Experience Level: Senior (L3 Support / SME) Role Overview As a Palo Alto & Cisco IPSec VPN L3 SME , you will lead the design, deployment, and optimization of secure VPN architectures for enterprise and customer environments. You’ll ensure high availability, scalability, and security across diverse deployment models using Palo Alto Networks and Cisco ASA/Firepower platforms. Key Responsibilities IPSec VPN Design & Deployment Architect and implement IPSec VPN solutions for new and existing customers, ensuring secure and reliable connectivity across hybrid infrastructures. Multi-Model Support Configure and support various VPN deployment models including: Site-to-Site (S2S) Tunnel Interfaces (SVTI/VTI) Multi-site topologies Cross-connection architectures for complex enterprise environments Best Practice Implementation Apply industry-standard design principles for: Resiliency (failover, HA configurations) Scalability (dynamic routing, policy-based VPNs) Security (strong encryption, authentication, and access control) Platform Expertise Configure and troubleshoot Palo Alto VPNs using IKEv2/IPSec, tunnel monitoring, and App-ID policies Administer Cisco ASA/Firepower VPNs , including crypto maps, tunnel groups, and NAT traversal Integrate VPNs with routing protocols (OSPF, BGP) and identity platforms (RADIUS, LDAP, SAML) Advanced Troubleshooting & Escalation Serve as the L3 escalation point for VPN-related incidents, performing packet-level diagnostics and root cause analysis. Documentation & Compliance Maintain detailed design documents, runbooks, and change records to support audits and compliance frameworks (ISO 27001, NIST, PCI-DSS). Required Skills & Qualifications 5 years in network security engineering , with deep expertise in IPSec VPNs Hands-on experience with: Palo Alto Networks firewalls (PAN-OS, GlobalProtect, tunnel monitoring) Cisco ASA/Firepower (CLI and ASDM) IPSec/IKEv2 protocols , crypto profiles , and routing integration Strong understanding of: High availability , failover mechanisms , and redundant VPN design Firewall rule tuning , NAT policies , and QoS for VPN traffic Monitoring tools (Panorama, Cisco FMC, SNMP, syslog) Preferred Certifications PCNSE (Palo Alto Networks Certified Network Security Engineer) CCNP Security / CCIE Security (Cisco) CISSP , CCSP , or CEH
