Senior Technical Consultant - Network Security

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

Aspiring to lead firewall, network access control, and SASE engagements across diverse enterprise environments. This role spans three core technology pillars: next‑generation firewall design and deployment (Cisco Secure Firewall, Palo Alto Networks), Cisco ISE‑based network access control and identity services, and SASE/Zero Trust architectures (Zscaler, Palo Alto Prisma Access, Cisco Secure Access, Netskope). The ideal candidate combines hands‑on expertise across these platforms with strong consulting skills, owning end‑to‑end delivery from discovery and design through implementation, testing, and knowledge transfer.

This is a client‑facing role that requires the ability to lead technical work streams, produce professional documentation, and communicate complex security strategies to both technical and executive audiences.

• Design and deploy Cisco Secure Firewall Threat Defense (FTD) managed by Firewall Management Center (FMC), including high‑availability pairs, threat policies (Snort IPS, malware defense, URL filtering), and both site‑to‑site and remote access VPN configurations.
• Configure and manage Palo Alto Networks next‑generation firewalls running PAN‑OS, including security profiles (Antivirus, Anti‑Spyware, Vulnerability Protection, Wild Fire), App‑, User‑, SSL/TLS decryption, and centralized management via Panorama.
• Lead firewall migration projects including legacy Cisco ASA to FTD conversions, cross‑vendor migrations (Check Point, Fortinet, Juniper to Palo Alto or Cisco), and policy translation with rule optimization during cutover.
• Design network segmentation architectures using firewall zones, virtual routers, VRFs, and policy‑based routing to enforce least‑privilege east‑west and north‑south traffic controls.
• Deploy cloud‑native firewall solutions including Palo Alto Cloud NGFW for AWS and Azure, and Cisco Secure Firewall Cloud Native for containerized and cloud workload environments.
• Implement firewall high availability designs including active/standby failover, active/active clustering, and multi‑context deployments for service provider and large enterprise environments.
• Configure centralized logging, SIEM integration (Splunk, Microsoft Sentinel, syslog), and Net Flow/IPFIX for traffic analytics, threat correlation, and compliance reporting.
• Perform firewall rule base optimization, policy cleanup, and compliance auditing to reduce attack surface and align with regulatory frameworks (PCI‑DSS, HIPAA, NIST).
• Integrate Cisco Secure Firewall with Cisco XDR for cross‑platform threat detection, event correlation, and automated incident response across the security portfolio.
• Automate firewall provisioning, configuration backup, and policy deployment using infrastructure‑as‑code tools (Terraform, Ansible) and vendor APIs for repeatable, auditable workflows.

• Deploy Cisco Identity Services Engine (ISE) for 802.1X wired and wireless authentication, MAC Authentication Bypass (MAB), and RADIUS/TACACS+ device administration across campus, branch, and data center environments.
• Design and implement ISE authorization policies including Security Group Tags (SGTs) with Trust Sec, downloadable ACLs (dACLs), VLAN assignment,…