Job description
 
                         **Sr. Network Security Engineer - U.S. Citizenship Required**  
**Category:** Cyber Security  
**Main location:** United States, Virginia, Fairfax  
**Position ID:** J0625-0050  
**Employment Type:** Full Time  
U.S. - CGI Federal roles - Homelessness to Housing (https://youtu.be/AEZmB7Bi7CQ)  
By playing this video you consent to Google/YouTube processing your data and using cookies –Learn more (xweb.asp?clid=21001&page=cookiespolicy#integrationofyoutube) .  
**Position Description:**  
CGI Federal is seeking a Sr. Network Security Architect/Engineer with deep expertise in Palo Alto Prisma SASE to lead transformative cybersecurity initiatives for federal civilian agencies.
This role focuses on architecting, engineering, and implementing advanced network security solutions while driving Zero Trust strategies.
You will assess complex business requirements, design scalable Palo Alto Prisma-based architectures (including multi-tenant and MSSP models), and develop comprehensive Zero Trust roadmaps.
Leveraging Prisma Access, Prisma SD-WAN, Prisma Cloud, and Strata Cloud Manager, you will implement features like data loss prevention (DLP), SSL inspection, URL filtering, file protection, sandboxing, and SaaS security.
Using tools such as Terraform, Ansible, Python, CloudWatch, Wireshark, Nessus, Qualys, Corelight, and ExtraHop, you will deliver secure, automated solutions in cloud and on-premise environments following Scaled Agile (SAFe) methodologies.
This position is ideal for proactive, CISSP-preferred architects/engineers who excel at crafting innovative, resilient designs and leading cross-functional teams in a fast-paced environment.  
This position is located in our Fairfax, VA office; however, a hybrid working model is acceptable.
 You will be required to be in our Fairfax, VA office two days per week.  
**Your future duties and responsibilities:**  
• Assess business and technical requirements to architect, design, and deploy Palo Alto Prisma-based SASE solutions, including Prisma Access for secure access, Prisma SD-WAN for optimized connectivity, and Prisma Cloud for cloud security posture management.
• Develop and execute Zero Trust strategies and roadmaps, ensuring alignment with NIST 800-207 and CISA ZTMM 2.0 for risk-based access, microsegmentation, and continuous verification in multi-tenant architectures.
• Design high-level architectures for secure network environments, incorporating ZTNA, VPN alternatives, SD-WAN topologies, multi-tenant security models, and MSSP frameworks for scalable, shared-service deployments.
• Engineer and automate deployments using Terraform, Ansible, and Python, creating reusable configuration snippets for rapid policy templating in Strata Cloud Manager to streamline secure onboarding across multiple clients.
• Implement advanced threat prevention, including inline DLP to prevent data exfiltration, SSL decryption and inspection for encrypted traffic, URL filtering for web threats, file protection against malware, and dynamic sandboxing via Prisma Cloud for zero-day threat analysis.
• Integrate SaaS security controls through Prisma Access, enforcing consistent policies across cloud applications using API-based discovery, access management, and inline inspection to mitigate shadow IT risks.
• Communicate architectural solutions, Zero Trust strategies, and roadmaps to stakeholders, customers, and vendors (e.g., Palo Alto Networks), addressing functional, integration, and support challenges in multi-tenant and MSSP contexts.
• Coordinate workflows across cross-functional teams (Build, Integrate, Security, Agency Support) within Agile processes, leveraging Strata Cloud Manager for centralized visibility, analytics, and reporting.
• Maintain comprehensive documentation, including deployment guides, architecture diagrams, security policies, procedures, incident reports, and configuration snippets for compliance and knowledge transfer.
• Conduct security audits, monitor network traffic for threats using integrated tools, and lead incident response activities (investigation, containment, eradication, recovery) with Prisma’s unified analytics.
• Configure and manage firewalls, IDS/IPS, endpoint protection, network sensors, and other appliances to enforce Zero Trust perimeters, incorporating advanced features like file sandboxing and URL-based threat intelligence.
• Collaborate with IT teams to evolve secure network architectures, provide Zero Trust training on Prisma capabilities (e.g., DLP policy tuning, SSL inspection best practices), and stay current on emerging security trends and technologies.  
**Required qualifications to be successful in this role:**  
• Due to the nature of the contract requirements, US citizenship and successful passing of CGI background check is required prior to beginning work.
In addition, candidates must have the ability to obtain and maintain a DHS EOD/Public Trust clearance.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience).
• CISSP certification highly preferred to demonstrate expertise in security architecture and Zero Trust principles.
• 5+ years of hands-on experience in network security engineering/architecture, including firewalls, routers, switches, load balancers, and network sensors.
• Deep expertise with Palo Alto Prisma suite (Prisma Access, Prisma SD-WAN, Prisma Cloud) for SASE implementations, including multi-tenant architecture design, MSSP service models, and Strata Cloud Manager for unified management.
• Proven experience in Zero Trust architecture, including building roadmaps, strategies, and implementations for secure access, microsegmentation, and continuous verification, aligned with NIST 800-207 and CISA ZTMM 2.0.
• Strong proficiency in SASE concepts, cloud networking, ZTNA, VPN alternatives, SD-WAN topologies, and multi-tenant security designs, with hands-on configuration of DLP, SSL inspection, URL filtering, file protection, sandboxing, and SaaS security.
• Expertise in automation and orchestration tools like Terraform, Ansible, or Python for infrastructure-as-code, including development of reusable configuration snippets for Prisma deployments.
• Thorough understanding of network security monitoring, detection, response, and compliance with federal standards/regulations, leveraging Prisma’s integrated analytics and reporting.
• Demonstrated ability to lead technical projects: assess requirements, assign tasks, track progress, and deliver solutions independently or in cross-functional teams, with MSSP experience highly preferred.
• Experience in a Managed Security Service Provider (MSSP) environment is highly preferred, particularly scaling Prisma solutions for shared-tenant federal agencies.
• Excellent documentation skills, high-level architecture expertise, and a quick-learning mindset for adapting to evolving Prisma features like AI-driven threat detection.
• Strong communication and collaboration skills for engaging cross-functional teams, stakeholders, and vendors.  
CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role.
The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications.
To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role.
Compensation decisions are dependent on the facts and circumstances of each case.
A reasonable estimate of the current range for this role in the U.S. is $99,200.00 - $241,600.00.  
CGI Federal's benefits are offered to eligible professionals on their first day of employment to include:  
• Competitive compensation
• Comprehensive insurance options
• Matching contributions through the 401(k) plan and the share purchase plan
• Paid time off for vacation, holidays and sick time
• Paid parental leave
• Learning opportunities and tuition assistance
• Wellness and well-being programs  
#CGIFederalJob
#LI-MC3
#DHSCareers  
**Skills:**  
+ Cyber
+ Nessus
+ Network Security
+ Wireshark  
**What you can expect from us:**  
**Together, as owners, let’s turn meaningful insights into action.**  
Life at CGI is rooted in ownership, teamwork, respect and belonging.
Here, you’ll reach your full potential because…  
You are invited to be an owner from day 1 as we work together to bring our Dream to life.
That’s why we call ourselves CGI Partners rather than employees.
We benefit from our collective success and actively shape our company’s strategy and direction.  
Your work creates value.
You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.  
You’ll shape your career by joining a company built to grow and last.
You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.  
Come join our team—one of the largest IT and business consulting services firms in the world.  
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, pregnancy, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status or responsibilities, reproductive health decisions, political affiliation, genetic information, height, weight, or any other legally protected status or characteristics to the extent required by applicable federal, state, and/or local laws where we do business.  
CGI provides reasonable accommodations to qualified individuals with disabilities.
If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at US_Employment_Compliance@cgi.com .
You will need to reference the Position ID of the position in which you are interested.
Your message will be routed to the appropriate recruiter who will assist you.
**Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job.
Emails for any other reason or those that do not include a Position ID will not be returned.**  
We make it easy to translate military experience and skills! Clickhere (https://cgi-veterans.jobs/) to be directed to our site that is dedicated to veterans and transitioning service members.  
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation.
Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
Dependent upon role and/or federal government security clearance requirements, and in accordance with applicable laws, some background investigations may include a credit check.
CGI will consider for employment qualified applicants with arrests and conviction records in accordance with all local regulations and ordinances.  
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information. 
 
                    
                    
Required Skill Profession
 
                     
                    
                    Other General