Palo Alto SME (Onsite – San Jose, CA)

Job Description: Palo Alto SME (Onsite – San Jose, CA) -  USC 

Job Title: Palo Alto Networks SME (Firewall & VPN)
Location: Onsite – San Jose, CA
Client: OptivDuration: Contract 9 months (Extension Possible)
Work Model: 100% Onsite (In-person interview preferred)

Visa: U.S. Citizenship required (background check mandatory)

Role Overview

We are seeking a Senior Palo Alto Networks SME to support a firewall and VPN modernization initiative. This role will focus heavily on discovery, analysis, and intelligent policy design rather than immediate enforcement. The consultant will play a key role in helping the client define what should be enforced by analyzing current traffic patterns and designing optimized, secure access policies.

Key Responsibilities

• Act as a Palo Alto Networks SME for firewall and VPN environments
• Perform traffic discovery and analysis to identify required access paths
• Create passive / discovery-based firewall rules prior to enforcement
• Design least-privilege firewall policies to eliminate overly permissive access
• Develop identity-based and role-based access controls aligned with Zero Trust principles
• Configure and optimize GlobalProtect VPN policies (identity-aware, posture-based access)
• Collaborate with stakeholders to define and refine enforcement strategies
• Support firewall and VPN modernization efforts end-to-end

Required Qualifications

• U.S. Citizenship required (background check mandatory)
• Ability to work onsite in San Jose, CA
• 7 years of network security engineering experience
• Strong hands-on experience with Palo Alto Networks firewalls
• Deep expertise in GlobalProtect VPN
• Experience designing identity-based / role-based access models
• Strong understanding of Zero Trust architecture principles

Nice to Have

• Experience with SIEM tools
• Familiarity with AlienVault (for traffic analysis / discovery)