[Remote] Network Engineer IV - Palo Alto Prisma
Note: The job is a remote job and is open to candidates in USA. CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. The Network Engineer IV – Palo Alto Prisma is responsible for 24×7 operational support and optimization of enterprise Prisma SASE solutions within a Managed Services environment, serving as a Tier-3 escalation engineer and collaborating closely with various teams to ensure customer satisfaction and service quality.
Responsibilities
- Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE
- Troubleshoot and resolve complex issues across:
- + Prisma SD‑WAN control and data planes
- + Prisma Access (Remote Networks, Mobile Users, Service Connections)
- + GlobalProtect, IPsec, and cloud‑delivered firewalling
- Lead high‑severity incident response, customer communications, and root cause analysis (RCA)
- Act as a technical escalation point during major outages
- Lead support efforts of Palo Alto Prisma SASE architectures, including:
- + Prisma SD‑WAN branch and hub designs
- + Prisma Access for ZTNA, SWG, and FWaaS
- Own the full service lifecycle:
- + Customer onboarding
- + Change management
- + Platform upgrades and migrations
- + Decommissioning
- Validate and enforce:
- + Security policies
- + Routing and segmentation strategies
- + High availability and resiliency standards
- Support advanced routing implementations:
- + BGP (required) including policy control, filtering, and failover
- + OSPF
- Enable and support hybrid and cloud connectivity:
- + AWS (VPC, Transit Gateway)
- + Azure (vNET, vWAN, ExpressRoute)
- + Google Cloud Platform (VPC)
- Ensure optimized traffic steering, SLA adherence, performance, and application visibility
- Support:
- + Zero Trust Network Access (ZTNA)
- + Secure Web Gateway (SWG)
- + Cloud‑delivered firewall policies (FWaaS)
- Integrate Prisma Access with:
- + Identity providers (SAML, MFA)
- + Remote and mobile user access models
- Partner with security teams to align network enforcement with enterprise security posture
- Contribute to automation and standardization using:
- + APIs, Python, Ansible, or Terraform (preferred)
- Improve observability through:
- + Prisma dashboards
- + Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
- Develop and maintain:
- + SOPs and operational runbooks
- + Troubleshooting and escalation guides
- + Service readiness documentation for new Prisma releases
- Mentor Tier‑1 and Tier‑2 engineers
- Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering
Skills
- 10+ years of hands-on network engineering experience
- Hands-on expertise with Prisma SD-WAN
- Hands-on expertise with Prisma Access
- Strong understanding of cloud-delivered security architectures
- Strong understanding of SD-WAN overlays, underlays, and service insertion models
- Strong understanding of traffic steering and policy enforcement
- Advanced WAN and routing expertise: BGP (required)
- Advanced WAN and routing expertise: OSPF
- Strong knowledge of high availability and redundancy design
- Strong knowledge of QoS and application-aware routing
- Strong knowledge of NAT and firewall concepts
- Strong knowledge of TCP/IP and dynamic routing protocols
- Experience with one or more of the following: Fortinet Secure SD-WAN / FortiSASE, Cisco SD-WAN, Meraki, VMware VeloCloud, Juniper Mist / SSR
- Ability to translate architectures and concepts across vendors
- Strong experience with configuration and support of routers, switches, firewalls, hubs, and WAN infrastructure
- Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
- Proficiency with network monitoring and performance analysis tools
- Proficiency with Visio for detailed network diagrams
- Familiarity with wireless technologies and site surveys
- Familiarity with security intelligence sources (e.g., CERT, BugTraq)
- Palo Alto Networks Certified SD-WAN Engineer required
- Palo Alto Networks Certified Security Service Edge Engineer required
- Bachelor's degree in a related field, or equivalent practical experience
- APIs, Python, Ansible, or Terraform
- Prior experience in network design or sales engineering
- Palo Alto Prisma Certified Cloud Security Engineer (PCCSE) highly recommended
- Cisco certifications (CCNP or CCIE) highly recommended
Company Overview
Company H1B Sponsorship