Home › Companies › Thinkahead › Senior Technical Consultant - Network Security
Senior Technical Consultant - Network Security
Thinkahead · United States · Remote · Active · $170,000–$200,000 / year · Lever
Job facts
| Field | Value |
|---|---|
| Company | Thinkahead |
| Title | Senior Technical Consultant - Network Security |
| Normalized title | - |
| Department / team | ( Network ) / Network Delivery |
| Location | United States |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | $170,000–$200,000 / year |
| Status | active |
| ATS provider | Lever |
| Posted / first seen | 2026-05-20 / 2026-05-29 |
| Changed / last seen | 2026-05-29 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Thinkahead. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Lever. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in ( Network ). | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Thinkahead |
| Source | 0f5e4ba0-0b92-4f1e-b4d2-f592eac4abab |
| ATS provider | Lever |
Description
AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.
At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.
We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.
We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.
The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.
Why AHEAD:
Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.
We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.
USA Employment Benefits include:
- Medical, Dental, and Vision Insurance
- 401(k)
- Paid company holidays
- Paid time off
- Paid parental and caregiver leave
- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.
Use of AI:
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.
If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at [email protected].
You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.
Key Responsibilities: Firewall
Design and deploy Cisco Secure Firewall Threat Defense (FTD) managed by Firewall Management Center (FMC), including high-availability pairs, threat policies (Snort IPS, malware defense, URL filtering), and both site-to-site and remote access VPN configurations.
Configure and manage Palo Alto Networks next-generation firewalls running PAN-OS, including security profiles (Antivirus, Anti-Spyware, Vulnerability Protection, WildFire), App-ID, User-ID, SSL/TLS decryption, and centralized management via Panorama.
Lead firewall migration projects including legacy Cisco ASA to FTD conversions, cross-vendor migrations (Check Point, Fortinet, Juniper to Palo Alto or Cisco), and policy translation with rule optimization during cutover.
Design network segmentation architectures using firewall zones, virtual routers, VRFs, and policy-based routing to enforce least-privilege east-west and north-south traffic controls.
Deploy cloud-native firewall solutions including Palo Alto Cloud NGFW for AWS and Azure, and Cisco Secure Firewall Cloud Native for containerized and cloud workload environments.
Implement firewall high availability designs including active/standby failover, active/active clustering, and multi-context deployments for service provider and large enterprise environments.
Configure centralized logging, SIEM integration (Splunk, Microsoft Sentinel, syslog), and NetFlow/IPFIX for traffic analytics, threat correlation, and compliance reporting.
Perform firewall rule base optimization, policy cleanup, and compliance auditing to reduce attack surface and align with regulatory frameworks (PCI-DSS, HIPAA, NIST).
Integrate Cisco Secure Firewall with Cisco XDR for cross-platform threat detection, event correlation, and automated incident response across the security portfolio.
Automate firewall provisioning, configuration backup, and policy deployment using infrastructure-as-code tools (Terraform, Ansible) and vendor APIs for repeatable, auditable workflows.
Deploy Cisco Identity Services Engine (ISE) for 802.1X wired and wireless authentication, MAC Authentication Bypass (MAB), and RADIUS/TACACS+ device administration across campus, branch, and data center environments.
Key Responsibilities: Cisco ISE
Design and implement ISE authorization policies including Security Group Tags (SGTs) with TrustSec, downloadable ACLs (dACLs), VLAN assignment, and Adaptive Network Control (ANC) for dynamic threat response.
Configure ISE profiling services, posture assessment, and compliance enforcement to provide endpoint visibility and ensure devices meet organizational security baselines before granting access.
Integrate ISE with Cisco network infrastructure (Catalyst switches, wireless LAN controllers, Secure Firewall) and third-party network access devices for consistent policy enforcement across heterogeneous environments.
Deploy ISE guest portals, BYOD onboarding workflows, and certificate-based authentication (EAP-TLS) with internal or external certificate authorities for secure device enrollment.
Implement pxGrid integrations to share identity and session context between ISE, Cisco Secure Firewall, Splunk, and third-party security platforms for unified policy enforcement and threat intelligence.
Design ISE distributed deployments spanning Policy Administration Nodes (PAN), Policy Service Nodes (PSN), and Monitoring and Troubleshooting Nodes (MnT) for scale, redundancy, and geographic distribution.
Perform ISE upgrades, migrations (legacy ACS to ISE), and advanced troubleshooting using RADIUS live logs, policy trace, TCP dump, and debug utilities to resolve authentication and authorization issues.
Key Responsibilities: SASE/Zero Trust:
Design and implement SASE and Zero Trust architectures covering remote user, branch office, cloud workload, and data center connectivity use cases with a unified security policy framework.
Configure and deploy Zscaler Internet Access (ZIA) including Secure Web Gateway, SSL inspection, URL filtering, cloud firewall, and sandbox policies, and Zscaler Private Access (ZPA) including ZTNA application segments, App Connectors, and browser-based access.
Deploy Palo Alto Prisma Access including GlobalProtect remote user connectivity, explicit proxy for branch offices, and service connections to on-premises infrastructure managed through Strata Cloud Manager or Panorama.
Implement Cisco Secure Access (SSE) including Zero Trust Network Access, Secure Web Gateway, Cloud Access Security Broker, and resource connector deployment for private application access.
Configure Netskope Security Cloud including Next Gen SWG, CASB with API-enabled and inline protections, and Netskope Private Access (NPA) with traffic steering, real-time protection policies, and DLP controls.
Leverage Guardicore micro-segmentation for east-west traffic control, application ring-fencing, and workload visibility to complement SASE north-south protections in hybrid and multi-cloud environments.
Deploy identity-based access controls integrating with Okta, Microsoft Entra ID, SAML 2.0, and SCIM provisioning to enforce user and device trust across all SASE platforms.
Develop and maintain Zero Trust maturity roadmaps for clients, mapping current-state gaps to phased adoption plans across identity, device, network, application, and data pillars.
Architecture, Design and Documentation:
Lead client-facing discovery sessions, design workshops, and architecture reviews to define firewall, NAC, and SASE strategies aligned with business objectives and compliance requirements. Own the creation of High-Level Design (HLD) and Low-Level Design (LLD) documents, network diagrams, implementation runbooks, and as-built documentation for firewall, ISE, and SASE deployments.
Develop migration and cutover plans with rollback procedures, change management workflows, and CAB review packages
Conduct knowledge transfer sessions and train client operations teams on day-2 firewall management, ISE policy administration, SASE platform operations, and incident response procedures.
Manage project workstreams, track milestones and deliverables, and escalate risks proactively to project and account leadership
Serve as the technical escalation point for junior engineers during engagements, conducting reviews of policy configurations and providing mentorship
Contribute to internal practice development including reusable templates, deployment runbooks, and automation playbooks for firewall, ISE, and SASE engagements.
Required Qualifications:
7+ years of network security, infrastructure security, or security engineering experience, with at least 3 years in a consulting, professional services, or client-facing delivery role.
Demonstrated hands-on experience designing and deploying Cisco Secure Firewall (FTD/FMC) and Palo Alto Networks NGFW (PAN-OS/Panorama) in enterprise production environments.
Production experience deploying Cisco ISE for 802.1X authentication, TACACS+ device administration, and network access policy enforcement across wired, wireless, and VPN environments.
Production experience with at least one SASE platform (Zscaler ZIA/ZPA, Palo Alto Prisma Access, Cisco Secure Access, or Netskope) including SWG, CASB, and ZTNA configuration.
Strong understanding of routing protocols (BGP, OSPF, EIGRP), VPN technologies (IPsec, SSL/TLS), network segmentation, and Zero Trust architecture principles.
Experience with cloud platforms (AWS VPC, Azure VNet, GCP VPC) including security groups, network firewalls, and hybrid connectivity architectures.
Experience with identity and access management platforms (Okta, Microsoft Entra ID, SAML 2.0, SCIM) and their integration with firewall, NAC, and SASE solutions.
Experience integrating security platforms with SIEM (Splunk, Microsoft Sentinel), syslog infrastructure, and automation tools (Terraform, Ansible) for centralized visibility and repeatable deployments.
Preferred Qualifications:
CCIE Security or CCNP Security certification.
Palo Alto PCNSE or PCNSC certification; Zscaler ZCCA/ZCCP; Cisco Secure Access or Netskope certifications.
CISSP, CompTIA Security+, or equivalent industry security certification.
Firewall migration experience including ASA to FTD conversions and cross-vendor platform migrations with rule translation and optimization.
Full job record
| Job ID | 1ca7b41d76c252ba55d45f9056acc5b6d2287577 |
| Org ID | 1b26d76d-53fc-4e6f-a686-eed575e8f759 |
| Source ID | 0f5e4ba0-0b92-4f1e-b4d2-f592eac4abab |
| Board ID | 0f5e4ba0-0b92-4f1e-b4d2-f592eac4abab |
| Provider | lever |
| Provider Job Key | 62ed1590-66a8-4038-8096-aff041ae9505 |
| Title | Senior Technical Consultant - Network Security |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | United States |
| Department | ( Network ) |
| Team | Network Delivery |
| Employment Type | Full Time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | United States |
| Region | — |
| City | — |
| Salary Raw | USD 170000-200000 per-year-salary |
| Salary Min | 170,000 |
| Salary Max | 200,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://jobs.lever.co/thinkahead/62ed1590-66a8-4038-8096-aff041ae9505 |
| Apply URL | https://jobs.lever.co/thinkahead/62ed1590-66a8-4038-8096-aff041ae9505/apply |
| First Seen At | 2026-05-29 07:07:37Z |
| Last Seen At | 2026-06-06 19:11:48Z |
| Last Checked At | 2026-06-06 19:11:48Z |
| Last Changed At | 2026-05-29 07:07:37Z |
| Inactive At | — |
| Source Posted At | 2026-05-20 14:46:38Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=lever/board=thinkahead/date=2026-06-06/2026-06-06T19-11-45-681Z-ea38648d297187fc022771090c1dcc36db842d561b2b45b066d94a6656b4dadd.json |
Event Fields
{
"content_hash": "548e32978ac14d2d578693e39db2ed1a9ca4c1f87a8921208962f8c6d20be7a2",
"source_hash": "2c14b3322a3aaf8f674eb64f917440a2c3e8f1ba64820f1b4542ee3894e767dc",
"last_changed_at": "2026-05-29T07:07:37.097Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "United States",
"city": null,
"region": null,
"country": "United States",
"is_remote": true,
"confidence": 0.95
},
"salary_max": 200000,
"salary_min": 170000,
"inferred_at": "2026-06-06T19:11:48.286Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "United States",
"city": null,
"region": null,
"country": "United States",
"is_remote": true,
"confidence": 0.95
},
"countries": [
"United States"
]
},
"remote_policy": "remote",
"salary_period": "year",
"workplace_type": "remote",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"lists": [
{
"text": "Key Responsibilities: Firewall",
"content": "<div>\n<ul type=\"disc\" style=\"margin-top: 0in; margin-bottom: 0in;\">\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Design and deploy Cisco Secure Firewall Threat Defense (FTD) managed by Firewall Management Center (FMC), including high-availability pairs, threat policies (Snort IPS, malware defense, URL filtering), and both site-to-site and remote access VPN configurations.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Configure and manage Palo Alto Networks next-generation firewalls running PAN-OS, including security profiles (Antivirus, Anti-Spyware, Vulnerability Protection, WildFire), App-ID, User-ID, SSL/TLS decryption, and centralized management via Panorama.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Lead firewall migration projects including legacy Cisco ASA to FTD conversions, cross-vendor migrations (Check Point, Fortinet, Juniper to Palo Alto or Cisco), and policy translation with rule optimization during cutover.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Design network segmentation architectures using firewall zones, virtual routers, VRFs, and policy-based routing to enforce least-privilege east-west and north-south traffic controls.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Deploy cloud-native firewall solutions including Palo Alto Cloud NGFW for AWS and Azure, and Cisco Secure Firewall Cloud Native for containerized and cloud workload environments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Implement firewall high availability designs including active/standby failover, active/active clustering, and multi-context deployments for service provider and large enterprise environments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Configure centralized logging, SIEM integration (Splunk, Microsoft Sentinel, syslog), and NetFlow/IPFIX for traffic analytics, threat correlation, and compliance reporting.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Perform firewall rule base optimization, policy cleanup, and compliance auditing to reduce attack surface and align with regulatory frameworks (PCI-DSS, HIPAA, NIST).</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Integrate Cisco Secure Firewall with Cisco XDR for cross-platform threat detection, event correlation, and automated incident response across the security portfolio.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Automate firewall provisioning, configuration backup, and policy deployment using infrastructure-as-code tools (Terraform, Ansible) and vendor APIs for repeatable, auditable workflows.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Deploy Cisco Identity Services Engine (ISE) for <a rel=\"noopener\" href=\"http://802.1X\"><span style=\"color: blue;\">802.1X</span></a> wired and wireless authentication, MAC Authentication Bypass (MAB), and RADIUS/TACACS+ device administration across campus, branch, and data center environments.</span></li>\n\n</ul></div>"
},
{
"text": "Key Responsibilities: Cisco ISE",
"content": "<div>\n<ul type=\"disc\" style=\"margin-top: 0in; margin-bottom: 0in;\">\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Design and implement ISE authorization policies including Security Group Tags (SGTs) with TrustSec, downloadable ACLs (dACLs), VLAN assignment, and Adaptive Network Control (ANC) for dynamic threat response.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Configure ISE profiling services, posture assessment, and compliance enforcement to provide endpoint visibility and ensure devices meet organizational security baselines before granting access.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Integrate ISE with Cisco network infrastructure (Catalyst switches, wireless LAN controllers, Secure Firewall) and third-party network access devices for consistent policy enforcement across heterogeneous environments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Deploy ISE guest portals, BYOD onboarding workflows, and certificate-based authentication (EAP-TLS) with internal or external certificate authorities for secure device enrollment.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Implement pxGrid integrations to share identity and session context between ISE, Cisco Secure Firewall, Splunk, and third-party security platforms for unified policy enforcement and threat intelligence.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Design ISE distributed deployments spanning Policy Administration Nodes (PAN), Policy Service Nodes (PSN), and Monitoring and Troubleshooting Nodes (MnT) for scale, redundancy, and geographic distribution.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Perform ISE upgrades, migrations (legacy ACS to ISE), and advanced troubleshooting using RADIUS live logs, policy trace, TCP dump, and debug utilities to resolve authentication and authorization issues.</span></li>\n\n</ul></div>"
},
{
"text": "Key Responsibilities: SASE/Zero Trust:",
"content": "<div>\n<ul type=\"disc\" style=\"margin-top: 0in; margin-bottom: 0in;\">\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Design and implement SASE and Zero Trust architectures covering remote user, branch office, cloud workload, and data center connectivity use cases with a unified security policy framework.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Configure and deploy Zscaler Internet Access (ZIA) including Secure Web Gateway, SSL inspection, URL filtering, cloud firewall, and sandbox policies, and Zscaler Private Access (ZPA) including ZTNA application segments, App Connectors, and browser-based access.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Deploy Palo Alto Prisma Access including GlobalProtect remote user connectivity, explicit proxy for branch offices, and service connections to on-premises infrastructure managed through Strata Cloud Manager or Panorama.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Implement Cisco Secure Access (SSE) including Zero Trust Network Access, Secure Web Gateway, Cloud Access Security Broker, and resource connector deployment for private application access.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Configure Netskope Security Cloud including Next Gen SWG, CASB with API-enabled and inline protections, and Netskope Private Access (NPA) with traffic steering, real-time protection policies, and DLP controls.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Leverage Guardicore micro-segmentation for east-west traffic control, application ring-fencing, and workload visibility to complement SASE north-south protections in hybrid and multi-cloud environments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Deploy identity-based access controls integrating with Okta, Microsoft Entra ID, SAML 2.0, and SCIM provisioning to enforce user and device trust across all SASE platforms.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Develop and maintain Zero Trust maturity roadmaps for clients, mapping current-state gaps to phased adoption plans across identity, device, network, application, and data pillars.</span></li>\n\n</ul></div>"
},
{
"text": "Architecture, Design and Documentation:",
"content": "<div>\n<ul type=\"disc\" style=\"margin-top: 0in; margin-bottom: 0in;\">\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Lead client-facing discovery sessions, design workshops, and architecture reviews to define firewall, NAC, and SASE strategies aligned with business objectives and compliance requirements. Own the creation of High-Level Design (HLD) and Low-Level Design (LLD) documents, network diagrams, implementation runbooks, and as-built documentation for firewall, ISE, and SASE deployments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Develop migration and cutover plans with rollback procedures, change management workflows, and CAB review packages</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Conduct knowledge transfer sessions and train client operations teams on day-2 firewall management, ISE policy administration, SASE platform operations, and incident response procedures.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Manage project workstreams, track milestones and deliverables, and escalate risks proactively to project and account leadership</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Serve as the technical escalation point for junior engineers during engagements, conducting reviews of policy configurations and providing mentorship</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Contribute to internal practice development including reusable templates, deployment runbooks, and automation playbooks for firewall, ISE, and SASE engagements.</span></li>\n\n<p style=\"line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"> </p>\n</ul></div>"
},
{
"text": "Required Qualifications:",
"content": "<div>\n<ul type=\"disc\" style=\"margin-bottom: 0in; margin-top: 0px;\">\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">7+ years of network security, infrastructure security, or security engineering experience, with at least 3 years in a consulting, professional services, or client-facing delivery role.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Demonstrated hands-on experience designing and deploying Cisco Secure Firewall (FTD/FMC) and Palo Alto Networks NGFW (PAN-OS/Panorama) in enterprise production environments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Production experience deploying Cisco ISE for <a rel=\"noopener\" href=\"http://802.1X\"><span style=\"color: blue;\">802.1X</span></a> authentication, TACACS+ device administration, and network access policy enforcement across wired, wireless, and VPN environments.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Production experience with at least one SASE platform (Zscaler ZIA/ZPA, Palo Alto Prisma Access, Cisco Secure Access, or Netskope) including SWG, CASB, and ZTNA configuration.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Strong understanding of routing protocols (BGP, OSPF, EIGRP), VPN technologies (IPsec, SSL/TLS), network segmentation, and Zero Trust architecture principles.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Experience with cloud platforms (AWS VPC, Azure VNet, GCP VPC) including security groups, network firewalls, and hybrid connectivity architectures.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Experience with identity and access management platforms (Okta, Microsoft Entra ID, SAML 2.0, SCIM) and their integration with firewall, NAC, and SASE solutions.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Experience integrating security platforms with SIEM (Splunk, Microsoft Sentinel), syslog infrastructure, and automation tools (Terraform, Ansible) for centralized visibility and repeatable deployments.</span></li>\n\n</ul></div>"
},
{
"text": "Preferred Qualifications:",
"content": "<div>\n<ul type=\"disc\" style=\"margin-bottom: 0in; margin-top: 0px;\">\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">CCIE Security or CCNP Security certification.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Palo Alto PCNSE or PCNSC certification; Zscaler ZCCA/ZCCP; Cisco Secure Access or Netskope certifications.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">CISSP, CompTIA Security+, or equivalent industry security certification.</span></li>\n<li style=\"line-height: normal; margin-top: 0in; margin-right: 0in; margin-bottom: 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"><span style=\"font-family: Calibri, sans-serif;\">Firewall migration experience including ASA to FTD conversions and cross-vendor platform migrations with rule translation and optimization.</span></li>\n\n<p style=\"line-height: normal; margin: 0in 0in 8pt; font-size: 12pt; font-family: Aptos, sans-serif;\"> </p>\n</ul></div>"
}
],
"country": "US",
"createdAt": 1779288398249,
"updatedAt": null,
"categories": {
"team": "Network Delivery",
"location": "United States",
"commitment": "Full Time",
"department": "( Network )",
"allLocations": [
"United States"
]
},
"salaryRange": {
"max": 200000,
"min": 170000,
"currency": "USD",
"interval": "per-year-salary"
},
"workplaceType": "remote"
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/1ca7b41d76c252ba55d45f9056acc5b6d2287577?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/1b26d76d-53fc-4e6f-a686-eed575e8f759JSONGET https://api.bluedoor.sh/job-postings/v1/sources/0f5e4ba0-0b92-4f1e-b4d2-f592eac4ababJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/1ca7b41d76c252ba55d45f9056acc5b6d2287577/eventsJSON