Job Summary: We are seeking a Network Security Engineer to optimize and enforce Zero Trust access controls using Palo Alto in hybrid environments. Key Highlights: 1. Optimizing Zero Trust controls with Palo Alto 2. Integration in hybrid environments (on-prem and Azure) 3. Collaboration with CISO and CloudOps teams Our client, a leading technology company, is looking for a Network Security Engineer to join its Cybersecurity team. The selected candidate will be responsible for optimizing and enforcing Zero Trust–based access controls using the Palo Alto stack, integrating hybrid environments (on-prem and Azure), and working closely with CISO and CloudOps teams. What challenges await you? * Design, implement, and optimize firewall policies on Palo Alto Networks (Panorama), consolidating and simplifying URL filtering rules and application whitelisting. * Implement Zero Trust–based network access controls, applying identity-driven and least-privilege segmentation for workloads in hybrid cloud. * Integrate security controls with Azure AD and Active Directory for identity-based access policies. * Support security operations: troubleshoot access issues, review firewall logs, and implement continuous improvements for rule visibility and efficiency. * Ensure all network configuration changes comply with the CISO’s policy, maintaining full traceability and documentation for audits. * Collaborate closely with CISO Engineering and Cloud Operations (CloudOps) teams. What makes you the ideal candidate for this role? Technical skills and experience (mandatory): * Minimum 5 years of experience in network security engineering. * Hands-on experience with Palo Alto Networks: Panorama, GlobalProtect, URL Filtering, App-ID, User-ID. * Solid understanding of Zero Trust frameworks and Azure hybrid cloud architectures. * Familiarity with integrating Active Directory / Azure AD groups for access policies. * Practical experience integrating Palo Alto with Network Security Groups (NSGs) in cloud environments. * Automation mindset, strong documentation skills, and ability to collaborate with CISO and CloudOps teams. * Advanced English (C1) mandatory. Desired experience and certifications: * Palo Alto PCNSE certification or equivalent. * Microsoft Certified: Azure Security Engineer Associate. * Experience with CyberArk or other identity-based access enforcement tools. What do we offer in return for your talent? * Opportunity to join a high-impact strategic cybersecurity project. * 12-month contract. * Working hours: 9:00–18:00. * Work mode: 100% remote (from Spain). Employment type: Full-time, Temporary contract Contract duration: 12 months Application questions: * How many years of experience do you have in network security engineering? * Do you have hands-on experience with Palo Alto Networks (Panorama, GlobalProtect, URL Filtering, App-ID, User-ID)? * Do you have experience designing and implementing Zero Trust–based controls? * Do you have experience with Azure hybrid cloud architectures? * Do you have experience integrating network access policies with Active Directory / Azure AD? * Do you have experience working with CISO or Security Governance teams? * Do you hold the Palo Alto PCNSE certification or equivalent? * Do you hold the Microsoft Certified: Azure Security Engineer Associate certification? * Do you have C1-level English or higher? * Are you based in Spain and able to work remotely? * What are your annual salary expectations in Euros? Work location: Remote employment