AYAN InfoTech is looking for Firewall Design (Palo Alto) - Security Specialist/Network Technical Specialist to join an exciting project based in Sydney / Melbourne / Canberra. The role offers you the opportunity to contribute towards an extremely well structured and mature environment, working on sophisticated enhancement projects.

Role: Firewall Design (Palo Alto) - Security Specialist/Network Technical Specialist
Location: Sydney / Melbourne / Canberra
Contract Duration: 6 to 9 Months with high possible extensions
Experience: 7+ Years

Available Roles: Firewall Design (Palo Alto) - Security Specialist/Network Technical Specialist, Infrastructure and Platform Architect.

Job description: Job Title: Technical L3 SME (Network Technical consultant)

Role Overview

As a BGP Technical L3 SME, you will lead the design, implementation, and optimization of Border Gateway Protocol (BGP) configurations across enterprise and customer networks. Your expertise will ensure resilient, scalable, and secure routing architectures that support high availability and minimal service disruption.

Key Responsibilities

• Route-Map Implementation - Design and deploy inbound and outbound BGP route-map updates to control prefix advertisement, path selection, and policy enforcement.
• Resilient Routing Design - Apply advanced BGP routing patterns-including local preference, AS path prepending, MED tuning, and conditional advertisements-to achieve site-level redundancy and failover.
• Change Governance - Ensure all routing changes adhere to industry best practices, internal standards, and change management protocols, minimizing risk of service impact.
• Platform Expertise - Configure BGP on platforms such as Cisco IOS/IOS-XE, NX-OS, Juniper, and Arista
• Support BGP in hybrid cloud, MPLS, and SD-WAN environments
• Integrate BGP with IGPs (OSPF, EIGRP) and route redistribution policies
• Advanced Troubleshooting - Act as the L3 escalation point for BGP-related incidents, performing diagnostics using CLI, route analytics, and packet captures.
• Monitoring & Optimization - Use tools like BGPmon, ThousandEyes, SolarWinds, or NetBrain to monitor route stability, convergence times, and prefix health.
• Documentation & RCA - Maintain detailed configuration records, topology diagrams, and root cause analysis reports for recurring routing anomalies.

Job Title: Technical SME - Palo Alto, Check Point & Cisco FTD Firewalls [Security Technical SME - L3]

Role Overview:

As a Technical L3 SME for Firewall Platforms, you will lead the design, implementation, and lifecycle management of firewall policies across Palo Alto Networks, Check Point, and Cisco FTD environments. You'll ensure secure, compliant, and efficient rule management aligned with customer's security standards and customer-specific requirements.

Key Responsibilities:

• Firewall Rule Creation & Validation - Design and implement new firewall rules with pre-deployment validation to prevent duplication, policy conflicts, and ensure alignment with customer's security standards.
• Policy Modification & Optimization - Update existing firewall policies to incorporate new source IPs, destinations, and ports, ensuring minimal disruption and consistent access control.
• Rule Decommissioning - Identify and safely remove obsolete or unused firewall rules, maintaining a clean and efficient policy base across platforms.
• Policy Lifecycle Management - Ensure consistent policy governance, documentation, and change control across multi-vendor environments and customer-specific deployments.
• Platform Expertise - Palo Alto Networks: Manage security policies, App-ID, User-ID, and Panorama-based deployments
• Check Point: Administer SmartConsole, rule base tuning, and threat prevention modules.
• Cisco FTD: Configure policies via FMC, manage access control, NAT, and SSL inspection
• Advanced Troubleshooting & Escalation - Serve as the L3 escalation point for firewall-related incidents, performing diagnostics using CLI, logs, and packet captures.
• Compliance & Documentation - Maintain detailed records of rule changes, policy reviews, and audit logs to support security compliance frameworks (ISO 27001, NIST, PCI-DSS).

Job Title: SSL VPN L3 SME - Palo Alto & Cisco [Security Technical SME]

Role Overview:

As an SSL VPN L3 SME, you will lead the secure provisioning and governance of remote access infrastructure using Palo Alto GlobalProtect and Cisco AnyConnect. You'll ensure that VPN connectivity is tightly controlled, policy-driven, and aligned with enterprise security standards.

Key Responsibilities:

• VPN Profile Provisioning - Provision and manage SSL VPN profiles for internal users and third-party vendors, ensuring secure and role-based access.
• Access Policy Enforcement - Design and implement fine-grained routing and firewall rules to control traffic flow across VPN tunnels, enforcing least-privilege access.
• Infrastructure Access Control - Ensure that VPN users can only access authorized infrastructure services, using endpoint posture checks, group-based policies, and certificate-based authentication.
• Platform Expertise - Configure and maintain Palo Alto Global Protect gateways and portals
• Administer Cisco ASA/Firepower with AnyConnect profiles and policies
• Integrate VPN platforms with identity providers (LDAP, RADIUS, SAML, Azure AD)
• Troubleshooting & Escalation - Act as the L3 escalation point for VPN-related incidents, performing advanced diagnostics using CLI, logs, and packet captures.
• Compliance & Documentation - Maintain detailed documentation of VPN configurations, access policies, and change records to support audit and compliance requirements (ISO 27001, NIST, GDPR).

Required Skills & Qualifications

• 5+ years in network security or remote access engineering
• Hands-on experience with: Palo Alto GlobalProtect (portal/gateway configuration, HIP profiles)
• Cisco ASA/Firepower with AnyConnect (group policies, DAP)
• SSL/IPsec VPN protocols, split tunneling, and endpoint posture validation
• Strong understanding of Firewall rule design, NAT policies, and routing logic
• Authentication protocols (SAML, RADIUS, LDAP)
• SIEM integration and log analysis

Contact: 61-(02) 7207 6926 for more details.

Please note we will be able to contact only shortlisted candidates for this role. We thank you in advance for your interest.