Role Overview
The Firewall L3 Engineer will be responsible for providing advanced technical support, managing day-to-day firewall operations, and handling complex service requests and incidents across multi-vendor firewall platforms. This role involves ensuring security policy compliance, troubleshooting high-severity issues, implementing configuration changes, and supporting firewall infrastructure as part of enterprise security operations. The engineer will act as the escalation point for L2 teams and collaborate with architects on improvements, migrations, and optimization.
Key Responsibilities
Provide L3 operational support for firewall infrastructure (Fortinet, Palo Alto, Cisco, Juniper, Check Point, etc.).
Troubleshoot and resolve complex firewall incidents escalated from L1/L2 teams within agreed SLAs.
Implement and validate service requests (policy changes, NAT rules, VPN setups, security rule modifications, SSL/IPSec tunnels, etc.).
Perform root cause analysis (RCA) for recurring or high-impact security incidents.
Ensure firewall rule base optimization to improve performance, reduce risks, and remove redundancies.
Monitor firewall performance and health, take proactive measures to prevent outages.
Support firmware upgrades, patching, and security fixes in coordination with change management.
Work closely with SOC, NOC, and security architects for incident handling and security enhancements.
Maintain detailed documentation for changes, incidents, and SOPs.
Participate in on-call rotation for major incident escalations.
Ensure compliance with organizational security policies and regulatory requirements.
Mentor and provide guidance to L1/L2 engineers.
Required Skills & Experience
• 5–8 years of experience in firewall operations, with at least 3+ years in L3 support.
• Hands-on expertise with at least two major firewall vendors (e.g., Fortinet, Palo Alto, Check Point, Cisco, Juniper).
• Strong knowledge of:
• Firewall policies, NAT, routing, and security zones
• SSL/IPSec VPN setup & troubleshooting
• High Availability (HA) firewall clusters
• Advanced threat protection features (IPS, AV, URL filtering, sandboxing)
• Experience with firewall migrations and upgrades.
• Proficiency in troubleshooting using logs, packet captures, and debug tools.
• Familiarity with ITIL processes (Incident, Problem, Change Management).
• Good understanding of network protocols (TCP/IP, OSPF, BGP, DNS, DHCP).
• Knowledge of security compliance frameworks (ISO 27001, PCI DSS, NIST) is a plus.
• Automation/scripting knowledge (Python, Ansible, API integrations) is an added advantage.
Qualifications
• Bachelor’s degree in computer science, Information Technology, or related field.
• Relevant certifications preferred (any of the following):
• Fortinet NSE 4/7/8
• Palo Alto PCNSE
• Check Point CCSA/CCSE
• Cisco CCNP Security
• Juniper JNCIP-SEC
Soft Skills
• Strong problem-solving and analytical skills.
• Excellent communication and documentation abilities.
• Ability to work under pressure and handle critical escalations.
• Team player with capability to mentor junior engineers.
Never miss an opportunity! Create an alert based on the job you applied for.
.jpg?format=webp)
