Firewall Policy Engineer

Job DescriptionJob Description

JOB TITLE: Firewall Policy Engineer

LOCATION: Alpharetta, GA

Firewall policy creation in security, data center, and cloud infrastructure, working with Palo Alto, Checkpoint, Routers, Switches, networks, change management etc.

Job Description:

·         The Firewall Policy Engineer is responsible for designing, implementing, and maintaining enterprise firewall policies that protect critical business systems across a complex, multi data center environment. This individual will collaborate closely with network and security engineering teams to ensure secure connectivity, policy consistency, and compliance with organizational standards. The ideal candidate brings deep hands-on expertise with next firewalls, policy orchestration tools, and operational troubleshooting in high availability environments.

Job Responsibilities:

·         Design, implement, and maintain firewall policies across Palo Alto Networks and Check Point security platforms.

·         Manage rule lifecycle activities including creation, optimization, cleanup, and decommissioning.

·         Manage and troubleshoot Network Address Translation (NAT) policies—including static, dynamic, hide, and bidirectional NAT—across Palo Alto and Check Point firewalls to ensure secure and accurate traffic flow.

·         Configure, review, and troubleshoot firewall routing (static routes, virtual routers, PBF, and dynamic routing integrations) to ensure correct traffic pathing and alignment with network architecture.

·         Use Tufin (Secure Change) or similar policy orchestration tools to analyze rule bases, streamline workflows, and automate change processes.

·         Review and process firewall policy change requests in alignment with governance, compliance, and security best practices.

·         Perform root cause analysis and troubleshooting of firewall issues, and access problems, including some network connectivity concerns.

·         Partner with Network, Security Engineering, Governance, and Operations teams to ensure policy consistency across global environments.

·         Fulfill and manage change, incident, and request tasks using ServiceNow or equivalent ITSM tools.

·         Contribute to policy automation and efficiency improvements using scripting (Python, PowerShell, or similar).

·         Assist with documentation, and policy governance processes.

Skills Required:

·         3–5+ years of experience working with enterprise firewall technologies.

·         Strong hands-on experience with Palo Alto Networks and Check Point firewall platforms.

·         Including a strong understanding of Palo Alto zone- based architecture, including zone creation, security zone mapping, inter zone traffic behavior, and proper zone-to-zone policy design.

·         Experience with Tufin, Fire Mon, Algo Sec, or other policy management/orchestration solutions.

·         Familiarity with log analysis and event correlation using Splunk.

·         Working knowledge of ServiceNow for change, incident, and problem management.

·         Understanding of core networking concepts, including:

·         TCP/IP, routing, switching

·         VPN (IPSec, SSL), NAT, DMZ architectures

·         DNS, proxy services, network segmentation

·         Ability to read packet captures and perform basic traffic analysis.

·         Strong documentation, communication, and analytical problem-solving skills.

·         Ability to work independently and collaboratively in distributed, fast paced environments.

Preferred Skills and Experience

·         Experience performing firewall rule analysis, risk assessments, and compliance reviews.

·         Scripting knowledge (Python, Bash, PowerShell) for automating tasks and improving workflow efficiency.

·         Experience supporting large scale, highly available multi data center environments.

Certifications such as:

·         Palo Alto ACE / PCNSA / PCNSE

·         Check Point CCSA / CCSE

·         Tufin Certified Administrator / Tufin Certified Security Expert

·         Network+ / Security+ or similar

·         Exposure to cloud security controls (AWS, Azure, GCP) is a plus.

Education

·         Bachelor’s degree in Information Security, Information Technology, Computer Science, or equivalent experience.

·         High school diploma with 4+ years relevant hands- on experience accepted.

Travel

·         Occasional travel for internal meetings, training, or conferences as required.