Senior Network Specialist

Job Description

<p><strong>Role: Senior Network Specialist</strong></p><p><strong>Location: Montréal</strong></p><p><strong>Work schedule: 37,5</strong></p><p><strong>Work mode: Ability to work onsite at least 3-4 days per week is required</strong></p><p><br></p><p>As a Network Cybersecurity Specialist, your key tasks will include supporting major changes to our network topology, with a focus on the implementation of a Secure Access Service Edge (SASE) platform. You will work closely with the cybersecurity team to translate security requirements into actionable network designs, ensuring alignment with vendor guidance and industry-recognized best practices to deliver a secure and future-ready infrastructure.</p><p><br></p><p><strong>SASE & SD-WAN Implementation Expertise</strong></p><p> Expertise with Prisma SD-WAN and experience with major migrations, including both design and implementation of Prisma Access solutions</p><p> Proven experience deploying Palo Alto Prisma SD-WAN and Prisma Access in hybrid environments (cloud and on-prem).</p><p> Ability to design and implement redundant, scalable SD-WAN architectures with performance tuning for peak periods and future growth</p><p> Familiarity with Strata Cloud Manager for centralized policy enforcement, logging, and visibility</p><p>Security Requirements Translation</p><p> Collaborate with cybersecurity teams to define and document security requirements per user, device, and service, evolving over time</p><p> Apply role-based access control (RBAC) and network segmentation strategies using Prisma's native capabilities</p><p><br></p><p><strong>ZTNA & Zero Trust Readiness</strong></p><p> Understand Zero Trust principles and how to phase out legacy VPNs in favor of ZTNA within SASE/SSE frameworks</p><p> Plan for secure access to private applications using identity- and context-aware policies, leveraging Prisma Access and endpoint agents</p><p><br></p><p><strong>Cloud & Remote Access Security</strong></p><p> Experience with GlobalProtect and CASB/DLP integration for securing mobile and remote users</p><p> Knowledge of traffic inspection, malware scanning, and data loss prevention across SaaS and private applications</p><p><br></p><p><strong>Operational Integration & Visibility</strong></p><p> Ability to integrate SASE with existing tools like Cisco ISE, Active Directory, and SIEM platforms (e.g., Splunk)</p><p> Awareness of traffic visibility challenges in SASE environments and familiarity with solutions like Gigamon Cloud Broker or packet replication to cloud storage</p><p><br></p><p><strong>Strategic Planning & Roadmap</strong></p><p> Participate in long-term planning for network evolution, including ZTNA adoption timelines, DMZ decommissioning, and cloud migration strategies</p><p> Contribute to RFP development, vendor evaluations, and pilot testing of SASE/SD-WAN solutions</p><p><br></p><p><strong>Requirements and qualifications</strong></p><p><strong>Education</strong></p><ul><li>Bachelor's degree in Computer Science, Information Security, Network Engineering, or a related field.</li><li>A Master's degree in Cybersecurity or Network Architecture is a plus, especially for senior or strategic roles.</li><li>5-7 years of experience in network engineering or cybersecurity roles.</li><li>At least 2-3 years of hands-on experience with:</li></ul><p>- SASE and SD-WAN deployments</p><p>- ZTNA planning or implementation</p><p>- Cloud-based security platforms, ideally Palo Alto Prisma Access and Prisma SD-WAN</p><p><br></p><p><strong>Deep understanding of:</strong></p><p>- Network security architecture and segmentation</p><p>- Secure remote access and VPN alternatives</p><p>- Zero Trust principles and identity-based access control</p><p>- Cloud networking and hybrid environments</p><p><br></p><p><strong>Familiarity with:</strong></p><p>- Policy enforcement, traffic steering, and centralized management (e.g., Strata Cloud Manager)</p><p>- Integration with identity providers (e.g., Azure AD, Okta)</p><p>- Logging, monitoring, and SIEM integration</p><p><br></p><p><strong>Desired, but not required: </strong></p><p>Holding a recognized certification such as one of these is considered an asset: PCNSE - Palo Alto Networks Certified Network Security Engineer, Cisco Certified CyberOps Associate or CCNP Security, CompTIA Security+ or other Cybersecurity certifications relevant to the role.</p>