Network Engineer II

CBTS is a company looking for a Network Engineer II specializing in Fortinet technologies. The role involves providing 24x7 operational support and optimization of FortiGate Secure SD-WAN within a Managed Services and Network-as-a-Service environment, while collaborating with various teams to ensure customer satisfaction and service quality.

Responsibilities:

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for the Fortinet network stack, with emphasis on Fortinet Secure SD‑WAN
• Troubleshoot and resolve complex issues involving:
• FortiGate Secure SD‑WAN control and data planes
• IPsec/SSL VPN, BGP, NAT, firewall policy enforcement
• Lead high‑severity incident response, customer communication, and root cause analysis (RCA)
• Serve as the technical escalation point during major outages
• Lead and support Fortinet architectures:
• Fortinet SD‑WAN branch and hub designs
• Fortinet ZTNA, SWG, FWaaS
• Own the full service lifecycle:
• Customer onboarding
• Change management
• Platform upgrades and migrations
• Decommissioning
• Validate and enforce:
• Security policies
• Routing and segmentation strategies
• High availability and resiliency standards
• Support advanced routing implementations:
• BGP (policy control, filtering, failover)
• OSPF
• Enable and support hybrid and cloud connectivity:
• AWS (VPC, Transit Gateway)
• Azure (vNET, vWAN, ExpressRoute)
• Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility
• Support:
• Zero Trust Network Access (ZTNA)
• Secure Web Gateway (SWG)
• Cloud‑delivered firewall policies (FWaaS)
• Integrate FortiGate/FortiSASE with:
• Identity providers (SAML, MFA)
• Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture
• Contribute to automation and standardization using:
• APIs, Python, Ansible, Terraform (preferred)
• Improve observability through:
• Fortinet dashboards
• Monitoring platforms (LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain:
• SOPs and operational runbooks
• Troubleshooting and escalation guides
• Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering

Requirements:

• 4+ years of hands-on network engineering experience
• Hands-on expertise with FortiGate Secure SD-WAN
• Strong understanding of cloud-delivered security architectures
• Strong understanding of SD-WAN overlays, underlays, service insertion models
• Strong understanding of traffic steering and policy enforcement
• Advanced WAN and routing expertise: BGP
• Advanced WAN and routing expertise: OSPF
• Strong knowledge of high availability and redundancy design
• Strong knowledge of QoS and application-aware routing
• Strong knowledge of NAT and firewall concepts
• Strong knowledge of TCP/IP and dynamic routing protocols
• Experience with one or more of the following: Fortinet Secure SD-WAN, Cisco SD-WAN, Meraki, Arista VeloCloud, Juniper Mist / SSR
• Ability to translate architectures and concepts across vendors
• Strong experience configuring and supporting routers, switches, firewalls, hubs, WAN infrastructure
• Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
• Proficiency with network monitoring and performance analysis tools
• Proficiency with Visio for detailed network diagrams
• Bachelor's degree in a related field, or equivalent practical experience
• Certifications: Fortinet NSE3 required
• Prior network design or sales engineering experience is a plus
• Familiarity with wireless technologies and site surveys
• Familiarity with security intelligence sources (CERT, BugTraq)
• Fortinet NSE4 or higher (SASE track) highly recommended
• Cisco CCNA or CCNP highly recommended
• Experience with automation and standardization using APIs, Python, Ansible, Terraform