Network Security Specialist

Job Title: Network Security Specialist
Location: Mississauga (3x a week)
Job Type: Contract (1 Year)

Position Overview
Our Client is seeking a Network Security Specialist to rearchitect, optimize and enhance network security and firewall deployments. The contractor will provide hands-on expertise to harden, optimize, and enhance our network security infrastructure, with a strong focus on security inspection, high availability, resiliency, and operational best practices.
This role is delivery-focused and outcome-driven, requiring minimal ramp-up and the ability to work independently within an enterprise network environment.

Key Areas of Responsibility
1. Firewall Security Configuration & Threat Prevention

• Implement and enhance firewall security policies and protections
• Configure and tune Palo Alto security profiles and inspection capabilities
• Deploy and optimize advanced threat prevention and malware detection services
• Implement encrypted traffic inspection in alignment with security and privacy requirements
• Support segmentation and inspection of east-west network traffic

2. Network security architecture enhancement

• Rearchitect PA firewalls from a traditional 3-tier layer 2 network to layer 3 network within the datacenters
• Assist with integration with Cisco ACI and APIC technologies
• Configure datacentre firewalls in a high availability configuration
• Implement a migration plan with minimal disruptions
• Support network segmentation on Cisco ACI and PA firewall platforms

2. Firewall Policy Management & Optimization

• Review and optimize firewall rulebases for security, performance, and maintainability
• Improve rule documentation, structure, and lifecycle management
• Identify and remediate redundant, unused, or overly permissive rules
• Align firewall policies with industry and vendor best practices

3. High Availability, Resilience & Secure Connectivity

• Design, deploy, and validate firewall high availability and redundancy
• Enhance VPN resiliency and secure site-to-site connectivity
• Implement secure inter-site encryption where required
• Support disaster recovery planning and validation for firewall infrastructure
• Test and validate configuration backup and restoration procedures

4. Logging, Visibility & Monitoring

• Enhance firewall logging, retention, and visibility
• Integrate firewall telemetry with monitoring and security analytics platforms
• Improve visibility into network traffic, threats, and application usage
• Support incident investigation and security monitoring use cases

5. Documentation & Knowledge Transfer

• Develop clear and maintainable technical documentation, including architecture diagrams and operational procedures
• Produce runbooks and standards to support ongoing firewall operations
• Provide knowledge transfer and walkthrough sessions to internal teams

Deliverables

• Optimized and hardened firewall configurations aligned with best practices
• Cleaned, documented, and well-structured firewall rulebases
• Validated high availability and resilient firewall architecture
• Improved security inspection, threat prevention, and encrypted traffic handling
• Enhanced logging, monitoring, and visibility capabilities
• Technical documentation, diagrams, and operational runbooks
• Knowledge transfer sessions and handover materials

Required Skills & Experience

• 5+ years of hands-on experience with Palo Alto Networks firewalls
• Strong expertise in PAN-OS, including policies, zones, NAT, routing, HA, and VPNs
• Proven experience implementing Palo Alto subscriptions:
  • URL Filtering
  • Threat Prevention
  • WildFire
  • SSL/TLS Decryption
• Experience remediating firewall assessment findings in enterprise environments
• Strong troubleshooting and independent problem-solving skills

Preferred Qualifications

• Palo Alto certifications (PCNSE / PCNSA)
• Experience in data center and campus network environments
• Knowledge of Cisco ACI and APIC technology platforms
• Familiarity with SIEM and log management platforms
• Experience working in regulated or security-sensitive environments

Engagement Expectations

• Contractor will work closely with internal data center and network teams
• Work will be planned and executed with minimal service disruption
• Deliverables will be validated against assessment findings and security best practices
• Successful completion of remediation items will be the primary measure of success

Key Outcomes of This Engagement

• Firewall policies are optimized, documented, and auditable
• Enhanced inspection, malware prevention, and visibility are fully operational
• Firewall infrastructure is resilient, highly available, and recoverable