Job Description

Assume a vital position as a key member of a high-performing team that delivers infrastructure and performance excellence. Your role will be instrumental in shaping the future at one of the world's largest and most influential companies.

As a Lead Infrastructure Engineer - Tier 4/Palo Alto/Fortinet at JPMorgan Chase within the Infrastructure Platform (IP) Compute Platform Network Services (CPNS), you apply deep knowledge of software, applications, and technical processes within the infrastructure engineering discipline. Continue to evolve your technical and cross-functional knowledge outside of your aligned domain of expertise.

The Firewall Engineer will be responsible for designing, implementing, and governing enterprise firewall and network segmentation architectures that protect critical assets across on-premises, cloud, and hybrid environments. This role leads standards development, solution selection, deployment patterns, and automation practices to ensure scalable, resilient, and compliant security controls aligned to Zero Trust principles and business objectives.

Job Responsibilities

• Define enterprise firewall reference architectures, segmentation models, and policy frameworks across data centers, branches, and cloud, aligned to Zero Trust and least‑privilege principles.
• Design highly available, scalable NGFW deployments including clustering, load balancing, dynamic routing, NAT, TLS/SSL decryption, and application‑layer controls for north‑south and east‑west traffic.
• Develop hybrid and multi‑cloud patterns (AWS, Azure, GCP) using cloud‑native controls (e.g., Security Groups/NACLs, AWS Network Firewall, Azure Firewall, GCP VPC rules) and virtual NGFWs; integrate with SD‑WAN where applicable.
• Establish policy standards, naming conventions, and rule lifecycle processes (request, review, approval, attestation/recertification, decommission) mapped to NIST CSF, ISO 27001, PCI DSS, and regional requirements.
• Create and maintain architecture blueprints, patterns, runbooks, and decision records; lead design reviews and change advisory for firewall changes.
• Lead deployments, upgrades, and migrations across Palo Alto and Fortinet platforms; drive consolidation and rationalization programs.
• Build Infrastructure‑as‑Code and automation (Terraform, Ansible, Python) for provisioning, policy updates, pre‑change validation, drift detection, and compliance checks; integrate with CI/CD pipelines.
• Define logging, telemetry, and alerting standards; integrate firewall events with SIEM and SOAR for detection and response.
• Partner with Network and SOC teams to optimize performance, reduce rule‑set complexity, and remediate misconfigurations; maintain health dashboards and SLOs for clusters, sessions, throughput, and latency; Conduct periodic rule reviews, risk assessments, and attestations; enforce least‑privilege access and manage exceptions with traceability.
• Support audits and regulatory examinations with control narratives and evidence; provide continuous compliance reporting and drive findings to closure within SLAs; Provide Tier 3/architectural escalation during incidents; lead root‑cause analysis; design and test failover, backup/restore, and disaster recovery strategies for firewall configuration and state.
• Translate business and application requirements into secure connectivity solutions and standardized segmentation patterns; Evaluate vendor capabilities, influence product roadmaps, and manage lifecycle and cost/risk trade‑offs.

Required qualifications, capabilities, and skills

• Formal training or certification on software engineering concepts and 5+ years applied experience
• Proven experience with next‑generation firewalls, IDS/IPS, and segmentation; deep hands‑on with Palo Alto and/or Fortinet; exposure to Check Point/Cisco.
• Strong networking expertise: TCP/IP, BGP/OSPF, VLANs, NAT, IPSec/SSL VPN, SD‑WAN; practical TLS/SSL decryption strategies and operations.
• Experience with at least one public cloud (AWS, Azure, or GCP) and cloud‑native network security controls.
• Proficiency with IaC and automation (Terraform, Ansible, Python) and configuration management workflows; guardrail and validation integration into CI/CD.
• Familiarity with SIEM/SOAR integrations, logging taxonomy, and event correlation for firewall telemetry.
• Working knowledge of security frameworks and standards (NIST CSF, ISO 27001, PCI DSS; industry‑specific as applicable).
• Excellent communication and documentation skills; ability to lead cross‑functional reviews.

Preferred qualifications, capabilities, and skills

• Experience implementing Zero Trust architectures, microsegmentation (host‑based or SDN), and SASE/ZTNA solutions.
• Background with cloud‑native controls and virtual NGFWs across AWS, Azure, and GCP.
• Exposure to SDN (e.g., NSX‑T) and network policy orchestration.
• Performance tuning and capacity planning for high‑throughput, low‑latency environments.
• Leadership of large‑scale firewall migrations or platform consolidation programs.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans