Firewall Policy Engineer

job summary:

Our client is hiring for a policy engineer.

Target Locations: Alpharetta, GA | Columbus, OH | Omaha, NE

Status: Remote Now / Hybrid Post-Conversion (Must be local)

location: Telecommute

job type: Contract to Perm

salary: $45 - 52 per hour

work hours: 8am to 5pm

education: High School



responsibilities:

Description:

Firewall Policy Engineer - Job Description

The Firewall Policy Engineer is responsible for designing, implementing, and maintaining enterprise firewall policies that protect critical business systems across a complex, multi data center environment. This individual will collaborate closely with network and security engineering teams to ensure secure connectivity, policy consistency, and compliance with organizational standards. The ideal candidate brings deep hands on expertise with next generation firewalls, policy orchestration tools, and operational troubleshooting in high availability environments.

________________________________________

Primary Responsibilities

- Design, implement, and maintain firewall policies across Palo Alto Networks and Check Point security platforms.

- Manage rule lifecycle activities including creation, optimization, cleanup, and decommissioning.

- Manage and troubleshoot Network Address Translation (NAT) policies-including static, dynamic, hide, and bidirectional NAT-across Palo Alto and Check Point firewalls to ensure secure and accurate traffic flow.

- Configure, review, and troubleshoot firewall routing (static routes, virtual routers, PBF, and dynamic routing integrations) to ensure correct traffic pathing and alignment with network architecture.

- Use Tufin (SecureChange) or similar policy orchestration tools to analyze rule bases, streamline workflows, and automate change processes.

- Review and process firewall policy change requests in alignment with governance, compliance, and security best practices.

- Perform root cause analysis and troubleshooting of firewall issues, and access problems, including some network connectivity concerns.

- Partner with Network, Security Engineering, Governance, and Operations teams to ensure policy consistency across global environments.

- Fulfill and manage change, incident, and request tasks using ServiceNow or equivalent ITSM tools.

- Contribute to policy automation and efficiency improvements using scripting languages (Python, PowerShell, or similar).

- Assist with documentation, and policy governance processes.

- ________________________________________

Basic Qualifications

- 3-5+ years of experience working with enterprise firewall technologies.

- Strong hands on experience with Palo Alto Networks and Check Point firewall platforms.

o Including a strong understanding of Palo Alto zone based architecture, including zone creation, security zone mapping, inter zone traffic behavior, and proper zone-to-zone policy design.

- Experience with Tufin, FireMon, AlgoSec, or other policy management/orchestration solutions.

- Familiarity with log analysis and event correlation using Splunk.

- Working knowledge of ServiceNow for change, incident, and problem management.

- Understanding of core networking concepts, including:

o TCP/IP, routing, switching

o VPN (IPSec, SSL), NAT, DMZ architectures

o DNS, proxy services, network segmentation

- Ability to read packet captures and perform basic traffic analysis.

- Strong documentation, communication, and analytical problem solving skills.

- Ability to work independently and collaboratively in distributed, fast paced environments.

________________________________________

Preferred Skills and Experience

- Experience performing firewall rule analysis, risk assessments, and compliance reviews.

- Scripting knowledge (Python, Bash, PowerShell) for automating tasks and improving workflow efficiency.

- Experience supporting large scale, highly available multi data center environments.

- Certifications such as:

o Palo Alto ACE / PCNSA / PCNSE

o Check Point CCSA / CCSE

o Tufin Certified Administrator / Tufin Certified Security Expert

o Network+ / Security+ or similar

- Exposure to cloud security controls (AWS, Azure, Google Cloud Platform) is a plus.

________________________________________

Education

- Bachelor's degree in Information Security, Information Technology, Computer Science, or equivalent experience.

- High school diploma with 4+ years relevant hands on experience accepted.

qualifications:

Basic Qualifications

- 3-5+ years of experience working with enterprise firewall technologies.

- Strong hands on experience with Palo Alto Networks and Check Point firewall platforms.

o Including a strong understanding of Palo Alto zone based architecture, including zone creation, security zone mapping, inter zone traffic behavior, and proper zone-to-zone policy design.

- Experience with Tufin, FireMon, AlgoSec, or other policy management/orchestration solutions.

- Familiarity with log analysis and event correlation using Splunk.

- Working knowledge of ServiceNow for change, incident, and problem management.

- Understanding of core networking concepts, including:

o TCP/IP, routing, switching

o VPN (IPSec, SSL), NAT, DMZ architectures

o DNS, proxy services, network segmentation

- Ability to read packet captures and perform basic traffic analysis.

- Strong documentation, communication, and analytical problem solving skills.

- Ability to work independently and collaboratively in distributed, fast paced environments.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.


It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.