Network Security Engineer

Job Title: Firewall Network Engineer (L3) – Fortinet, Palo Alto & Multi-Vendor Security

The Firewall Network Engineer (L3) provides advanced network security support, designing, implementing, and managing multi-vendor firewall and security solutions (Fortinet, Palo Alto, Check Point, Cisco, and Radware) to ensure system availability, integrity, and confidentiality.

Key Responsibilities

• Deliver L3 escalation support for complex security incidents and connectivity issues across FortiGate, Palo Alto, and Check Point firewalls.
• Troubleshoot security policies, NAT, routing, and session handling using CLI and packet capture tools.
• Resolve advanced IPsec (IKEv1/IKEv2) and SSL VPN issues, including negotiation failures and routing conflicts.
• Investigate traffic drops, Application-ID issues, and enforcement failures of IPS, AV, and URL filtering profiles.
• Manage and troubleshoot DDoS protection mechanisms using Radware solutions.
• Maintain and troubleshoot HA configurations (Active/Passive, clustering) and failover issues across firewall platforms.
• Review and validate firewall rule changes, security profiles, and NAT policies before production deployment.
• Utilize firewall policy management and compliance tools such as AlgoSec and Tufin.
• Monitor and respond to alerts from Cisco IPS and other threat detection systems.
• Implement and manage file integrity monitoring using Tripwire (FIM).
• Lead incident resolution during P1/P2 outages and coordinate with SOC, network, and application teams.
• Support firewall upgrades, migrations, and performance optimization efforts.

Required Skills and Experience

• Proficiency with FortiGate, Palo Alto, and Check Point firewall platforms.
• Experience with Radware DDoS protection solutions.
• Strong hands-on experience with Cisco technologies (routing & switching, Cisco IPS).
• Familiarity with firewall assurance and automation tools such as AlgoSec and Tufin.
• Knowledge of File Integrity Monitoring (FIM) tools like Tripwire.
• Strong knowledge of TCP/IP, OSPF/BGP routing, VLANs, and network segmentation.
• Expertise in NAT, VPN technologies, and firewall rule lifecycle management.
• Experience with high-availability firewall configurations and failover mechanisms.
• Strong analytical and problem-solving skills in incident management.
• Excellent communication and collaboration skills for cross-team coordination.
• Bachelor’s degree in Computer Science, Information Technology, or related field.
• Preferred certifications: NSE, PCNSE, CCNP Security, Check Point (CCSA/CCSE), or equivalent.