Senior Engineer, Firewall

At Raymond James, we develop, we collaborate, we decide, we deliver, and we improve together .

The Technology Division at Raymond James is dedicated to providing cutting-edge solutions that enhance efficiency and connectivity for financial advisors and their clients.

This commitment to technology excellence supports Raymond James' mission to deliver superior financial services and maintain a competitive edge in the industry.

Senior Engineer, Firewall

How does the role impact the organization?

The Senior Firewall Engineer is responsible for managing, designing and improving Raymond James’ enterprise network firewall infrastructure. The incumbent will assist network architects with design and implementation of firewall network technologies and proactively take technology project delivery from 0 to 100% with little to no supervision. General duties include leading buildout of firewall focused security solutions and driving innovation for implementation of new modern security technologies in the enterprise network. This position does involve both routing and switching as well as network firewall implementation projects for both on-prem and cloud infrastructure.

• The incumbent must be able to occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
  
  

What will your role be responsible for?

Design, improve and innovate:

• Primary focus is to implement new firewall technologies or changes to existing firewall technologies as identified by enterprise direction.
• Researches and recommends innovative technologies and approaches for enterprise infrastructure management, upgrades, or improvements.
• Utilise and integrate network components such as switches, routers, firewalls, wireless AP/Controllers, SDN fabric components, load balancers, NAC servers and cloud infrastructure network elements.
• Proactively identify and implement network improvements to assure the performance, resiliency and redundancy of the network.
• Utilise blueprints to engineer solutions and adhere to enterprise standards (engineering focused, architecture supported).
• Take disaster recovery and business continuity plan aspects into consideration for any new technology implementation or change.
  
  

Monitor, document and offer proactive support:

• Provides ad-hoc support for incidents requiring Tier 3 level resources (engineering/architecture) and knowledge.
• Use Microsoft Visio to produce and maintain documentation with regards to implementation of new systems or system changes
• Participate in 24x7 on call rotation for SME Tier 3 support requirements as needed.
• Maintains service level agreements of departmental metrics, key performance indicators and adhering to strict project timelines.
• Maintain/Improve security posture, promptly addressing issues, vulnerabilities and security requirements according to regulatory guidelines (PCIDSS, PII, CIS, NIST)
  
  

Collaborate and coach:

• Work collaboratively across a variety of business units to implement new technologies.
• Coordinate and take lead of assigned projects in all technical and communication aspects.
• Collaborate with peer engineers towards achieving common goals in assigned projects.
• Coach peer engineers and effectively perform knowledge transfer/cross training activities.
  
  

What can you expect from us?

Our most important investment is in people. Upon eligibility, Raymond James Ltd offers flexible workstyles, a competitive compensation and benefits package. Our benefits range from Health Benefits, RRSP Matching Program, Employee Stock Purchase Plan, Paid Time Off, Volunteer Days, Discretionary Bonuses, Tuition Reimbursement and many more! We also support internal promotion and community involvement.

What do we expect from you?

• Bachelor’s degree in computer science, MIS or related degree.
• PCNSE certification
• 7+ years of relevant experience in Network or Information Security, or a combination of education, training and experience.
• 5-7 years of experience with designing, implementing, and maintaining Palo Alto Centrally managed firewall platforms
• Panorama policy management (NGFW PanOS)
• Threat Prevention
• UserID
• Global Protect (Client VPN, LSVPN)
• HA setup
• Prisma Access (preferred – Cortex, DataLake, CloudIdentityEngine)
• Deployment from 0 to 100% of enterprise firewall clusters
• 5-7 years of experience in network design, implementation, and documentation of medium-large scale enterprise networks (10,000+ users)
• Strong people skills (work in team environment) and the ability to balance/prioritise between multiple tasks and projects are essential
• Strong communication with technical team members and more importantly non-technical team members.
• Ability to problem solve by using effective approaches that are consistent with available facts, constraints and probable consequences.
• Research, creating, writing, editing and proofreading documentation.
  
  

Desirable:

• Administering F5 Clusters, Load balancing, SSL decryption policies, DNS Geolocation (LTM, GTM, APM, ASM/Cloud WAF).
• DDOS mitigation technologies (Layer 3, Layer4 and Layer 7 - WAF).
• Remote Access VPN solutions (Global Protect, F5 BIG-IP Edge)
• Certificate management (Venafi), Cryptographic protocols and algorithms, certificate PKI.
• Implementing NAC solutions (Forescout/Cisco ISE)
• Experience with Infoblox DNS/IPAM functions.
• Experience in designing, implementing and maintaining data center spine leaf fabrics (Arista/Cisco)
• Experience with Cisco DNA Center
• Experience with SDWAN technologies (Palo Alto ION, Cisco)
• Experience with Cisco Wireless technologies in a large enterprise environment (Cisco WLC, FlexConnect, CAPWAP)
• Familiarity with cloud computing principles and experience in designing secure and scalable network solutions for cloud environments.
• Automation/scripting experience (Python, Ansible)
• Network security protocols, architecture and design principles; intrusion detection, prevention systems, secure socket layer (SSL) protocols, virtual private networks (VPNs),
• Network performance optimization, capacity planning and load balancing.
• Familiarity with the following monitoring platforms: Microsoft SevOne, SolarWinds, DataDog, Splunk)
• Technical certifications: CCNP desirable, Arista ACE L3
• Security and control certifications (CISSP, CISM, CISA, CRISC)
  
  

We encourage our associates at all levels to:

• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcomes
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm
  
  

Here at Raymond James we demonstrate our commitment to ensuring equal opportunities for all candidates. To request accommodations, candidates are instructed to contact Human Resources via email at [email protected]. By reaching out to this email address, candidates can communicate their specific requirements and discuss the necessary accommodations they may need to participate fully in the recruitment process.

Salary Range: BC (based on Education, Work Experience, etc) $140,000-150,000 in addition to competitive performance bonuses/incentives.

Job

Technology

Primary Location

CA-BC-Vancouver-Vancouver

Other Locations

CA-BC-Burnaby-Burnaby

Organization

IT

Schedule

Full-time

Status

Permanent Full-Time