Location: Maryland
Duration: Long term
Candidate should be local to MD or VA
Key Responsibilities:
• Perform routine migrations and upgrades of all Check Point firewalls and management servers to the latest supported firmware and software versions in a large-scale production environment.
• Configure and maintain Checkpoint High Availability (HA) clusters using ClusterXL and VRRP, ensuring traffic synchronization and failover reliability. • Deploy, manage, and troubleshoot Check Point SSL extender, Mobile Access VPN, and Remote Access VPN for secure access to DPSCS systems. • Deploy, manage, and maintain the Harmony Endpoint Security Agent across endpoint devices. • Configure HTTPS inspection certificates on the management station for outbound SSL inspection and encrypted traffic visibility.
• Create, manage, and optimize firewall rule bases, including inline layers, IPS policies, NAT rules, application control, and URL filtering.
• Configure and manage more than 300+ IPsec VPN tunnels with external partners including federal agencies, private providers, and local law enforcement.
• Provide Tier 3 support for over 20,000 VPN users, resolving authentication, connectivity, and software-related issues.
• Monitor firewall activity logs and integrate log forwarding with Splunk SIEM for real-time
threat detection and compliance reporting.
• Manage internal CA certificates, including renewals and deployment across CheckPoint systems.
• Plan and execute hardware refreshes for Check Point appliances to maintain lifecycle
compliance and performance optimization.
• Conduct routine security reviews including IDS/IPS, SFTP activity, and user internet activity, and coordinate with internal teams to resolve anomalies.
• Perform network forensics and incident analysis in response to security events, escalating confirmed incidents as needed.
• Configure LAN, DHCP, and DNS services on Check Point edge firewalls for branch locations.
• Resolve change and incident management tickets through the DPSCS ticketing system.
Required Qualifications:
• Certifications:
o Check Point Certified Security Administrator (CCSA), R80 or higher (Required)
• Experience:
o Minimum 8 years of experience in IT or Cybersecurity, with a focus on security
operations.
o Minimum 5 years of experience configuring and administering Check Point firewall
technologies in large enterprise environments.
o Experience with IPsec, IPsec VPNs, GRE over IPsec, and secure remote access
technologies.
o Proven experience integrating firewall platforms with SIEM tools (e.g., Splunk).
o Previous experience in a government or public sector IT environment is preferred.
Technical Competencies:
• Expertise in Check Point firewalls, including R80.40, R81.10, and R81.20 versions.
• Strong understanding of network protocols, routing, NAT, and security policy enforcement.
• In-depth knowledge of firewall logs, incident response procedures, and policy auditing.
• Experience configuring and managing IPsec tunnels, VPN gateways, and access control for remote users.
• Familiarity with integrating and maintaining SIEM platforms like Splunk for log correlation and incident detection.
• Strong troubleshooting skills for network and security issues in complex, distributed
environments.
—
