Network Engineer IV - Palo Alto Prisma

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.

The Network Engineer IV – Palo Alto Prisma is a senior technical engineer and Prisma subject‑matter expert responsible for the 24×7 operational support and optimization of enterprise Prisma SASE solutions, including Prisma SD‑WAN and Prisma Access, within a Managed Services (MS) and Network‑as‑a‑Service (NaaS) environment.

This role serves as a Tier‑3 escalation engineer, supporting complex customer environments across hybrid, cloud, and global networks, while maintaining strong multi‑vendor networking fundamentals and supporting adjacent SASE and SD‑WAN platforms as required.

The engineer directly influences customer satisfaction, service quality, and incident resolution outcomes, and collaborates closely with Managed Services Security, Managed Services Network, Engineering, Presales Architecture, Product, and Service Management teams.

Key Responsibilities

24×7 Operations & Tier‑3 Escalation

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE.
• Troubleshoot and resolve complex issues across:
• • Prisma SD‑WAN control and data planes
  • Prisma Access (Remote Networks, Mobile Users, Service Connections)
  • GlobalProtect, IPsec, and cloud‑delivered firewalling
• Lead high‑severity incident response, customer communications, and root cause analysis (RCA).
• Act as a technical escalation point during major outages.

Prisma SASE Engineering & Lifecycle Management

• Lead support efforts of Palo Alto Prisma SASE architectures, including:
• • Prisma SD‑WAN branch and hub designs
  • Prisma Access for ZTNA, SWG, and FWaaS
• Own the full service lifecycle:
• • Customer onboarding
  • Change management
  • Platform upgrades and migrations
  • Decommissioning
• Validate and enforce:
• • Security policies
  • Routing and segmentation strategies
  • High availability and resiliency standards

Routing, SD‑WAN & Cloud Networking

• Support advanced routing implementations:
• • BGP (required) including policy control, filtering, and failover
  • OSPF
• Enable and support hybrid and cloud connectivity:
• • AWS (VPC, Transit Gateway)
  • Azure (vNET, vWAN, ExpressRoute)
  • Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility.

Security & Zero Trust Networking

• Support:
• • Zero Trust Network Access (ZTNA)
  • Secure Web Gateway (SWG)
  • Cloud‑delivered firewall policies (FWaaS)
• Integrate Prisma Access with:
• • Identity providers (SAML, MFA)
  • Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture.

Automation, Tooling & Operational Maturity

• Contribute to automation and standardization using:
• • APIs, Python, Ansible, or Terraform (preferred)
• Improve observability through:
• • Prisma dashboards
  • Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain:
• • SOPs and operational runbooks
  • Troubleshooting and escalation guides
  • Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers.
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering.

Required Technical Skills

Prisma SASE (Core Focus)

• Hands‑on expertise with:
• • Prisma SD‑WAN
  • Prisma Access
• Strong understanding of:
• • Cloud‑delivered security architectures
  • SD‑WAN overlays, underlays, and service insertion models
  • Traffic steering and policy enforcement

Networking Fundamentals

• Advanced WAN and routing expertise:
• • BGP (required)
  • OSPF
• Strong knowledge of:
• • High availability and redundancy design
  • QoS and application‑aware routing
  • NAT and firewall concepts
  • TCP/IP and dynamic routing protocols

Multi‑Vendor Networking Awareness

Experience with one or more of the following (Prisma remains the primary focus):

• Fortinet Secure SD‑WAN / FortiSASE
• Cisco SD‑WAN, Meraki
• VMware VeloCloud
• Juniper Mist / SSR
• Ability to translate architectures and concepts across vendors

Qualifications & Experience

• 10+ years of hands‑on network engineering experience.
• Strong experience with configuration and support of:
• • Routers, switches, firewalls, hubs, and WAN infrastructure
• Experience with hardware and software firewalls:
• • Palo Alto, Fortinet, Check Point
• Prior experience in network design or sales engineering is a plus.
• Proficiency with:
• • Network monitoring and performance analysis tools
  • Visio for detailed network diagrams
• Familiarity with:
• • Wireless technologies and site surveys
  • Security intelligence sources (e.g., CERT, BugTraq)
• Palo Alto Networks Certified SD-WAN Engineer required.
• Palo Alto Networks Certified Security Service Edge Engineer required.
• Palo Alto Prisma Certified Cloud Security Engineer (PCCSE) highly recommended.
• Cisco certifications (CCNP or CCIE) highly recommended

Education

• Bachelor’s degree in a related field, or equivalent practical experience.

Supervisory Responsibilities

• None.

#LI-PK1 #LI-REMOTE #LI_NETWORKENGINEER

Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.