Senior Network Security Engineer

Senior Network Security Engineer

Requirements

• 5-8 years of experience in network security engineering.
• Expertise in Fortinet FortiGate, Checkpoint, Palo Alto, and Cisco ASA firewalls.
• Strong knowledge of SD-WAN solutions (Fortinet SD-WAN, Cisco SD-WAN, Prisma Access).
• Experience configuring and troubleshooting EIGRP, BGP, and OSPF routing protocols.
• Hands-on experience managing Zscaler ZIA/ZPA for cloud security.
• Proficiency in VPN technologies (IPSec, SSL, GRE, DMVPN, L2TP) and their security implications.
• Strong skills in NAT, firewall rule optimization, and routing table analysis.
• Experience with Radware DDoS protection, IPS/IDS, and threat mitigation.
• Knowledge of zero-trust security architectures and secure SD-WAN implementation.
• Strong analytical skills for troubleshooting network security issues, including packet captures and firewall logs.

Responsibilities

• Lead the migration from Checkpoint to Fortinet, including policy conversion, rule optimization, and traffic validation.
• Manage and maintain Cisco ASA, Palo Alto, Fortinet, and Checkpoint firewalls across corporate, cloud, and remote sites.
• Design and optimize firewall rule sets for improved security, performance, and compliance.
• Perform risk assessments and firewall audits to ensure network security best practices.
• Manage and optimize SD-WAN architecture to improve application performance and reduce latency.
• Implement policy-based traffic steering, failover mechanisms, and WAN optimization.
• Ensure seamless integration between SD-WAN, firewalls, cloud security solutions, and on-prem networks.
• Troubleshoot SD-WAN performance issues, routing conflicts, and connectivity problems.
• Work with network and security engineers to ensure secure connectivity between on-premises, branch locations, and cloud.
• Design and implement NAT policies, including static NAT, dynamic NAT, and PAT (Port Address Translation).
• Configure and troubleshoot EIGRP, BGP, and OSPF for enterprise and cloud routing.
• Optimize routing policies to ensure high availability, redundancy, and performance.
• Work closely with the network engineering team to enhance SD-WAN, inter-site, and cloud connectivity.
• Administer and optimize Zscaler ZIA/ZPA solutions for secure cloud access and web filtering.
• Implement zero-trust security policies for cloud applications and remote users.
• Troubleshoot Zscaler tunnels, proxy configurations, and application access issues.
• Implement and maintain Radware DDoS protection to safeguard network infrastructure from volumetric and application-layer attacks.
• Configure IPS/IDS solutions to detect and mitigate security threats.
• Work with SOC teams to analyze and respond to security incidents.
• Lead firewall, SD-WAN, NAT, and routing issue troubleshooting affecting business-critical applications.
• Perform packet capture analysis and use security logs to diagnose network issues.
• Work with vendors (Cisco, Fortinet, Palo Alto, Zscaler) to resolve complex technical issues.
• Develop and enforce firewall and network security policies in compliance with NIST, CIS benchmarks, and ISO 27001 standards.
• Conduct regular security audits and risk assessments.
• Maintain up-to-date documentation of firewall rules, SD-WAN policies, and security configurations.
• Develop scripts (Python, Bash, PowerShell) for automating firewall audits and SD-WAN policy updates.
• Optimize firewall and SD-WAN policies to reduce latency and improve efficiency.
• Implement network automation frameworks to streamline security operations.

Preferred Qualifications

• Certifications: Fortinet NSE 4/7, Checkpoint CCSA/CCSE, Palo Alto PCNSA/PCNSE, Cisco CCNP Security, Zscaler ZCCP, SD-WAN certifications.
• Experience with AWS, Azure, and GCP cloud security best practices.
• Familiarity with SIEM solutions for security event monitoring.
• Experience automating security tasks using Python, Ansible, or Terraform.