Firewall Engineer - level 2 (m/f/n)

We are supporting a long-term project for a major EU public-sector organization.

Mandatory:

• 5+ years in enterprise firewall engineering
• Strong knowledge of CheckPoint R8x and FortiGate
• Solid understanding of TCP/IP, routing (BGP, OSPF basics), NAT, VPN technologies
• Experience with Linux networking
• Experience with automation (Ansible preferred)
• Git proficiency
• Strong troubleshooting skills

Nice to Have:

• Experience with containerized firewall deployment
• API-driven firewall configuration
• Experience with CI/CD tools (GitLab CI, etc.)
• Experience integrating firewalls with cloud (AWS)
• Experience in high-availability architectures

Soft Skills:

• Analytical mindset
• Ability to perform structured RCA
• Autonomous and proactive
• Strong documentation discipline
• Ability to mentor Level 1 engineers
• Clear communication during incident bridges

Incident & Problem Management (Level 2 Scope):

• Handle escalated incidents from Level 1
• Troubleshoot complex firewall issues (routing, NAT, clustering, performance)
• Perform deep packet analysis when required
• Conduct root cause analysis (RCA)
• Identify recurring issues and open Problem records
• Participate in post-mortem analysis and improvement plans
• Participate in Level 2 on-call rotation

Firewall Engineering & Automation:

• Design and maintain automation for software upgrades (CheckPoint, Fortinet, Open-Source)
• Design and maintain automation for cluster upgrades and failover validation
• Design and maintain automation for policy deployment pipelines
• Design and maintain automation for backup & restore procedures
• Implement infrastructure changes through Ansible / AWX, Git-based workflows, CI/CD pipelines
• Ensure infrastructure changes are reproducible and version-controlled
• Contribute to Git repositories and review pull requests
• Maintain configuration as code principles

Configuration Governance & CMDB Integrity:

• Ensure all firewall objects and rules align with CMDB data
• Enforce Source of Truth model (e.g., NetBox or equivalent)
• Avoid manual configuration drift
• Implement validation checks before deployment
• Contribute to compliance reporting

Firewall Platform Expertise:

• Check Point Software Technologies
• R8x architecture
• Management Server / MDS
• SmartConsole
• ClusterXL

Policy installation & troubleshooting:

• Fortinet
• FortiGate
• FortiManager
• HA clusters
• Security Fabric integration

Open-Source Firewalls:

• nftables / iptables
• pfSense
• OPNsense
• Strong understanding of Linux networking stack

DevOps & Engineering Practices:

• Infrastructure as Code mindset
• CI/CD pipeline integration
• Unit testing for automation scripts
• Use of Git branching strategies
• Observability integration (logs, metrics, alerts)
• Secure coding practices for automation

Upgrade & Lifecycle Management:

• Plan and execute major version upgrades
• Plan and execute hotfix deployment
• Plan and execute security patching
• Automate pre-checks and post-checks
• Maintain upgrade playbooks
• Document rollback strategies

Security & Compliance:

• Ensure firewall configurations align with security policies
• Support audit evidence collection
• Support vulnerability remediation
• Ensure secure configuration standards and best practices
• Participate in security hardening initiatives

IMPORTANT: This job requires initiating the process of getting a Security Clearance certificate.