Cybersecurity Firewall Analyst III

Job Description

Strategic Staffing Solutions is currently looking for a Cybersecurity Firewall Analyst III,,W-2 contract opportunity.

Top Skills:

• 5–8+ years of experience in firewall administration, network security engineering, or a senior cybersecurity role.
• Deep hands-on expertise with Palo Alto Networks next-generation firewalls, Panorama, and large-scale policy management.
• Experience with SASE/SSE platforms, specifically Palo Alto Prisma Access, strongly preferred.
• Demonstrated experience leading firewall policy optimization or migration projects in a large enterprise or critical infrastructure environment.
• Strong understanding of egress internet security architecture, including proxy, URL filtering, SSL decryption, and application-based policies.
• Expert-level knowledge of TCP/IP, network protocols, NAT, routing, and security architecture principles.

  This is a W-2 contract opportunity, and candidates must be able to work on our W-2 only. NO C2C or 1099.

 Position Summary

This senior-level position leads the technical execution of the SASE policy migration workstream, overseeing the end-to-end review, optimization, and migration-readiness of Palo Alto Networks security policies for transition to a Prisma Access / SASE architecture. The Analyst III will define the policy analysis methodology, establish best-practice egress internet policy standards, and serve as the primary technical point of contact for architecture and design decisions within the workstream. This role will also coordinate the handoff of identity-based policies to the appropriate teams and mentor junior analysts throughout the project.

Responsibilities & Duties:

Leads the technical strategy and methodology for reviewing and migrating Palo Alto Networks security policies to Prisma Access / SASE.

• Defines best-practice egress internet policy standards and target-state security policy architecture for the SASE environment.
• Performs advanced analysis of complex, multi-zone security policies, including inter-VRF and identity-based rule sets.
• Architects the policy migration approach, including rule disposition framework (migrate, consolidate, retire, rewrite) and migration sequencing.
• Serves as the technical escalation point for policy conflicts, edge cases, and architectural design questions.
• Coordinates with identity/ZTNA teams on the transfer of identity-based perimeter policies to Prisma Access.
• Develops standardized templates, processes, and quality criteria for the policy review and migration effort.
• Provides technical mentorship and guidance to Analyst I and Analyst II team members; reviews their work for accuracy and completeness.
• Engages with business stakeholders, IT leadership, and cross-functional teams to communicate progress, risks, and design decisions.
• Ensures all work adheres to change management processes, compliance requirements, and organizational security standards.
• Contributes to project planning, milestone tracking, and executive-level status reporting.
• Proactively identifies risks, gaps, and dependencies in the migration effort and recommends mitigation strategies.

Desired Qualifications:

• 5–8+ years of experience in firewall administration, network security engineering, or a senior cybersecurity role.
• Deep hands-on expertise with Palo Alto Networks next-generation firewalls, Panorama, and large-scale policy management.
• Experience with SASE/SSE platforms, specifically Palo Alto Prisma Access, strongly preferred.
• Demonstrated experience leading firewall policy optimization or migration projects in a large enterprise or critical infrastructure environment.
• Strong understanding of egress internet security architecture, including proxy, URL filtering, SSL decryption, and application-based policies.
• Expert-level knowledge of TCP/IP, network protocols, NAT, routing, and security architecture principles.
• Ability to design and implement firewall policy frameworks that balance operational needs with security best practices.
• Palo Alto Networks PCNSE required; PCSAE or Prisma Certified Cloud Security Engineer a plus.
• Relevant industry certifications such as CISSP, CCNP Security, or equivalent preferred.
• Excellent written and verbal communication skills; able to present technical findings and recommendations to leadership.
• Experience mentoring or leading junior technical staff.
• Demonstrated commitment to personal and team success.

  “Beware of scams. S3 never asks for money during its onboarding process.”