1

Tufin Jobs (NOW HIRING)

Description Tufin is standing up a governed, enterprise-scale AI program that spans ChatGPT, Claude, Workato eMCP, and a growing ecosystem of third-party AI applications. The AI System Architect is ...

... Tufin, Cyber Security. Good to Have Skills: Madient, Assessment, Forescout, Incident Management ITIL: Incident Management, Change management Certifications for Manager: CISSP for SOC Manager/Lead ...

Gigamon, APCON, Tufin, NetScout sniffers and UC Performance Management tools; Infoblox NetMRI, Cacti, MRTG, Solarwinds, SmokePing, NetFlow, Splunk and syslog. Sienna dense wave division multiplexing ...

Network Engineer I

Carmel, IN · On-site

$119K - $144K/yr

Support network monitoring, analysis, and reporting using tools such as Splunk, SolarWinds, and Tufin. * Participate in automation and Infrastructure-as-Code initiatives, supporting AI-driven or ...

Description We are seeking an experienced and analytically driven Senior Business Systems Analyst to own and optimize our Lead-to-Cash (L2C) systems landscape. This role sits at the intersection of ...

Network Security Engineer

Dallas, TX · On-site

$103K - $141K/yr

... such as Algosec, Tufin, Jenkins and Git • Working closely with infrastructure, DevOps and application teams to embed security best practices throughout the technology stack Qualifications

Security/Firewall Architect

Dallas, TX · On-site

$64.25 - $83/hr

Tufin, Skybox, FireMon or AlgoSec. * Experience with Microsoft Visio. * Experience with Layer 3 networking, able to understand complex routing and NAT. * Experience with protocol capture, trace, and ...

Governance Tools - Tufin SecureChange and SecureTrack * Packet Brokers - Gigamon * *Please note that this role will require an in-person interview in final rounds. Compensation Range: The salary ...

Governance Tools - Tufin SecureChange and SecureTrack * Packet Brokers - Gigamon * *Please note that this role will require an in-person interview in final rounds. Compensation Range: The salary ...

Network Security Engineer

Dallas, TX · On-site

$103K - $141K/yr

... Tufin, Jenkins and Git * Working closely with infrastructure, DevOps and application teams to embed security best practices throughout the technology stack Requirements: * Extensive experience in ...

Gigamon, APCON, Tufin, Netscout sniffers and UC Performance Management tools; Infoblox NetMRI, Cacti, MRTG, Solarwinds, SmokePing, NetFlow, Splunk and syslog. * Strong hands-on knowledge of DNS ...

next page

Showing results 1-20

Tufin information

See salary details

$143.5K

$181.7K

$215.5K

How much do tufin jobs pay per year?

As of Jul 11, 2026, the average yearly pay for tufin in the United States is $181,739.00, according to ZipRecruiter salary data. Most workers in this role earn between $163,500.00 and $200,000.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals working with Tufin in a network security environment?

Professionals working with Tufin often encounter challenges such as managing complex, multi-vendor firewall environments and ensuring policy compliance across hybrid networks. Keeping up with frequent policy changes and coordinating with multiple teams—like network operations and security—requires strong communication and problem-solving skills. Additionally, staying updated with the latest Tufin features and best practices is essential to maximize automation and minimize errors in rule management.

How does Tufin work?

Tufin is a cybersecurity company that provides network security policy management solutions. It helps organizations automate and visualize security policies across complex network environments, ensuring compliance and reducing risk. Tufin's platform integrates with existing security tools and requires knowledge of network security and policy management.

Is Tufin an Israeli company?

Tufin is an Israeli cybersecurity company that specializes in network security policy management and automation. It was founded in Israel and has a global presence, serving organizations worldwide. The company is known for its security orchestration tools and solutions.

What are the key skills and qualifications needed to thrive as a Tufin Network Security Engineer, and why are they important?

To thrive as a Tufin Network Security Engineer, you need a solid understanding of network security concepts, firewall management, and experience with security policies, often backed by a degree in computer science or a related field. Familiarity with the Tufin Orchestration Suite, network security devices (like firewalls from vendors such as Cisco, Check Point, and Palo Alto), and relevant certifications (e.g., Tufin Certified Security Expert) are highly valuable. Analytical thinking, strong problem-solving abilities, and effective communication set professionals apart in this role. These skills are crucial for designing, automating, and optimizing security policies to protect organizational networks and ensure compliance.

What companies use Tufin?

Tufin is a cybersecurity company that provides network security policy management solutions. Many organizations across industries such as finance, healthcare, and government use Tufin to automate and secure their network environments. Specific company names are often not publicly disclosed due to confidentiality agreements.

What is the difference between Tufin vs Firewall Engineer?

AspectTufinFirewall Engineer
CredentialsCertifications like Cisco CCNA, CCNP, or vendor-specific security certificationsSame certifications, often Cisco, Palo Alto, or Check Point certifications
Work EnvironmentSecurity management platforms, network security teams, enterprise environmentsNetwork security teams, IT departments, enterprise or service provider networks
Industry UsageUsed by security vendors, consultants, and enterprises for policy managementEmployed directly by organizations to configure and maintain firewalls

Both Tufin and Firewall Engineers focus on network security, but Tufin provides security policy management solutions, while Firewall Engineers implement and manage firewall configurations. Understanding their roles helps organizations optimize security infrastructure effectively.

Is Tufin any good?

Tufin is a cybersecurity company specializing in network security policy management and automation. Its solutions are used by organizations to improve security and compliance, and the company is generally regarded as a reputable provider in the industry. Evaluating its suitability depends on specific organizational needs and technical requirements.

What is a Tufin engineer?

A Tufin engineer is a professional who specializes in the implementation, management, and support of Tufin's security policy management solutions. Tufin engineers help organizations automate and streamline network security processes, such as policy change management, compliance monitoring, and risk analysis across complex and hybrid network environments. They work with network firewalls, cloud platforms, and security teams to ensure that security policies are enforced efficiently and consistently. Tufin engineers often have a background in network administration, security, and experience with Tufin's suite of products.
More about Tufin jobs
What cities are hiring for Tufin jobs? Cities with the most Tufin job openings:
What states have the most Tufin jobs? States with the most job openings for Tufin jobs include:
Infographic showing various Tufin job openings in the United States as of July 2026, with employment types broken down into 86% Full Time, and 14% Contract. Highlights an 83% Physical, and 17% Remote job distribution, with an average salary of $181,739 per year, or $87.4 per hour.
AI System Architect - US

AI System Architect - US

Tufin

Boston, MA • On-site, Remote

Full-time

Re-posted 19 days ago


Job description

Description
Tufin is standing up a governed, enterprise-scale AI program that spans ChatGPT, Claude, Workato eMCP, and a growing ecosystem of third-party AI applications. The AI System Architect is the most senior technical role in this program - the person who defines the architecture, enforces the governance model, and owns the integration surface that every AI agent in the company operates through.
This role sits inside Enterprise Technology, reporting directly to the Head of Enterprise Technology. That placement is intentional. The AI System Architect is not a researcher, a prompt engineer, or a standalone AI strategist - they are an enterprise systems leader who happens to be building at the frontier of agentic AI. They own the AI integration strategy across Tufin's core platforms (Salesforce, NetSuite, Workato, HiBob, Jira), the MCP governance model, the persona-scoped token design, and the integration patterns that connect AI capabilities to those systems without creating point-to-point dependency risk.
You will manage the AI Platform Engineer(s), set the technical standards for the AI Power User group's citizen development program, and serve as the connective tissue between business leadership, platform owners, and development teams. You will shape the multi-year AI architecture roadmap while also rolling up your sleeves to conduct architecture reviews, resolve blockers, and move use cases from concept to production. This is a role for someone who can think big and execute - and who understands that in an enterprise context, the quality of your governance is inseparable from the quality of your architecture.
What You'll Own
Strategy & Architecture
  • Define and own the enterprise AI integration strategy - identifying opportunities to embed intelligent automation, agentic workflows, predictive analytics, and generative AI capabilities across Tufin's core platforms
  • Develop and maintain reference architectures, design patterns, and the AI architecture decision log that governs how AI models connect to enterprise systems and what they are permitted to do
  • Consult on enterprise system architecture and implement best practices for the Enterprise Business Systems team to leverage in their day-to-day execution.
  • Lead Proof-of-Concept initiatives for new AI tools and platform-native AI features, evaluating them against build-vs-buy criteria before recommending adoption
  • Partner with business stakeholders to translate operational pain points into AI use cases with clear ROI framing and sequencing criteria
  • Contribute to Tufin's enterprise data strategy, ensuring AI initiatives are supported by clean, accessible, and well-governed data pipelines

Integration Architecture & Delivery
  • Design and own the Workato eMCP layer - the MCP governance model, persona-scoped token framework, workspace isolation strategy, and the single sanctioned action surface through which all AI agents write back to enterprise systems
  • Define integration patterns and standards for AI model connectivity (Claude, ChatGPT) to Salesforce, NetSuite, HiBob, and Jira - specifying what agents can read, what they can write, through which surfaces, and with what confirmation and audit requirements
  • Design and oversee API strategies, event-driven architectures, and middleware patterns that support scalable AI feature delivery - including agentic workflows, intelligent data transformation, anomaly detection, and natural language interfaces layered onto ERP and CRM data
  • Collaborate with Engineering during build phases, conducting architecture reviews, providing hands-on guidance, and resolving complex technical blockers
  • Define non-functional requirements - latency, security, auditability, model drift monitoring - for AI components embedded in mission-critical business processes
  • Establish MLOps and LLMOps practices appropriate for Tufin's enterprise environment: model versioning, observability, and rollback procedures for production AI workloads

Governance & Risk
  • Translate Tufin's AI governance framework into enforceable runtime controls: confirmation gates, role-scoped permissions, audit trails, and rate limiting across all production agents
  • Own the AI intake process - the structured gate through which new AI use cases, agent deployments, and integration requests are reviewed, approved, and sequenced
  • Lead AI impact assessments for enterprise use cases, accounting for data privacy, regulatory compliance (GDPR, SOC 2, and applicable industry mandates), and responsible AI principles
  • Partner with Tufin's Security and Compliance teams and AI Governance Committee to define guardrails for agents operating with write access to critical systems - including human-in-the-loop checkpoints and audit trail requirements
  • Define the promotion criteria that citizen-built recipes must meet before the AI Platform Engineer can approve them for production, and hold that bar consistently across all value streams
  • Monitor for shadow AI and unauthorized usage - and treat its presence as an architectural signal, not just a policy violation

Team Leadership & Citizen Development
  • Manage and mentor the AI Platform Engineer(s) - setting technical direction, reviewing their work, and creating space for them to grow into the program's complexity
  • Set the technical standards and guardrails for the AI Power User group's citizen development program - defining what Power Users can build, on which platforms, with what approvals required before production promotion
  • Run architectural reviews for high-complexity citizen-built workflows and serve as the escalation point when the Platform Engineer identifies patterns outside established standards
  • Actively prevent shadow AI from taking root - not by blocking access, but by making the governed path so well-designed that it has no serious competition

Strategic Technical Leadership
  • Advise the Head of Enterprise Technology on AI integration strategy, platform evolution, and technology decisions as the enterprise AI tooling market continues to shift rapidly
  • Evaluate and recommend third-party AI tooling, LLM providers, and platform-native AI features - maintaining awareness of MCP ecosystem developments, Workato's AI platform roadmap, and the capabilities of the AI models Tufin has deployed
  • Maintain documentation standards and AI architecture protocols that satisfy both engineering teams and enterprise architecture review processes
  • Contribute to Tufin's AI governance framework as a living document, revising and extending it as new agent capabilities, regulatory signals, and organizational needs emerge

Requirements
What You Bring
Required
  • 8+ years of experience in enterprise solutions architecture, systems integration, or a closely related discipline - with a strong track record of designing and delivering production-grade integration platforms at scale
  • Deep hands-on expertise with Workato or a comparable enterprise iPaaS platform (MuleSoft, Boomi, Azure Integration Services) - including workspace design, governance configuration, and operational management
  • Demonstrated experience building and integrating across CRM (Salesforce preferred), ERP (NetSuite preferred), and iPaaS platforms at the enterprise level - in production, not just proof-of-concept
  • Hands-on experience designing or deploying AI/ML features in production enterprise environments - including at least one of: agentic AI systems, LLM-powered workflows, predictive analytics, or intelligent document processing
  • Strong command of integration patterns: REST/GraphQL APIs, event streaming, ETL/ELT pipelines, webhook-based automation, and API security best practices
  • Experience designing and enforcing integration governance: access control models, audit logging, approval workflows, and token management
  • Familiarity with Model Context Protocol (MCP) or direct experience connecting AI models to enterprise systems in a production context
  • Proven ability to lead distributed technical teams and communicate architecture clearly to both executive sponsors and engineering teams - you can hold a technical standard without becoming a bottleneck
  • Experience with the requisite AI-related Audit Management frameworks (ISO42001, ISO27001, SOC 2, etc.)

Preferred
  • Hands-on experience with Workato's AI Hub and/or eMCP enterprise connector offerings
  • Experience with vector databases, RAG (retrieval-augmented generation) architectures, or fine-tuning workflows in an enterprise data context
  • Working knowledge of AI governance frameworks (NIST AI RMF, EU AI Act considerations), privacy controls, and secure SDLC practices
  • Relevant certifications in cloud platforms (AWS, Azure, GCP) or enterprise platforms (Salesforce, NetSuite, Workato)
  • Experience designing citizen development programs - defining guardrails, review processes, and promotion criteria for non-engineer builders
  • Background in network security, cybersecurity, or compliance-adjacent enterprise environments - familiarity with Tufin's domain is a meaningful advantage
  • Experience in a regulated industry (financial services, healthcare, or manufacturing) where AI governance requirements are non-negotiable

How You Lead
  • You design for the long run - your architectures are opinionated enough to prevent sprawl and flexible enough to absorb what comes next
  • You govern by making the right path easy, not by making the wrong path hard - the best control is one that people follow because it serves them
  • You can hold a technical position in a room of non-technical executives and explain why it matters without losing either the nuance or the audience
  • You review other people's work with the same rigor you apply to your own - and you give feedback that makes people better, not just feedback that makes things compliant
  • You treat shadow AI as a design failure, not a user problem - if the governed path isn't being used, that's an architectural signal worth investigating
  • You think big and execute - strategy and hands-on delivery are not separate modes for you
  • You flag risks early, document decisions thoroughly, and operate with the understanding that the choices you make now will be someone else's production system for years