Job Closed
This listing is no longer active.
The world's trusted engineering network
Senior Network Security Engineer – Checkpoint
Location
United States
Posted
154 days ago
Salary
0
Seniority
Senior
Job Description
Senior Network Security Engineer – Checkpoint
Castillians
• Design, document, and implement secure network architectures, including segmentation (micro and macro), zero-trust principles, and secure remote access solutions. • Administer, configure, and troubleshoot our enterprise firewall infrastructure, with a primary focus on Check Point gateways (R-series, Maestro) and management suite. • Implement and support site-to-site and remote access VPN solutions. • Develop scripts (Python, Ansible, PowerShell, bash) and utilize APIs to automate repetitive tasks, enforce compliance, and streamline security operations. • Serve as an escalation point for security incidents. • Perform forensic analysis on network traffic and firewall logs to identify and remediate threats. • Ensure security configurations comply with internal policies and external regulations (e.g., PCI-DSS, ISO 27001, GDPR). • Deploy, configure, and maintain other critical network security technologies such as: Next-Generation Firewalls (e.g., Palo Alto Networks, Fortinet) Web Application Firewalls (WAF) Intrusion Detection/Prevention Systems (IDS/IPS) Proxy and content filtering solutions.
Job Requirements
- 6+ years of hands-on experience in network security engineering roles.
- In-depth, hands-on experience (5+ years) with Check Point R80.x+ management and gateway administration.
- Policy management, rule lifecycle, and complex NAT.
- Check Point security blades and advanced threat prevention features.
- Check Point ClusterXL and/or VSX technologies.
- Expert understanding of TCP/IP, routing protocols (BGP, OSPF), switching, VPN technologies (IPsec, SSL), and DNS.
- Strong grasp of security concepts: defense-in-depth, threat vectors, cryptography, AAA (RADIUS/TACACS+), and common attack methodologies.
- Experience with scripting language (Python preferred, Ansible, Terraform).
- Experience integrating on-premise security with public cloud environments (AWS, Azure, GCP) and securing cloud-native workloads.
- Excellent verbal and written communication skills, with the ability to explain complex technical issues to both technical and non-technical audiences.
- Check Point certifications (CCSA, CCSE) highly desirable.
- Certifications from other vendors (PCNSE, NSE, CISSP, CISM, etc.).
- Experience with SIEM integration and log analysis (Splunk, ArcSight, etc.).
- Knowledge of container and Kubernetes security.
- Experience in DevOps/SecOps environments.
Benefits
- Clear scope with no ambiguity over deliverables.
- Opportunity for repeat engagements based on performance.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Leverage your sysadmin background to set up research environments, manage lab infrastructure, and ensure our tooling is stable. • Assist in simulating threats (Red) while documenting detection gaps and defensive improvements (Blue). • Perform data collection, log analysis, and initial vulnerability triaging to support Senior Researchers. • Maintain high-quality documentation of research findings, scripts, and internal wikis. • Engage in a structured growth path to evolve from foundational sysadmin/support tasks into deep offensive security research. • Perform technical authorship and quality control for the TPM organization by reviewing penetration testing findings and final reports to ensure accuracy and actionable remediation guidance.
• Being a trusted DDoS advisor and subject matter expert: Supporting the field sale team and directly engaging with customer and prospects • Working closely with the enablement, marketing and product teams to help refine sales motions and influence product strategy • Delivering high value task within the sales cycle from qualification, needs analysis, detailed product overviews, competitive positioning, handling objections and close • Being accountable for your sales target and overachieving on that sales target • Building customer relationships and qualifying opportunities such that the sales forecast is accurate
• Own vulnerability management, SIEM tuning and monitoring, incident response, and threat investigation. • Maintain secure baseline configurations (CIS, hardening standards). • Oversee AWS security controls, including IAM governance, cloud logging, encryption standards, network security boundaries, and enforcement of cloud security guardrails. • Design and approve security controls for new systems, infrastructure changes, and applications. • Govern identity security, privileged access, MFA enforcement, and periodic access reviews. • Provide security oversight for DevOps pipelines and cloud deployments. • Lead annual risk assessments, security reviews, and third-party/vendor risk management. • Own the Disaster Recovery (DR) governance program, including planning, documentation, tabletop exercises, and driving remediation, while partnering with Infrastructure on technical DR execution. • Manage data protection and data classification practices. • Track and report security KPIs, risks, and initiatives to the ISO.
• Advising our customers on all security-related issues – from design to development • Analyzing, designing, and continuously developing our security services, as well as helping to define new managed security offerings • Working with modern security technologies such as EDR/XDR, IDS/IPS, PAM, vulnerability management, and SIEM • Independently supporting and coordinating internal and external security incidents (detection, containment, eradication, lessons learned) • Monitoring, analyzing, and defending against current and emerging threats (threat hunting, threat intelligence) by developing the latest defense mechanisms • Collaboration on the development of new security requirements, guidelines, and controls to improve the overall security situation of our customers • Close cooperation with our European and global security team to continuously develop our solutions, methods, and automation approaches
