Senior Network Security Engineer - Checkpoint

Title: Senior Network Security Engineer (Checkpoint Firewalls)

Location: Houston, TX (3 days a week onsite)

Job Description

ComTec is seeking a highly skilled Senior Network Security Engineer with deep expertise in Checkpoint firewalls. The ideal candidate will be responsible for designing, implementing, maintaining, and troubleshooting enterprise firewall solutions in a large-scale network security environment.

Responsibilities:

• Design and implement Checkpoint firewall policies, NAT rules, VPN configurations, and security zones.
• Deploy, configure, and manage Checkpoint firewalls (R80.x, R81.x) including policies, NAT, VPN, IPS, and threat prevention features.
• Perform troubleshooting and root cause analysis for network security incidents and firewall-related issues.
• Manage security zones, access control policies, and URL filtering.
• Plan and execute firewall upgrades, patches, and migrations with minimal downtime.
• Monitor and respond to security events and incidents related to firewalls and network devices.
• Perform log analysis, packet captures, and troubleshooting using tools like SmartConsole and SmartView.
• Perform regular firewall rule reviews to optimize security and ensure compliance with security best practices while ensuring business continuity.
• Manage and optimize traffic management using iRules and custom configurations on F5 devices.
• Ensure security of routing protocols (BGP, OSPF), VLANs, and load balancing across the network.
• Involve in security audits, vulnerability assessments, and incident response to ensure network security compliance.
• Monitor network performance and proactively address bottlenecks, latency issues, and security breaches.
• Maintain detailed documentation for firewall configurations, security policies, and network diagrams.

Required Skills:

• 10+ years of experience in Network Security Engineering.
• 6+ years of strong experience in Checkpoint Firewall administration (R80.x, R81.x).
• Experience in log analysis, incident response, and security monitoring.
• Hands-on with VPNs (SSL/IPSec), NAT, IDS/IPS, Threat Prevention, and URL Filtering.
• In-depth knowledge of TCP/IP, routing, VLANs, NAT, VPN, IPS, IDS, and general network architecture.
• Understanding of network protocols (TCP/IP, BGP, OSPF, VLANs, DHCP, DNS, NAT, SNMP, IPsec, GRE, VXLAN).
• Exposure to SIEM tools, packet capture tools (Wireshark, tcpdump), and security monitoring systems.
• Experience with vulnerability scanners, and compliance frameworks (e.g., PCI-DSS, ISO 27001).
• Certifications such as CCSE (Checkpoint Certified Security Expert) or Checkpoint Certified Security Administrator (CCSA) preferred.
• Must have excellent understanding of security architecture and integration
• Experience with change management and ITIL-based processes.
• Ability to work independently and as part of a global security team.
• Strong troubleshooting and analytical skills.
• Excellent communication and documentation skills.