Network Security Engineer IV
Job Summary
Job Description
We are seeking a highly skilled L4 Network Security Engineer/ Lead Engineer to lead migration planning and execution for the End Of Life (EOL) replacement of legacy Cisco ASA firewalls with Cisco Firepower and Palo Alto Networks Next-Generation Firewalls (NGFWs). This role requires deep hands-on expertise, the ability to mentor junior engineers, drive automation efforts, and design scalable, secure migration workflows. Key responsibilities include end-to-end planning and execution of ASA to Firepower and Palo Alto migrations, designing migration workflows, HA topology, and optimizing policy conversion strategy. Perform or oversee configuration conversion from ASA to Palo Alto and Cisco Firepower. Design, test, and validate VPNs (IPSec/SSL), NAT policies, dynamic routing, and IPS/IDS profiles. Collaborate with enterprise architects, operations, and product teams for successful delivery, guiding L3 teams, reviewing configurations, and troubleshooting complex post-migration issues.
Must have:
- Deep hands-on knowledge in Cisco ASA, Cisco Firepower/FTD
- Palo Alto NGFW (VSYS, Panorama, Expedition, Migration Manager)
- Strong command of Cisco ASA ACL, VPN, AnyConnect, HA, NAT, Policy Management
- Strong command of Palo Alto VPN, Global Protect, HA, NAT, Security Policy
- Routing protocols (Static, OSPF, BGP) and switching fundamentals
- Policy migration planning, zero-touch deployment
- Config conversion tools and scripting (Python preferred)
- Multi-vendor firewall strategy and enterprise segmentation
- Strong understanding of HA, software upgrade, rollback
- Sound knowledge of L3 routing and switching concepts
Good to have:
- Cisco certifications: CCIE Security/ CCNP Security/ CCNP R&S
- Palo Alto certifications: PCNSA/PCNSE
2 skills required
Job Details
Job Title – Network Security Engineer-IV
Location: Remote
Experience: 10–16 years
Project: Cisco ASA to Palo Alto / Firepower EOL Migration
Job Type: Full-time
- We are seeking a highly skilled L4 Network Security Engineer/ Lead Engineer to lead migration planning and execution for the EOL replacement of legacy Cisco ASA firewalls (5508,5525,5545,5555 etc.) with Cisco Firepower and Palo Alto Networks NGFWs. This role requires deep hands-on expertise as well as the ability to mentor junior engineers, drive automation efforts, and design scalable, secure migration workflows.
- Lead end-to-end planning and execution of ASA to Firepower and Palo Alto migrations.
- Design migration workflows, HA topology, and optimize policy conversion strategy.
- Perform or oversee conversion of configurations:
- ASA → Palo Alto (1410 VSYS, 1410 Single Tenant & VM-Series)
- ASA → Cisco Firepower with ASA Code or FTD
- Design, test, and validate:
- VPNs (IPSec/SSL), NAT policies,dynamic routing, IPS/IDS profiles
- Collaborate with enterprise architects, operations, and product teams for successful delivery.
- Strong knowledge of change/Incident management process.
- Guide L3 teams in execution, review configurations and scripts.
- Troubleshoot complex post-migration issues.
- Track project milestones and ensure documentation compliance.
- Deep hands-on knowledge in:
- Cisco ASA, Cisco Firepower/FTD
- Palo Alto NGFW (VSYS, Panorama,Expedition, Migration Manager)
- Strong command of:
- Cisco ASA- ACL, VPN setup (IPSec/SSL), AnyConnect, HA Setup, NAT, Policy Management, OS Upgrade.
- Palo Alto- VPN setup (IPSec/SSL),Global protect, HA Setup, NAT, Security Policy Management, PANOS Upgrade.
- Routing protocols (Static, OSPF,BGP) and switching fundamentals
- Policy migration planning,zero-touch deployment models
- Config conversion tools and scripting (Expedition, Python preferred)
- Experience in multi-vendor firewall strategy and enterprise segmentation
- Strong understanding of HA configurations, software upgrade planning, and rollback scenarios
- Sound knowledge of L3 routing (Static, OSPF, BGP) and switching concepts.
- Excellent interpersonal and communication skills – able to clearly articulate ideas, processes, and technical concepts to both technical and non-technical audiences.
- Strong documentation abilities – capable of creating and maintaining clear, concise technical documentation and procedures.
- Flexible, proactive, and self-driven – demonstrates initiative, reliability, and adaptability in dynamic environments.
- Cisco Certifications: CCIE Security/ CCNP Security/ CCNP R&S
- Palo Alto Certifications: PCNSA/PCNSE
Similar Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
Similar Skill Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
Jobs in Gurugram, Haryana, India
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
Cyber Security Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
