Senior Firewall Engineer

Req ID: 131964
Region: Americas
Country: USA
State/Province: Texas
City: Richardson

General Overview

Functional Area: Information Technology (ITM)
Career Stream: IT Risk & Compliance (RAC)
Role: Senior Technical Lead (SRT)
Job Title: Senior Technical Lead, Information Security
Job Code: SRT-ITM-SECR
Job Level: Level 11
Direct/Indirect Indicator: Indirect

Summary

We are looking for a Senior Firewall Engineer to join our Security Architecture team. You will be responsible for the day-to-day engineering, deployment, and optimization of our global firewall infrastructure. This role requires a "deep-diver" who can manage complex rule migrations, troubleshoot intricate VPN issues, and ensure our security posture is maintained through rigorous patch management and configuration auditing.

Detailed Description

Performs tasks such as, but not limited to, the following:

• Deployment & Integration: Lead the installation and configuration of physical and virtual firewalls (NGFW) in data centers and cloud VPCs.
• Complex Rule Management: Process high-complexity firewall change requests, ensuring that all changes are documented and follow the change management process.
• VPN Administration: Manage and troubleshoot Site-to-Site (IPsec) and Client-to-Site (GlobalProtect/AnyConnect) VPN tunnels.
• Operational Excellence: Perform regular firmware upgrades, vulnerability patching, and hardware refreshes across the global estate.
• Deep-Dive Troubleshooting: Use packet captures and flow analysis (Wireshark, tcpdump) to resolve connectivity issues that junior staff cannot solve.
• Security Automation: Develop scripts (Python/Ansible) to automate repetitive tasks like health checks or mass object creation.
• Mentorship: Act as a technical mentor for Junior/Mid-level SOC and Network Engineers.

Knowledge/Skills/Competencies

• Firewall Mastery, Advanced administration of Checkpoint Firewalls
• Protocols: Deep knowledge of TCP/IP, NAT/PAT, BGP, OSPF, and SSL/TLS Inspection.
• Analysis Tools: Expert at using Wireshark, Splunk, and firewall auditing tools like Tufin.
• Cloud Platforms: Experience managing security groups and virtual appliances in AWS or Azure.
• Identity/Auth: Integrating firewalls with Active Directory, LDAP, and MFA (SAML/Okta).
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Strong presentation skills for communicating architectural designs to executive leadership.
• Organized and able to meet deadlines.

Physical Demands

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• 7+ years of dedicated experience in Network Security Engineering.

Typical Education

• Education: Bachelor’s degree in IT, Networking, or a related field (equivalent experience accepted).
• Certifications: * Checkpoint: CCSE (highly preferred)
• General: CompTIA Security+ or Cisco CCNP Security.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Celestica's policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law.
This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines.

COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world's best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.

This location is a US ITAR facility and these positions will involve the release of export controlled goods either directly to employees or through the employee's movement within the facility. As such, Celestica will require necessary information from all applicants upon an applicant's acceptance of employment to determine if any export control exemptions or licenses must be filed.