Senior Lead Infrastructure Engineer Tier 4Palo AltoFortinet

Assume a vital position as a key member of a high-performing team that delivers infrastructure and performance excellence. Your role will be instrumental in shaping the future at one of the worlds largest and most influential companies.

As a Senior Lead Infrastructure Engineer - Tier 4/Palo Alto/Fortinet at JPMorgan Chase within the Infrastructure Platform (IP) Compute Platform Network Services (CPNS) you apply deep knowledge of software applications and technical processes within the infrastructure engineering discipline. Continue to evolve your technical and cross-functional knowledge outside of your aligned domain of expertise.

The Firewall Engineer will be responsible for designing implementing and governing enterprise firewall and network segmentation architectures that protect critical assets across on-premises cloud and hybrid environments. This role leads standards development solution selection deployment patterns and automation practices to ensure scalable resilient and compliant security controls aligned to Zero Trust principles and business objectives.

Assume a vital position as a key member of a high-performing team that delivers infrastructure and performance excellence. Your role will be instrumental in shaping the future at one of the worlds largest and most influential companies.

As a Lead Infrastructure Engineer - Tier 4/Palo Alto/Fortinet at JPMorgan Chase within the Infrastructure Platform (IP) Compute Platform Network Services (CPNS) you apply deep knowledge of software applications and technical processes within the infrastructure engineering discipline. Continue to evolve your technical and cross-functional knowledge outside of your aligned domain of expertise.

The Firewall Engineer will be responsible for designing implementing and governing enterprise firewall and network segmentation architectures that protect critical assets across on-premises cloud and hybrid environments. This role leads standards development solution selection deployment patterns and automation practices to ensure scalable resilient and compliant security controls aligned to Zero Trust principles and business objectives.

Job Responsibilities

• Define enterprise firewall reference architectures segmentation models and policy frameworks across data centers branches and cloud aligned to Zero Trust and leastprivilege principles.
• Design highly available scalable NGFW deployments including clustering load balancing dynamic routing NAT TLS/SSL decryption and applicationlayer controls for northsouth and eastwest traffic.
• Develop hybrid and multicloud patterns (AWS Azure GCP) using cloudnative controls (e.g. Security Groups/NACLs AWS Network Firewall Azure Firewall GCP VPC rules) and virtual NGFWs; integrate with SDWAN where applicable.
• Establish policy standards naming conventions and rule lifecycle processes (request review approval attestation/recertification decommission) mapped to NIST CSF ISO 27001 PCI DSS and regional requirements.
• Create and maintain architecture blueprints patterns runbooks and decision records; lead design reviews and change advisory for firewall changes.
• Lead deployments upgrades and migrations across Palo Alto and Fortinet platforms; drive consolidation and rationalization programs.
• Build InfrastructureasCode and automation (Terraform Ansible Python) for provisioning policy updates prechange validation drift detection and compliance checks; integrate with CI/CD pipelines.
• Define logging telemetry and alerting standards; integrate firewall events with SIEM and SOAR for detection and response.
• Partner with Network and SOC teams to optimize performance reduce ruleset complexity and remediate misconfigurations; maintain health dashboards and SLOs for clusters sessions throughput and latency; Conduct periodic rule reviews risk assessments and attestations; enforce leastprivilege access and manage exceptions with traceability.
• Support audits and regulatory examinations with control narratives and evidence; provide continuous compliance reporting and drive findings to closure within SLAs; Provide Tier 3/architectural escalation during incidents; lead rootcause analysis; design and test failover backup/restore and disaster recovery strategies for firewall configuration and state.
• Translate business and application requirements into secure connectivity solutions and standardized segmentation patterns; Evaluate vendor capabilities influence product roadmaps and manage lifecycle and cost/risk tradeoffs.

Required qualifications capabilities and skills

• Formal training or certification on software engineering concepts and 5 years applied experience
• Proven experience with nextgeneration firewalls IDS/IPS and segmentation; deep handson with Palo Alto and/or Fortinet; exposure to Check Point/Cisco.
• Strong networking expertise: TCP/IP BGP/OSPF VLANs NAT IPSec/SSL VPN SDWAN; practical TLS/SSL decryption strategies and operations.
• Experience with at least one public cloud (AWS Azure or GCP) and cloudnative network security controls.
• Proficiency with IaC and automation (Terraform Ansible Python) and configuration management workflows; guardrail and validation integration into CI/CD.
• Familiarity with SIEM/SOAR integrations logging taxonomy and event correlation for firewall telemetry.
• Working knowledge of security frameworks and standards (NIST CSF ISO 27001 PCI DSS; industryspecific as applicable).
• Excellent communication and documentation skills; ability to lead crossfunctional reviews.

Preferred qualifications capabilities and skills

• Experience implementing Zero Trust architectures microsegmentation (hostbased or SDN) and SASE/ZTNA solutions.
• Background with cloudnative controls and virtual NGFWs across AWS Azure and GCP.
• Exposure to SDN (e.g. NSXT) and network policy orchestration.
• Performance tuning and capacity planning for highthroughput lowlatency environments.

• Leadership of largescale firewall migrations or platform consolidation programs.