Auto Club of Southern California is hiring a Senior Firewall Engineer to own and operate enterprise and cloud network security platforms across on‑prem and cloud environments. This role is for a hands‑on Check Point specialist who can lead Tier 3 incident response, design secure hybrid architectures, and mentor junior engineers in a 24/7/365 environment.

You will be working on-site in Costa Mesa, CA. for the first 90 days, then in the office 3 out of 5 days per week.

What you’ll do

• Lead operation and support of enterprise firewall and network security platforms in a 24/7/365 environment.

• Design, implement, and enforce firewall policies and security standards across on‑prem and cloud environments.

• Own and support Check Point (R80+), VSX, CloudGuard, VMware NSX‑T / Distributed Firewall, and related platforms.

• Secure cloud environments across AWS, Azure, and GCP; implement cloud‑native and hybrid controls.

• Architect, implement, and maintain site‑to‑site and remote access VPN solutions.

• Act as Tier 3 escalation for complex incidents, changes, and outages; lead post‑incident reviews.

• Partner with infrastructure, cloud, and security teams to design secure solutions and integrations.

• Support audits and compliance initiatives; maintain security documentation and runbooks.

• Mentor junior engineers and drive continuous improvement and best practices.

• Participate in on‑call rotation and provide off‑hours support as needed.

What you’ll have

• 6+ years of enterprise network or security engineering experience.

• Strong hands‑on Check Point experience in production (R80+); VSX experience required.

• Hands-on experience with Check Point Maestro (deployment, Security Group management, orchestration, scaling, and troubleshooting)

• Deep Layer 2 / Layer 3 networking and TCP/IP troubleshooting skills.

• Proven experience designing and supporting VPN solutions.

• Cloud security experience with AWS, Azure, and/or GCP.

• Experience supporting change management and incident response.

• Solid understanding of core security concepts: authentication, authorization, access control.

• Ability to operate independently and lead during critical incidents.

• Strong communication, documentation, and cross‑team collaboration skills.

Nice to have

• Experience with firewall policy management tools such as AlgoSec or FireMon.

• Automation or scripting experience (Bash, Python, Ansible, Terraform).

• Familiarity with Governance, Risk, and Compliance (GRC) practices.

• Experience in high‑availability or large‑scale enterprise environments.

Required certifications

• Check Point CCSE

• Cisco CCNP

• AWS Certified Solutions Architect – Associate

Preferred certifications

• Advanced Check Point certifications (CCCS, CCMS, CCAS, CCVS, CCSM, CCME)

• VMware VCP / VCAP

• AWS Solutions Architect – Professional

• Azure Solutions Architect

• Google Professional Cloud Architect

• Cisco CCIE

• CISSP or CEH

#LI-SS1

Remarkable benefits:

•    Health coverage for medical, dental, vision

•    401(K) saving plans with company match AND Pension    

•    Tuition assistance

•    Floating holidays and PTO for community volunteer programs

•    Paid parental leave

•    Wellness programs

•    Employee discounts (membership, insurance,

travel, entertainment, services and more!)