Network Security Engineer IV - IN

Job Title – Network Security Engineer-IV Location: RemoteExperience: 10–16 yearsProject: Cisco ASA to Palo Alto / Firepower EOL MigrationJob Type: Full-time

Role Overview:

• We are seeking a highly skilled L4 Network Security Engineer/ Lead Engineer to lead migration planning and execution for the EOL replacement of legacy Cisco ASA firewalls (5508,5525,5545,5555 etc.) with Cisco Firepower and Palo Alto Networks NGFWs. This role requires deep hands-on expertise as well as the ability to mentor junior engineers, drive automation efforts, and design scalable, secure migration workflows.

Key Responsibilities:

• Lead end-to-end planning and execution of ASA to Firepower and Palo Alto migrations.
• Design migration workflows, HA topology, and optimize policy conversion strategy.
• Perform or oversee conversion of configurations:
• ASA → Palo Alto (1410 VSYS, 1410 Single Tenant & VM-Series)
• ASA → Cisco Firepower with ASA Code or FTD
• Design, test, and validate:
• VPNs (IPSec/SSL), NAT policies,dynamic routing, IPS/IDS profiles
• Collaborate with enterprise architects, operations, and product teams for successful delivery.
• Strong knowledge of change/Incident management process.
• Guide L3 teams in execution, review configurations and scripts.
• Troubleshoot complex post-migration issues.
• Track project milestones and ensure documentation compliance.

Must-Have Skills:

• Deep hands-on knowledge in:
• Cisco ASA, Cisco Firepower/FTD
• Palo Alto NGFW (VSYS, Panorama,Expedition, Migration Manager)
• Strong command of:
• Cisco ASA- ACL, VPN setup (IPSec/SSL), AnyConnect, HA Setup, NAT, Policy Management, OS Upgrade.
• Palo Alto- VPN setup (IPSec/SSL),Global protect, HA Setup, NAT, Security Policy Management, PANOS Upgrade.
• Routing protocols (Static, OSPF,BGP) and switching fundamentals
• Policy migration planning,zero-touch deployment models
• Config conversion tools and scripting (Expedition, Python preferred)
• Experience in multi-vendor firewall strategy and enterprise segmentation
• Strong understanding of HA configurations, software upgrade planning, and rollback scenarios
• Sound knowledge of L3 routing (Static, OSPF, BGP) and switching concepts.

Soft Skills & Professional Attributes:

• Excellent interpersonal and communication skills – able to clearly articulate ideas, processes, and technical concepts to both technical and non-technical audiences.
• Strong documentation abilities – capable of creating and maintaining clear, concise technical documentation and procedures.
• Flexible, proactive, and self-driven – demonstrates initiative, reliability, and adaptability in dynamic environments.

Preferred Certifications:

• Cisco Certifications: CCIE Security/ CCNP Security/ CCNP R&S
• Palo Alto Certifications: PCNSA/PCNSE