L3 Network Security Engineer - Checkpoint Firewall

Description :

Job Title-Network Security Engineer L3 (Check Point Specialist).

Location-Bangalore, India.

Employment Type-Full-time.

Experience :

Typically 5 + years (preferred 7-10 years) of hands-on experience in network security / firewall engineering, including Check Point firewalls & higher-level escalations.

Job Overview :

We are seeking a seasoned Network Security Engineer (L3) with deep expertise in Check Point firewall platforms (CCSA/CCSE/CCNC) and enterprise network security operations.

The ideal candidate will :

- Serve as the escalation point for complex firewall/ network security issues.

- Lead the design, deployment, management and optimisation of Check Point security gateways/clusters.

- Work closely with cross-functional teams (network, security, operations) to ensure high availability, performance and compliance.

- Drive continuous improvement of security posture through advanced configurations, logging/forensics and threat mitigation.

Key Responsibilities :

- Configure, administer, optimise and troubleshoot Check Point firewall gateways, clusters (ClusterXL), VSX, SmartConsole, SmartEvent/SmartLog.

- Modernise and upgrade Check Point environments (version upgrades, policy consolidation, rulebase optimisation).

- Perform complex NAT, VPN (site-to-site, remote access SSL, IPsec), routing, dynamic routing integration with firewalls, high-availability failover configurations.

- Manage firewall policies, access controls, zones, intrusion prevention (IPS), application control, URL filtering, SSL inspection, and advanced threat prevention on Check Point platforms.

- Monitor, analyse and respond to security incidents involving Check Point firewalls; perform root cause analysis and remedial action.

- Produce and maintain operational documentation : policy reviews, rulebase justification, incident reports, configuration baselines, change logs.

- Collaborate with network/infra teams to ensure firewall integrations with routing, switching, WAN/SD-WAN, load-balancers and cloud connectivity.

- Participate in architecture/design review for new security deployments, migrations from legacy firewalls (or from other vendors to Check Point).

- Ensure compliance with internal security standards and external regulatory frameworks (eg. ISO 27001, NIST, PCI-DSS).

- Mentor/guide L1/L2 teams; drive automation or scripting (where applicable) to streamline firewall operations.

- Liaise with vendor support for escalation of hardware/software issues, patches, hot-fixes, service packs.

Required Skills & Qualifications :

- Bachelors degree in Computer Science, Information Security or related field (or equivalent work experience).

- Minimum 5-7 years (or 7-10 years preferred) of enterprise network security experience with Check Point firewalls (administration, clustering, migration, troubleshooting).

- Possess or working towards certifications : CCSA, CCSE, ideally CCSE Firewall or CCSE NGX/CCSE UX, or equivalent.

- Deep understanding of TCP/IP, BGP, OSPF, static routing, NAT, VLANs, switching, WAN technologies (MPLS/SD-WAN).

- Strong VPN experience (IPsec, SSL), NAT, firewall rule design, policy management, intrusion prevention and detection.

- Experience working in 247 operations support environment, escalated incident handling, root-cause analysis.

- Familiarity with SIEM, log collection/analysis, threat intelligence, endpoint protection, and vulnerability management.

- Excellent communication and documentation skills; ability to interact with stakeholders and present technical solutions.

- Preferably experience in multi-site/data-centre environments, migrations from other firewall vendors, high-availability/cluster deployments.