This Position requires a highly skilled Senior Cybersecurity Architect – Cloud and Network Security with deep expertise in Firewalls, VPN, Cisco ISE, Web Access Firewalls, Cloud Security, SIEM, EndPoint Protection, Web Proxy, IDS/IPS, Threat Protection, Sandbox, Vulnerability Management, SSSO/MFA. The candidate will manage design, implementation, operations and maintenance of enterprise‐grade network and cloud security solutions, ensuring secure access, regulatory compliance, and scalable governance across the organization. This role requires hands‐on engineering capability, strong architectural design thinking, and experience leading network security modernization initiatives.
Key responsibilities
Network Security – Palo Alto Firewall, Global Protect VPN, Cisco ISE, Proxy and WAF
* Architect, implement, and administer Palo Alto firewalls for network security lifecycle management, regularly reviewing and updating firewall policies and rules to stay ahead of new threats and vulnerabilities.
* Configure and manage Remote Access VPN to provide secure remote access to users, enforcing security policies and Zero Trust.
* Lead the resolution of complex or recurring firewall issues, manage escalations to maintain operational stability, and ensure root cause analyses (RCA) are conducted for major incidents, followed by implementing corrective and preventive actions.
* Ensure all changes are thoroughly backed up, tested, verified, and audited, with regular recertification processes in place to uphold compliance standards.
* Oversee the regular removal of obsolete, redundant, and unused rules to enhance security posture while optimizing system performance.
* Provide strategic recommendations to strengthen firewall policies, improve the quality of rule sets, and ensure long‐term operational excellence.
* Supervise the operation of Cisco ISE identity and AAA services, including managing lifecycle workflows and integrating with directory and single sign‐on (SSO) solutions.
* Define and enforce access controls through AAA protocols and robust RBAC/authorization policies, ensuring alignment with organizational security and compliance objectives.
* Monitor and track AAA events, maintain comprehensive audit logs, and deliver compliance and forensic reports while troubleshooting incidents, conducting RCAs, optimizing policies and configurations, and maintaining runbooks and knowledge databases with actionable recommendations.
* Oversee administration, operation, and continuous monitoring of the Web Application Firewall (WAF) to safeguard applications against layer‐7 attacks and maintain service availability.
* Direct the analysis of security logs and the tuning of WAF policies, rules, and detection mechanisms to effectively identify threats, minimize false positives, and align with the organization's risk profile.
* Guide the implementation and ongoing maintenance of custom WAF rules, security models, and controls, including rate limiting and bot mitigation strategies, to prevent abuse and ensure regulatory compliance.
Identity Access Management (IAM) – Microsoft Entra ID
* Implement and administer Microsoft Entra ID to verify access for secure authentication, authorization, and SSO across enterprise applications, troubleshooting access and authentication issues.
* Implement MFA, risk‐based authentication, OAuth2, OpenID Connect, and SAML integrations.
* Work with application teams on SSO onboarding, session management, and federation protocols.
* Track authentication events, logs, and failures for security and operational visibility.
Vulnerability Management – CrowdStrike
* Oversee and manage a centralized vulnerability management program across all IT environments to ensure consistent protection and risk reduction.
* Direct the scanning process, validate vulnerability results, and lead the prioritization of remediation efforts based on risk level and business impact.
* Integrate threat intelligence with vulnerability findings to concentrate remediation on actively exploitable threats.
* Ensure comprehensive asset inventory and coverage, and regularly report on security posture, emerging trends, and progress to governance forums.
* Coordinate rapid response to zero‐day vulnerabilities, maintain up‐to‐date documentation and the Known Error Database (KEDB), and drive ongoing process improvements.
SIEM and EndPoint Security – CrowdStrike NGSIEM and CrowdStrike Falcon
* Oversee the continuous review of correlated events and alerts using NGSIEM dashboards, ensuring that pre‐approved SOAR playbooks are triggered and executed for relevant alert types.
* Direct the automated enrichment and evidence collection processes through effective NGSIEM/SOAR integrations to support rapid and accurate incident response.
* Supervise the health and availability of the SIEM platform, monitor log ingestion status, and maintain data pipeline integrity to ensure reliable security operations.
* Manage continuous tracking of endpoint activity using EDR telemetry, focusing on early identification of suspicious behaviors and the mitigation of advanced threats.
Mandatory Skills
* Cybersecurity fundamentals (threats, controls, CIA triad, MITRE ATT&CK basics)
* Security governance, risk & compliance (policies, risk register, audits)
* Frameworks & standards: ISO 27001/27002, NIST CSF/800‐53, CIS Controls
* Secure delivery/project management (Agile/Waterfall, scope, schedule, budget, RAID)
* Stakeholder & executive communication (status, escalations, governance forums)
* Incident & vulnerability management coordination (triage, remediation tracking, RCA)
* Security operations awareness (SOC processes, SIEM/EDR concepts, logging)
* Identity & access management basics (RBAC, MFA, SSO, PAM concepts)
* Cloud & network security (Firewalls, Proxy, ISE, WAF AWS/Azure basics, segmentation)
* Metrics & reporting (KPI/KRI, service performance, security posture dashboards)
* Change management & ITSM alignment (ITIL, CAB, problem management)
Duties and Responsibilities
* Own BAU operations delivery for network and cloud security services, ensuring SLA/SLO adherence, availability, and capacity.
* Lead major incident management (triage, escalation, stakeholder communications, post‐incident RCA and action tracking).
* Operate Palo Alto controls across network and Azure (NGFW, Panorama/Strata Cloud Manager, Wildfire/Threat Prevention, URL Filtering, Global Protect/Prisma Access, and segmentation).
* Run security change/release governance (risk assessment, approvals/CAB, testing, rollout/rollback, validation).
* Oversee monitoring and observability (log/metric coverage, alert tuning, dashboards, continuous reduction of noise).
* Manage vulnerability and configuration hygiene (prioritization, remediation coordination, verification, periodic recertification).
* Operate core controls across network and cloud (firewall/WAF, IDS/IPS, segmentation, ZTNA/SASE).
* Ensure compliance and audit readiness (evidence, control attestations, exception handling, policy adherence).
* Maintain runbooks/SOPs, service documentation, and knowledge base (KEDB), enabling efficient support and handovers.
* Drive continual service improvement and automation (IaC, CI/CD, policy‐as‐code) to improve reliability and reduce toil.
Qualifications & Certifications (Optional)
* Bachelor's Degree: Computer Science, Cybersecurity or Information Technology
* PCNSE or CCNP/CCIE Security
* CISSP/CISM Certification
* Experience: 10+ years in cybersecurity, at least 3+ years in supervisory or project leadership capacity
Salary Range: >$100,000
Cognizant is committed to providing Equal Employment Opportunities. Successful candidates will be required to undergo a background check.
#J-18808-Ljbffr