Network Engineer IV – Fortinet/FortiSASE

CBTS is a company that serves enterprise and midmarket clients across the United States and Canada, offering a full suite of technology solutions. They are seeking a Network Engineer IV – Fortinet/FortiSASE who will be responsible for 24×7 operational support and optimization of enterprise FortiSASE and FortiGate Secure SD-WAN in a Managed Services environment.

Responsibilities:

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Fortinet network stack with a focus on Fortinet Secure SD-WAN and FortiSASE
• Troubleshoot and resolve complex issues across:
• • FortiGate Secure SD-WAN control and data planes
• • FortiSASE (ZTNA, SWG, FWaaS)
• • IPsec/ SSL VPN, BGP, NAT, and firewall policy enforcement
• Lead high‑severity incident response, customer communications, and root cause analysis (RCA)
• Act as a technical escalation point during major outages
• Lead support Fortinet/FortiSASE architectures, including:
• • Fortinet SD‑WAN branch and hub designs
• • Fortigate/FortiSASE for ZTNA, SWG, and FWaaS
• Own the full service lifecycle:
• • Customer onboarding
• • Change management
• • Platform upgrades and migrations
• • Decommissioning
• Validate and enforce:
• • Security policies
• • Routing and segmentation strategies
• • High availability and resiliency standards
• Support advanced routing implementations:
• • BGP (required) including policy control, filtering, and failover
• • OSPF
• Enable and support hybrid and cloud connectivity:
• • AWS (VPC, Transit Gateway)
• • Azure (vNET, vWAN, ExpressRoute)
• • Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility
• Support:
• • Zero Trust Network Access (ZTNA)
• • Secure Web Gateway (SWG)
• • Cloud‑delivered firewall policies (FWaaS)
• Integrate FortiGate/FortiSASE with:
• • Identity providers (SAML, MFA)
• • Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture
• Contribute to automation and standardization using:
• • APIs, Python, Ansible, or Terraform (preferred)
• Improve observability through:
• • Fortinet dashboards
• • Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain:
• • SOPs and operational runbooks
• • Troubleshooting and escalation guides
• • Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering

Requirements:

• 10+ years of hands-on network engineering experience
• Hands-on expertise with FortiGate Secure SD-WAN
• Hands-on expertise with FortiSASE
• Strong understanding of cloud-delivered security architectures
• Strong understanding of SD-WAN overlays, underlays, and service insertion models
• Strong understanding of traffic steering and policy enforcement
• Advanced WAN and routing expertise: BGP (required), OSPF
• Strong knowledge of high availability and redundancy design
• Strong knowledge of QoS and application-aware routing
• Strong knowledge of NAT and firewall concepts
• Strong knowledge of TCP/IP and dynamic routing protocols
• Experience with configuration and support of routers, switches, firewalls, hubs, and WAN infrastructure
• Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
• Proficiency with network monitoring and performance analysis tools
• Proficiency with Visio for detailed network diagrams
• Fortinet FCP-SASE required
• Fortinet NSE 6-SASE or higher SASE track highly recommended
• Cisco certifications (CCNP or CCIE) highly recommended
• Experience with one or more of the following: Cisco SD-WAN, Meraki, Arista VeloCloud, Juniper Mist / SSR
• Prior experience in network design or sales engineering is a plus
• Familiarity with wireless technologies and site surveys
• Familiarity with security intelligence sources (e.g., CERT, BugTraq)
• Contribute to automation and standardization using APIs, Python, Ansible, or Terraform