Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Palo Alto Networks Firewalls
Good to have skills : NA
Minimum
5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary:
The Network Security Management Lead is responsible for overseeing the design, implementation, management, and continuous improvement of the organization s network security infrastructure. This role ensures robust protection of network boundaries, internal segments, cloud environments, and critical assets while leading a team of network security engineers. The Lead also collaborates closely with SOC, Cloud, IT, and Architecture teams to strengthen overall cyber resilience.
Roles & Responsibilities:
- Network Security Operations & Management
- Lead day-to-day management of network security devices including firewalls, VPNs, IPS/IDS, proxies, WAFs, DDoS systems, and segmentation solutions.
- Ensure continuous availability, performance, and health of network security infrastructure.
- Coordinate with vendors for support, patching, and upgrades.
- Review firewall policies, NAT rules, URL filtering, IPS signatures, and ensure optimal configurations.
- Security Architecture & Design
- Develop and implement secure network architecture aligned with best practices.
- Drive Zero Trust segmentation, secure hybrid/cloud connectivity, and micro-segmentation initiatives.
- Participate in solution design reviews and assess network security impact of new projects.
- Ensure alignment of network security controls with overall cybersecurity strategy.
- Team Leadership & Stakeholder Collaboration
- Lead, mentor, and guide a team of network security engineers.
- Allocate resources, manage workloads, and ensure SLA/OLA compliance.
- Work closely with SOC, IR, threat hunting, and IT/network teams for coordinated defense.
- Present network security posture, risks, and improvements to leadership.
- Incident Response & Threat Mitigation
- Act as SME during network-related security incidents.
- Support SOC and IR teams with packet analysis, firewall log analysis, and malicious traffic investigation.
- Implement immediate containment controls during active threats (e.g., blocking IPs, disabling routes, isolating segments).
- Conduct root cause analysis and implement corrective actions.
- Policy, Governance & Compliance
- Maintain network security standards, hardening guidelines, and baseline configurations.
- Ensure compliance with ISO 27001, NIST, PCI-DSS, and internal risk/audit requirements.
- Conduct periodic firewall rule audits, recertifications, and access reviews.
- Maintain complete and updated documentation: topology diagrams, policies, runbooks, inventory.
Continuous Improvement & Innovation
- Identify opportunities to automate network security processes through SOAR/Scripting/API automation.
- Evaluate emerging technologies such as SASE, ZTNA, SD-WAN, and cloud-native firewalls.
- Drive initiatives to improve threat visibility and reduce attack surface.
Expertise with network security platforms (any combination):
o Palo Alto, Cisco ASA/Firepower, , Zscaler, Prisma Access, Akamai, Cloud Azure WAF.
Hands-on experience with:
o Palo Alto NG FW, Palo Alto IPS/IDS, Panorama
o Cloud native Firewalls (Azure NSG, OCI security list)
o Prisma Access/ GlobalProtect VPN
o Azure WAF
o Azure Bastion hosts (AVD)
o *** MIST AP (Important) **
o Firewall policy design & optimization
o IPS/IDS, proxy, URL filtering, DNS security
o VPN/IPSec/SSL/Remote Access
o Network segmentation & micro-segmentation
o Cloud network security (AWS/Azure/GCP)
Strong knowledge of network protocols: TCP/IP, BGP, OSPF, DNS, DHCP, VLANs, SD-WAN.
Familiarity with packet capture tools (Wireshark, tcpdump) and traffic analysis.
Scripting knowledge (Python, PowerShell, Bash) is added advantage.
Leadership & Soft Skills
Team management and mentoring experience.
Strong problem-solving and decision-making skills.
Excellent communication skills with ability to work with cross-functional stakeholders.
Ability to manage high-pressure environments and security escalations.
Professional & Technical Skills:
- Expertise with network security platforms (any combination):
- Palo Alto, Cisco ASA/Firepower, , Zscaler, Prisma Access, Akamai, Cloud Azure WAF.
Palo Alto NG FW, Palo Alto IPS/IDS, Panorama
Cloud native Firewalls (Azure NSG, OCI security list)
Prisma Access/ GlobalProtect VPN
Azure WAF
Azure Bastion hosts (AVD)
MIST AP (Important)
Firewall policy design & optimization
IPS/IDS, proxy, URL filtering, DNS security
VPN/IPSec/SSL/Remote Access
Network segmentation & micro-segmentation
Cloud network security (AWS/Azure/GCP)
Strong knowledge of network protocols: TCP/IP, BGP, OSPF, DNS, DHCP, VLANs, SD-WAN.
Familiarity with packet capture tools (Wireshark, tcpdump) and traffic analysis.
Scripting knowledge (Python, PowerShell, Bash) is added advantage.
- Team management and mentoring experience.
- Strong problem-solving and decision-making skills.
- Excellent communication skills with ability to work with cross-functional stakeholders.
- Ability to manage high-pressure environments and security escalations.
Additional Information:
- The candidate should have minimum 5 years of experience in Palo Alto Networks Firewalls.
- This position is based at our Bengaluru office.
- A 15 years full time education is required.
