Here's an example. The nat rule will use the zone of the ingress 3rd party device interface as from and the egress interface zone as the to address with the pool address of your chosen address.
set security nat source pool src_pool address 10.10.10.10/32
set security nat source rule-set rs1 from zone trust <<<< this will be the zone 172.31.253.2/27 is connected to
set security nat source rule-set rs1 to zone untrust <<<< this will be the zone 10.100.0.1/30 is connected to
set security nat source rule-set rs1 rule r1 match source-address 0.0.0.0/0
set security nat source rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set security nat source rule-set rs1 rule r1 then source-nat src_pool
the security policy will use and address object for the device and allow any port and destination. Or you can also restrict these too.
change trust and untrust to match the zones those on the interfaces already.
set security zone security-zone trust address-book address 3rd-party 172.31.253.2/32
set security policies from-zone trust to-zone untrust policy 3rdparty-access match source-address 3rd-party destination-address any application any
set security policies from-zone trust to-zone untrust policy 3rdparty-access then permit