Network Engineer III -Palo Alto Prism

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.Role SummaryThe Network Engineer III –is a senior technical engineer responsible for the 24×7 operational support andoptimization of enterprise solutions, including Palo Alto, Cisco, Fortinet, F5, and Aruba within a Managed Services (MS) environment.This role serves as a Tier‑3 escalation engineer, supporting complex customer environments across hybrid, cloud, and global networks, while maintaining strong multi‑vendor networking fundamentals and supporting adjacent platforms as required.The engineer directly influences customer satisfaction, service quality, and incident resolution outcomes, and collaborates closely with Managed Services Security, Managed Services Network, Engineering, Presales Architecture, Product, and Service Management teams.Key Responsibilities24×7 Operations & Tier‑3 EscalationParticipate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Prisma SASE.Troubleshoot and resolve complex issues across:Prisma SD‑WAN control and data planesPrisma Access (Remote Networks, Mobile Users, Service Connections)GlobalProtect, IPsec, and cloud‑delivered firewallingLead high‑severity incident response, customer communications, and root cause analysis (RCA).Act as a technical escalation point during major outages.Prisma SASE Engineering & Lifecycle ManagementLead support efforts of Palo Alto Prisma SASE architectures, including:Prisma SD‑WAN branch and hub designsPrisma Access for ZTNA, SWG, and FWaaSOwn the full service lifecycle:Customer onboardingChange managementPlatform upgrades and migrationsDecommissioningValidate and enforce:Security policiesRouting and segmentation strategiesHigh availability and resiliency standardsRouting, SD‑WAN & Cloud NetworkingSupport advanced routing implementations:BGP (required) including policy control, filtering, and failoverOSPFEnable and support hybrid and cloud connectivity:AWS (VPC, Transit Gateway)Azure (vNET, vWAN, ExpressRoute)Google Cloud Platform (VPC)Ensure optimized traffic steering, SLA adherence, performance, and application visibility.Security & Zero Trust NetworkingSupport:Zero Trust Network Access (ZTNA)Secure Web Gateway (SWG)Cloud‑delivered firewall policies (FWaaS)Integrate Prisma Access with:Identity providers (SAML, MFA)Remote and mobile user access modelsPartner with security teams to align network enforcement with enterprise security posture.Automation, Tooling & Operational MaturityContribute to automation and standardization using:APIs, Python, Ansible, or Terraform (preferred)Improve observability through:Prisma dashboardsMonitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)Develop and maintain:SOPs and operational runbooksTroubleshooting and escalation guidesService readiness documentation for new Prisma releasesMentor Tier‑1 and Tier‑2 engineers.Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering.Required Technical SkillsPrisma SASE (Core Focus)Hands‑on expertise with:Prisma SD‑WANPrisma AccessStrong understanding of:Cloud‑delivered security architecturesSD‑WAN overlays, underlays, and service insertion modelsTraffic steering and policy enforcementNetworking FundamentalsAdvanced WAN and routing expertise:BGP (required)OSPFStrong knowledge of:High availability and redundancy designQoS and application‑aware routingNAT and firewall conceptsTCP/IP and dynamic routing protocolsMulti‑Vendor Networking AwarenessExperience with one or more of the following (Prisma remains the primary focus):Fortinet Secure SD‑WAN / FortiSASECisco SD‑WAN, MerakiVMware VeloCloudJuniper Mist / SSRAbility to translate architectures and concepts across vendorsQualifications & Experience7+ years of hands‑on network engineering experience.Strong experience with configuration and support of:Routers, switches, firewalls, hubs, and WAN infrastructureExperience with hardware and software firewalls:Palo Alto, Fortinet, Check PointPrior experience in network design or sales engineering is a plus.Proficiency with:Network monitoring and performance analysis toolsVisio for detailed network diagramsFamiliarity with:Wireless technologies and site surveysSecurity intelligence sources (e.g., CERT, BugTraq)Palo Alto Networks Certified SD-WAN Engineer required.Palo Alto Networks Certified Security Service Edge Engineer highly recommended.Cisco certifications (CCNP or CCIE) highl