Firewall expert with a focus on network security (m/f/d)

Privately responsible operation and administration of the network infrastructure (Palo Alto Networks) Administration, configuration and ensuring the continuous operation of the central firewall infrastructure based on Palo Alto Networks, including the associated management and logging components Planning, implementation and continuous optimization of complex security architectures as part of a zero-trust strategy with the aim of comprehensive and segmented access control across different network zones Design, design and maintenance of security-relevant network segments and components such as security zones, NAT rules, VPN connections (IPSec, SSL) as well as dynamic and static routing concepts, in close coordination with adjacent IT core teams Analysis, processing and documentation of security incidents in the network environment (Incident Response), including root analysis, risk assessment and derivation of sustainable protection measures Continuous maintenance and further development of security policies including app-ID configurations, URL filters, Threat prevention, and user-ID configurations to secure data traffic and minimize attack areas Monitoring, fault diagnosis and troubleshooting in the ongoing operation of the network security infrastructure, both reactive and proactive Working with the integration of new systems and services into the existing security architecture (on-prem and cloud) in compliance with defined security standards Documentation and knowledge transfer Creation, maintenance and ongoing updating of technical documentation on system configurations, network designs, safety guidelines and operational processes to secure operational safety Documentation of changes and disturbances, including Lessons Learned and recommendations for action Knowledge transfer to internal employees by creating guides, How-Tos, as well as active participation in handovers and workshops Automation and script creation to increase efficiency in IT operation Development and implementation of automation solutions for the efficient implementation of recurring administrative activities in the network security environment, with the aim of reducing manual expenditure Creation and maintenance of scripts for automation of typical tasks, such as policy management using suitable scripting languages (e.g. using Python) Use of automation tools such as Ansible, etc. for orchestrating configurations Connection and integration of APIs for automated interaction with security solutions

University degree of a relevant discipline, such as computer science, IT security, network technology or comparable. Required special skills / special exams / qualifications At least 10 years of professional experience in the administration, configuration and operation of corporate firewalls, especially Palo Alto Next-Generation Firewalls (PA-Series, VM-Series, Panorama) Secure handling of Palo Alto Panorama for central and coordinated management of multiple firewalls, security policies and templates Experience with Palo Alto features like App-ID, User-ID, Content-ID, SSL Decryption, Threat Prevention, URL Filtering, WildFire, GlobalProtect Practical experience in the configuration of Security Policies, NAT Rules, VPNs (IPSec, SSL), User ID, ACLs and Threat Prevention and High-Availability Configurations Deep understanding of network protocols (TCP/IP, DNS, DHCP, HTTP/S, ICMP, BGP, OSPF, IPSec) Practical experience in the use of routing and switching (Layer 2–4, VLAN, NAT, QoS, VRRP) Experience in the design and operation of complex network architectures with firewalls, load balancers and proxies Experience in analytical error analysis and troubleshooting in the network and security environment (Packet Capture, Flow Analysis, Log Analysis) Detectable knowledge of automation and script creation (e.g. in Python, PowerShell, REST API, Ansible) Evidence of experience in the curing and security of networks according to recognised IT security guidelines Detectable knowledge in the introduction and operational handling of monitoring solutions Very good German and English communication skills Required knowledge and qualifications Experience in implementing cloud-based VPN and security solutions Safe handling of agile and non-agile planning and control methods Practical knowledge of working in agilely organized IT organizations

an indefinite full-time agency with a remuneration according to pay group 12 TVöD and occupational pension Support for technical training and further training flexible working hours and overtime compensation as well as 30 days holiday an operational health management and the possibility of cycling leasing