Network Engineer - Firewall CCNP - Local

The Firewall Engineer will provide network security support for enterprise firewall configuration, remediation, and refresh activities as part of the Get Healthy program. This is an onsite role in Warren, MI, five (5) days per week on an 18-month contract. The engineer will work in close coordination with network security stakeholders and broader network engineering teams throughout change windows and site-level upgrades.

Responsibilities:

Firewall Configuration, Rule Management, and Cleanup

• Perform firewall configuration, rule updates, and cleanup activities in support of network security refresh initiatives.
• Audit and rationalize existing firewall rule sets, removing redundant, overly permissive, or outdated policies.
• Validate configurations post-deployment to confirm accuracy and intended policy enforcement. Firewall Refresh Support
• Support firewall refresh activities tied to site-level or network upgrade projects.
• Assist with pre-refresh planning, policy migration, and hardware readiness validation.
• Coordinate with network engineering teams to align firewall changes with infrastructure refresh schedules. Troubleshooting and Issue Resolution
• Troubleshoot and resolve connectivity issues arising from firewall policy changes or refresh activities.
• Perform root cause analysis and implement corrective actions; escalate complex issues as appropriate. Implementation Sequencing and Stabilization
• Assist teams with sequencing and coordination during scheduled change windows.
• Support post-change stabilization efforts and document change activities per WWT and customer standards. Qualifications:
• 5+ years of hands-on experience in network security engineering with a focus on firewall administration.
• Active Cisco CCNP Security certification required.
• Demonstrated experience with enterprise firewall platforms (Palo Alto PAN-OS, Cisco Firepower/FTD, Cisco ASA, Fortinet FortiGate, or equivalent).
• Strong proficiency in firewall rule lifecycle management, including auditing, cleanup, and policy optimization.
• Experience supporting firewall refresh or migration projects in large enterprise environments.
• Solid understanding of network protocols (TCP/IP, DNS, IPsec, BGP, OSPF) and their interaction with firewall policy.
• Familiarity with enterprise change management processes, including CAB participation and change window execution.
• Additional certifications preferred (Palo Alto PCNSE, Fortinet NSE 4+, or CompTIA Security+).
• Excellent communication and collaboration skills; ability to work across security, network, and project teams.
• Must be available to work onsite in Warren, MI five (5) days per week for the duration of the engagement. Tools and Technologies:
• Firewall Platforms: Palo Alto Networks (PAN-OS / Panorama), Cisco Firepower / FTD, Cisco ASA, Fortinet FortiGate, or equivalent
• Security Protocols: IPsec, SSL/TLS, NAT, PAT, ACLs, Zone-Based Firewall policies
• Network Protocols: TCP/IP, BGP, OSPF, DNS, DHCP, VLAN, 802.1Q
• Monitoring & Diagnostics: Syslog, Wireshark / packet capture tools, SIEM integration
• Change & Configuration Management: ServiceNow or equivalent ITSM/CAB platforms; Visio or equivalent for documentation