Responsibilities and JD in brief along with additional criteria to be considered (if any):
Role Titles
- Network Security Engineer – L2 (Checkpoint)
- Network Security Engineer – L2 (Fortinet)
Role Summary (Common)
L2 Network Security Engineers provide advanced operational support for enterprise firewalls and security edge services, handling incident response, complex change implementation, problem management, and service improvements. They act as the primary escalation point from L1 and collaborate with L3/Architecture teams for chronic or design-level issues. They ensure high availability, security posture adherence, and compliance across onprem, hybrid, and cloud-connected networks.
Primary Responsibilities (Common)
-
Incident Response & Troubleshooting
- Own P2/P3 incidents endtoend; drive P1 bridges as secondary lead when L3 is engaged.
- Perform deepdive packet flow analysis, policy hitcount reviews, session table inspection, and path isolation across multivendor environments.
- Produce RCA reports with corrective & preventive actions (CAPA) within SLA.
-
Change & Release
- Implement mediumtocomplex firewall policy changes, NAT, VPNs (sitetosite & remote access), SDWAN path policies (if applicable), and object/group design.
- Validate changes via prechecks/postchecks, staged rollouts, maintenance windows, and backout plans.
- Maintain standard change templates and runbooks.
-
Platform Operations
- Manage device health (CPU/memory/session utilization), HA pairs/clusters, software updates/hotfixes, backup/restore, and configuration baselines.
- Monitor logs, alerts, and security events, tuning noise vs. signal to improve MTTR.
-
Security Posture & Compliance
- Enforce leastprivilege, review unused rules, shadow rules, overly broad objects, and age out exceptions.
- Support audits (SOX, ISO 27001, PCIDSS, etc.), provide evidence, close findings, and maintain policy documentation.
-
Collaboration & Communication
- Mentor L1 engineers; create KBs, SOPs, and training snippets.
- Communicate clearly with customers/stakeholders during incidents and changes; provide daily/weekly ops reports.
VendorSpecific Responsibilities
A) Checkpoint – L2 Support
-
Core Platforms: Quantum Security Gateways (appliances/virtual), ClusterXL, Maestro (if in scope), Smart-1 management, SmartConsole/SmartDashboard, SmartEvent/SmartLog, Identity Awareness.
-
Policy & Objects: Layered policies (Access/NAT/Threat Prevention), policy installation targets, inline layers, updatable objects, HTTPS Inspection & categorization overrides.
-
Threat Prevention: IPS, AntiBot, AntiVirus, Threat Emulation/Extraction (SandBlast), URL Filtering & Application Control—finetune profiles, exceptions, and performance impact.
-
VPN: Routebased and policybased VPNs, interoperable device profiles, VPN communities (meshed/star), IKEv1/v2 debugging, DPD, PFS, and crypto suite alignment.
-
HA/Scalability: ClusterXL states (Active/Standby/ActiveActive), CCP multicasts/unicasts, failover/failback, Sync interface design, accelerated secureXL/FW worker tuning.
-
Upgrades/Maintenance: Jumbo Hotfix Accumulators, CPUSE upgrades, policy verification preinstall checks, database revisions, migrate import/export.
-
Logging/Forensics: SmartLog queries, log indexing health, log server HA, packet captures using tcpdump/fw monitor (new & legacy syntax), cpview performance insights.
-
CLI/Diagnostics: cpstat, cpwd_admin, cpinfo, fw ctl zdebug, cphaprob stat, cpconfig, GAiA WebUI basics.
B) Fortinet – L2 Support
-
Core Platforms: FortiGate (hardware/VM), FortiManager, FortiAnalyzer, (optionally FortiAuthenticator, FortiSandbox), VDOMbased multitenancy.
-
Policy & Objects: Centralized ADOM-based policy packages (via FortiManager), policy lookup & hitcount, internet services DB objects, security profiles and inspection modes (flow/proxy).
-
Security Profiles: IPS, Web Filtering, Application Control, AV, SSL inspection (certificate deployment/pinning impacts), DLP, DNS filter—profile tuning & exceptions.
-
VPN & SDWAN: IPsec (route vs. policybased), dialup IPsec, ADVPN; SSLVPN (portal/policies); SDWAN members/healthchecks (SLA), performanceSLAs and steering logic.
-
HA Clustering: FGCP AP/AA, session pickup, override/nonoverride, HA link design, get system ha status analysis and splitbrain prevention.
-
Upgrades/Maintenance: FortiOS release trains and interim builds, image and config integrity checks, upgrade paths, FortiGuard services (AV/IPS/URL signatures).
-
Logging/Forensics: FortiAnalyzer event handlers, playbooks, log DB health, analytics, reports; diag debug flow, diag sniffer packet, diag sys top, diag debug crashlog.
-
CLI/Diagnostics: show | grep, get/config contexts, packetflow stages, session table (diag sys session list), policy lookup (diagnose firewall proute/list).
Required Qualifications (Common)
-
Experience: 3–6 years in network security operations with at least 2–3 years handson in Checkpoint or Fortinet (L2 depth).
-
Protocols/Networking: Strong knowledge of TCP/IP, routing (static, BGP/OSPF basics), VLANs, NAT, DNS, DHCP, QoS basics, MTU/fragmentation/PMTUD.
-
Security Concepts: Stateful inspection, TLS/SSL, certificate chains, threat prevention concepts, VPN crypto suites, Zero Trust basics, microsegmentation principles.
-
Tooling: Wireshark, packet captures, syslog/SEIM basics, ITSM tools (ServiceNow/Jira), version control for configs (Git or builtin platform revisions).
-
Soft Skills: Incident communication, stakeholder updates, RCA writing, mentoring L1.
Preferred Certifications
-
Checkpoint: CCSA, CCSE (L2 strongly prefers CCSE).
-
Fortinet: NSE 4 (minimum), NSE 5 (FortiManager/Analyzer) preferred; NSE 6 modules are a plus.
-
General: ITIL v3/4 Foundation, CCNA/Network+ (or equivalent), any SOC/Blue Team exposure.
|
|
