We are seeking a highly skilled L4 Network Security Engineer/ Lead Engineer to lead migration planning and execution for the EOL replacement of legacy Cisco ASA firewalls (5508, 5525, 5545, 5555 etc.) with Cisco Firepower and Palo Alto Networks NGFWs.
This role requires deep hands-on expertise as well as the ability to mentor junior engineers, drive automation efforts, and design scalable, secure migration workflows.
Key responsibilities include leading end-to-end planning and execution of ASA to Firepower and Palo Alto migrations, designing migration workflows, HA topology, and optimizing policy conversion strategy.
The engineer will perform or oversee the conversion of configurations from ASA to Palo Alto and Cisco Firepower, design, test, and validate VPNs, NAT policies, dynamic routing, and IPS/IDS profiles.
Collaboration with enterprise architects, operations, and product teams for successful delivery is essential.
The role requires strong knowledge of change/incident management processes, guiding L3 teams in execution, reviewing configurations and scripts, troubleshooting complex post-migration issues, and tracking project milestones while ensuring documentation compliance.
Requirements:
Candidates must have deep hands-on knowledge in Cisco ASA, Cisco Firepower/FTD, and Palo Alto NGFW (VSYS, Panorama, Expedition, Migration Manager).
A strong command of Cisco ASA- ACL, VPN setup (IPSec/SSL), AnyConnect, HA Setup, NAT, Policy Management, and OS Upgrade is required.
Proficiency in Palo Alto VPN setup (IPSec/SSL), Global protect, HA Setup, NAT, Security Policy Management, and PANOS Upgrade is necessary.
Knowledge of routing protocols (Static, OSPF, BGP) and switching fundamentals is essential.
Experience in policy migration planning, zero-touch deployment models, config conversion tools, and scripting (Expedition, Python preferred) is required.
Candidates should have experience in multi-vendor firewall strategy and enterprise segmentation, as well as a strong understanding of HA configurations, software upgrade planning, and rollback scenarios.
Sound knowledge of L3 routing (Static, OSPF, BGP) and switching concepts is also necessary.
Excellent interpersonal and communication skills are required to articulate ideas, processes, and technical concepts to both technical and non-technical audiences.
Strong documentation abilities to create and maintain clear, concise technical documentation and procedures are essential.
Candidates should be flexible, proactive, and self-driven, demonstrating initiative, reliability, and adaptability in dynamic environments.
Benefits:
The position offers a full-time remote work opportunity.
Candidates will have the chance to lead significant migration projects, enhancing their professional experience and expertise.
The role provides opportunities for mentorship and collaboration with junior engineers and cross-functional teams.
Employees will gain exposure to advanced technologies and methodologies in network security.
The company supports professional development through preferred certifications such as Cisco CCIE Security/ CCNP Security/ CCNP R&S and Palo Alto PCNSA/PCNSE.
