Senior Palo Alto Networks Engineer

C

CELESTIAL INNOVATIONS GROUP LLC

Senior Palo Alto Networks Engineer

Washington, DC
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k)

    Competitive salary

    Dental insurance

    Health insurance

    Paid time off

    Training & development

    Vision insurance

    Position Overview

    Celestial Innovations Group (CIG) is seeking an experienced Palo Alto Networks Professional Services Consultant to support our growing federal and government client portfolio. In this role, you will serve as a trusted security advisor and hands-on technical lead, designing and implementing cutting-edge network and cloud security solutions for civilian, defense, and intelligence community agencies. You will work closely with CIG's delivery team and government stakeholders to ensure that security architectures meet the stringent requirements of federal compliance frameworks including FedRAMP, FISMA, NIST SP 800-53, and CMMC.

    Key Responsibilities

    Strengthen and grow the CIG Palo Alto Networks services organization, acting as a technical lead and mentor to fellow engineers.

    Lead end-to-end design, deployment, and configuration of Palo Alto Networks solutions (NGFW, Panorama, Prisma Access, Prisma Cloud) within secure government environments.

    Architect Zero Trust Network Access (ZTNA) frameworks aligned with federal mandates (OMB M-22-09, EO 14028) using Prisma Access and SD-WAN.

    Configure and tune next-generation firewall (NGFW) policies, App-ID, User-ID, and Threat Prevention profiles to enforce least-privilege access and protect critical assets.

    Implement Prisma Cloud to provide cloud security posture management (CSPM), cloud workload protection (CWP), and compliance monitoring against NIST, CIS, and DoD STIGs.

    Conduct security assessments, gap analyses, and architecture reviews, delivering actionable findings and remediation roadmaps to stakeholders.

    Develop and maintain security documentation including system security plans (SSPs), standard operating procedures (SOPs), and Authority to Operate (ATO) support artifacts.

    Provide mentorship and knowledge transfer to client IT and security teams, building internal capability and ensuring long-term solution sustainability.

    Collaborate with CIG's business development and account management teams to identify expansion opportunities, support proposal development, and contribute to solution scoping and estimation.

    Engage with Palo Alto Networks federal sales and engineering teams to coordinate pre-sales support, licensing, and product roadmap alignment.

    Stay current with the Palo Alto Networks portfolio, emerging threat landscape, and industry best practices, contributing to CIG's internal knowledge base and capability development.

    Required Qualifications

    Active PCNSE (Palo Alto Certified Network Security Engineer) certification.

    Active PCCSE (Palo Alto Certified Cloud Security Engineer) certification.

    Active Palo Alto Networks Prisma Access Specialization.

    5+ years of hands-on experience designing and implementing enterprise network security solutions with Palo Alto Networks technologies.

    Deep expertise in Panorama centralized management, policy orchestration, and log management.

    Proficiency in Prisma Access architecture including GlobalProtect, service connections, remote network onboarding, and security policy enforcement.

    Strong working knowledge of cloud security principles across AWS, Microsoft Azure, and/or Google Cloud Platform.

    Demonstrated experience working within federal environments and familiarity with NIST SP 800-53, FedRAMP, FISMA, CMMC, and DoD STIG requirements.

    Excellent communication skills with the ability to convey complex technical concepts to both technical teams and executive-level stakeholders.

    Must be eligible to obtain and maintain a Public Trust or Secret clearance; existing clearance preferred.

    Preferred Qualifications

    Active DoD Secret or TS/SCI clearance.

    Experience with Xacta, eMASS, or other GRC platforms supporting ATO processes.

    Professional certifications in cloud platforms: AWS Solutions Architect, Azure Security Engineer, or Google Professional Cloud Security Engineer.

    Familiarity with CDM (Continuous Diagnostics and Mitigation) program requirements.

    Experience with network automation and infrastructure-as-code tools such as Terraform, Ansible, or Palo Alto Panorama APIs.

    Prior experience in a VAR, systems integrator, or managed security services provider (MSSP) environment.

    Technical Competencies

    Network Security

    PA-Series NGFW (hardware & VM)

    Panorama policy & device management

    GlobalProtect VPN & ZTNA

    Threat Prevention, WildFire, URL Filtering

    BGP, OSPF, SD-WAN routing

    Cloud & SASE

    Prisma Access (SASE) architecture & deployment

    Prisma Cloud CSPM / CWP / CIEM

    AWS, Azure, GCP security services

    Container & Kubernetes security

    CI/CD pipeline security integration

    What CIG Offers

    Competitive compensation commensurate with experience and certifications.

    Access to the latest Palo Alto Networks technologies, lab environments, and training resources.

    Opportunities to work on high-impact federal missions with direct national security implications.

    A collaborative, mission-driven culture where innovation and excellence are recognized and rewarded.

    Support for ongoing professional development including Palo Alto Networks and broader cybersecurity certifications.

    Flexible remote/hybrid work arrangements based on project requirements.

    Flexible work from home options available.