We are seeking a highly skilled L4 Network Security Engineer/ Lead Engineer to lead migration planning and execution for the End Of Life (EOL) replacement of legacy Cisco ASA firewalls with Cisco Firepower and Palo Alto Networks Next-Generation Firewalls (NGFWs). This role requires deep hands-on expertise, the ability to mentor junior engineers, drive automation efforts, and design scalable, secure migration workflows. Key responsibilities include end-to-end planning and execution of ASA to Firepower and Palo Alto migrations, designing migration workflows, HA topology, and optimizing policy conversion strategy. Perform or oversee configuration conversion from ASA to Palo Alto and Cisco Firepower. Design, test, and validate VPNs (IPSec/SSL), NAT policies, dynamic routing, and IPS/IDS profiles. Collaborate with enterprise architects, operations, and product teams for successful delivery, guiding L3 teams, reviewing configurations, and troubleshooting complex post-migration issues.