Senior Firewall Engineer

Compensation Grade:

13

BASIC PURPOSE:
 

Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Maintains hardware, software and network firewalls and encryption protocols. Develop cybersecurity policies to control physical and virtual access to systems. Perform network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks.

ESSENTIAL FUNCTIONS:

• Participate in an on-call rotation for after-hours support and monthly maintenance schedule.

• Design, configure, and optimize NGFW policies to enforce strict security controls and meet business needs.

• Working with our SECOP team to conduct regular security audits and vulnerability assessments, ensuring compliance with industry standards.

• Proactively manage firewall firmware and software updates, minimizing security risks.

• Monitor and analyze firewall logs and performance metrics to identify and address potential threats.

• Manage and secure remote access solutions, including VPNs and secure access platforms.

•  Develop and implement comprehensive firewall security policies and procedures aligned with organizational security strategies.

• Contribute to the design and implementation of secure network architectures, integrating firewall solutions effectively.

• Participate in risk assessments and vulnerability management initiatives.

• Researches and evaluates software for the Bank’s Firewall, Email Gateways, and associated infrastructure.  Meets with vendors and Bank staff to analyze business requirements and technology solutions best qualified to meet the Bank’s information processing needs.

• Provides Tier II technical support along with guidance, recommendations, and backup for Tier I support staff (Information Technology Services Support Center).  Recommends solutions to problems and notifies management of potential problem areas.

• Plans, coordinates, and manages the design and implementation of the Bank’s private, public, and hybrid cloud environments.  This requires working closely with the department management to coordinate overall planning, design and implementation.

• Ensures comprehensive business continuity architecture is maintained and operations are in place to ensure compliance with required RPOs and RTOs during business continuity events.

• Manages change control, configuration, monitoring, maintenance, capacity planning, and performance management of the Firewalls and security platforms.

• Develop and maintain comprehensive network security diagram

• Participates in a fast-paced DevOps and SecOps Engineering team within Kanban agile processes.

• Lead incident response efforts for security breaches, conducting forensic analysis and implementing remediation plans.

KNOWLEDGE, SKILLS, ABILITIES: 

• Deep knowledge and practical experience on Next Gen Firewall administration in multi-site environment Expertise in the areas of network security and troubleshooting complex on-prem and cloud technology

• Experience with firewall technologies such as security NAT, VPN, Threat prevention & URL filtering

• Develop Palo Alto App ID, User ID firewall rules implementation experience.

• Experienced with VMware NSX-T Security  (Firewall)

• Experienced with implementing Micro segmentation

• Proofpoint email protection systems

• MoveIT Secure Managed File Transfer Software

• CyberArk PSM Software

• RSA Secure ID Software

• PING Identity Software

• Excellent verbal and written communication skills.

MINIMUM REQUIREMENTS

• A bachelor’s degree in computer science, seven years of professional experience in information technology, and five years in network security role, or the equivalent combination of education and experience is necessary.

• Highly technical and analytical, with a proven, deep cybersecurity background in technology design, implementation and delivery.

• Recent professional experience in Palo Alto firewall management. (Ideally 5 years)

• Complete life cycle management of Palo Alto Firewalls

• Palo Alto Certified Engineer preferred.

• Experience working in the financial/banking industry preferred

WORK LOCATION:  Onsite with an opportunity to work remote partially.  This position may not be filled in California, either in-person or remotely.

We are an equal opportunity employer.