Senior Check Point Firewall Engineer R80+ VSX

Auto Club of Southern California is hiring a Senior Firewall Engineer to own and operate enterprise and cloud network security platforms across on-prem and cloud environments. This role is for a hands-on Check Point specialist who can lead Tier 3 incident response, design secure hybrid architectures, and mentor junior engineers in a 24/7/365 environment.

You will be working on-site in Costa Mesa, CA. for the first 90 days, then in the office 3 out of 5 days per week.

What you'll do

• Lead operation and support of enterprise firewall and network security platforms in a 24/7/365 environment.
• Design, implement, and enforce firewall policies and security standards across on-prem and cloud environments.
• Own and support Check Point (R80+), VSX, CloudGuard, VMware NSX-T / Distributed Firewall, and related platforms.
• Secure cloud environments across AWS, Azure, and GCP; implement cloud-native and hybrid controls.
• Architect, implement, and maintain site-to-site and remote access VPN solutions.
• Act as Tier 3 escalation for complex incidents, changes, and outages; lead post-incident reviews.
• Partner with infrastructure, cloud, and security teams to design secure solutions and integrations.
• Support audits and compliance initiatives; maintain security documentation and runbooks.
• Mentor junior engineers and drive continuous improvement and best practices.
• Participate in on-call rotation and provide off-hours support as needed.

• 6+ years of enterprise network or security engineering experience.
• Strong hands-on Check Point experience in production (R80+); VSX experience required.
• Hands-on experience with Check Point Maestro (deployment, Security Group management, orchestration, scaling, and troubleshooting)
• Deep Layer 2 / Layer 3 networking and TCP/IP troubleshooting skills.
• Proven experience designing and supporting VPN solutions.
• Cloud security experience with AWS, Azure, and/or GCP.
• Experience supporting change management and incident response.
• Solid understanding of core security concepts: authentication, authorization, access control.
• Ability to operate independently and lead during critical incidents.
• Strong communication, documentation, and cross-team collaboration skills.

Nice to have

• Experience with firewall policy management tools such as AlgoSec or FireMon.
• Automation or scripting experience (Bash, Python, Ansible, Terraform).
• Familiarity with Governance, Risk, and Compliance (GRC) practices.
• Experience in high-availability or large-scale enterprise environments.

Required certifications

• Check Point CCSE
• Cisco CCNP
• AWS Certified Solutions Architect - Associate

Preferred certifications

• Advanced Check Point certifications (CCCS, CCMS, CCAS, CCVS, CCSM, CCME)
• VMware VCP / VCAP
• AWS Solutions Architect - Professional
• Azure Solutions Architect
• Google Professional Cloud Architect
• Cisco CCIE
• CISSP or CEH

• Health coverage for medical, dental, vision

• 401(K) saving plans with company match AND Pension

• Tuition assistance

• Floating holidays and PTO for community volunteer programs

• Paid parental leave

• Wellness programs

• Employee discounts (membership, insurance,

travel, entertainment, services and more!)

Auto Club Enterprises is the largest club within the national AAA federation. We have nearly 17,000 employees in 24 states helping more than 18 million members. The strength of our organization is our employees. Bringing together and supporting different cultures, backgrounds, personalities, and strengths creates a team capable of delivering legendary, lifetime service to our members. When we embrace our diversity - we win. All of Us! With our national brand recognition, long-standing reputation since 1900, and constantly growing membership, we are seeking career-minded, service-driven professionals to join our team. "Through dedicated employees we proudly deliver legendary service and beneficial products that provide members peace of mind and value." AAA is an Equal Opportunity Employer Our organization participates in E-Verify