Key skills
Data security expertiseScriptingautomationOperating system knowledgeArchitectural designCloud architectureTechnical sales leadershipRegulatory complianceTechnical mentorshipCommunication skillsTeam collaborationPythonSQLNoSQLBashPowerShellKafkagRPCAWSAzureGCPVaultS3OAuthSAMLLDAPOpenTelemetrySaaSLeadershipRisk ManagementProduct ManagementCollaborationSales
About this role
Fortinet is seeking a Consulting Data Security Architect within the Advanced Consulting Security Engineering (CSE) organization. This role serves as a senior technical authority supporting strategic data security initiatives across endpoint, user risk, and data protection domains.
Responsibilities:
- Support high-profile proof-of-concept (POC) and proof-of-value (POV) engagements for strategic opportunities
- Architect and design complex data security and endpoint protection environments
- Provide deep technical guidance on endpoint data security, user risk management, classification frameworks, and metadata-driven controls
- Develop and maintain automation scripts for endpoint and agent deployment
- Translate regulatory and business requirements into enforceable technical policy frameworks
- Develop reference architectures and best-practice deployment patterns
- Lead technical sales engagements in collaboration with Field SEs and Account Teams
- Develop and deliver technical enablement and training programs
- Support Product Management with market-driven feature prioritization
- Provide technical mentorship across the CSE organization
Requirements:
- 5–10 years of experience in data security, endpoint protection, or user risk solutions
- Strong scripting and automation capabilities (Python, PowerShell, Bash)
- Deep Windows and Linux operating system knowledge; macOS familiarity
- Experience designing secure enterprise architectures across hybrid environments
- Ability to communicate complex engineering decisions to executive and technical stakeholders
- Bachelor's degree in Computer Science, Engineering, Cybersecurity, or related field and/or Equivalent Experience
- Advanced degree preferred
- Support high-profile proof-of-concept (POC) and proof-of-value (POV) engagements for strategic opportunities
- Architect and design complex data security and endpoint protection environments
- Provide deep technical guidance on endpoint data security, user risk management, classification frameworks, and metadata-driven controls
- Develop and maintain automation scripts for endpoint and agent deployment
- Translate regulatory and business requirements into enforceable technical policy frameworks
- Develop reference architectures and best-practice deployment patterns
- Lead technical sales engagements in collaboration with Field SEs and Account Teams
- Develop and deliver technical enablement and training programs
- Support Product Management with market-driven feature prioritization
- Provide technical mentorship across the CSE organization
- Transport Security: TLS 1.2/1.3, mTLS, HTTPS inspection, SSH, IPsec (IKEv2), QUIC/HTTP3, SMTPS/STARTTLS, LDAPS
- Encryption at Rest: BitLocker, LUKS, FileVault, EFS, TPM integration, Secure Boot chains
- Key Management: PKCS#11, KMIP, HSM integration, Cloud KMS (AWS KMS, Azure Key Vault, GCP KMS)
- Data Classification & Metadata: Microsoft Information Protection (MIP), Sensitivity Labels, EDM, regex pattern matching, XMP, EXIF, Dublin Core
- Data Formats: JSON, XML, YAML, CSV, Parquet, Office Open XML, PDF object structures, SQL/NoSQL schemas
- Endpoint OS Internals (Windows): WFP, ETW, LSASS protections, Kernel/filter drivers, NTFS ADS, SMB, Group Policy
- Endpoint OS Internals (Linux): SELinux, AppArmor, eBPF, inotify, PAM, Auditd, POSIX ACLs
- macOS Security: Endpoint Security Framework, System Extensions, TCC
- Identity Protocols: SAML 2.0, OAuth 2.0, OIDC, SCIM, LDAP, Kerberos, RADIUS, FIDO2/WebAuthn
- DLP Enforcement Methods: Inline proxy DLP, Endpoint agent DLP, API-based SaaS DLP, CASB architectures, Clipboard/USB control, OCR detection
- Cloud & Storage Protocols: S3 API, NFS, SMB 3.0, WebDAV, REST APIs, gRPC, object storage semantics, pre-signed URLs
- Telemetry & Logging: Syslog, CEF, LEEF, Kafka pipelines, OpenTelemetry, Windows Event Logs
- Regulatory Alignment: HIPAA technical safeguards, PCI DSS encryption controls, GDPR data handling, NIST 800-53, ISO 27001 Annex A
- Experience with Fortinet solutions including FortiDLP
- Experience with competitive platforms (Cyberhaven, CrowdStrike, Symantec)
- Public cloud architecture experience (AWS, Azure, GCP)
- Technical sales leadership and engineering mentorship experience