expertise in security policy management, zone-based architectures, and advanced traffic inspection techniques.
- Proficiency with AlgoSec Firewall Analyzer and FireFlow for policy automation and compliance.
- Strong understanding of TCP/IP, routing protocols (BGP, OSPF), VLANs, and network segmentation principles.
- Demonstrated experience with VPN technologies (IPSec, SSL/TLS, GlobalProtect).
- Familiarity with Syslog, SNMP, and SIEM platforms (e.g., Splunk, QRadar).
- Practical knowledge of ITIL-based change management processes.

EDUCATION
- Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent professional experience.
REQUIRED CERTIFICATIONS
- Palo Alto Networks Certified Network Security Engineer (PCNSE) – Mandatory

Other Requirements

- Experience with Cisco ASA/FTD, Fortinet, or Check Point firewalls.
- Knowledge of cloud security controls, such as AWS Security Groups, Azure Firewall, or equivalent.
- Familiarity with scripting or automation (Python, Ansible) for firewall policy management.
- Experience with Tufin or FireMon as alternatives/complements to AlgoSec.
- Understanding of Zero Trust Architecture principles.
- Additional certifications such as PCNSA, CCNP Security/CCIE Security, AlgoSec Certified Engineer, CompTIA Security+, CEH, or ITIL Foundation (v3/v4).

Maximum Salary (US): 123000

Minimum Salary (US): 69000

Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2025 totaled $14.5 billion.

Compensation and Benefits

A candidate’s pay within the range will depend on their skills, experience, education, and other factors permitted by law. This role may also be eligible for performance-based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program; 401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need-based leave with no designated number of leave days per year); and 10 paid holidays per year.

Provider	Description	Enabled
Vimeo	Vimeo is a video hosting, sharing, and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions	Consent to cookies from provider Vimeo
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like, and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions	Consent to cookies from provider YouTube

Provider	Description	Enabled
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions	Consent to cookies from provider GoogleAnalytics
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing, and more. Privacy Policy Terms and Conditions	Consent to cookies from provider GoogleTagManager
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions	Consent to cookies from provider LinkedIn