Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Palo Alto Networks Firewalls
Good to have skills : NA
Minimum 2 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: We are seeking a highly skilled Senior Network Security Engineer with proven experience in enterprise-grade security technologies including Palo Alto firewalls, IDS/IPS systems, VPN, WAF (Imperva), Cequence Bot Defense, Cloudflare DNS security, and Illumio Zero Trust microsegmentation. The ideal candidate will be responsible for designing, implementing, and maintaining network security controls to protect enterprise infrastructure, applications, and data from advanced cyber threats Roles & Responsibilities: -Firewall & Network Security (Palo Alto, IDS/IPS, VPN) -Configure, deploy, and maintain Palo Alto Networks firewalls, including threat prevention, URL filtering, and App-ID policies. -Manage and monitor intrusion detection and prevention systems (IDS/IPS) for threat detection and response. -Configure and maintain VPN solutions (GlobalProtect or other IPsec/SSL-based systems) for secure remote access. -Analyze logs and events for unusual activity and support incident investigations. -Automate and optimize firewall rules and network segmentation for least-privilege access. -Bot Protection – Cequence Bot Defense -Deploy and manage Cequence Bot Defense for API security and bot mitigation. -Analyze bot traffic patterns and implement policies to block malicious automation. -Work with DevOps and application teams to integrate Cequence with key digital assets. -DNS & DDoS Security – Cloudflare -Configure and monitor Cloudflare DNS security services including threat blocking, filtering, and DoS mitigation. -Implement policies for DNS-layer protection and content filtering. -Ensure availability and resiliency of DNS infrastructure through Cloudflare edge network. -Zero Trust & Microsegmentation – Illumio -Implement and administer Illumio Zero Trust Segmentation for workload isolation and application-level segmentation. -Design and enforce microsegmentation policies to restrict lateral movement and reduce attack surface. -Continuously assess traffic flows to identify over-permissive access and optimize segmentation models.- Web Application Firewall – Imperva WAF -Deploy and manage Imperva WAF to protect critical web applications from OWASP Top 10 and other application-level attacks. -Tune WAF rules to reduce false positives while maintaining effective security posture. -Work with application teams to ensure secure deployment pipelines and integrate security testing. Professional & Technical Skills: -Hands-on experience with Palo Alto firewalls, IDS/IPS, VPN technologies, and Imperva WAF. -Experience with Cequence Bot Defense, Cloudflare DNS/DDoS protection, and Illumio microsegmentation. -Strong knowledge of TCP/IP, routing, network protocols, and OSI model -Security certifications such as PCNSE, CCNP Security, GIAC (GCFW, GCIA), CISSP, or CEH. -Experience with REST APIs, automation/scripting (Python, Ansible), and infrastructure-as-code. -Understanding of Zero Trust architecture and NIST 800-207 principles. -2+ years of experience in cybersecurity operations, with a focus on network and perimeter security. -2+ years of hands-on experience managing enterprise firewalls, preferably Palo Alto. -2+ years of experience in Bot protection and DNS security, including tools like Cequence and Cloudflare. -Proven track record in troubleshooting complex firewall and VPN issues in large-scale environments. -Experience conducting firewall audits, rule reviews, and implementing policy enhancements. -Demonstrated ability to manage incident response and change management processes. -Experience working in a global delivery model and collaborating with cross-functional teams. -Strong analytical and problem-solving skills with a continuous improvement mindset. -Bachelor’s degree in computer science, Information Security, or related field (master’s preferred). -Industry certifications are strongly preferred: CISSP / CISM or other relevant Cyber security certifications. -Vendor specific certifications like PCNSA or PCNSE Additional Information: - The candidate should have minimum 2 years of experience in Palo Alto Networks Firewalls. - This position is based at our Gurugram office. - A 15 years full time education is required.