HamburgerMenu
hirist
AI/ML

Artificial Intelligence

Machine Learning

NLP

Generative AI

Predictive Modeling

Query Segmentation

AI Interface

LLM

Deep Learning

MLOps

Security Architect - AI

Cloud Architect - ML/AI

Data Scientist

Data Modeling

Data Analytics

Data Analytics & BI

Data Engineering

Software Development

Backend Development

Frontend Development

Full Stack

Mobile Applications

Emerging Technologies

DevOps / SRE

CyberSecurity

Quality Assurance

Platform Engineering / SAP/Oracle

Product / Design

Product Management

Business Analysis and Project Management

UI & Design

Others

Semiconductor/VLSI/EDA

Others

L2 Network Security Engineer - Checkpoint

Bolt-on Global Solutions Pvt Ltd.
5 - 10 Years
Bangalore
Checkpoint FirewallFirewallNetwork SecurityVPNThreat DetectionNetwork ProtocolsRouting & SwitchingITILCCNACCNP

Posted on: 31/03/2026

Job Description

Note
:
CANDIDATES FROM BANGALORE LOCATION ONLY SHALL APPLY

Applications from candidates requiring RELOCATION WILL NOT BE ENTERTAINED.

JOB LOCATION
:
Bangalore

Notice Period
:
15 - 30 days Max

Educational Qualification
:
Bachelor's degree in computer science, engineering, or a related field

Network Security Engineer L2 (Checkpoint)

Role Summary
:


L2 Network Security Engineers provide advanced operational support for enterprise firewalls and security edge services, handling incident response, complex change implementation, problem management, and service improvements. They act as the primary escalation point from L1 and collaborate with L3/Architecture teams for chronic or design-level issues. They ensure high availability, security posture adherence, and compliance across on prem, hybrid, and cloud-connected networks.

Primary Responsibilities
:


Incident Response & Troubleshooting
:


- Own P2/P3 incidents end to end; drive P1 bridges as secondary lead when L3 is engaged.

- Perform deep dive packet flow analysis, policy hit-count reviews, session table inspection, and path isolation across multivendor environments.


- Produce RCA reports with corrective & preventive actions (CAPA) within SLA.

Change & Release
:


- Implement medium-to-complex firewall policy changes, NAT, VPNs (site-to-site & remote access), SDWAN path policies (if applicable), and object/group design.

- Validate changes via prechecks/post-checks, staged rollouts, maintenance windows, and backout plans.

- Maintain standard change templates and runbooks.

Platform Operations
:


- Manage device health (CPU/memory/session utilization), HA pairs/clusters, software updates/hotfixes, backup/restore, and configuration baselines.

- Monitor logs, alerts, and security events, tuning noise vs. signal to improve MTTR.

Security Posture & Compliance
:


- Enforce leastprivilege, review unused rules, shadow rules, overly broad objects, and age out exceptions.

- Support audits (SOX, ISO 27001, PCIDSS, etc.), provide evidence, close findings, and maintain policy documentation.

Collaboration & Communication
:


- Mentor L1 engineers; create KBs, SOPs, and training snippets.

- Communicate clearly with customers/stakeholders during incidents and changes; provide daily/weekly ops reports.

Vendor Specific Responsibilities
:


Checkpoint - L2 Support
:


- Core Platforms
:
 Quantum Security Gateways (appliances/virtual), ClusterXL, Maestro (if in scope), Smart-1 management, SmartConsole/SmartDashboard, SmartEvent/SmartLog, Identity Awareness.

- Policy & Objects
:
 Layered policies (Access/NAT/Threat Prevention), policy installation targets, inline layers, updatable objects, HTTPS Inspection & categorization overrides.

- Threat Prevention
:
 IPS, AntiBot, AntiVirus, Threat Emulation/Extraction (SandBlast), URL Filtering & Application Control-finetune profiles, exceptions, and performance impact.

- VPN
:
Routebased and policybased VPNs, interoperable device profiles, VPN communities (meshed/star), IKEv1/v2 debugging, DPD, PFS, and crypto suite alignment.

- HA/Scalability
:
ClusterXL states (Active/Standby/ActiveActive), CCP multicasts/unicasts, failover/failback, Sync interface design, accelerated secureXL/FW worker tuning.

- Upgrades/Maintenance
:
 Jumbo Hotfix Accumulators, CPUSE upgrades, policy verification preinstall checks, database revisions, migrate import/export.

- Logging/Forensics
:
SmartLog queries, log indexing health, log server HA, packet captures using tcpdump/fw monitor (new & legacy syntax), cpview performance insights.

- CLI/Diagnostics
:
cpstat, cpwd_admin, cpinfo, fw ctl zdebug, cphaprob stat, cpconfig, GAiA WebUI basics.

Required Qualifications :

- Experience
:
3-6 years in network security operations with at least 2-3 years hands on in Checkpoint or Fortinet (L2 depth).

- Protocols/Networking
:
Strong knowledge of TCP/IP, routing (static, BGP/OSPF basics), VLANs, NAT, DNS, DHCP, QoS basics, MTU/fragmentation/PMTUD.

- Security Concepts
:
Stateful inspection, TLS/SSL, certificate chains, threat prevention concepts, VPN crypto suites, Zero Trust basics, microsegmentation principles.

- Tooling
:
Wireshark, packet captures, syslog/SEIM basics, ITSM tools (ServiceNow/Jira), version control for configs (Git or builtin platform revisions).

- Soft Skills
:
Incident communication, stakeholder updates, RCA writing, mentoring L1.

Preferred Certifications :

- Checkpoint
:
CCSA, CCSE (L2 strongly prefers CCSE).

- General
:
ITIL v3/4 Foundation, CCNA/Network+ (or equivalent), any SOC/Blue Team exposure

info-icon

Did you find something suspicious?

Similar jobs that you might be interested in

Posted by

Ranjana sharma

HR Advisor at Bolt-on Global Solutions Pvt Ltd.

Last Active: 1 Apr 2026

Job Views:  
129
Applications:  15
Recruiter Actions:  0

Posted in

CyberSecurity

Functional Area

Cyber Security

Job Code

1625071

Jobs by location

Interview Questions for you

View All
Blog for regisnation

How to Write Leave Application for Urgent Work: Format & Samples (2025)

Blog for regisnation

Top 90+ Machine Learning Interview Questions and Answers

Blog for regisnation

Top 40+ Deep Learning Interview Questions and Answers