Firewall Operations Engineer

We are seeking a highly skilled Firewall Operations Engineer to join our network security team. This role is responsible for maintaining, securing, and optimizing our enterprise firewall infrastructure. The ideal candidate will have hands-on experience with major firewall platforms, strong troubleshooting skills, and the ability to automate and streamline firewall rule provisioning through scripting.

• Patch Compliance: Plan, schedule, and execute firewall OS/firmware updates (e.g., maintenance windows, rollback plans), track versions, and maintain evidence of compliance across all devices.
• Security Compliance: Enforce baseline configurations, hardening standards, and rule hygiene; perform periodic control checks (e.g., rules recertification, unused object cleanup); document and remediate audit findings aligned to frameworks (e.g., CIS benchmarks, NIST).
• Level 1 Troubleshooting: Triage and resolve common connectivity issues (NAT, routing, zone/segment access), VPN problems (site‑to‑site, remote access), and policy conflicts; escalation with clear diagnostics, timelines, and artifacts (logs, packet captures).
• Change Management: Prepare implementation plans and back‑out procedures; submit changes with risk assessments; execute changes during approved windows; update configuration baselines and runbooks.

• Firewall Configuration: Build and maintain network and security policies (access rules, NAT, application control, URL filtering, IPS/IDS profiles, SSL decryption where applicable), address objects, service groups, and security zones.
• Network Integrations: Configure dynamic/static routing, HA pairs/clusters, virtual systems/VDOMs/contexts, and segmentation architectures across data centers and cloud/hybrid environments.
• Logging & Monitoring: Maintain centralized logging (e.g., FortiAnalyzer, Panorama, SmartEvent, Cisco FMC/FTD), create dashboards/alerts, and ensure telemetry is actionable for SOC and NOC consumers.
• Automation & Scripting – Bulk Rules Provisioning: Design, test, and operate scripts to generate, validate, and deploy large rule sets using vendor APIs/SDKs (e.g., Fortinet REST API, Palo Alto XML/REST API, Check Point Management API, Cisco FMC/FTD APIs).

• Cross‑Functional Partnering: Collaborate with Network Engineering, SOC, IT Compliance, and Application teams to align rules with business requirements and segmentation intent.

• Experience: 3–5+ years in firewall operations or network security engineering supporting medium‑to‑large environments.
• Vendor Expertise (hands‑on): Fortinet (FortiGate / FortiManager / FortiAnalyzer; VDOMs, IPS, SSL inspection) – Palo Alto Networks (PAN‑OS, Panorama; App‑ID, User‑ID, Security Profiles) – Check Point (GAiA, SmartConsole/SmartCenter, Policy Management, VSX) – Cisco (ASA or Firepower/FTD with FMC; ACPs, NAT, VPN, IPS).
• Scripting/Automation: Proficiency in Python and/or PowerShell, JSON/YAML, REST APIs; experience generating objects and rules at scale and validating deployments programmatically.
• Networking Fundamentals: Strong understanding of TCP/IP, routing (static/dynamic) – inclusive of BGP, NAT, VLANs, VPN (IPsec/SSL), HA/Clustering, and segmentation/Zero Trust principles.
• Compliance Mindset: Familiarity with security benchmarks and controls (e.g., CIS, NIST, ISO 27001), change control, and evidence collection for audits.
• Tooling: Experience with SIEM/Log platforms, packet capture tools, and ticketing/ITSM (e.g., ServiceNow/Jira).

• Certifications: NSE (Fortinet) 4–7, PCNSA/PCNSE (Palo Alto), CCSA/CCSE (Check Point), CCNA/CCNP Security or Cisco FTD certifications.
• Exposure to cloud networking and firewalls (e.g., Azure Firewall, Palo Alto VM‑Series, FortiGate VM, CheckPoint CloudGuard).