Proximus_Checkpoint_Day0Requirements
No. of positions 2
Account Name Proximus
Service Line
Must have skills - 2 skills which are non-
negotiable Checkpoint-L2, Fortinet – L2 troubleshooting and technical skills
Desirable skills - 1 skill which is nice to have CCSA or CCSE certification
Infosys role
Desired experience range 5-8 Years
Location(s) where this position can work out of Bangalore – Proximus,GCC
Does this position require working from client
office all or some days in the week? If yes pls
provide details Should be worked from Proximus-GCC for atleast 3 days in a week and it will be 24*7 support
Is remote working allowed
Any additional things to be checked
Responsibilities and JD in brief along with additional criteria to be considered (if any):
Role Titles
· Network Security Engineer – L2 (Checkpoint)
· Network Security Engineer – L2 (Fortinet)
Role Summary (Common)
L2 Network Security Engineers provide advanced operational support for enterprise firewalls and
security edge services, handling incident response, complex change implementation, problem
management, and service improvements. They act as the primary escalation point from L1 and
collaborate with L3/Architecture teams for chronic or design-level issues. They ensure high availability,
security posture adherence, and compliance across on-prem, hybrid, and cloud-connected networks.
---
Primary Responsibilities (Common)
1. Incident Response & Troubleshooting
o Own P2/P3 incidents end-to-end; drive P1 bridges as secondary lead when L3 is engaged.
o Perform deep-dive packet flow analysis, policy hit-count reviews, session table inspection, and path isolation across multi-vendor environments. o Produce RCA reports with corrective & preventive actions (CAPA) within SLA. 2. Change & Release o Implement medium-to-complex firewall policy changes, NAT, VPNs (site-to-site & remote access), SD-WAN path policies (if applicable), and object/group design. o Validate changes via pre-checks/post-checks, staged rollouts, maintenance windows, and back-out plans. o Maintain standard change templates and runbooks. 3. Platform Operations o Manage device health (CPU/memory/session utilization), HA pairs/clusters, software updates/hotfixes, backup/restore, and configuration baselines. o Monitor logs, alerts, and security events, tuning noise vs. signal to improve MTTR. 4. Security Posture & Compliance o Enforce least-privilege, review unused rules, shadow rules, overly broad objects, and age out exceptions. o Support audits (SOX, ISO 27001, PCI-DSS, etc.), provide evidence, close findings, and maintain policy documentation. 5. Collaboration & Communication o Mentor L1 engineers; create KBs, SOPs, and training snippets. o Communicate clearly with customers/stakeholders during incidents and changes; provide daily/weekly ops reports. --- Vendor-Specific Responsibilities A) Checkpoint – L2 Support · Core Platforms: Quantum Security Gateways (appliances/virtual), ClusterXL, Maestro (if in scope), Smart-1 management, SmartConsole/SmartDashboard, SmartEvent/SmartLog, Identity Awareness. · Policy & Objects: Layered policies (Access/NAT/Threat Prevention), policy installation targets, inline layers, updatable objects, HTTPS Inspection & categorization overrides. · Threat Prevention: IPS, Anti-Bot, Anti-Virus, Threat Emulation/Extraction (SandBlast), URL Filtering & Application Control—fine-tune profiles, exceptions, and performance impact.
· VPN: Route-based and policy-based VPNs, interoperable device profiles, VPN communities (meshed/star), IKEv1/v2 debugging, DPD, PFS, and crypto suite alignment. · HA/Scalability: ClusterXL states (Active/Standby/Active-Active), CCP multicasts/unicasts, failover/failback, Sync interface design, accelerated secureXL/FW worker tuning. · Upgrades/Maintenance: Jumbo Hotfix Accumulators, CPUSE upgrades, policy verification pre-install checks, database revisions, migrate import/export. · Logging/Forensics: SmartLog queries, log indexing health, log server HA, packet captures using tcpdump/fw monitor (new & legacy syntax), cpview performance insights. · CLI/Diagnostics: cpstat, cpwd_admin, cpinfo, fw ctl zdebug, cphaprob stat, cpconfig, GAiA WebUI basics. B) Fortinet – L2 Support · Core Platforms: FortiGate (hardware/VM), FortiManager, FortiAnalyzer, (optionally FortiAuthenticator, FortiSandbox), VDOM-based multi-tenancy. · Policy & Objects: Centralized ADOM-based policy packages (via FortiManager), policy look-up & hit-count, internet services DB objects, security profiles and inspection modes (flow/proxy). · Security Profiles: IPS, Web Filtering, Application Control, AV, SSL inspection (certificate deployment/pinning impacts), DLP, DNS filter—profile tuning & exceptions. · VPN & SD-WAN: IPsec (route vs. policy-based), dial-up IPsec, ADVPN; SSL-VPN (portal/policies); SD-WAN members/health-checks (SLA), performance-SLAs and steering logic. · HA Clustering: FGCP A-P/A-A, session pickup, override/non-override, HA link design, get system ha status analysis and split-brain prevention. · Upgrades/Maintenance: FortiOS release trains and interim builds, image and config integrity checks, upgrade paths, FortiGuard services (AV/IPS/URL signatures). · Logging/Forensics: FortiAnalyzer event handlers, playbooks, log DB health, analytics, reports; diag debug flow, diag sniffer packet, diag sys top, diag debug crashlog. · CLI/Diagnostics: show | grep, get/config contexts, packet-flow stages, session table (diag sys session list), policy lookup (diagnose firewall proute/list). --- Required Qualifications (Common) · Experience: 3–6 years in network security operations with at least 2–3 years hands-on in Checkpoint or Fortinet (L2 depth). · Protocols/Networking: Strong knowledge of TCP/IP, routing (static, BGP/OSPF basics), VLANs, NAT, DNS, DHCP, QoS basics, MTU/fragmentation/PMTUD.
· Security Concepts: Stateful inspection, TLS/SSL, certificate chains, threat prevention concepts, VPN crypto suites, Zero Trust basics, micro-segmentation principles. · Tooling: Wireshark, packet captures, syslog/SEIM basics, ITSM tools (ServiceNow/Jira), version control for configs (Git or built-in platform revisions). · Soft Skills: Incident communication, stakeholder updates, RCA writing, mentoring L1. Preferred Certifications · Checkpoint: CCSA, CCSE (L2 strongly prefers CCSE). · Fortinet: NSE 4 (minimum), NSE 5 (FortiManager/Analyzer) preferred; NSE 6 modules are a plus. · General: ITIL v3/4 Foundation, CCNA/Network+ (or equivalent), any SOC/Blue Team exposure.
