Job Description

IT Firewall Administrator (Remote - BC Public Sector)

Company:

Total Systems Solutions Consulting Inc. (Total Systems Canada)

Client:

Provincial Health Services Authority (PHSA) - IMITS, Project Services

Location:

Remote (Canada-based; work aligned to Pacific Time)

Employment Type:

Full-time contract (37.5 hours/week)

Working Hours:

Monday-Friday, 8:30am-4:30pm Pacific Time

Contract Term:

November 12, 2025 - November 12, 2026 (potential 12?month extension)

Reporting To:

Director, Cyber Security Operations (PHSA)

Project Description

The Project Services department within PHSA delivers a wide range of IT infrastructure and cyber?security projects for the BC Health Authorities. These initiatives keep both on?premises and cloud environments secure, reliable, and compliant with organizational standards. Typical project activities include:

Implementation and modification of custom firewall, proxy, VPN, Web Application Firewall (WAF), and IDS/IPS rules. Analysis and troubleshooting of existing firewall, VPN, WAF, and IDS/IPS rules to meet operational and security requirements. Configuration and support of cloud?native controls (e.g., Azure NSGs/ASGs and AWS security groups). Secure connectivity across on?premises data centres and cloud environments (Azure, AWS). Deployment of firewall and security rules for evolving project and cloud integration needs. Integration of certificate management (PKI) into firewall and VPN configurations. Close collaboration with security and network operations to ensure alignment with enterprise security policies and compliance.
Consultants may be assigned additional security/network infrastructure tasks based on program priorities.

Services Required

As an IT Firewall Administrator embedded in PHSA's Project Services team, you will:

Implement and modify firewall, proxy, VPN, WAF, and IDS/IPS rules in accordance with project requirements and security policies. Troubleshoot project?related firewall, VPN, proxy, WAF, and IDS/IPS issues across on?premises and cloud environments, engaging customers, internal teams, and vendors. Configure and support cloud?native firewall and security controls, including Azure Network Security Groups (NSGs), Azure Application Security Groups (ASGs), and AWS security groups. Assist with secure connectivity between on?premises data centres and Azure/AWS cloud platforms. Update and maintain project and operational documentation consistent with governance and compliance requirements. Progress production change requests for firewall, zoning, VPN, and security group activities. Provide knowledge transfer and collaborate with security and network operations to ensure continuity of support.

Duties Include

Performing rule design, tuning, and lifecycle management for Fortinet, Palo Alto, and Cisco firewall platforms; contributing to WAF and IDS/IPS policy engineering. Conducting feasibility and impact assessments; recommending segmentation, security zoning, and micro?segmentation strategies. Building, testing, and promoting changes through controlled environments; authoring and maintaining change records. Investigating connectivity and performance issues end?to?end (e.g., routing, NAT, SSL inspection, certificate trust, DNS/AD dependencies). Supporting cloud security patterns (Azure NSG/ASG, AWS SG/NACL) and translating on?prem policies to cloud equivalents. Developing and maintaining standard operating procedures, runbooks, and technical diagrams. Participating in security reviews and audits; ensuring configurations align to enterprise standards and compliance requirements. Providing input to roadmaps and continuous improvement initiatives across firewall, VPN, and cloud perimeter services.

Constraints and Special Considerations

Location/Work Hours:

Must be based in Canada and available to work in alignment with Pacific Time (PT). This contract does

not

include Security Operations on?call shifts.

Engagement Window:

November 12, 2025 - November 12, 2026; possibility of one 12?month extension.

Experience and Qualifications

Required (or equivalent experience):

Education/training equivalent to a university degree or technical diploma in Computer Science/Information Technology.

4+ years

of recent experience implementing/supporting firewall rules, VPNs, Active Directory, and DNS in large, complex environments with multiple data centres and cloud platforms. Strong understanding of networking and firewalling principles (segmentation, rule design, security zoning) and TCP/IP fundamentals. Hands?on operational knowledge of

Fortinet

,

Palo Alto

, and

Cisco

firewalls (F5 LTM or other load balancers an asset). Experience configuring/supporting VPNs (site?to?site, remote access, cloud?integrated) and

Web Application Firewalls (WAFs)

. Working knowledge of

Azure

(NSG/ASG) and

AWS

security controls, including hybrid on?prem?to?cloud patterns. Experience with

VMware NSX Distributed Firewall (DFW)

(micro?segmentation, east?west control, policy?based design & implementation). Familiarity with

PKI/certificates

for firewall/VPN authentication and SSL inspection. Demonstrated ability to support

on?prem ? cloud

migrations, translating firewall/VPN/WAF rules to cloud equivalents. Exceptional analytical, troubleshooting, and documentation skills; ability to manage multiple concurrent projects. Strong communication and stakeholder engagement skills; collaborative team player. Proficiency with Microsoft 365/Office and common collaboration tools.

Preferred Certifications:

CCNA, Fortinet NSE, Palo Alto PCNSE (or equivalent).
Job Types: Full-time, Fixed term contract

Pay: Up to $45.00 per hour

Application question(s):

Where on your resume have you worked to support on prem ? cloud migrations, translating firewall/VPN/WAF rules to cloud equivalents. Where on your resume have you worked on o Experience configuring/supporting VPNs (site to site, remote access, cloud integrated) and Web Application Firewalls (WAFs).
Education:

AEC / DEP or Skilled Trade Certificate (preferred)
Experience:

Fortinet, Palo Alto, and Cisco firewalls : 3 years (required) firewall rules, VPNs, Active Directory, and DNS: 4 years (required) Azure (NSG/ASG) and AWS security controls: 1 year (preferred) VMware NSX Distributed Firewall (DFW): 1 year (preferred)
Work Location: In person