We are seeking a highly skilled Firewall Operations Engineer to join our network security team. This role is responsible for maintaining, securing, and optimizing our enterprise firewall infrastructure. The ideal candidate will have hands-on experience with major firewall platforms, strong troubleshooting skills, and the ability to automate and streamline firewall rule provisioning through scripting.

Key Responsibilities

1. Operations & Compliance

Patch Compliance: Plan, schedule, and execute firewall OS/firmware updates (e.g., maintenance windows, rollback plans), track versions, and maintain evidence of compliance across all devices.

Security Compliance: Enforce baseline configurations, hardening standards, and rule hygiene; perform periodic control checks (e.g., rules recertification, unused object cleanup); document and remediate audit findings aligned to frameworks (e.g., CIS benchmarks, NIST).

Level 1 Troubleshooting: Triage and resolve common connectivity issues (NAT, routing, zone/segment access), VPN problems (site-to-site, remote access), and policy conflicts; escalate complex cases with clear diagnostics, timelines, and artifacts (logs, packet captures).

Change Management: Prepare implementation plans and back-out procedures; submit changes with risk assessments; execute changes during approved windows; update configuration baselines and runbooks.

2. Configuration & Policy Management

Firewall Configuration: Build and maintain network and security policies (access rules, NAT, application control, URL filtering, IPS/IDS profiles, SSL decryption where applicable), address objects, service groups, and security zones.

Network Integrations:
Configure dynamic/static routing, HA pairs/clusters, virtual systems/VDOMs/contexts, and segmentation architectures across data centers and cloud/hybrid environments.

Logging & Monitoring:
Maintain centralized logging (e.g., FortiAnalyzer, Panorama, SmartEvent, Cisco FMC/FTD), create dashboards/alerts, and ensure telemetry is actionable for SOC and NOC consumers.

Automation & Scripting
Bulk Rules Provisioning: Design, test, and operate scripts to generate, validate, and deploy large rule sets using vendor APIs/SDKs (e.g., Fortinet REST API, Palo Alto XML/REST API, Check Point Management API, Cisco FMC/FTD APIs).

3. Documentation & Collaboration
Cross-Functional Partnering: Collaborate with Network Engineering, SOC, IT Compliance, and Application teams to align rules with business requirements and segmentation intent.

Required Qualifications

Experience: 3–5+ years in firewall operations or network security engineering supporting medium-to-large environments.

Vendor Expertise (hands-on): Fortinet (FortiGate / FortiManager / FortiAnalyzer; VDOMs, IPS, SSL inspection) Palo Alto Networks (PAN-OS, Panorama; App-ID, User-ID, Security Profiles) Check Point (GAiA, SmartConsole/SmartCenter, Policy Management, VSX) Cisco (ASA or Firepower/FTD with FMC; ACPs, NAT, VPN, IPS)

Scripting/Automation: Proficiency in Python and/or PowerShell, JSON/YAML, REST APIs; experience generating objects and rules at scale and validating deployments programmatically.

Networking Fundamentals: Strong understanding of TCP/IP, routing (static/dynamic) – inclusive of BGP, NAT, VLANs, VPN (IPsec/SSL), HA/Clustering, and segmentation/Zero Trust principles.

Compliance Mindset: Familiarity with security benchmarks and controls (e.g., CIS, NIST, ISO 27001), change control, and evidence collection for audits.

Tooling: Experience with SIEM/Log platforms, packet capture tools, and ticketing/ITSM (e.g., ServiceNow/Jira).

Preferred Qualifications

Certifications: NSE (Fortinet) 4–7, PCNSA/PCNSE (Palo Alto), CCSA/CCSE (Check Point), CCNA/CCNP Security or Cisco FTD certifications. Exposure to cloud networking and firewalls (e.g., Azure Firewall, Palo Alto VM-Series, FortiGate VM, CheckPoint CloudGuard).