Senior Network Security DevOps Engineer (Firewall L2) m/f/n

The role is for a Senior Network / Network Security DevOps Engineer (Firewall Engineer – Level 2) working on a project delivered for a European Union organization. The position focuses on maintaining the stability, security, automation, and continuous improvement of enterprise firewall infrastructure with a DevOps-oriented engineering approach.

Mandatory:

• 5+ years of experience in enterprise firewall engineering
• Strong hands-on knowledge of Check Point R8x and FortiGate
• Solid understanding of TCP/IP, NAT, VPN technologies, and basic routing (BGP, OSPF)
• Experience with Linux networking
• Experience with automation (Ansible preferred)
• Proficiency with Git
• Strong troubleshooting skills
• English language proficiency minimum C1; additional European languages are an asset

Nice to Have:

• Containerized firewall deployments
• API-driven firewall configuration
• Experience with CI/CD tools (e.g., GitLab CI)
• Experience integrating firewalls with cloud platforms (AWS)
• Experience with high-availability architectures

Soft Skills:

• Analytical mindset
• Ability to perform structured RCA
• Autonomous and proactive approach
• Strong documentation discipline
• Ability to mentor Level 1 engineers
• Clear communication during incident bridges

Formal Requirements (EU project):

• EU citizenship required
• Active EU Secret Security Clearance required or willingness to obtain after joining the project

Incident & Problem Management (Level 2 Scope):

• Handle Level 2 escalations in enterprise network security environments
• Troubleshoot complex firewall incidents including routing issues, NAT behavior, asymmetric traffic, performance bottlenecks, and cluster synchronization problems
• Perform deep packet inspection and traffic analysis using tools like tcpdump and fw monitor
• Conduct Root Cause Analysis (RCA) and problem management
• Identify recurring incidents and contribute to problem records and remediation plans
• Work within L1 / L2 / L3 operating models
• Participate in on-call rotations (Level 2) and incident bridges

Firewall Engineering & Automation:

• Design and maintain automation for firewall lifecycle operations such as software upgrades, cluster upgrades, failover validation, policy deployments, and backup & restore procedures
• Use automation tools including Ansible / AWX and script-based automation (Python, Bash - nice to have)
• Implement infrastructure changes using Git-based workflows and CI/CD pipelines
• Apply Infrastructure as Code (IaC) and Configuration as Code principles
• Review and maintain automation code in shared repositories

Configuration Governance & CMDB Integrity:

• Ensure configuration governance in regulated/enterprise environments
• Work with CMDB as a Source of Truth (e.g., NetBox or equivalent)
• Align firewall objects, rules, and configurations with CMDB data
• Prevent and resolve configuration drift
• Implement validation and pre-deployment checks
• Contribute to compliance and audit reporting

Firewall Platform Expertise:

• Work with Check Point R8x architecture including Management Server / MDS, SmartConsole, ClusterXL, and policy installation and troubleshooting
• Work with Fortinet products including FortiGate, FortiManager, HA clusters, and Security Fabric integration
• Use open-source firewalls such as iptables / nftables, pfSense, and OPNsense
• Understand the Linux networking stack

DevOps & Engineering Practices:

• Apply a DevOps mindset to network security infrastructure
• Integrate firewall operations with CI/CD pipelines
• Understand Git branching strategies, pull requests, and code reviews
• Use unit testing for automation scripts (nice to have)
• Apply observability concepts including logs, metrics, and alerts
• Follow secure coding practices for automation and scripting

Upgrade & Lifecycle Management:

• Plan and execute major version upgrades, hotfix deployments, and security patching
• Automate pre-checks and post-checks for upgrades
• Maintain upgrade playbooks and procedures
• Define and document rollback strategies
• Upgrade firewalls in high-availability environments

Security & Compliance:

• Understand network security principles and firewall best practices
• Ensure configurations align with organizational security policies
• Support security audits, evidence collection, and compliance checks
• Perform vulnerability remediation in firewall environments
• Participate in security hardening initiatives

• EU citizenship required
• Active EU Secret Security Clearance required or willingness to obtain after joining the project