Network Security - Senior Engineer

Job Description

• Design, Test and Implement a “Zero Trust” network and Palo Alto Firewalls, as part of Client’s Network Segmentation System.
• Design the security network topology and decide on the placement of firewalls, considering factors such as traffic flow, network segmentation, and security zones, to be implemented in the data center.
• Design Client’s Zero Trust network architecture and its cyber security components, to implemented in the data center.
• Access the device's management interface and perform the initial setup, including setting the management IP address, hostname, and administrative credentials.
• Configure the network interfaces on the firewall, defining IP addresses, subnet masks, and default gateway settings.
• Activate the appropriate licenses required for the features and capacity needed in the network.
• Create security policies to allow or deny traffic between different security zones, specifying rules based on applications, users, and services.
• Define security policies that control traffic flow, specifying rules for allowed or blocked connections, application usage, user access, and more. Configure NAT policies for translating IP addresses between internal and external networks.
• Design and configure Virtual Private Network (VPN) connections, ensuring secure remote access and inter-office communications.
• Implement HA solutions like Active-Active or Active-Passive to ensure firewall redundancy and minimize downtime.
• Set up threat prevention features such as anti-virus, anti-spyware, URL filtering, and Wildfire to detect and block malicious traffic.
• Establish logging and monitoring mechanisms to track network activity, detect anomalies, and respond to security incidents.
• Thoroughly test the architecture before deploying it in a production environment to identify and address any potential issues.
• Deploy the designed architecture and provide training to the network team for proper management and maintenance.
• Regularly review and update the firewall policies and configurations based on changing security requirements and network dynamics.
• Maintain detailed technical design documentation of the firewall configuration, policies, and network topology for future reference and troubleshooting.
• Verify that the security policies are correctly configured and enforced. Test various traffic scenarios to ensure that traffic is allowed or denied based on the defined rules.
• Validate Network Address Translation (NAT) policies to ensure IP address translations are working as expected and not causing any connectivity issues.
• Check the effectiveness of threat prevention features, such as antivirus, anti-spyware, URL filtering, and Wildfire, to detect and block malicious traffic.
• Involve end-users and stakeholders in testing to ensure that the firewall policies do not negatively impact critical business applications and workflows.
• Test Virtual Private Network (VPN) connections to ensure secure remote access and inter-office communication are working properly.
• If High Availability is configured, perform failover testing to ensure that the secondary firewall takes over seamlessly in case of a primary device failure.
• Validate that relevant events are being logged correctly, and monitoring and reporting functionalities are providing the required information.
• Compliance Testing: If organization needs to comply with specific regulations or standards, verify that the firewall configurations align with those requirements.

Mandatory Competencies