Cyber Palo Alto Networks Security Engineer/ Senior Consultant, Strategy, Growth, and Transformation
Job Description
Join Deloitte’s Cyber Enterprise Security team and contribute to secure digital transformation through Palo Alto Networks security engineering. This onsite role in New York, NY offers the chance to design, deploy, and optimize NGFW, Prisma Access, Panorama, and Strata across on‑premises and cloud environments, enabling zero‑trust and secure modern transformations. Enjoy a competitive salary range of USD 105,400 to 207,800 per year, a collaborative culture that prioritizes growth, and the opportunity to work with leading security technologies in a dynamic client environment.
Responsibilities
- Design, deploy, and manage Palo Alto Networks Next-Generation Firewalls (NGFW) across on‑premises and cloud environments (AWS, Azure, GCP)
- Implement and optimize Prisma Access capabilities, including GlobalProtect, Prisma Agent, and Prisma Browser for secure internet and remote access
- Administer Panorama and Strata Cloud Manager to support centralized policy management, device configuration, visibility, and operational consistency
- Configure and tune security features such as Threat Prevention, IPS/IDS, Anti-Spyware, Antivirus, WildFire, DNS Security, and SSL/TLS decryption policies
- Develop client solution designs and recommendations, integrating Palo Alto platforms with SIEM/SOAR and identity provider tools, and support automation with Terraform, Ansible, or Python
Technologies
- Palo Alto Networks NGFW
- GlobalProtect, Prisma Access, Prisma Agent, Prisma Browser
- Panorama, Strata Cloud Manager
- Threat Prevention, IPS/IDS, Anti‑Spyware, Antivirus, WildFire, DNS Security
- SSL/TLS Decryption (forward and inbound)
- Terraform, Ansible, Python
- SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Palo Alto XSOAR)
- AWS, Azure, Google Cloud Platform (GCP)
- VM‑Series deployments in cloud-native architectures
- Okta, Azure AD, Ping Identity, SAML/SCIM, Palo Alto Cloud Identity Engine (CIE)
- CI/CD and security automation tooling and workflows
The Team
Our Enterprise Security offering embeds security across digital transformation efforts, securing a client’s technical backbone while enabling secure innovation. The team covers security architecture, secure development and deployment, end‑to‑end cloud security, application security, and security for emerging technologies and connected products.
Required Qualifications
- BA/BS degree in a technical field (e.g., Computer Science, Cyber Security, Information Technology, or equivalent experience)
- PCNSE certification
- 5+ years of progressively responsible experience in network security engineering with depth in Palo Alto technologies and increasing technical ownership
- 5+ years of hands‑on experience designing, deploying, and managing Palo Alto NGFW in on‑premises and cloud environments (AWS, Azure, and/or GCP)
- 3+ years designing, deploying, and managing Prisma Access (GlobalProtect, Prisma Agent, Prisma Browser) for internet and secure remote access
- 3+ years designing, deploying, and managing Panorama centralized management and Strata Cloud Manager
- 3+ years configuring and tuning Threat Prevention features (IPS/IDS, Anti‑Spyware, Antivirus, WildFire, DNS Security)
- 3+ years implementing and troubleshooting SSL/TLS Decryption policies (forward proxy and inbound inspection, certificate management, decryption exclusions)
- 3+ years defining, managing, and reviewing security policies (rule base optimization, policy lifecycle, access reviews)
- 3+ years working with one or more major cloud providers (AWS, GCP, Azure) and their native security toolsets, including VM‑Series deployments
- Ability to travel up to 50% on average based on client engagements
- Limited immigration sponsorship may be available
Preferred Qualifications
- Advanced cybersecurity certifications (CISSP, CCIE Security, CCNP Security, GIAC equivalents)
- Experience with automation tooling (Terraform, Ansible, Python) for provisioning and policy management
- Experience integrating Palo Alto firewalls and Prisma with SIEM/SOAR platforms via log streaming, API connectors, or syslog
- Experience designing and presenting Palo Alto network solution architectures to executive and non‑technical stakeholders
- Experience operating in large, complex enterprise environments with strict security and availability requirements
- Familiarity with identity provider integrations (Okta, Azure AD, Ping Identity) for SAML/SCIM within Palo Alto Cloud Identity Engine
- Ability to conduct SASE vendor competitive analyses and advise on solution selection based on use cases
- Experience conducting Zero Trust Architecture assessments and roadmaps aligned to frameworks like NIST SP 800-207 or CISA Zero Trust Maturity
- Previous consulting or Big 4 experience delivering enterprise network security or SASE transformations