A security architect with 12+ years of experience with multi-security skills in Network security, endpoint security, Vulnerability and other domains. Is able to design and architect security solutions (create HLD/LLDs, etc) . He/She should be a SME in one or two core areas like network security (PA, Cisco firewalls , VPN, etc.). Is able to architect and Implement solutions and be the Technical escalation point. Detailed JD: Lead the design, implementation, and optimization of cybersecurity infrastructure solutions, including firewalls, VPNs, IDS/IPS, endpoint security, SIEM, and network security architectures. Assess client environments for vulnerabilities and risks; develop remediation plans aligned with best practices and compliance requirements. Provide expert consulting on infrastructure security strategy, architecture, and technology selection. Collaborate with cross-functional teams (network, application, cloud, and compliance) to ensure integrated security posture. Proven expertise with security technologies such as firewalls (Palo Alto, ZScalar, Cisco, Fortinet, Check Point), SIEM (Splunk, QRadar), endpoint protection, VPNs, and network segmentation. Knowledge of regulatory frameworks and compliance standards such as NIST, ISO 27001, PCI-DSS, HIPAA, GDPR. Mandatory skills: Palo Alto Prisma access (SASE) (SC-CAN, RN and MU SPN, Templates, Device Groups, System updates, Plugin, CIE, Portal & Gateway MU, HIP, EDL, Security Profiles & groups, SSL Decryption, User ID, App ID, Threat prevention AV, AS, IPS Sanboxing) Palo-alto NGFW Palo Cortex Data lake Zscaler Products Expertise Hands-on experience with Zscaler Internet Access (ZIA) Hands-on experience with Zscaler Private Access (ZPA) Familiarity with Zscaler Client Connector (ZCC) Networking Fundamentals Strong understanding of TCP/IP , DNS , HTTP/HTTPS , and IP addressing Knowledge of routing protocols (e.g., BGP, OSPF) Familiarity with firewalls , proxies , and VPNs Security Concepts Deep understanding of network security principles Experience with cloud security , zero trust architecture Knowledge of SSL/TLS , encryption , and certificate management Cloud Networking AWS, Azure, Aviatrix, VPC, Vnet, UDR, NSG, ASG, Terraform, Github, Spokegateways & TGW Checkpoint Firewalls Next Generation Firewalls VSX, PBR, Dyanamic Routing etc Desired/Secondary Skills: Firepower Firewalls FXOS Chassis Administration Proxy Solution Web Security Appliance VPN Solution (Global Protect & Cisco Anyconnect) Identiity Service Engine (NAC, Policy enforcement, 802.1x, Profiling & SGT) Intrusion Prevention System Firewall Management Suites (ASDM, CSM, FMC, SMA, MDM, Panorama) Secure Hosting Gateway (Cloudflare, Umbrella, WAF) Role & responsibilities Preferred candidate profile
