Remote Firewall Jobs (NOW HIRING)

The Senior Network Security Engineer to design, implement, operate, maintain, troubleshoot, and continuously improve enterprise network security infrastructure across on-premises, remote access, hybrid-cloud, and cloud-connected environments.

This role is responsible for senior-level engineering and day-to-day operational support of assigned security platforms, including firewalls, VPN and remote access services, MFA/token services, edge security, content filtering, network access control, security visibility platforms, logging, monitoring, vulnerability remediation, change management, and compliance documentation.

The ideal candidate is a hands-on engineer who can support production systems, respond to incidents and service requests, perform upgrades and patching, manage configuration backups, maintain SOPs and diagrams, produce operational metrics, support audits, and coordinate effectively across network, cloud, identity, SOC/NOC, system owner, and application teams.

Scope and Technology Ownership

• Primary scope:
• Cisco and Palo Alto firewall platforms, including Cisco ASA/Firepower/FTD/FMC and Palo Alto NGFW/Panorama/GlobalProtect. Remote access VPN, site-to-site VPN, cloud connectivity, partner connectivity, and secure access services.
• RSA SecurID Authentication Manager or equivalent MFA/two-factor authentication platforms, including server operations, token lifecycle support, software updates, certificates, backups, logs, monitoring, and directory/VPN integration.
• Cloudflare or equivalent DNS, DDoS, WAF, CDN, Zero Trust/ZTNA, tunneling, access control, and edge security services.
• Network access control, content filtering, secure web/email gateway services, security visibility/packet broker platforms, monitoring, logging, SIEM integration, and AWS/Azure network security controls.
• Coordination scope:
• Coordinate with SOC/NOC, cloud, identity/directory, wireless/LAN, server, endpoint, security governance, system owner, application, and vendor teams during changes, incidents, troubleshooting, and compliance activities.
• Coordinate with load balancer and application delivery teams when application traffic, SSL/TLS, routing, DNS, WAF, firewall policy, or traffic-flow issues require cross-team support.
• This is not intended to be a primary F5 BIG-IP/LTM/GTM/ASM/Advanced WAF or load-balancer administration role unless specifically assigned.

Key ResponsibilitiesDaily Operations and Service Management

• Provide daily, weekly, monthly, and annual operational support for assigned network security systems, including ticket resolution, email/phone support, health checks, troubleshooting, metrics, status reporting, and operational validation.
• Respond to system alerts, monitoring events, customer requests, incidents, problem tickets, vulnerability notices, and urgent or critical project assignments.
• Perform configuration backups, log backup checks, configuration changes, configuration troubleshooting, backup/recovery validation, and post-change verification.
• Maintain operational continuity by supporting device replacement, hardware fixes, vendor cases, maintenance windows, and emergency troubleshooting with minimal service disruption.
• Provide Tier II-IV technical support for complex network security, VPN, MFA, firewall, content filtering, NAC, and connectivity issues.

Firewall Engineering and Operations

• Design, configure, administer, maintain, and troubleshoot enterprise firewall solutions, including firewall rule bases, NAT, segmentation, threat prevention, VPN integration, logging, high availability, and secure configuration baselines.
• Install, configure, maintain, patch, and upgrade firewall hardware and software in new and existing network and cloud-connected environments.
• Perform firewall rule reviews, rule recertification, policy cleanup, decommissioning of obsolete rules, configuration audits, and risk-based optimization.
• Diagnose and resolve firewall issues involving connectivity, routing, DNS, VPNs, TLS/certificates, application flows, utilization, performance, packet captures, and log analysis.
• Ensure firewall capabilities are integrated with enterprise monitoring, logging, alerting, SIEM, incident response, and reporting platforms.

VPN, Remote Access, and Secure Connectivity

• Install, configure, maintain, monitor, and troubleshoot VPN services, including remote access VPN, client/clientless access, site-to-site VPN, mobile device access, business partner connectivity, and cloud connectivity.
• Maintain, operate, patch, upgrade, and troubleshoot RSA SecurID Authentication Manager or equivalent MFA/two-factor authentication infrastructure supporting VPN and remote access.
• Administer MFA servers/appliances, middleware/agents, certificates, high availability, backups, logs, monitoring, alerts, directory service integration, and VPN authentication policies.
• Support hardware and software token lifecycle operations, including provisioning, assignment, activation, replacement, resynchronization, modification, deactivation, inventory tracking, emergency access, and tiered user support.
• Monitor VPN availability, utilization, authentication performance, and user connectivity; prepare reports and resolve access issues affecting remote users, partners, cloud networks, and mission systems.

Edge Security, Content Filtering, and Network Access Control

• Administer or support Cloudflare or equivalent edge security capabilities, including DNS, DDoS protection, WAF policies, CDN, Access/Gateway, Zero Trust/ZTNA, tunneling, access controls, and logging.
• Support Cisco SD-WAN, Cisco Secure Access, SASE/SSE, or equivalent secure access integrations where they intersect with firewall policy, VPN, cloud access, branch connectivity, DNS, or identity-aware access.
• Implement and maintain secure edge policies, access controls, and traffic-flow patterns in alignment with least privilege, Zero Trust, and defense-in-depth principles.
• Coordinate with application, DNS, cloud, identity, and network teams to validate edge security changes and troubleshoot access, WAF, routing, and certificate issues.

Content Filtering and Secure Web/Email Gateway Services

• Design, configure, maintain, and troubleshoot content filtering and secure web/email gateway services, including web security gateways, email security gateways, security management appliances, URL filtering, malware defense, DLP integrations, and advanced threat integrations.
• Support email tracking, block/unblock requests, quarantine release requests, mail delivery troubleshooting, custom filters, log requests, custom reports, and security service checks.
• Perform policy reviews for content filtering services as threats, business requirements, and security standards change.
• Maintain service health through backups, patching, upgrades, certificate renewals, alerts, configuration documentation, SOPs, and diagrams.

Network Access Control and Security Visibility

• Support network access control technologies such as Cisco ISE or equivalent NAC platforms, including guest access workflows, wireless access troubleshooting, policy support, certificate updates, monitoring, upgrades, and integration with LAN, wireless, firewall, and identity services.
• Support security visibility and packet broker platforms such as Gigamon or equivalent technologies, including configuration changes, traffic-flow validation, troubleshooting, monitoring, upgrades, backups, and documentation.
• Assist SOC/NOC and incident response teams with packet visibility, traffic analysis, logging, and technical validation during investigations and outages.

Cloud, Hybrid Architecture, and Zero Trust

• Implement and manage network security controls across AWS, Azure, and hybrid environments, including VPCs/VNets, security groups, NACLs/NSGs, route tables, cloud firewalls, Transit Gateway, ExpressRoute, Direct Connect, VPN, DNS, monitoring, and logging.
• Provide technical guidance on Zero Trust principles, network segmentation, microsegmentation, least-privilege access, secure data transmission, threat detection, and compliance monitoring across on-premises and cloud environments.
• Evaluate proposed network and cloud changes for security impact, operational risk, compliance impact, and maintainability.

Compliance, Documentation, Change Management, and Continuous Improvement

• Support IT security, ISSO, system owner, audit, and security governance activities by addressing findings, supporting control implementation and validation, evaluating vulnerability scan results, and preparing evidence and artifacts for review.
• Support FISMA, FedRAMP, NIST 800-53, POA&M, continuous monitoring, risk profiling, vulnerability remediation, and audit evidence activities for assigned systems.
• Review vendor PSIRT notices, threat advisories, scan findings, and security patches; prioritize remediation and document risk, mitigation, and validation status.
• Create and maintain topology diagrams, equipment inventories, token lifecycle procedures, configurations, SOPs, runbooks, implementation plans, rollback plans, build/upgrade procedures, and knowledge articles.
• Follow and document configuration management, change management, release management, incident management, and problem management processes.
• Use automation and Infrastructure as Code where practical for repeatable provisioning, configuration, deployment, documentation, monitoring, and operational efficiency.
• Provide status input, technical briefings, root-cause analysis, metrics, weekly/bi-weekly/monthly reporting, knowledge transfer, and mentoring to stakeholders and team members.

Key Work Products and Deliverables

• Implemented and validated firewall, VPN, RSA/MFA, Cloudflare/edge security, content filtering, NAC, packet broker, cloud security, and monitoring/logging changes through approved change processes.
• RSA/MFA server operations documentation, patch/upgrade records, token inventory and lifecycle procedures, troubleshooting notes, and user-support coordination artifacts.
• Firewall rule reviews, recertification results, policy cleanup recommendations, decommissioning plans, and risk-based access recommendations.
• Configuration backups, recovery validation, system health checks, alert reviews, operational metrics, and daily/weekly/monthly status inputs.
• Technical diagrams, SOPs, runbooks, configuration documentation, build/upgrade procedures, implementation plans, rollback plans, and knowledge articles.
• Monitoring and logging integration updates, alert tuning recommendations, incident support artifacts, root-cause analysis, and problem records.
• Vulnerability remediation documentation, POA&M updates, continuous monitoring evidence, audit artifacts, risk/impact analyses, and compliance support packages.

Requirements

• 7+ years of experience in network security engineering, network infrastructure, cybersecurity infrastructure, or a closely related role.
• 5+ years of hands-on experience designing, implementing, administering, maintaining, and troubleshooting enterprise firewall platforms in production environments.
• Hands-on experience with Cisco security technologies such as Cisco ASA, Firepower, FTD, FMC, AnyConnect/Secure Client, or equivalent Cisco firewall/VPN platforms.
• Hands-on experience with Palo Alto Networks technologies such as NGFW, Panorama, GlobalProtect, security profiles, App-ID/User-ID, logging, and policy optimization.
• Experience administering RSA SecurID Authentication Manager or comparable enterprise MFA/two-factor authentication platforms, including server operations, token support, patching/upgrades, backups, certificates, monitoring, and directory/VPN integration.
• Strong understanding of firewall policy design, NAT, VPNs, routing, logging, segmentation, packet inspection, high availability, and secure configuration baselines.
• Strong working knowledge of TCP/IP, DNS, DHCP, BGP, TLS/certificates, VPN protocols, packet captures, log analysis, and common network diagnostic tools.
• Experience supporting remote access, site-to-site VPN, secure connectivity, cloud-connected networks, or hybrid-cloud environments.
• Experience working with enterprise monitoring, logging, SIEM, alerting, vulnerability management, or incident response workflows.
• Experience working within formal change management, incident management, problem management, configuration management, and release management processes.
• Experience supporting vulnerability remediation, audit evidence collection, POA&M tracking, compliance reviews, and security documentation in a regulated environment.
• Ability to produce clear technical documentation, including network diagrams, SOPs, runbooks, implementation plans, rollback plans, and operational procedures.
• Ability to obtain and maintain a Public Trust background investigation.
• Strong communication, collaboration, prioritization, troubleshooting, and customer-support skills.

Preferred Qualifications

• Experience with Cloudflare DNS, DDoS protection, WAF, CDN, Access, Gateway, Tunnel, Magic Transit, Zero Trust, or equivalent edge security services.
• Experience with Cisco ISE or equivalent network access control platforms, including 802.1X, guest access, wireless integration, posture policies, certificates, and identity integrations.
• Experience with Cisco Email Security Appliance, Web Security Appliance, Security Management Appliance, or equivalent secure email/web gateway and content filtering platforms.
• Experience with Gigamon or equivalent packet broker/security visibility platforms.
• Experience with Cisco SD-WAN, Cisco Secure Access, SASE/SSE, ZTNA, or related secure access technologies.
• Experience securing AWS environments, including VPC, Security Groups, NACLs, Transit Gateway, Route 53, Network Firewall, Direct Connect, VPN, GuardDuty, Security Hub, IAM, and CloudWatch.
• Experience securing Azure environments, including VNets, NSGs, Azure Firewall, Application Gateway/WAF, VPN Gateway, ExpressRoute, Private Link, Defender for Cloud, Entra ID, and Azure Monitor.
• Experience supporting NIST 800-53, FISMA, FedRAMP, continuous monitoring, POA&M remediation, ATO support, audit evidence collection, or similar regulatory requirements.
• Experience with Terraform, Ansible, Python, Git, REST APIs, CI/CD, or API-based firewall/cloud/security automation.
• Familiarity with applica...