Level 2 Firewall Engineer

About Proximus NXT

Proximus NXT Luxembourg supports all organizations in their digital transformation, by providing holistic ICT & Telecommunication solutions, as well as tailored managed services. With our partners and customers, we co-create opportunities and enable growth in a secure and sustainable manner. As a result of our unique expertise in next-gen IT services, mobile and advanced connectivity, we help our customers achieve their ambitions and realize their vision. Together with them and our partners we implement sovereign and trusted solutions that make people work smarter.

– www.proximusnxt.lu

Your mission :

Domain: Network Security / Firewall Services On-Call: Yes (Level 2 rotation)

The Level 2 Firewall Engineer ensures the stability, security, automation, and continuous improvement of the enterprise firewall infrastructure. The engineer handles complex incidents and problems, designs and maintains automation for firewall lifecycle operations, and ensures all configurations align with the CMDB as the authoritative Source of Truth. The role bridges operational excellence and infrastructure engineering, applying DevOps principles to security infrastructure.

Key Responsibilities

Incident & Problem Management (Level 2 Scope)

• Handle escalated incidents from Level 1
• Troubleshoot complex firewall issues (routing, NAT, clustering, performance)
• Perform deep packet analysis when required
• Conduct root cause analysis (RCA)
• Identify recurring issues and open Problem records
• Participate in post-mortem analysis and improvement plans
• Participate in Level 2 on-call rotation

Firewall Engineering & Automation

• Design and maintain automation for:
  • Software upgrades (CheckPoint, Fortinet, Open-Source)
  • Cluster upgrades and failover validation
  • Policy deployment pipelines
  • Backup & restore procedures
• Implement infrastructure changes through:
  • Ansible / AWX
  • Git-based workflows
  • CI/CD pipelines
• Ensure infrastructure changes are reproducible and version-controlled
• Contribute to Git repositories and review pull requests
• Maintain configuration as code principles

Configuration Governance & CMDB Integrity

• Ensure all firewall objects and rules align with CMDB data
• Enforce Source of Truth model (e.g., NetBox or equivalent)
• Avoid manual configuration drift
• Implement validation checks before deployment
• Contribute to compliance reporting

Firewall Platform Expertise

• Check Point Software Technologies
  • R8x architecture
  • Management Server / MDS
  • SmartConsole
  • ClusterXL
  • Policy installation & troubleshooting
• Fortinet
  • FortiGate
  • FortiManager
  • HA clusters
  • Security Fabric integration
• Open-Source Firewalls
  • nftables / iptables
  • pfSense
  • OPNsense

DevOps & Engineering Practices

• Infrastructure as Code mindset
• CI/CD pipeline integration
• Unit testing for automation scripts
• Use of Git branching strategies
• Observability integration (logs, metrics, alerts)
• Secure coding practices for automation

Upgrade & Lifecycle Management

• Plan and execute:
  • Major version upgrades
  • Hotfix deployment
  • Security patching
• Automate pre-checks and post-checks
• Maintain upgrade playbooks
• Document rollback strategies

Security & Compliance

• Ensure firewall configurations align with security policies
• Support audit evidence collection
• Support vulnerability remediation
• Ensure secure configuration standards, and best practices
• Participate in security hardening initiatives

Your profile :

Technical Skills Required

Mandatory

• 5+ years in enterprise firewall engineering
• Strong knowledge of:
  • CheckPoint R8x
  • Fortinet
• Strong understanding of Linux networking stack

DevOps & Engineering Practices

• Infrastructure as Code mindset
• CI/CD pipeline integration
• Unit testing for automation scripts
• Use of Git branching strategies
• Observability integration (logs, metrics, alerts)
• Secure coding practices for automation