Domain Consultant

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

Job Summary

As a Solution Engineer for Next-Gen Trust Security (NGTS), you are the premier technical subject matter expert for Palo Alto Networks' Machine Identity Management portfolio. Following our integration with CyberArk, you will lead the technical charge in transforming how enterprises manage cryptographic trust.
You will be responsible for defining technical solutions that secure critical business imperatives, evangelizing our "better together" integration of Certificate Lifecycle Management (CLM) and Zero-Touch Public Key Infrastructure (ZTPKI) within the Strata Cloud Manager (SCM) platform. You will serve as the technical bridge between the Network Security teams and Identity stakeholders, ensuring that enforcement systems (NGFW/SASE) stay synchronized as certificate lifecycles compress.

Your Impact

• Technical Win Leadership: Lead Proof of Value (PoV) engagements and technical validations for NGTS, ensuring a high technical win rate by demonstrating operational resilience and outage elimination.

• Solution Architecture: Design unified cryptographic governance models within Strata Cloud Manager that align certificate operations with network enforcement.

• Strategic Execution: Identify critical projects and actions required to achieve a customer's desired security end-state; eliminate sales obstacles through creative and adaptive problem-solving.

• Market Evangelism: Act as a thought leader on the "Cryptographic Reset," educating CISOs and VP-level stakeholders on the risks of 47-day certificate lifecycles and the path to Post-Quantum Cryptography (PQC).

• Product Advocacy: Share industry experience regarding customer usage patterns to provide feedback to product teams on how to make NGTS/MIM easier for customers to adopt fully.

• Strategic Discovery: Conduct deep-dive discovery sessions to uncover unmanaged or "rogue" certificates using network-native discovery tools.

• Cross-Functional Collaboration: Partner with Solutions Consultants (SCs), Account Managers, and the CyberArk MIM Specialist team to build and execute account-based pursuit strategies.

• Platformization: Drive the adoption of Secure Flex credits by showing customers how to consolidate siloed CLM/PKI tools into a centralized control plane.

Qualifications

Your Experience:

• Professional Background: 5+ years of Sales Engineering or Consulting experience with a proven track record in a cybersecurity software vendor.

• Deep Domain Expertise: Extensive experience in Certificate Lifecycle Management (CLM), PKI architecture (ZTPKI, Microsoft ADCS), and SSL/TLS protocols.

• Technical Proficiency: Experience with automated provisioning (ACME, SCEP), Cloud-native connectors (Azure, GCP, AWS), and hardware/virtual security appliances.

• DevOps & Modern Infrastructure: Hands-on experience with DevOps tools (Terraform, Git, Kubernetes, Ansible) and container technologies (Docker) is a significant benefit.

• Network Security Foundation: Strong understanding of NGFW, SASE, and GlobalProtect architectures, particularly how they handle decryption, inspection, and certificate-based authentication.

• Consultative Selling: Proven ability to simplify complex cryptographic concepts into business-value outcomes (e.g., preventing service outages).

• Communication: Excellent written communication skills; bilingual proficiency in German is a requirement for this role.

• Education & Certification: CISSP or equivalent Information Security certifications are preferred.

Technical Qualifications (Must-Haves)

• PKI & Certificate Governance: Comprehensive knowledge of Public Key Infrastructure, including certificate authorities, lifecycle management, and trust models.

• Cryptography Fundamentals: Deep understanding of symmetric and asymmetric encryption, key management, and cryptographic standards.

• Network Protocols: Mastery of TLS/SSL handshakes, S/MIME, and secure communication protocols.

• Future-Proof Security: Familiarity with Post-Quantum Cryptography (PQC) and the migration strategies for quantum-safe algorithms.

Foundational Attributes:

• Thinking Holistically: Ability to connect users, applications, and data flows across fragmented customer environments to recommend cohesive security solutions.

• Being Accountable: Owning the technical roadmap from discovery through successful implementation and handoff to Post-Sales.

• Simplifying: Distilling highly technical PKI/CLM architectures into clear, actionable, and compelling demonstrations.

• Applying Business Acumen: Understanding how network uptime and compliance impact broader business goals and aligning technical recommendations accordingly.

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.