Senior Network Security DevOps Engineer (Firewall L2) m/f/n

We are currently looking for an experienced Senior Network / Network Security DevOps Engineer (Firewall Engineer – Level 2) to join a project delivered for a European Union organization. The role focuses on ensuring the stability, security, automation, and continuous improvement of enterprise firewall infrastructure, combining operational excellence with a DevOps-oriented engineering approach.

Technical Requirements:

✅Incident & Problem Management (Level 2 Scope):

• Proven experience in handling Level 2 escalations in enterprise network security environments

• Ability to troubleshoot complex firewall incidents involving:

  • routing issues

  • NAT behavior

  • asymmetric traffic

  • performance bottlenecks

  • cluster synchronization problems

• Experience with deep packet inspection / traffic analysis (tcpdump, fw monitor, equivalent tools)

• Strong skills in Root Cause Analysis (RCA) and problem management

• Ability to identify recurring incidents and contribute to problem records and remediation plans

• Experience working in L1 / L2 / L3 operating models

• Comfortable working in on-call rotations (Level 2) and incident bridges

✅Firewall Engineering & Automation:

• Hands-on experience designing and maintaining automation for firewall lifecycle operations, including:

  • software upgrades

  • cluster upgrades

  • failover validation

  • policy deployments

  • backup & restore procedures

• Strong experience with automation tools, especially:

  • Ansible / AWX

  • script-based automation (Python, Bash – nice to have)

• Experience implementing infrastructure changes using:

  • Git-based workflows

  • CI/CD pipelines

• Understanding of Infrastructure as Code (IaC) and Configuration as Code principles

• Experience reviewing and maintaining automation code in shared repositories

✅Configuration Governance & CMDB Integrity:

• Strong understanding of configuration governance in regulated / enterprise environments

• Experience working with CMDB as a Source of Truth (e.g. NetBox or equivalent)

• Ability to ensure firewall objects, rules, and configurations are fully aligned with CMDB data

• Experience preventing and resolving configuration drift

• Ability to implement validation and pre-deployment checks

• Experience contributing to compliance and audit reporting

✅Firewall Platform Expertise:

Check Point Software Technologies:

• Strong hands-on experience with Check Point R8x architecture

• Experience with:

  • Management Server / MDS

  • SmartConsole

  • ClusterXL

  • policy installation and troubleshooting

Fortinet:

• Hands-on experience with:

  • FortiGate

  • FortiManager

  • HA clusters

  • Security Fabric integration

Open-Source Firewalls

• Practical experience with:

  • iptables / nftables

  • pfSense

  • OPNsense

• Strong understanding of the Linux networking stack

✅DevOps & Engineering Practices:

• Strong DevOps mindset applied to network security infrastructure

• Experience integrating firewall operations with CI/CD pipelines

• Understanding of:

  • Git branching strategies

  • pull requests and code reviews

• Experience with unit testing automation scripts (nice to have)

• Familiarity with observability concepts:

  • logs

  • metrics

  • alerts

• Awareness of secure coding practices for automation and scripting

✅Upgrade & Lifecycle Management:

• Proven experience planning and executing:

  • major version upgrades

  • hotfix deployments

  • security patching

• Ability to automate pre-checks and post-checks for upgrades

• Experience maintaining upgrade playbooks and procedures

• Ability to define and document rollback strategies

• Experience upgrading firewalls in high-availability environments

✅Security & Compliance:

• Strong understanding of network security principles and firewall best practices

• Ability to ensure configurations align with organizational security policies

• Experience supporting:

  • security audits

  • evidence collection

  • compliance checks

• Experience with vulnerability remediation in firewall environments

• Participation in security hardening initiatives

Technical Skills Required:

✅Mandatory:

• 5+ years of experience in enterprise firewall engineering

• Strong hands-on knowledge of Check Point R8x and FortiGate

• Solid understanding of:

  • TCP/IP

  • NAT

  • VPN technologies

  • Routing (BGP, OSPF – basics)

• Experience with Linux networking

• Experience with automation (Ansible preferred)

• Git proficiency

• Strong troubleshooting skills

• Languages: English min. C1 plus any other European language would be an asset

✅Nice to Have:

• Containerized firewall deployments

• API-driven firewall configuration

• Experience with CI/CD tools (e.g. GitLab CI)

• Experience integrating firewalls with cloud platforms (AWS)

• Experience with high-availability architectures

✅Soft Skills:

• Analytical mindset

• Ability to perform structured RCA

• Autonomous and proactive approach

• Strong documentation discipline

• Ability to mentor Level 1 engineers

• Clear communication during incident bridges

✅Formal requirements (EU project):

• EU citizenship – required

• Active EU Secret Security Clearance required, or willingness to obtain one after joining the project

What we offer:

• B2B contract, Long-term cooperation, contracts renewed on a yearly basis

• Remote work model + onboarding in Luxembourg 2-3 days on site plus occasional trips to Luxembourg (to be determined)

• Full-time engagement

• Rate: 530-550 EUR/MD net

• Equipment provided by the customer

• On-call duties:

  • weekly Level 2 on-call rotation

  • on-call duty additionally paid