Position Summary
The Firewall Engineer is responsible for implementing and supporting IPv4/IPv6 dual-stack networking across an enterprise Palo Alto Networks firewall environment. Working primarily in Palo Alto Panorama, you will design, build, deploy, validate, and troubleshoot firewall policies - developing IPv6 rulesets based on the organization's existing IPv4 policy and deploying them to firewalls throughout the environment. This role keeps a mission-critical production network secure and available while modernizing it to support IPv6.
Essential Duties & Responsibilities
The approximate time allocations below reflect the primary focus of the role and may vary with project needs.
• Build, deploy, and maintain firewall rules and policies across the enterprise Palo Alto Networks environment (approx. 70% of time).
• Develop IPv6 rulesets in Palo Alto Panorama, mirroring current IPv4 policy, and deploy them to firewalls enterprise-wide.
• Build and configure IPv6 interfaces on firewall devices to support dual-stack operation (approx. 10% of time).
• Validate and troubleshoot firewall traffic to confirm rulesets function as intended and to resolve policy or connectivity issues (approx. 20% of time).
• Participate in change planning, implementation, and validation activities to minimize operational risk during firewall deployments.
• Document configurations, changes, and troubleshooting steps to support ongoing operations and knowledge transfer.
• Comply with all environmental, safety, health, security, and quality requirements, and apply Integrated Safety Management System principles when performing job duties.
• Perform other related duties as assigned in support of the network security team.
Required Qualifications
• Bachelor's degree plus 2 years of relevant experience, or an equivalent combination of education and experience.
• Hands-on experience administering Palo Alto Networks firewalls and Panorama centralized management.
• Demonstrated experience implementing and supporting IPv4/IPv6 dual-stack networking within an enterprise environment.
• Demonstrated experience designing, deploying, validating, and troubleshooting enterprise firewall policies.
• U.S. citizenship; ability to complete standard site onboarding and background screening prior to starting.
Preferred Qualifications
• Palo Alto Networks Certified Network Security Engineer (PCNSE) or comparable certification.
• Experience administering Palo Alto Panorama Device Groups and Templates.
• Experience planning or executing enterprise firewall migrations.
• Experience supporting large, highly available production environments.
• Experience with enterprise IPv6 migrations or large dual-stack rollouts.
• Prior experience in a government, national laboratory, or other regulated IT environment.
Knowledge, Skills & Abilities
• In-depth knowledge of Palo Alto Networks firewall administration and Panorama policy management.
• Strong understanding of IPv4 and IPv6 addressing, dual-stack networking, and firewall policy design.
• Strong analytical, problem-solving, and troubleshooting skills with close attention to detail.
• Ability to work independently, manage competing priorities, and follow change-control processes in a production environment.
• Effective written and verbal communication and clear technical documentation.
Work Environment & Physical Requirements
• Work is performed 100% onsite at a secure facility in Idaho Falls, Idaho; remote or hybrid work is not available for this position.
• Prolonged periods working at a computer and performing repetitive keyboard/mouse tasks.
• Occasional standing, bending, or lifting of equipment (typically up to 25 pounds) may be required.
• Must adhere to all site safety, security, and emergency-action procedures.
• Travel is not anticipated beyond normal commuting to the Idaho Falls work location.