Sr. Firewall Engineer

📋 Description

• • Architect and own the global network security posture for FreedomPay’s hybrid cloud environment, protecting billions of annual payment transactions across North America, Europe, and APAC.
• • Design, deploy, and tune next-generation Palo Alto Networks firewalls (PA-Series, VM-Series, CN-Series) to enforce Zero-Trust segmentation between on-prem data centers, Azure landing zones, and containerized workloads running on AKS and VMware Tanzu.
• • Translate complex business requirements into precise security policies: author firewall rules, NAT statements, security profiles, URL filtering, and threat-prevention signatures while maintaining a rule-base that is clean, auditable, and compliant with PCI-DSS, SOC 2, and GDPR.
• • Lead the migration of legacy Cisco ASA rulesets to Azure Firewall Premium and Palo Alto Panorama-managed policies, reducing technical debt and cutting policy deployment times by 40% through infrastructure-as-code pipelines built in Azure DevOps and ArgoCD.
• • Engineer high-availability pairs and active/active clusters for mission-critical firewalls, leveraging BGP, ECMP, and dynamic routing to guarantee 99.99% uptime for real-time payment processing APIs that serve 50K+ TPS.
• • Instrument end-to-end observability: configure Splunk dashboards, Dynatrace synthetic tests, and custom syslog parsers to detect anomalous traffic, brute-force attempts, and zero-day exploits within sub-minute SLAs.
• • Serve as the highest escalation point during a 24×7 on-call rotation (one week in six), triaging P1 incidents, performing root-cause analysis, and presenting post-mortems that drive continuous improvement across network, cloud, and application teams.
• • Partner with DevOps squads to embed security guardrails into CI/CD: integrate Palo Alto Prisma Cloud scans, Kubernetes NetworkPolicies, and OPA admission controllers so every microservice release inherits least-privilege connectivity by default.
• • Automate repetitive firewall tasks using Python, Ansible, and Terraform; maintain version-controlled configuration repositories that enable peer review, rollback, and compliance evidence at the click of a pipeline trigger.
• • Mentor junior engineers and run quarterly “Firewall Masterclass” sessions, sharing deep-dive knowledge on threat landscapes, packet capture techniques, and advanced Panorama troubleshooting.
• • Continuously research emerging technologies—such as SASE, ZTNA, and confidential computing—and deliver proof-of-concept designs that keep FreedomPay two steps ahead of adversaries and regulatory change.
• • Document everything: produce concise runbooks, network topology diagrams, and policy rationale that empower global teams to operate confidently without waiting for tribal knowledge.