Network Engineer Firewall Admin

 Join UCT and be part of the fastest-growing sector in the world! We indirectly touch every semiconductor chip that goes into every smartphone, smart car and device that uses artificial intelligence. This is a critical time for the semiconductor industry and for UCT - as technology evolves, we evolve with it. UCT is a diverse workplace where every talented employee is committed to continuous innovation, challenging the status quo and exceeding customer expectations. If you are a person with a relentless drive to succeed, a strong focus on quality with a passion for success – join us today!

UCT is looking for a talented Engineer III, IT Infra to join us in Philippines!

Job Summary

The Senior Network Firewall Engineer plays a critical role in securing and enabling global enterprise connectivity across hybrid and multi-cloud environments, including AWS and Microsoft Azure. This position is responsible for the architecture, implementation, governance, and operational excellence of network security platforms supporting a highly distributed, 24x7 global business.

This role serves as a senior technical authority for next-generation firewall services, cloud network security controls, and segmentation strategies across data centers, regional hubs, cloud landing zones, and remote access environments. A strong emphasis is placed on standardization, scalability, and visibility through centralized management platforms.

The position requires deep hands-on expertise with Palo Alto Networks firewalls and Palo Alto Networks Panorama, including large-scale policy management, GlobalProtect remote access architecture, advanced threat prevention, and global firewall lifecycle management. The engineer will drive consistency and security posture improvements across multi-region environments through centralized governance and automation.

Key Responsibilities

Global Firewall & Network Security Architecture

• Architect, design, and operate enterprise-scale firewall solutions across on-premises data centers and multi-cloud environments (AWS and Azure)
• Lead global firewall strategy for hybrid connectivity, including cloud landing zones, shared services, and inter-region connectivity
• Design and enforce network segmentation, zero trust principles, and least privilege access models at global scale
• Architect and manage Palo Alto Networks Panorama for centralized policy management, device group hierarchy, and template-based configuration standardization
• Design and implement scalable GlobalProtect VPN architectures, including multi-portal and multi-gateway deployments, HIP-based policy enforcement, and certificate-based authentication
• Develop standardized firewall design patterns leveraging security zones, virtual routers, NAT policies, and policy-based forwarding (PBF)
• Lead migration and consolidation of distributed firewall environments into centralized Panorama-managed platforms

Cloud Security (AWS & Azure)

• Implement and manage cloud-native and virtual firewall solutions within AWS and Azure environments
• Partner with Cloud Platform teams to integrate network security services into cloud adoption frameworks and landing zones
• Secure site-to-site, inter-VPC/VNet, and hybrid connectivity (VPN, ExpressRoute, Direct Connect)
• Extend enterprise firewall policies and segmentation strategies consistently into cloud environments
• Support automated, policy-driven firewall deployments using infrastructure-as-code and CI/CD pipelines

Operations, Reliability & Incident Management

• Provide Tier 3 / Tier 4 operational support for firewall and perimeter security services across global environments
• Lead troubleshooting and root cause analysis of complex, multi-region network security incidents
• Perform advanced diagnostics using packet capture, session flow analysis, and traffic logging within Palo Alto platforms
• Troubleshoot and resolve issues involving NAT, VPN (IPsec and GlobalProtect), routing (BGP/OSPF), asymmetric traffic, and application-layer behavior
• Leverage Panorama for centralized visibility, log aggregation, and rapid incident response
• Ensure firewall platforms meet enterprise SLAs for availability, resiliency, and performance
• Participate in a global on-call rotation supporting 24x7 business operations

Governance, Risk & Compliance

• Ensure firewall policies and network security controls align with global security standards and regulatory requirements (PCI DSS, SOX, ISO 27001, NIST)
• Enforce standardized security policies globally using Panorama device groups and templates
• Drive policy lifecycle management, including rule optimization, cleanup, and audit readiness
• Leverage advanced firewall capabilities such as App-ID, User-ID, and Content-ID to enforce identity-aware, application-based security controls
• Support internal and external audits, risk assessments, and compliance initiatives
• Partner with Information Security, Risk, and Compliance teams to continuously improve the enterprise security posture

Automation, Tooling & Continuous Improvement

• Improve firewall operations through automation, standardization, and platform optimization
• Automate firewall provisioning and policy management using Panorama APIs, scripting, and infrastructure-as-code tools (Python, Terraform, ARM/Bicep)
• Integrate firewall configurations into CI/CD pipelines to reduce manual effort and configuration drift
• Develop reporting and analytics leveraging Panorama logs and external platforms such as SIEM tools
• Evaluate emerging network security technologies and recommend enterprise adoption strategies

Leadership & Collaboration

• Act as a senior technical mentor and escalation point for regional network and security engineering teams
• Lead large-scale firewall lifecycle initiatives, including global hardware refresh programs, pre-staging, and coordinated multi-site deployments
• Collaborate with Cloud Engineering, Security Operations, Infrastructure, and Application teams
• Influence architectural decisions through design reviews and technical governance forums
• Operate effectively in environments with varying levels of local technical support, executing remote deployments and migrations where required

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience
• 8+ years of enterprise network engineering experience with a strong focus on firewall and network security
• Deep hands-on experience with Palo Alto Networks firewalls and Palo Alto Networks Panorama in large-scale, globally distributed environments
• Strong knowledge of TCP/IP, routing, switching, VPNs, segmentation, and traffic inspection at scale
• Proven experience supporting hybrid and multi-cloud enterprise networks

Preferred Qualifications

• Experience designing and operating GlobalProtect VPN solutions, including HIP profiles and zero trust network access (ZTNA) approaches
• Strong expertise in Palo Alto advanced features including App-ID, User-ID, Content-ID, SSL decryption, and threat prevention services
• Experience operating within multinational, multi-region enterprise environments
• Industry certifications such as PCNSE, CCNP Security, CCSE, CISSP, or equivalent
• Experience with infrastructure-as-code and network security automation
• Background in regulated or high-compliance industries

Working Environment

• Global enterprise environment supporting multiple regions and time zones
• Hybrid or remote work model depending on role and geography
• Participation in global operational calls and scheduled maintenance windows as required

At Ultra Clean Technology, we do not just welcome diversity - we celebrate it! Ultra Clean Technology is proud to be an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, national or ethnic origin, age, religion, disability, sexual orientation, gender, gender identity and expression, marital status, and any other characteristic protected under laws and regulations.