Responsibilities:
1. Partner with InfoSec and Network Architecture to define and evolve enterprise firewall, NAC, and segmentation architecture across corporate and manufacturing environments.
2. Lead design, implementation, and lifecycle management of Palo Alto firewall policies, zone-based segmentation, and security services, including secure north-south and east-west controls.
3. Design and enforce segmentation strategies aligned to Purdue Model principles in manufacturing networks, balancing cybersecurity, availability, safety, and regulatory requirements.
4. Apply security controls with awareness of industrial protocols such as Modbus/TCP, EtherNet/IP (CIP), PROFINET, OPC/OPC-UA, DNP3, and BACnet, accounting for legacy systems and deterministic traffic flows.
5. Own medium- to high-complexity firewall and NAC initiatives from design through operational handover, including structured documentation and runbooks.
6. Design and implement Network Security Policy Management (NSPM) solutions to support rule lifecycle governance, risk analysis, attestation, and compliance validation.
7. Drive policy lifecycle management across firewalls and NAC, including rule review, optimization, consolidation, and risk reduction.
8. Conduct and influence network security design reviews in collaboration with InfoSec, TechOps, and site IT/OT stakeholders.
9. Ensure all solutions are secure-by-design and compliant with IT Security, Privacy, Quality, and regulatory standards (including GxP where applicable).
10. Continuously assess and improve the overall network security posture through threat-informed adjustments and evaluate the capability of emerging capabilities.
11. Provide senior-level technical leadership, mentorship, and cross-functional security consultancy.
What you need to Succeed (minimum qualifications):
12. 5+ years of network security engineering experience, including hands-on design and administration of Palo Alto Networks next-generation firewalls
13. Experience with Palo Alto Panorama, logging infrastructure, Global Protect VPN, licensing, and related cloud-delivered security services
14. Proven experience designing and implementing segmentation strategies in enterprise and manufacturing/OT-heavy environments
15. Experience in engineering or administering a Network Access Control platform (, Forescout CounterACT), including visibility, classification, and enforcement workflows
16. Experience designing and implementing an NSPM solution for firewall rule governance, compliance validation, and lifecycle management
17. Understanding of industrial control system (ICS) environments and common OT protocols (Modbus, EtherNet/IP, PROFINET, OPC/UA, DNP3, BACnet)
18. Experience maturing network security controls, procedures, and policy governance processes
19. Working knowledge of routing and switching fundamentals to support firewall integration (, OSPF, Cisco switching)
20. Understanding of Zero Trust principles, micro-segmentation, application identity, and distributed enforcement models
21. Demonstrated ability to analyze large firewall rulesets and identify optimization, consolidation, and risk reduction opportunities
22. Strong written and verbal communication skills with experience producing high- and low-level designs, diagrams, and operational documentation
What will give you a competitive edge (preferred qualifications):
23. Experience deploying and integrating Palo Alto VM-Series firewalls within Azure or GCP cloud environments.
24. Experience working in manufacturing, OT, or other regulated environments with an understanding of industrial systems and operational constraints
25. Experience with Forescout CounterACT or other enterprise NAC platforms in complex environments
26. Experience with NSPM tools such as AlgoSec or Tufin
27. Experience with Meraki MX security policy design and cloud-managed security platforms
28. Experience collaborating with vendors, third parties, and MSPs in regulated or production environments
29. Exposure to Agile delivery models and cross-functional security project execution
30. Relevant certifications such as Palo Alto Networks (PCNSE), Cisco CCNP Security, CISSP, or equivalent
Education Requirements:
Bachelor’s Degree or commensurate industry experience
Other Information:
Working across time zones to support the global business may be required.
Overseas travel might be required