Security Consultant - L3 Network Security Engineer (Firewall Management)

**Introduction** A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences. **Your role and responsibilities** We are seeking L3 Network Security Engineer (Firewall Management) is a senior-tier role focused on the architecture, high-level engineering, automation, and governance of an organization's perimeter and internal network security infrastructure. An L3 engineer owns the overall health, design, and strategic evolution of the firewall ecosystem. 1. Core Responsibilities Architecture & Engineering * Enterprise Design: Design, implement, and maintain high-availability (HA) firewall topologies across on-premises data centers, branch offices, and multi-cloud environments (AWS, Azure, GCP). * Next-Gen Capabilities: Architect and optimize advanced security features including SSL/TLS decryption, Intrusion Prevention Systems (IPS/IDS), Advanced Threat Protection (ATP), and Zero Trust Network Access (ZTNA). * Micro-Segmentation: Define and enforce network zone segmentation strategies to contain potential breaches and isolate critical assets (e.g., PCI-DSS zones, production vs. non-production). Escalation & Advanced Troubleshooting * Tier-3 Escalation: Act as the final technical escalation point for complex network security incidents, routing anomalies, or performance degradation. * Deep Packet Analysis: Perform advanced packet captures (PCAPs), session flow analysis, and cryptographic troubleshooting to diagnose intricate connectivity issues. * Root Cause Analysis (RCA): Lead post-incident reviews for high-severity network security outages and implement preventive engineering measures. Lifecycle & Governance * Major Upgrades & Migrations: Plan and execute major firewall OS upgrades, hardware refreshes, and greenfield deployments with zero-downtime execution strategies. * Automation & DevOps: Develop Infrastructure as Code (IaC) templates and scripts (using Ansible, Terraform, or Python) to automate rule deployment, compliance auditing, and configuration backups. * Policy Governance: Establish the "Golden Configuration" standard. Oversee the lifecycle of firewall rules, ensuring the elimination of shadowed, redundant, or overly permissive policies. 2. Technical Skill Profile Primary Firewall Platforms (Expertise in at least one or two) * Palo Alto Networks: Strata Firewalls, Panorama management, Prisma Access. * Fortinet: FortiGate, FortiManager, FortiAnalyzer. * Check Point: Quantum Security Gateways, SmartConsole. * Cloud Native: AWS Network Firewall, Azure Firewall Premium. Core Networking & Infrastructure * Routing & Switching: Deep understanding of BGP, OSPF, EIGRP, policy-based routing (PBR), and SD-WAN architectures. * Network Services: Advanced knowledge of DNS, DHCP, NAT/PAT, and IPsec VPN/GRE tunneling. * Network Security Orchestration (NSM): Experience with tools like Tufin, AlgoSec, or FireMon for compliance and policy automation. 3. Recommended Performance & Success KPIs For an L3 position, performance tracking moves away from ticket volume and focuses on systemic stability and architectural efficiency: Metric Target / Objective Architectural Uptime Maintain 99.99% availability across the firewall fabric through robust HA/DR design. Automation Velocity Percentage of standard firewall policy deployments moved from manual intervention to automated CI/CD pipelines. Rule Base Efficiency Measurable quarterly reduction in policy bloat, unutilized objects, and shadowed rules. Emergency Change Rate Minimizing standard outages by ensuring less than 5% of all firewall modifications require emergency windows. **Required technical and professional expertise** • Exposure to Cloud Security: Familiarity with cloud security challenges, risks, and vulnerabilities, including experience working with hybrid cloud infrastructure and applications. • Secure Infrastructure Knowledge: Understanding of secure infrastructure principles, including hands-on experience with security and zero trust principles in an infrastructure security context. • Incident Response Experience: Exposure to analyzing and resolving security incidents, including experience developing and implementing incident response plans. • Security Consulting Skills: Experience providing consulting services to clients, including conducting interviews, workshops, and assessments to identify potential security issues. • Hybrid Cloud Applications: Familiarity with secure applications of hybrid cloud, including experience developing infrastructure security strategies and programs tailored to business needs. **Preferred technical and professional experience** • Cloud Security Frameworks: Exposure to industry-recognized cloud security frameworks and standards, including knowledge of compliance requirements and regulatory mandates. • Advanced Threat Analysis: Familiarity with advanced threat analysis and incident response methodologies, including experience with threat intelligence and security analytics tools. • Zero Trust Architecture: Understanding of zero trust architecture principles and implementation strategies, including experience designing and deploying secure infrastructure solutions. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.