Job Title: Network Security Engineer (L3)Location: Mississauga, ON (Hybrid – 3 days onsite) Experience: 8–12 YearsJob SummaryWe are looking for an experienced Network Security L3 Engineer to manage and enhance enterprise security infrastructure across multiple customer environments. The ideal candidate will bring deep expertise in firewall, web security, and access control technologies, along with strong troubleshooting and automation capabilities.Mandatory Skill Set (Choose One)Choice 1 (NAC-focused)Firewall: Check Point Software TechnologiesWeb Security: Zscaler (ZIA, ZPA)NAC: Aruba ClearPassChoice 2 (WAF-focused)Firewall: Check Point Software TechnologiesWeb Security: Zscaler (ZIA, ZPA)WAF: CloudflareKey ResponsibilitiesOperational & L3 SupportManage day-to-day network security operations across customer environmentsProvide L3 support during critical incidents/outages and drive end-to-end resolutionTroubleshoot complex L2/L3 issues related to connectivity, authentication, and accessSecurity Architecture & ImplementationDesign and implement network security architecture, policies, and proceduresDeploy and maintain Checkpoint firewall (VPN, IPS, URL Filtering, etc.)Configure and manage Site-to-Site & Remote Access VPNsTechnology-Specific ExpertiseFirewall & VPNStrong hands-on with Checkpoint firewall infrastructureExpertise in IPSec/SSL VPNs and Zero Trust conceptsWeb Security (Zscaler)Design and implement policies in ZIA/ZPATroubleshoot authentication (SAML, SCIM, Azure AD) and user access flowsExperience with ZDX and traffic analysisChoice 1 – NAC (Aruba ClearPass)Deploy and manage ClearPass Policy Manager (CPPM)Configure profiling, onboarding, guest accessStrong knowledge of RADIUS, TACACS+, 802.1X, EAPTroubleshoot authentication failures and NAC-related issuesChoice 2 – WAF (Cloudflare)Manage WAF policies, bot mitigation, and DDoS protectionStrong understanding of CDN and edge security architectureAdditional Security TechnologiesEmail Security (e.g., Abnormal AI – threat detection & remediation)Load Balancers (F5 BIG-IP)Cloud Security (AWS, Azure, GCP fundamentals)Automation & OptimizationDevelop automation using Python / PowerShellIdentify operational inefficiencies and implement improvementsOptimize rule bases, policies, and workflowsGovernance & ComplianceMaintain documentation aligned with NIST and CIS standardsConduct rule reviews, audits, and compliance reportingPrepare weekly/monthly performance and risk reportsLeadership & CollaborationMentor and guide network security engineersConduct internal training and skill development sessionsCollaborate with cross-functional teams and stakeholdersCore FunctionsDrive automation and innovation in security operationsMaintain KPIs and service improvement plansEnsure high-quality delivery with minimal escalationsPromote industry best practices across teamsTechnical SkillsFirewalls: CheckpointWeb Security: Zscaler (ZIA/ZPA/ZDX)NAC: Aruba ClearPass (Choice 1)WAF/CDN: Cloudflare (Choice 2)Email Security: Abnormal AILoad Balancer: F5 BIG-IPNetworking: HTTP, HTTPS, DNS, TCP/IPExperience Required8–12 years overall IT experienceMinimum 8 years in Information SecurityMinimum 6 years in Security Operations (SOC environment preferred)Certifications (Preferred)Checkpoint CCSA / CCSECCIE Security (or equivalent)Other relevant cloud/security certificationsSoft SkillsStrong communication and stakeholder managementExcellent problem-solving and analytical skillsAbility to prioritize and manage multiple tasksCollaborative and proactive mindsetPerformance MetricsHigh-quality service delivery with minimal escalationsStrong stakeholder engagementContinuous improvement and innovationTeam development and productivity enhancementEducationBachelor’s degree (Science/Engineering preferred)We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.