Firewall & Connectivity Architect

We are looking for an experienced Senior Firewall & Connectivity Architect to design, implement, and optimise a next-generation, identity-aware connectivity and security infrastructure. In this role, you will define holistic enterprise architectures spanning firewalls, connectivity, cloud, and Zero Trust models, enabling secure site separation and granular user-based access. You will act as the architectural authority for modern perimeter-less networks, lead complex migration and transformation initiatives, and serve as the escalation point for advanced security and connectivity issues.

Ihr Aufgabengebiet

• Design and define end-to-end enterprise connectivity architectures (LAN, WAN, SD-WAN, Internet, Cloud, Remote Access).
• Architect next-generation firewall, proxy, and secure access solutions (on-prem, hybrid, and cloud-based).
• Develop and implement identity-aware and user-based security concepts, including Check Point Identity Awareness.
• Define and enforce Zero Trust, ZTNA, SSE, and SASE architecture principles.
• Design secure location separation, security zones, trust levels, and traffic flows.
• Lead firewall and connectivity migration projects, including routing design, policy transformation, and change management.
• Integrate and optimise Zscaler platforms with on-prem networks, cloud environments (AWS, Azure, GCP), and SD-WAN solutions.
• Manage replacement or coexistence scenarios between classic firewalls and cloud security platforms.
• Optimise and document firewall rule bases and segmentation policies, ensuring full policy lifecycle governanceusing tools such as Tufin SecureTrack and SecureChange.
• Define and oversee performance monitoring, log analysis, and reporting frameworks to improve operational transparency.
• Provide expert-level troubleshooting for complex firewall, identity, and connectivity issues.
• Support internal and external audits from an architectural and compliance perspective.
• Evaluate new technologies and vendors; support RFPs and manufacturer assessments.
• Advise IT management and business stakeholders on architecture decisions and strategic roadmaps.
• Produce high-quality architecture documentation (HLD/LLD, diagrams, decision papers)

• Proven expertise in Check Point Firewall architecture and Identity Awareness.
• Strong hands-on experience with user-based firewalling and Cisco network environments.
• In-depth architectural knowledge of Zscaler platforms.
• Solid understanding of Zero Trust, ZTNA, SSE, and SASE architectures.
• Deep knowledge of TCP/IP (routing, protocols, ports, connection handling, packet sequencing, dump analysis).
• Experience integrating firewalls with identity providers (Active Directory, IdP, SAML, OAuth).
• Strong background in cybersecurity and secure hybrid infrastructure design.
• Experience with hyperscaler environments (AWS and Azure).
• Advanced skills in log analysis and log analytics platforms (e.g. Elasticsearch / ELK).
• Confident working at architectural troubleshooting level across network and security stacks.
• Experience with enterprise Linux (RHEL) and Windows Server environments.
• Strong documentation and communication skills.

Unser Angebot

We offer extensive creative freedom and allow you to work independently-in an environment with flat hierarchies that encourages and challenges you. Our working atmosphere is characterized by personal appreciation, mutual respect, loyalty, and honesty.

• Hybrid working/remote work with occasional on-site customer appointments
• Exciting project assignments with well-known customers that match your professional focus
• Subsidies for internet, childcare, shopping, and retirement provisions
• 30 days of vacation + 2 company holidays + 1 additional mental health day for your resilience
• Modern corporate culture with a focus on personal development
• Highly motivated environment in a dynamically growing group of companies
• Permanent position with a 40-hour week
• Intensive onboarding with behind-the-scenes insight into all business units, feedback meetings, etc.