Security Firewall Engineer/EU Citizen/REMOTE

The Level 2 Firewall Engineer ensures the stability, security, automation, and continuous improvement of the enterprise Firewall infrastructure.

The engineer handles complex incidents and problems, designs and maintains automation for Firewall life cycle operations, and ensures all configurations align with the CMDB as the authoritative Source of Truth.

The role bridges operational excellence and infrastructure engineering, applying DevOps principles to security infrastructure.

Key Responsibilities

1 Incident & Problem Management (Level 2 Scope)

• Handle escalated incidents from Level 1

• Troubleshoot complex Firewall issues (routing, NAT, clustering, performance)

• Perform deep packet analysis when required

• Conduct root cause analysis (RCA)

• Identify recurring issues and open Problem records

• Participate in post-mortem analysis and improvement plans

• Participate in Level 2 on-call rotation

2 Firewall Engineering & Automation

• Design and maintain automation for:

• Software upgrades (CheckPoint, Fortinet, Open-Source)

• Cluster upgrades and failover validation

• Policy deployment pipelines

• Backup & restore procedures

• Implement infrastructure changes through:

• Ansible/AWX

• Git-based workflows

• CI/CD pipelines

• Ensure infrastructure changes are reproducible and version-controlled

• Contribute to Git repositories and review pull requests

• Maintain configuration as code principles

3 Configuration Governance & CMDB Integrity

• Ensure all Firewall objects and rules align with CMDB data

• Enforce Source of Truth model (eg, NetBox or equivalent)

• Avoid manual configuration drift

• Implement validation checks before deployment

• Contribute to compliance reporting

4 Firewall Platform Expertise

Check Point Software Technologies

• R8x architecture

• Management Server/MDS

• SmartConsole

• ClusterXL

• Policy installation & troubleshooting

Fortinet

• FortiGate

• FortiManager

• HA clusters

• Security Fabric integration

Open-Source Firewalls

• nftables/iptables

• pfSense

• OPNsense

• Strong understanding of Linux networking stack

5 DevOps & Engineering Practices

• Infrastructure as Code mindset

• CI/CD pipeline integration

• Unit testing for automation scripts

• Use of Git branching strategies

• Observability integration (logs, metrics, alerts)

• Secure coding practices for automation

6 Upgrade & Lifecycle Management

• Plan and execute:

• Major version upgrades

• Hotfix deployment

• Security patching

• Automate pre-checks and post-checks

• Maintain upgrade playbooks

• Document rollback strategies

7 Security & Compliance

• Ensure Firewall configurations align with security policies

• Support audit evidence collection

• Support vulnerability remediation

• Ensure secure configuration standards, and best practices

• Participate in security hardening initiatives

Technical Skills Required

Mandatory

• 5+ years in enterprise Firewall engineering

• Strong knowledge of:

• CheckPoint R8x

• FortiGate

• Solid understanding of:

• TCP/IP

• Routing (BGP, OSPF basics)

• NAT

• VPN technologies

• Experience with Linux networking

• Experience with automation (Ansible preferred)

• Git proficiency

• Strong troubleshooting skills

Nice to Have

• Experience with containerized Firewall deployment

• API-driven Firewall configuration

• Experience with CI/CD tools (GitLab CI, etc.)

• Experience integrating Firewalls with cloud (AWS)

• Experience in high-availability architectures

Soft Skills

• Analytical mindset

• Ability to perform structured RCA

• Autonomous and proactive

• Strong documentation discipline

• Ability to mentor Level 1 engineers

• Clear communication during incident bridges