Palo Alto Senior Cloud Security Engineer InfoSec 

United States, California 

472464354

Being the cybersecurity partner of choice, protecting our digital way of life.

Your Impact

• Providing advanced operations and engineering support for critical systems and services, including application and security infrastructure on-prem and in the cloud.
• Responsible for assessing and reviewing the security and cloud infrastructure in both IT and production environments.
• Coordinates with various teams to ensure appliances and services are configured with the correct posture to support business requirements.
• In-depth knowledge of designing and implementing a Zero Trust Network Architecture, including network and identity segmentation.
• Continuous monitoring and improvement of IT support practices to enhance scalability, reliability, and performance in the product infrastructure.
• Assist in maintaining strong oversight of cloud computing solutions to safeguard against undue risks from third-party or external integrations.
• Develop automation using SOAR tools to streamline repetitive tasks and improve the overall efficiency of the security team.
• Collaborate with teams outside the Security Fusion Center, including Vulnerability Management, Network Engineering, OS Engineering, and product SRE.
• Prioritize and respond to critical vulnerabilities and data exposures with urgency and effective risk mitigation strategies.
• Develop and maintain security baselines for infrastructure components (e.g., VMs, containers, network devices) in alignment with CIS Benchmarks, NIST, and internal standards.
• Support incident response activities, including containment, forensic investigation, root cause analysis, and post-incident documentation.
• Perform regular policy and firewall rule reviews to ensure alignment with access requirements and enforcement of Zero Trust principles.
• Contribute to governance, risk, and compliance (GRC) efforts, including audit participation, third-party risk assessments, and evidence collection for SOC 2, ISO 27001, or FedRAMP certifications.

Your Experience

• 4-7 years of hands-on experience in the Network and Infrastructure security technologies.
• 2+ years of experience with firewall technologies, including deep expertise with Palo Alto Networks Next-Generation Firewalls (NGFW) and security rule evaluation.
• 2+ years of experience managing and securing cloud environments across AWS, GCP, and Microsoft Azure, with knowledge of native security tools and multi-cloud architectures.
• Proven ability to design, build, and maintain scalable cloud infrastructure and secure cloud-native applications, leveraging infrastructure-as-code (IaC) principles.
• Experience working with public sector systems, setting up and maintaining security controls to meet government standards like FedRAMP.
• Strong working knowledge of IP networking, including routing, switching, VPNs, DNS, NAT, load balancing, and wireless for both on-prem and cloud environments.
• Proficient in virtualization platforms such as VMware, with experience securing virtualized and hybrid workloads.
• Experience working with REST APIs, automation scripting using Python or Go, and integration of security workflows into infrastructure tools.
• Ability to evaluate and optimize firewall rules and access control policies across complex environments, aligning with Zero Trust and least privilege models.
• Solid foundation in certificate management and PKI, including experience issuing and renewing certificates, managing key lifecycles, and enforcing secure communication using TLS and mutual authentication.
• Strong experience with OS-level security hardening and configuration management across Linux (RHEL, Ubuntu) and Windows Server, including patching, log monitoring, enforcing CIS/NIST baselines, and secure user access controls.
• Proficient in managing and securing Microsoft Active Directory (AD) environments, including Group Policy, LDAP integrations, role-based access control (RBAC), and identity federation for hybrid cloud architectures.
• Self-motivated, strong troubleshooting skills, and capable of working independently in fast-paced environments with minimal supervision.
• Strong communication skills with the ability to collaborate effectively with cross-functional teams, including network operations, cloud infrastructure, IAM, and compliance.
• CISSP, AWS , GCP certifications preferred.
• PCNSE certification is a plus.

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $145,000 - $180,000/YR. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found .

All your information will be kept confidential according to EEO guidelines.