Job Description

Job Title: Firewall Policy Specialist/Consultant
Contract: 12 months
Location: Downtown Toronto (hybrid 5x per month on-site)

Our client is seeking a Firewall Policy Specialist/Consultant to work directly alongside their Network Engineering team. This role will act as the architect of their security rule base, focused on the "logic" of the network — ensuring that every rule is necessary, documented, and compliant with appropriate security standards.

The ideal candidate is a detail-oriented professional who enjoys "cleaning up the house". You will transform overly permissive, legacy rule bases into a lean, Zero-Trust architecture while serving as the primary technical point of contact for external auditors and regulators. As our client moves toward SSL decryption, their policies will become more granular and the role of this Analyst is to ensure their newfound visibility into encrypted traffic results in tighter, more secure policies.

Responsibilities:

• Policy Lifecycle Management: Create, assess, and perform periodic reviews of firewall policies. You will ensure that every rule has a clear business owner and an expiration date.
• Rulebase Optimization & Cleanup: Identify and decommission "overly permissive" rules (e.g., Any rules or broad port ranges). You will use traffic logs to "right-size" access without breaking application functionality.
• Documentation & Artifact Creation: Develop and maintain high-quality network topology diagrams, security standard operating procedures (SOPs), and policy justification artifacts.
• Audit & Regulatory Liaison: Act as the technical lead during internal and external audits. You will translate complex technical firewall configurations into generalized summaries for regulators.
• Change Control Oversight: Review all incoming firewall change requests to ensure they meet security hardening standards before they are implemented by the Engineering team.

Qualifications:

• 5+ years of experience auditing or managing firewall rules (Palo Alto).
• Proven ability to respond to audit requests and inquiries from regulators, including preparing and presenting technical documentation and compliance artifacts.
• Familiarity with industry frameworks and how they apply to network security (NIST, ISO 27001, etc).
• Experience with policy orchestration and auditing tools (e.g., Tufin, Algosec, or FireMon).
• Exceptional written and verbal skills; ability to explain technical risk to non-technical stakeholders.
• Ability to analyze large sets of traffic logs to identify unused or redundant rules.