Senior Data Center Network Security Engineer

As the world's leading vendor of Cyber Security, facing the most sophisticated threats and attacks, we've assembled a global team of the most driven, creative, and innovative people. At Check Point, our employees are redefining the security landscape by meeting our customers' real-time needs and providing our cutting-edge technologies and services to an ever-growing customer base.

Check Point Software Technologies has been honored by Time Magazine as one of the World's Best Companies and Newsweek's list of Americas Best Cybersecurity Companies. We've also earned a spot on the Forbes list of the World's Best Places to Work for five consecutive years and recognized as one of the World's Top Female-Friendly Companies. If you're passionate about making the world a safer place and want to be part of an award-winning company culture, we invite you to join us.

We are looking for a hands-on senior engineer to design, deploy, and operate next-generation firewall (NGFW) infrastructure in large-scale data center environments. The ideal candidate brings deep operational experience with Check Point Maestro architectures, multi-vendor NGFW exposure, strong data center switching fundamentals, and working knowledge of SmartNIC/DPU platforms - specifically Nvidia BlueField - at 100 Gbps line rates. This role also requires a customer-facing dimension: leading proofs of concept (POCs) and delivering technical trainings on NGFW and Maestro platforms.

• Architect, deploy, and maintain NGFW environments in production data centers, with emphasis on high availability, throughput, and fault isolation.
• Design and operate Check Point Maestro deployments, including scaling and interconnecting multiple Maestro stacks and Maestro Hyperscale Orchestrators (MHOs).
• Build and troubleshoot the underlying switching fabric required to support Maestro orchestration, security group propagation, and east/west traffic at scale.
• Stand up, tune, and maintain Nvidia BlueField DPUs with 100 Gbps connectivity, including firmware lifecycle, driver/host integration, and performance validation.
• Plan, scope, and execute NGFW and Maestro POCs end-to-end - including success criteria definition, lab/onsite build, test plan execution, results analysis, and executive readouts.
• Develop and deliver technical trainings, workshops, and enablement sessions on NGFW and Maestro to internal teams, partners, and customers; build supporting lab guides and reference materials.
• Lead migrations and bake-offs between Check Point and competitive NGFW platforms (Palo Alto, Fortinet, Cisco, Juniper, etc.); produce design docs, runbooks, and HLD/LLDs.
• Partner with network, platform, and security teams on capacity planning, change management, and incident response for tier-1 environments.

• 8+ years in network security engineering with extensive hands-on NGFW experience in data center environments (not branch / campus only).
• Strong production experience with Check Point Maestro, including multi-MHO topologies, security group design, and inter-stack interconnect.
• Hands-on experience with at least one additional NGFW platform at comparable scale (Palo Alto PAN-OS, Fortinet FortiGate, Cisco Firepower/ASA, or equivalent).
• Demonstrated track record running NGFW and Maestro POCs - owning design, deployment, validation testing, and stakeholder communication through to decision.
• Proven experience designing and delivering technical trainings on NGFW and Maestro (instructor-led, hands-on labs, or formal enablement programs).
• Deep data center switching expertise: L2/L3, VLAN/VXLAN, LACP/MLAG, EVPN, BGP, and the practical considerations of connecting firewall clusters to leaf/spine fabrics.
• Working experience with Nvidia BlueField DPUs (or comparable SmartNIC platforms) deployed at 100 GbE, including provisioning, offload configuration, and performance troubleshooting.
• Demonstrated ability to run change windows in 24x7 production environments and drive RCAs on complex network/security incidents.
• Strong written and verbal communication skills; comfort presenting to both engineering and executive audiences.

Nice to Have

• CCNP/CCIE, CCSE/CCSM, or equivalent vendor certifications.
• Check Point Certified Trainer (CCSI) or equivalent formal training credential.
• Automation experience (Ansible, Python) for firewall policy and switch configuration management.
• Exposure to DPU-accelerated security or networking use cases (e.g., DOCA, OVS offload, line-rate telemetry).

Location Requirement Candidate must be based in the Dallas / DFW metro area. No relocation, no remote.

EOE M/F/Veterans/Disabled