Job Description

Job Title: Firewall Engineer
Contract: 12 months
Location: Downtown Toronto (hybrid 5x per month on-site)

Our client is seeking a highly skilled Firewall Engineer to lead a critical security initiative: enabling and optimizing network-wide SSL/TLS decryption. In this role, you won't just be managing "allow/deny" rules; you will be the technical architect responsible for interpreting and migrating complex server traffic flows, managing certificate lifecycles across containers and servers, and ensuring the security stack can inspect encrypted traffic without compromising performance. You understand that decryption is a delicate balance of security visibility, privacy compliance, and hardware limitations.

Responsibilities:

• SSL Decryption Architecture: Design and implement end-to-end SSL/TLS decryption strategies. You will interpret existing traffic flows to determine where decryption is necessary and feasible.
• NGFW Management: Configure, maintain, and optimize Palo Alto Next-Generation Firewall (NGFW) policies, specifically focusing on threat prevention and application identification (App-ID).
• Cloud Infrastructure: Manage and scale VM-Series firewalls within Azure, utilizing Firewall Scale Sets and Azure Load Balancers to ensure high availability and traffic symmetry.
• Capacity & Performance: Conduct capacity management specifically related to the high-compute overhead of decryption to ensure network throughput remains optimal.
• Certificate Orchestration: Collaborate with application teams to manage SSL certificates across diverse environments, including traditional on-prem servers and containerized workloads.
• Automation: Support and develop CI/CD pipelines for firewall policy deployments and infrastructure-as-code (IaC) updates.
• Cross-Functional Liaison: Act as the primary bridge between Security and Application teams to troubleshoot traffic flows and ensure seamless application delivery during decryption rollouts.

Qualifications:

• 10+ years of hands-on experience with Palo Alto PAN-OS, including Panorama and VM-Series.
• Proven experience with Azure networking (Load Balancers, VNETs, UDRs) and Firewall Scale Sets.
• Deep understanding of SSL/TLS handshakes, cipher suites, and Certificate Authority (CA) hierarchies.
• Proficiency in pipeline development (e.g., Azure DevOps, GitLab, or Jenkins) and automation tools like Terraform or Ansible.
• Strong communication skills for effective team collaboration.