Staff Network Security Engineer

Company: Shield AI
Location: San Diego
Posted on: January 21, 2026

Job Description:

Shield AI is seeking a highly skilled Staff Network Security Engineer with deep expertise in Palo Alto Networks security platforms to strengthen our global infrastructure. This role emphasizes advanced firewall and security engineering while also providing support for core routing, switching, and wireless functions alongside the broader networking team. The engineer will play a key role in securing and scaling Shield AI’s global production, development, and test environments, spanning data centers, LAN/WAN, remote offices, and Azure/AWS cloud workloads. What youll do: Network Security Engineering: • Architect and enhance secure network infrastructures across cloud, on-premises, and data center environments, continuously improving Shield AI’s overall security posture and resilience. • Lead the design and optimization of Palo Alto Networks security services—including Threat Prevention, URL Filtering, Application Control, GlobalProtect, and WildFire—to protect Shield AI’s networks and data. • Engineer and maintain secure WAN, VPN, and Zero Trust/remote access solutions. • Execute firewall and network change requests in alignment with corporate security policies. • Administer and optimize NAC platforms to enforce secure device access and network policy compliance. • Perform proactive monitoring, log analysis, and troubleshooting for network security systems. • Drive automation of repeatable tasks (Ansible, Python, Bash) to improve operational efficiency. • Support vulnerability remediation and participate in incident response efforts. • Partner with cross-functional teams to integrate network security into broader infrastructure initiatives. Operations and Support: • Conduct daily monitoring of firewall and network security systems, ensuring high availability and compliance. • Provide tier-3 escalation support for network security outages or incidents. • Work with Palo Alto, Fortinet, and other vendors for escalations, patches, and licensing. • Document processes and train other engineers on network security best practices. • Provide L2/L3 routing and switching support as necessary. • Provide occasional support for wireless infrastructure, assisting with policy and configuration updates. • Participate in on-call rotations, maintenance windows, and emergency response. Maintenance: • Apply critical firewall/NGFW updates, upgrades, and subscription renewals (Threat Prevention, WildFire, URL Filtering, etc.). • Maintain and administer Palo Alto and Fortinet licensing and subscriptions. • Keep operational runbooks, configuration standards, and documentation current. Required qualifications: • 6 years of experience in network security engineering in complex, enterprise environments. • Advanced expertise with Palo Alto Networks platforms (PAN-OS, Panorama, Prisma Access, GlobalProtect). • Strong understanding of network security protocols, routing, and switching fundamentals. • Experience with network automation and scripting (Ansible, Python, Bash). • Bachelor’s degree in a technical discipline or equivalent professional experience. • Certification such as PCNSE (or equivalent Palo Alto certification). • Ability to work independently and drive complex initiatives to completion. • Strong organizational and multi-tasking skills with attention to detail in a process-oriented, change-controlled environment. • Excellent verbal and written communication skills, with the ability to present to both technical and non-technical audiences. • Proven team player and mentor, capable of leading peers and collaborating across functions. • Solution-oriented, constructive approach to troubleshooting and problem-solving. • Bachelors degree in a technical discipline or at least 6 years of experience plus an engineer level certification such as a CCNP, JNCIS, VCP-NV or equivalent network-related certification. Preferred qualifications: • Familiarity with management of Clearpass or Mist NAC solutions • Familiarity with management of Fortinet firewalls. • Light hands-on ability with Juniper platforms (Junos OS) for routing/switching. • Exposure to Mist wireless for WLAN administration. • Familiarity with public cloud networking (Azure preferred). • Knowledge of VMware, Nutanix, Linux, or Windows system administration. • Additional certifications such as CCNP Security, JNCIS, CCNP Enterprise, or VCP-NV. • Experience working in highly regulated or mission-critical environments.

Keywords: Shield AI, Escondido , Staff Network Security Engineer, IT / Software / Systems , San Diego, California