Palo Alto

The Discovery & Design Specialist (Palo Alto) is responsible for assessing the current network and security posture, identifying gaps, and architecting nextgeneration firewall (NGFW) and cloud security solutions using Palo Alto Networks technologies. The role leads discovery workshops, produces highquality design artifacts, and collaborates with crossfunctional stakeholders to deliver secure, scalable, and compliant architectures across data center, campus, branch, OT/industrial, and remote access environments.

Key Responsibilities

Discovery

• Run stakeholder workshops to capture business drivers, compliance requirements (e.g., ISO 27001, NIST), and risk areas.
• Inventory existing infrastructure: NGFWs,

  Panorama

  , security policies, zones, NAT, VPNs,

  GlobalProtect

  ,

  SDWAN

  , proxies, and thirdparty integrations.
• Collect baselines: traffic patterns, application usage (

  AppID

  ), user identity sources (

  UserID

  ), SSL/TLS decryption capabilities, threat telemetry, and logging.
• Perform

  Best Practice Assessment (BPA)

  and rulebase hygiene review; identify overpermissive rules, shadowed rules, unused objects.
• Assess OT/industrial segments, IoT/IIoT assets, and remote sites for

  Zero Trust

  readiness and segmentation needs.

Architecture & Design

• Develop targetstate architectures using Palo Alto Networks:

  PASeries

  NGFW

  ,

  Panorama

  ,

  Prisma Access

  ,

  Advanced Threat Prevention

  ,

  DNS Security

  ,

  URL Filtering

  ,

  WildFire

  ,

  GlobalProtect

  ,

  SDWAN

  , and

  IoT Security

  .
• Design zone models, security policy frameworks (AppID, UserID, ContentID), microsegmentation, EastWest and NorthSouth controls, and decryption strategies.
• Create HA/resiliency designs (active/active or active/passive), path diversity, and failover for data center and branch.
• Define integration patterns with identity (AD/LDAP/IdP), SIEM/SOAR (e.g., Cortex/XSIAM or thirdparty), DNS/DHCP/IPAM, ticketing/ITSM, and vulnerability management.
• Plan migration: policy normalization, object cleanup,

  Expedition

  use for rule conversion, phased cutovers, and rollback plans.
• Establish logging/monitoring standards (Panorama, syslog, cloud logging), alerting thresholds, and operational runbooks.

Governance & Documentation

• Produce

  HLD/LLD

  , bill of materials, IP plans, zonetozone matrices, security policy sets, and sequence diagrams.
• Define standards for lifecycle management: upgrades, content updates/signatures,

  AIOps

  health checks, and configuration compliance.
• Create test plans (PoC/Pilot), validation criteria, acceptance procedures; document operational handover and SOPs.

Collaboration & Enablement

• Partner with network, security, OT, and application teams to validate requirements and designs.
• Provide design reviews, implementation guidance, and knowledge transfer to operations.
• Support risk assessments and security exceptions; align designs with Zero Trust policies and business priorities.