I

Security Consultant - L3 Network Security Engineer

IBM · Pune, Maharashtra, India

~₹18L (est.)6–14 yrs experiencefull_timePosted 1w ago
Apply now →

Job description

**Your Role and Responsibilities:** We are seeking **L3 Network Security Engineer (Firewall Management)** is a senior-tier role focused on the architecture, high-level engineering, automation, and governance of an organization's perimeter and internal network security infrastructure. An L3 engineer owns the overall health, design, and strategic evolution of the firewall ecosystem. 1. Core ResponsibilitiesArchitecture & Engineering - **Enterprise Design:** Design, implement, and maintain high-availability (HA) firewall topologies across on-premises data centers, branch offices, and multi-cloud environments (AWS, Azure, GCP). - **Next-Gen Capabilities:** Architect and optimize advanced security features including SSL/TLS decryption, Intrusion Prevention Systems (IPS/IDS), Advanced Threat Protection (ATP), and Zero Trust Network Access (ZTNA). - **Micro-Segmentation:** Define and enforce network zone segmentation strategies to contain potential breaches and isolate critical assets (e.g., PCI-DSS zones, production vs. non-production). Escalation & Advanced Troubleshooting - **Tier-3 Escalation:** Act as the final technical escalation point for complex network security incidents, routing anomalies, or performance degradation. - **Deep Packet Analysis:** Perform advanced packet captures (PCAPs), session flow analysis, and cryptographic troubleshooting to diagnose intricate connectivity issues. - **Root Cause Analysis (RCA):** Lead post-incident reviews for high-severity network security outages and implement preventive engineering measures. Lifecycle & Governance - **Major Upgrades & Migrations:** Plan and execute major firewall OS upgrades, hardware refreshes, and greenfield deployments with zero-downtime execution strategies. - **Automation & DevOps:** Develop Infrastructure as Code (IaC) templates and scripts (using Ansible, Terraform, or Python) to automate rule deployment, compliance auditing, and configuration backups. - **Policy Governance:** Establish the "Golden Configuration" standard. Oversee the lifecycle of firewall rules, ensuring the elimination of shadowed, redundant, or overly permissive policies. 2. Technical Skill ProfilePrimary Firewall Platforms (Expertise in at least one or two) - **Palo Alto Networks:** Strata Firewalls, Panorama management, Prisma Access. - **Fortinet:** FortiGate, FortiManager, FortiAnalyzer. - **Check Point:** Quantum Security Gateways, SmartConsole. - **Cloud Native:** AWS Network Firewall, Azure Firewall Premium. Core Networking & Infrastructure - **Routing & Switching:** Deep understanding of BGP, OSPF, EIGRP, policy-based routing (PBR), and SD-WAN architectures. - **Network Services:** Advanced knowledge of DNS, DHCP, NAT/PAT, and IPsec VPN/GRE tunneling. - **Network Security Orchestration (NSM):** Experience with tools like Tufin, AlgoSec, or FireMon for compliance and policy automation. 3. Recommended Performance & Success KPIs For an L3 position, performance tracking moves away from ticket volume and focuses on systemic stability and architectural efficiency: **Metric** **Target / Objective** **Architectural Uptime**Maintain 99.99% availability across the firewall fabric through robust HA/DR design.**Automation Velocity**Percentage of standard firewall policy deployments moved from manual intervention to automated CI/CD pipelines.**Rule Base Efficiency**Measurable quarterly reduction in policy bloat, unutilized objects, and shadowed rules.**Emergency Change Rate**Minimizing standard outages by ensuring less than 5% of all firewall modifications require emergency windows. **Required Education:** Bachelor's Degree **Preferred education** Bachelor's Degree **Required Technical and Professional Expertise:** **Exposure to Cloud Security:** Familiarity with cloud security challenges, risks, and vulnerabilities, including experience working with hybrid cloud infrastructure and applications. **Secure Infrastructure Knowledge:** Understanding of secure infrastructure principles, including hands-on experience with security and zero trust principles in an infrastructure security context. **Incident Response Experience:** Exposure to analyzing and resolving security incidents, including experience developing and implementing incident response plans. **Security Consulting Skills:** Experience providing consulting services to clients, including conducting interviews, workshops, and assessments to identify potential security issues. **Hybrid Cloud Applications:** Familiarity with secure applications of hybrid cloud, including experience developing infrastructure security strategies and programs tailored to business needs. **Preferred Technical and Professional Experience:** **Cloud Security Frameworks:** Exposure to industry-recognized cloud security frameworks and standards, including knowledge of compliance requirements and regulatory mandates. **Advanced Threat Analysis:** Familiarity with advanced threat analysis and incident response methodologies, including experience with threat intelligence and security analytics tools. **Zero Trust Architecture:** Understanding of zero trust architecture principles and implementation strategies, including experience designing and deploying secure infrastructure solutions. ****Years of Experience:**** 5 - 9