Firewall Engineer (m/f/n)

We are supporting a long-term project for a major EU public-sector organization, and we are currently looking for an experienced Firewall Engineer.

The Level 2 Firewall Engineer ensures the stability, security, automation, and continuous improvement of the enterprise firewall infrastructure.

The engineer handles complex incidents and problems, designs and maintains automation for firewall lifecycle operations, and ensures all configurations align with the CMDB as the authoritative Source of Truth.

The role bridges operational excellence and infrastructure engineering, applying DevOps principles to security infrastructure.

IMPORTANT: Please note that this job would require you to initiate the process of getting a Security Clearance certificate. We will be happy to give you more details during the interview.

Key Responsibilities

Incident & Problem Management (Level 2 Scope)

• Handle escalated incidents from Level 1

• Troubleshoot complex firewall issues (routing, NAT, clustering, performance)

• Perform deep packet analysis when required

• Conduct root cause analysis (RCA)

• Identify recurring issues and open Problem records

• Participate in post-mortem analysis and improvement plans

• Participate in Level 2 on-call rotation

Firewall Engineering & Automation

• Design and maintain automation for:

• Software upgrades (CheckPoint, Fortinet, Open-Source)

• Cluster upgrades and failover validation

• Policy deployment pipelines

• Backup & restore procedures

• Implement infrastructure changes through:

• Ansible / AWX

• Git-based workflows

• CI/CD pipelines

• Ensure infrastructure changes are reproducible and version-controlled

• Contribute to Git repositories and review pull requests

• Maintain configuration as code principles

Configuration Governance & CMDB Integrity

• Ensure all firewall objects and rules align with CMDB data

• Enforce Source of Truth model (e.g., NetBox or equivalent)

• Avoid manual configuration drift

• Implement validation checks before deployment

• Contribute to compliance reporting

Firewall Platform Expertise

• Check Point Software Technologies

• R8x architecture

• Management Server / MDS

• SmartConsole

• ClusterXL

Policy installation & troubleshooting

• Fortinet

• FortiGate

• FortiManager

• HA clusters

• Security Fabric integration

Open-Source Firewalls

• nftables / iptables

• pfSense

• OPNsense

• Strong understanding of Linux networking stack

DevOps & Engineering Practices

• Infrastructure as Code mindset

• CI/CD pipeline integration

• Unit testing for automation scripts

• Use of Git branching strategies

• Observability integration (logs, metrics, alerts)

• Secure coding practices for automation

Upgrade & Lifecycle Management

Plan and execute:

• Major version upgrades

• Hotfix deployment

• Security patching

• Automate pre-checks and post-checks

• Maintain upgrade playbooks

• Document rollback strategies

Security & Compliance

• Ensure firewall configurations align with security policies

• Support audit evidence collection

• Support vulnerability remediation

• Ensure secure configuration standards, and best practices

• Participate in security hardening initiatives

Technical Skills Required

Mandatory

• 5+ years in enterprise firewall engineering

Strong knowledge of:

1. CheckPoint R8x

2. FortiGate

3. Solid understanding of:

4. TCP/IP

5. Routing (BGP, OSPF basics)

6. NAT

7. VPN technologies

• Experience with Linux networking

• Experience with automation (Ansible preferred)

• Git proficiency

• Strong troubleshooting skills

Nice to Have

• Experience with containerized firewall deployment

• API-driven firewall configuration

• Experience with CI/CD tools (GitLab CI, etc.)

• Experience integrating firewalls with cloud (AWS)

• Experience in high-availability architectures

Soft Skills

• Analytical mindset

• Ability to perform structured RCA

• Autonomous and proactive

• Strong documentation discipline

• Ability to mentor Level 1 engineers

• Clear communication during incident bridges

Offer:

• Remote work with mandatory business trips to Luxembourg once per month for 2–3 days

• Travel costs covered by the candidate

• Rate: 540 EUR/MD nett

• Long-term B2B contract signed directly with the end client