Firewall Operations Engineer

We are seeking a highly skilled Firewall Operations Engineer to join our network security team. This role is responsible for maintaining, securing, and optimizing our enterprise firewall infrastructure. The ideal candidate will have hands-on experience with major firewall platforms, strong troubleshooting skills, and the ability to automate and streamline firewall rule provisioning through scripting.

Key Responsibilities

1. Operations & Compliance

Patch Compliance: Plan, schedule, and execute firewall OS/firmware updates (e.g., maintenance windows, rollback plans), track versions, and maintain evidence of compliance across all devices.

Security Compliance: Enforce baseline configurations, hardening standards, and rule hygiene perform periodic control checks (e.g., rules recertification, unused object cleanup) document and remediate audit findings aligned to frameworks (e.g., CIS benchmarks, NIST).

Level 1 Troubleshooting: Triage and resolve common connectivity issues (NAT, routing, zone/segment access), VPN problems (site-to-site, remote access), and policy conflicts escalate complex cases with clear diagnostics, timelines, and artifacts (logs, packet captures).

Change Management: Prepare implementation plans and back-out procedures submit changes with risk assessments execute changes during approved windows update configuration baselines and runbooks.

2. Configuration & Policy Management

Firewall Configuration: Build and maintain network and security policies (access rules, NAT, application control, URL filtering, IPS/IDS profiles, SSL decryption where applicable), address objects, service groups, and security zones.

Network Integrations:
Configure dynamic/static routing, HA pairs/clusters, virtual systems/VDOMs/contexts, and segmentation architectures across data centers and cloud/hybrid environments.

Logging & Monitoring:
Maintain centralized logging (e.g., FortiAnalyzer, Panorama, SmartEvent, Cisco FMC/FTD), create dashboards/alerts, and ensure telemetry is actionable for SOC and NOC consumers.

Automation & Scripting
Bulk Rules Provisioning: Design, test, and operate scripts to generate, validate, and deploy large rule sets using vendor APIs/SDKs (e.g., Fortinet REST API, Palo Alto XML/REST API, Check Point Management API, Cisco FMC/FTD APIs).

3. Documentation & Collaboration
Cross-Functional Partnering: Collaborate with Network Engineering, SOC, IT Compliance, and Application teams to align rules with business requirements and segmentation intent.

Required Qualifications

Experience: 3-5+ years in firewall operations or network security engineering supporting medium-to-large environments.

Vendor Expertise (hands-on): Fortinet (FortiGate / FortiManager / FortiAnalyzer VDOMs, IPS, SSL inspection) Palo Alto Networks (PAN-OS, Panorama App-ID, User-ID, Security Profiles) Check Point (GAiA, SmartConsole/SmartCenter, Policy Management, VSX) Cisco (ASA or Firepower/FTD with FMC ACPs, NAT, VPN, IPS)

Scripting/Automation: Proficiency in Python and/or PowerShell, JSON/YAML, REST APIs experience generating objects and rules at scale and validating deployments programmatically.

Networking Fundamentals: Strong understanding of TCP/IP, routing (static/dynamic) - inclusive of BGP, NAT, VLANs, VPN (IPsec/SSL), HA/Clustering, and segmentation/Zero Trust principles.

Compliance Mindset: Familiarity with security benchmarks and controls (e.g., CIS, NIST, ISO 27001), change control, and evidence collection for audits.

Tooling: Experience with SIEM/Log platforms, packet capture tools, and ticketing/ITSM (e.g., ServiceNow/Jira).

Preferred Qualifications

Certifications: NSE (Fortinet) 4-7, PCNSA/PCNSE (Palo Alto), CCSA/CCSE (Check Point), CCNA/CCNP Security or Cisco FTD certifications. Exposure to cloud networking and firewalls (e.g., Azure Firewall, Palo Alto VM-Series, FortiGate VM, CheckPoint CloudGuard).