Principal Cloud Security Engineer

OpenKyber is seeking a Network Security Engineer to take on a fully-remote contract position! The Network Security Engineer should expect to work 40 hours/week for 6+ months (possibility of extension as well).

The Resident Engineer (RE) will be a full?time, customer-facing engineer . Own day?to?day network and security operations across the organization's core perimeter and remote?access stack, with a primary focus on Palo Alto and Cisco platforms. Act as first-line technical triage and execution for firewalls, VPN/remote access (GlobalProtect/AnyConnect), and related services, with a Principal Solution Architect available for escalated design decisions. Provide hands-on engineering, guidance, and enablement to internal teams, while aligning to OpenKyber best practices and SOW commitments.

• Platform Health & Best Practices Palo Alto Networks Maintain and tune PA?series firewalls and Panorama/Strata Cloud Manager (templates, device groups, shared objects).
• Optimize rulebases (application?based policies, segmentation, logging), objects, and security profiles.
• Support firewall segmentation initiatives, hardware refreshes, software upgrades, and AIOps?related tuning.
• Cisco Security & Networking Administer and troubleshoot Cisco firewalls/VPN gateways (ASA/FTD or equivalent) and associated configurations.
• Support AnyConnect deployments, site?to?site VPNs, and migration/interop scenarios with Palo Alto and GlobalProtect.
• Assist with configuration hygiene and best?practice alignment on switching/routing where it impacts security and remote access.
• Remote Access & Secure Connectivity Own configuration and ongoing tuning of GlobalProtect and AnyConnect (policies, posture checks, authentication, split tunneling, performance).
• Ensure consistent user experience and policy enforcement across on?prem and cloud environments.
• Operations, Incident Response & Vendor Coordination Act as primary hands-on engineer for in-scope platforms during business hours.
• Perform root-cause analysis and remediation for incidents related to: Firewall performance, connectivity, and policy behavior.
• Remote access (GlobalProtect/AnyConnect) failures and degradation.
• Network changes that impact security, segmentation, or VPNs.
• Open, track, and drive vendor support cases (Palo Alto, Cisco, and related OEMs) through to resolution.
• Provide short weekly status updates summarizing: Key activities and changes.
• Open risks/issues and mitigation plans.
• Planned work for the following week.
• Project & Design Support Support account?level projects (e.g., firewall refresh, segmentation redesign, VPN consolidation, cloud?edge integrations) by:
• Performing detailed technical implementation tasks and configuration changes.
• Reviewing proposed designs for operational impact and supportability.
• Providing input into migration plans, change windows, and rollback strategies.
• Partner with the assigned Principal Solution Architect to: Escalate and workshop non?standard architectures.
• Validate that designs align with company standards and OpenKyber best practices.
• Knowledge Transfer & Documentation Provide ad?hoc training and working sessions for staff on: Operating and troubleshooting Palo Alto firewalls, Panorama/Strata, and GlobalProtect.
• Operating and troubleshooting Cisco firewalls, AnyConnect, and key network/security services.
• General network/security best practices for segmentation, VPN, and secure remote access.
• Maintain and refine: Runbooks / SOPs for common operational tasks and incident workflows.
• Configuration documentation and network/security diagrams for in?scope platforms.
• A simple, living issues log and backlog of improvement items for the organization and OpenKyber.

Work a standard OpenKyber business week (M-F, 8:00-5:00 CST); after?hours work is by prior agreement and billed at the appropriate rate. Align with OpenKyber's project management and reporting expectations (time entry, ticket updates, change documentation). Participate in regular check?ins with: Organization's primary technical / management contacts. OpenKyber account lead and Principal SA for alignment on priorities and scope.

Technical Must?Have Palo Alto Networks 3-5+ years hands?on with PA?series NGFWs in production. Strong experience with Panorama and/or Strata Cloud Manager (device groups, templates, shared objects). Experience designing and operating segmentation policies, NAT, decryption, logging, and troubleshooting (CLI, packet captures, log interpretation).

Cisco Security / Networking Hands?on experience with Cisco firewall/VPN platforms (ASA/FTD or similar). Strong experience with AnyConnect and traditional IPsec site?to?site VPNs. Comfort working with Cisco switching/routing constructs that impact security and connectivity.

Remote Access & Perimeter Security Deep experience with GlobalProtect (and/or other Palo Alto remote access solutions) and its integration with identity providers. Understanding of secure remote access design (split/full tunnel, posture checks, MFA, certificate handling).

Networking & Security Fundamentals Solid knowledge of TCP/IP, routing (BGP/OSPF), IPSec VPNs, TLS/PKI, DNS, and segmentation models. Ability to read and reason about complex network diagrams and multi?site topologies.

Nice?to?Have Experience with: Cisco ISE, ClearPass, or similar NAC platforms. Cloud networking/security (Azure, AWS) as it relates to firewalling and remote access. Automation (Terraform, Ansible, PowerShell, or Python) for firewall and network configuration. Familiarity with integrating Palo Alto and Cisco telemetry into SIEM/SOAR or AIOps platforms.

Professional 5-10+ years in customer?facing engineering roles (consulting, RE, TAM, senior network/security engineer). Proven ability to own day?to?day operations and calmly handle high?priority incidents. Strong written and verbal communication; able to explain complex network/security topics to non?specialists. Experience operating in a multi?partner, multi?OEM environment.

TECHNOLOGY. INNOVATION. PEOPLE The OpenKyber Advantage! We're not a staffing company: We're an IT Solutions Integration company with an IT Staff Augmentation Division. We've been Madison-based for over 70 years. Not only is Madison the market we serve, but it's our home. We can also offer Health, PTO, or Full Benefits packages with ALL of our contract roles. YOU decide! ** We pay a generous bonus for the referral of an eligible candidate who works for OpenKyber for 90 days** OpenKyber does not sponsor applicants for employment visas. OpenKyber is an Equal Opportunity Employer. EOE/AA

For applications and inquiries, contact: hirings@openkyber.com