Assume a vital position as a key member of a high-performing team that delivers infrastructure and performance excellence. Your role will be instrumental in shaping the future at one of the world's largest and most influential companies.

• As a Lead Infrastructure Engineer
• Tier 4/Palo Alto/Fortinet at JPMorgan Chase within the Infrastructure Platform (IP) Compute Platform Network Services (CPNS), you apply deep knowledge of software, applications, and technical processes within the infrastructure engineering discipline. Continue to evolve your technical and cross-functional knowledge outside of your aligned domain of expertise.

The Firewall Engineer will be responsible for designing, implementing, and governing enterprise firewall and network segmentation architectures that protect critical assets across on-premises, cloud, and hybrid environments. This role leads standards development, solution selection, deployment patterns, and automation practices to ensure scalable, resilient, and compliant security controls aligned to Zero Trust principles and business objectives.

Job Responsibilities:

• Define enterprise firewall reference architectures, segmentation models, and policy frameworks across data centers, branches, and cloud, aligned to Zero Trust and least‑privilege principles.
• Design highly available, scalable NGFW deployments including clustering, load balancing, dynamic routing, NAT, TLS/SSL decryption, and application‑layer controls for north‑south and east‑west traffic.
• Develop hybrid and multi‑cloud patterns (AWS, Azure, GCP) using cloud‑native controls (e.g., Security Groups/NACLs, AWS Network Firewall, Azure Firewall, GCP VPC rules) and virtual NGFWs; integrate with SD‑WAN where applicable.
• Establish policy standards, naming conventions, and rule lifecycle processes (request, review, approval, attestation/recertification, decommission) mapped to NIST CSF, ISO 27001, PCI DSS, and regional requirements.
• Create and maintain architecture blueprints, patterns, runbooks, and decision records; lead design reviews and change advisory for firewall changes.
• Lead deployments, upgrades, and migrations across Palo Alto and Fortinet platforms; drive consolidation and rationalization programs.
• Build Infrastructure‑as‑Code and automation (Terraform, Ansible, Python) for provisioning, policy updates, pre‑change validation, drift detection, and compliance checks; integrate with CI/CD pipelines.
• Define logging, telemetry, and alerting standards; integrate firewall events with SIEM and SOAR for detection and response.
• Partner with Network and SOC teams to optimize performance, reduce rule‑set complexity, and remediate misconfigurations; maintain health dashboards and SLOs for clusters, sessions, throughput, and latency; Conduct periodic rule reviews, risk assessments, and attestations; enforce least‑privilege access and manage exceptions with traceability.
• Support audits and regulatory examinations with control narratives and evidence; provide continuous compliance reporting and drive findings to closure within SLAs; Provide Tier 3/architectural escalation during incidents; lead root‑cause analysis; design and test failover, backup/restore, and disaster recovery strategies for firewall configuration and state.
• Translate business and application requirements into secure connectivity solutions and standardized segmentation patterns; Evaluate vendor capabilities, influence product roadmaps, and manage lifecycle and cost/risk trade‑offs.

Required qualifications, capabilities, and skills

• Formal training or certification on software engineering concepts and 5+ years applied experience
• Proven experience with next‑generation firewalls, IDS/IPS, and segmentation; deep hands‑on with Palo Alto and/or Fortinet; exposure to Check Point/Cisco.
• Strong networking expertise: TCP/IP, BGP/OSPF, VLANs, NAT, IPSec/SSL VPN, SD‑WAN; practical TLS/SSL decryption strategies and operations.
• Experience with at least one public cloud (AWS, Azure, or GCP) and cloud‑native network security controls.
• Proficiency with IaC and automation (Terraform, Ansible, Python) and configuration management workflows; guardrail and validation integration into CI/CD.
• Familiarity with SIEM/SOAR integrations, logging taxonomy, and event correlation for firewall telemetry.
• Working knowledge of security frameworks and standards (NIST CSF, ISO 27001, PCI DSS; industry‑specific as applicable).
• Excellent communication and documentation skills; ability to lead cross‑functional reviews.

Preferred qualifications, capabilities, and skills

• Experience implementing Zero Trust architectures, microsegmentation (host‑based or SDN), and SASE/ZTNA solutions.
• Background with cloud‑native controls and virtual NGFWs across AWS, Azure, and GCP.
• Exposure to SDN (e.g., NSX‑T) and network policy orchestration.
• Performance tuning and capacity planning for high‑throughput, low‑latency environments.
• Leadership of large‑scale firewall migrations or platform consolidation programs.