Network Engineer IV - Palo Alto Prisma

The Network Engineer IV – Palo Alto Prisma is a senior technical engineer and Prisma subject‑matter expert responsible for the 24×7 operational support andoptimization of enterprise Prisma SASE solutions, including Prisma SD‑WAN and Prisma Access, within a Managed Services (MS) and Network‑as‑a‑Service (NaaS) environment.

This role serves as a Tier‑3 escalation engineer, supporting complex customer environments across hybrid, cloud, and global networks, while maintaining strong multi‑vendor networking fundamentals and supporting adjacent SASE and SD‑WAN platforms as required.

The engineer directly influences customer satisfaction, service quality, and incident resolution outcomes, and collaborates closely with Managed Services Security, Managed Services Network, Engineering, Presales Architecture, Product, and Service Management teams.

Key Responsibilities

24×7 Operations & Tier‑3 Escalation

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE.
• Troubleshoot and resolve complex issues across:
• • Prisma SD‑WAN control and data planes
  • Prisma Access (Remote Networks, Mobile Users, Service Connections)
  • GlobalProtect, IPsec, and cloud‑delivered firewalling
• Lead high‑severity incident response, customer communications, and root cause analysis (RCA).
• Act as a technical escalation point during major outages.

Prisma SASE Engineering & Lifecycle Management

• Lead support efforts of Palo Alto Prisma SASE architectures, including:
• • Prisma SD‑WAN branch and hub designs
  • Prisma Access for ZTNA, SWG, and FWaaS
• Own the full service lifecycle:
• • Customer onboarding
  • Change management
  • Platform upgrades and migrations
  • Decommissioning
• Validate and enforce:
• • Security policies
  • Routing and segmentation strategies
  • High availability and resiliency standards

Routing, SD‑WAN & Cloud Networking

• Support advanced routing implementations:
• • BGP (required) including policy control, filtering, and failover
  • OSPF
• Enable and support hybrid and cloud connectivity:
• • AWS (VPC, Transit Gateway)
  • Azure (vNET, vWAN, ExpressRoute)
  • Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility.

Security & Zero Trust Networking

• Support:
• • Zero Trust Network Access (ZTNA)
  • Secure Web Gateway (SWG)
  • Cloud‑delivered firewall policies (FWaaS)
• Integrate Prisma Access with:
• • Identity providers (SAML, MFA)
  • Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture.

Automation, Tooling & Operational Maturity

• Contribute to automation and standardization using:
• • APIs, Python, Ansible, or Terraform (preferred)
• Improve observability through:
• • Prisma dashboards
  • Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain:
• • SOPs and operational runbooks
  • Troubleshooting and escalation guides
  • Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers.
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering.

Required Technical Skills

Prisma SASE (Core Focus)

• Hands‑on expertise with:
• • Prisma SD‑WAN
  • Prisma Access
• Strong understanding of:
• • Cloud‑delivered security architectures
  • SD‑WAN overlays, underlays, and service insertion models
  • Traffic steering and policy enforcement

Networking Fundamentals

• Advanced WAN and routing expertise:
• • BGP (required)
  • OSPF
• Strong knowledge of: