Job Description

Job Description: Senior Palo Alto Firewall Migration Engineer (Strata Cloud Manager)

Contract Length: 6 Months
Positions: 1–2 Consultants
Bill Rate: Competitive Market Rates (T&M)
Location: Remote with international time-zone coordination
Environment: Global sites (US, Europe, India, China, Australia)

OVERVIEW

Our client is undergoing a global firewall standardization initiative to migrate ~50 perimeter devices from mixed legacy vendors (Cisco ASA/PIX, Checkpoint, WatchGuard, SonicWall, etc.) into Palo Alto Next-Generation Firewalls managed through Palo Alto Strata Cloud Manager (formerly Panorama).

Due to delays and recurring migration failures with Palo Alto Professional Services, Client requires immediate supplemental engineering support to accelerate rule translation, environment readiness, cutover quality, and Strata Cloud configuration accuracy.

Consultants will work alongside Client’s internal Security Architect and Network Security team, as well as Palo Alto Professional Services, to ensure successful and timely device migrations.

KEY RESPONSIBILITIES

1. Firewall Rule Translation & Optimization

• Analyze existing rule sets from diverse legacy firewall platforms.
• Identify redundant, obsolete, and risky rules (“pruning activities”).
• Translate configurations into Palo Alto NGFW policies with correct application-layer equivalents.
• Ensure adherence to Client’s global Minimum Security Requirements pushed via Strata Cloud Manager snippets.

2. Strata Cloud Manager (SCM) Configuration & Deployment

Consultant responsibilities:

• Correctly configure and validate Strata Cloud Manager templates, snippets, certificates, MFA/RADIUS profiles, and GlobalProtect configurations.
• Identify and fix SCM configuration defects causing migration failures.
• Ensure proper device onboarding, commit operations, and policy propagation.

3. Pre-Cutover Engineering Readiness

• Validate VPN configurations, IPSec tunnels, SD-WAN considerations, and third-party integrations.
• Export, import, and validate certificates and authentication dependencies.
• Build configuration bundles for production readiness.

4. Cutover Execution Support (Global Time Zones)

• Support live cutovers (primarily Fri/Sat windows).
• Provide go/no-go validation and live troubleshooting.
• Support rollback procedures when required.

5. Post-Cutover Stabilization

• Validate inside-out routing, DMZ functions, and business-critical traffic flows.
• Assist with rapid issue remediation to prevent Monday-morning business disruption.

6. Business Unit Collaboration

• Work with independently-operated  business units to validate rules and workflows.
• Ensure firewall changes reflect real business needs, not legacy behavior.

REQUIRED SKILL SET

Core Technical Requirements

• 7–10+ years hands-on experience with Palo Alto NGFW (hardware + virtual).
• Mandatory: Deep experience with Strata Cloud Manager (SCM) deployments.
• Strong knowledge of:
• Application-layer firewalling
• NAT policies
• VPN (IPSec), SD-WAN
• GlobalProtect
• RADIUS/MFA integrations
• Certificate management
• Panorama migrations (legacy experience helpful)

Legacy Firewall Translation Experience

Must be comfortable reviewing and converting rule sets from:

• Cisco ASA/PIX
• Checkpoint
• WatchGuard
• SonicWall
• Mixed vendor environments

Migration & Cutover Expertise

• Experience performing “cable swap” migrations with no HA redundancy.
• Ability to diagnose rule translation issues, SCM configuration issues, or mismatched policies.

Soft Skills

• Highly communicative, responsive, and calm under pressure.
• Able to work independently with minimal hand-holding.
• Capable of interfacing with leadership + engineers.

NICE-TO-HAVE

• Experience advising on migration strategy (fast-fail vs waterfall).
• Exposure to regulated industries (Aerospace/Defense, FinTech, OT environments).
• Ability to recommend improvements to Palo Alto Professional Services approach.

SUCCESS METRICS

• Reduction in migration failures and deferred cutovers.
• Accurate, timely SCM configurations.
• Successful completion of migrations by July timeline.
• Reduction in rework, mis-configurations, and downtime.
• Improved coordination across global business units