Experience Level: Senior (L3 Implementation, Troubleshoot & Support) Role Overview: As an SSL VPN L3 SME , you will lead the secure provisioning and governance of remote access infrastructure using Palo Alto GlobalProtect and Cisco AnyConnect . You’ll ensure that VPN connectivity is tightly controlled, policy-driven, and aligned with enterprise security standards. Key Responsibilities: · VPN Profile Provisioning Provision and manage SSL VPN profiles for internal users and third-party vendors, ensuring secure and role-based access. · Access Policy Enforcement Design and implement fine-grained routing and firewall rules to control traffic flow across VPN tunnels, enforcing least-privilege access. · Infrastructure Access Control Ensure that VPN users can only access authorized infrastructure services , using endpoint posture checks, group-based policies, and certificate-based authentication. · Platform Expertise o Configure and maintain Palo Alto GlobalProtect gateways and portals o Administer Cisco ASA/Firepower with AnyConnect profiles and policies o Integrate VPN platforms with identity providers (LDAP, RADIUS, SAML, Azure AD) · Troubleshooting & Escalation Act as the L3 escalation point for VPN-related incidents, performing advanced diagnostics using CLI, logs, and packet captures. · Compliance & Documentation Maintain detailed documentation of VPN configurations, access policies, and change records to support audit and compliance requirements (ISO 27001, NIST, GDPR). Required Skills & Qualifications: · 5 years in network security or remote access engineering · Hands-on experience with: o Palo Alto GlobalProtect (portal/gateway configuration, HIP profiles) o Cisco ASA/Firepower with AnyConnect (group policies, DAP) o SSL/IPsec VPN protocols , split tunneling , and endpoint posture validation · Strong understanding of: o Firewall rule design , NAT policies , and routing logic o Authentication protocols (SAML, RADIUS, LDAP) o SIEM integration and log analysis Preferred Certifications: · PCNSA / PCNSE (Palo Alto Networks) · CCNP Security / CCIE Security (Cisco) · CISSP , CCSP , or CEH [Preferred]
