Infrastructure Security Engineer-L2 (Palo Alto & NGFW)

Location - Navi Mumbai, India

Position Summary

We are seeking a highly skilled Infrastructure Security Engineer-L2 (Palo Alto & NGFW) responsible for implementation, administration, and support of Palo Alto Next-Generation Firewalls (NGFW) across enterprise and cloud environments. The role involves handling day-to-day operations, incident management, troubleshooting, and TAC coordination, along with contributing to firewall migrations and security enhancements. The engineer will play a key role in maintaining secure and stable network infrastructure for critical business operations.

Key Responsibilities

• Provide L2 support for Palo Alto NGFW environments, including incident handling, troubleshooting, and resolution.
• Manage day-to-day firewall operations, including policy changes, NAT configurations, and VPN management.
• Perform advanced troubleshooting for network and security issues across on-prem and cloud environments (AWS, Azure, GCP, OCI).
• Handle TAC coordination with vendors for critical and complex issues.
• Configure and manage:
• IPSec VPNs, Remote Access VPNs, and Clientless VPNs
• Security policies, NAT rules, and ACLs
• Work on Palo Alto Panorama for centralized management, including templates, log collectors, and policy deployment.
• Implement and support Next-Generation Firewall features such as:
• Threat Prevention
• URL Filtering
• Content Filtering
• Data Loss Prevention (DLP)
• User-ID
• Participate in and execute firewall migration projects (e.g., Cisco ASA to Palo Alto).
• Support IDS/IPS administration and monitoring, including performance tuning and alert handling.
• Perform change management activities in line with ITIL processes.
• Prepare and maintain technical documentation including HLD, LLD, SOPs, and knowledge base articles.
• Conduct security assessments, gap analysis, and recommend improvements in security architecture.
• Collaborate with L3 teams and stakeholders for design improvements and complex issue resolution.
• Provide inputs for network security strategy, transformation projects, and infrastructure planning.

Technical Skills

• Strong hands-on experience with Palo Alto NGFW (PAN-OS) and its advanced features.
• Working knowledge of Palo Alto Panorama (templates, device groups, log collectors).
• Experience with Cisco ASA firewalls and firewall migration projects.
• Strong understanding of:
• Network Security concepts
• OSI Model & TCP/IP protocols
• Routing & Switching fundamentals
• Expertise in:
• IPSec VPN configuration & troubleshooting
• NAT, ACLs, and security policy management
• Exposure to cloud security networking in:
• AWS
• Azure
• GCP
• OCI
• Knowledge of IDS/IPS systems and threat prevention mechanisms.

Basic Qualifications

• Bachelor’s degree in Engineering (B.E./B.Tech – CSE, IT, ECE) or MCA / M.Sc (Computer Science).
• Minimum 5+ years of experience in network security and firewall management.
• Hands-on experience in Palo Alto firewall administration and troubleshooting.
• Strong analytical, problem-solving, and communication skills.

Preferred Qualifications

• PCNSE (Palo Alto Networks Certified Network Security Engineer) certification.
• CCNP Security or equivalent certification.
• Experience in enterprise datacentre and cloud security deployments.