[Remote] Network Engineer IV - Palo Alto Prisma

Note: The job is a remote job and is open to candidates in USA. CBTS serves enterprise and midmarket clients across the United States and Canada, providing a full suite of flexible technology solutions. The Network Engineer IV – Palo Alto Prisma is responsible for the 24×7 operational support and optimization of enterprise Prisma SASE solutions, serving as a Tier-3 escalation engineer for complex customer environments.

Responsibilities

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE
• Troubleshoot and resolve complex issues across:
• Prisma SD‑WAN control and data planes
• Prisma Access (Remote Networks, Mobile Users, Service Connections)
• GlobalProtect, IPsec, and cloud‑delivered firewalling
• Lead high‑severity incident response, customer communications, and root cause analysis (RCA)
• Act as a technical escalation point during major outages
• Lead support efforts of Palo Alto Prisma SASE architectures, including:
• Prisma SD‑WAN branch and hub designs
• Prisma Access for ZTNA, SWG, and FWaaS
• Own the full service lifecycle:
• Customer onboarding
• Change management
• Platform upgrades and migrations
• Decommissioning
• Validate and enforce:
• Security policies
• Routing and segmentation strategies
• High availability and resiliency standards
• Support advanced routing implementations:
• BGP (required) including policy control, filtering, and failover
• OSPF
• Enable and support hybrid and cloud connectivity:
• AWS (VPC, Transit Gateway)
• Azure (vNET, vWAN, ExpressRoute)
• Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility
• Support:
• Zero Trust Network Access (ZTNA)
• Secure Web Gateway (SWG)
• Cloud‑delivered firewall policies (FWaaS)
• Integrate Prisma Access with:
• Identity providers (SAML, MFA)
• Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture
• Contribute to automation and standardization using:
• APIs, Python, Ansible, or Terraform (preferred)
• Improve observability through:
• Prisma dashboards
• Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain:
• SOPs and operational runbooks
• Troubleshooting and escalation guides
• Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering

Skills

• 10+ years of hands-on network engineering experience
• Palo Alto Networks Certified SD-WAN Engineer required
• Palo Alto Networks Certified Security Service Edge Engineer required
• Bachelor's degree in a related field, or equivalent practical experience
• Hands-on expertise with Prisma SD-WAN
• Hands-on expertise with Prisma Access
• Advanced WAN and routing expertise: BGP (required)
• Advanced WAN and routing expertise: OSPF
• Strong understanding of cloud-delivered security architectures
• Strong understanding of SD-WAN overlays, underlays, and service insertion models
• Strong knowledge of high availability and redundancy design
• Strong knowledge of QoS and application-aware routing
• Strong knowledge of NAT and firewall concepts
• Strong knowledge of TCP/IP and dynamic routing protocols
• Strong experience with configuration and support of routers, switches, firewalls, hubs, and WAN infrastructure
• Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
• Experience with one or more of the following (Prisma remains the primary focus): Fortinet Secure SD-WAN / FortiSASE, Cisco SD-WAN, Meraki, VMware VeloCloud, Juniper Mist / SSR
• Prior experience in network design or sales engineering is a plus
• Proficiency with network monitoring and performance analysis tools
• Proficiency with Visio for detailed network diagrams
• Familiarity with wireless technologies and site surveys
• Familiarity with security intelligence sources (e.g., CERT, BugTraq)
• Palo Alto Prisma Certified Cloud Security Engineer (PCCSE) highly recommended
• Cisco certifications (CCNP or CCIE) highly recommended
• Contribute to automation and standardization using APIs, Python, Ansible, or Terraform (preferred)

Company Overview

Company H1B Sponsorship