Cybersecurity Engineer - Firewall Lockdown

The Firewall Lockdown teams core function is to ensure firewall rule compliance with current VISA policies specifically Key Controls and Technical Security Requirements. We validate firewall rules to address high-risk network communications for Visa applications and processes ensuring the firewall rules in our network environment remains non-risky / compliant with evolving network and zoning requirements.

A primary focus is the remediate & cleaning up and hardening of the existing firewall rules through the removal of expired rules. The team proactively identifies rules violating Visa Technical Security Requirements and inconsistent with Visas least privilege access model. We conduct thorough traffic reviews for each violating rule and engage affected ATCs via multiple email communications. ATCs are then expected to either extend the rules expiration reject it or disable it.

The firewall lockdown project has successfully transitioned into a BAU process continuously addressing non-compliant rules. By comparing firewall rules against TSR we actively manage legacy communications that may no longer meet current policy standards ultimately fortifying Visas network security posture.

Essential Functions:

• Drive core responsibilities including but not limited to in-depth rule auditing zero-hit rule cleanup management of expiring rules identification and mitigation of high-risk rules resolution of non-compliant rules and the precise remediation and modification of firewall rules strictly adhering to established change management protocols.

• Execute systematic and ad-hoc reviews of firewall rulesets with a primary focus on Checkpoint and Palo Alto platforms to ensure stringent adherence to established security policies industry best practices and regulatory compliance mandates.

• Lead comprehensive firewall rule audits proactively identifying and addressing redundant obsolete or overly permissive rules and formulating actionable remediation strategies.

• Develop and meticulously maintain comprehensive documentation for all firewall rules encompassing their stated purpose designated owner and defined expiration dates. This includes fostering effective communication and collaboration with application owners to ensure alignment and accuracy.

• Collaborate strategically with internal security and assurance teams to thoroughly comprehend compliance requirements translating these into secure optimized and efficient firewall rule configurations.

• Monitor and analyze firewall logs and security alerts to detect suspicious activities policy violations and potential security incidents leveraging a strong understanding of security monitoring principles.

• Provide expert guidance and support on firewall security best practices robust vulnerability management strategies and effective threat mitigation techniques.

• Possession of demonstrable experience in troubleshooting network connectivity issues directly related to firewall rules including those involving load balancers and other critical network infrastructure components is a distinct advantage.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Qualifications :

Basic Qualifications:
2 years of relevant work experience and a Bachelors degree OR 5 years of relevant work experience. Masters graduates must have 2 years of relevant work experience to qualify

Preferred Qualifications:
3 or more years of work experience with a Bachelors Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters MBA JD MD)
Advanced proficiency with two of Checkpoint Firewall-1 Palo Alto firewall technologies
Ability to manage Provider-1 and/or Panorama management and logging systems
Strong understanding of networks security technologies and systems technologies
Proven ability to troubleshoot problems systematically in complex systems and network environments
Customer focused mindset excellent communication interpersonal and collaboration skills
Experience with on and off premise DDOS solutions
Experience with monitoring tuning and alerting
Experience with server platforms virtualization containers and cloud technologies
Operational knowledge of systems databases and network security engineering best practices
ITIL certification preferred. Familiar with ITIL concepts such as Incident Change and Problem Management
Experience with policy orchestration compliance and automation tools (e.g. Tufin Skybox)
Preferred certifications include: Check Point Administrator (CCSA) Check Point Engineer (CCSE) Cisco Certified Network Associate (CCNA) Palo Alto Networks Certified Network Security Engineer (PCNSE)

Additional Information :

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race color religion sex national origin sexual orientation gender identity disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Remote Work :

No

Employment Type :

Full-time