Key skills
PythonAWSAzureGoogle CloudTerraformAnsiblePrismaSAMLChange ManagementSalesZero TrustFirewall
About this role
CBTS serves enterprise and midmarket clients across the United States and Canada, providing a full suite of technology solutions. The Network Engineer IV – Fortinet/FortiSASE is responsible for the 24×7 operational support and optimization of enterprise FortiSASE and FortiGate Secure SD-WAN, ensuring customer satisfaction and service quality.
Responsibilities:
- Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Fortinet network stack with a focus on Fortinet Secure SD-WAN and FortiSASE
- Troubleshoot and resolve complex issues across: FortiGate Secure SD-WAN control and data planes, FortiSASE (ZTNA, SWG, FWaaS), IPsec/ SSL VPN, BGP, NAT, and firewall policy enforcement
- Lead high‑severity incident response, customer communications, and root cause analysis (RCA)
- Act as a technical escalation point during major outages
- Lead support Fortinet/FortiSASE architectures, including: Fortinet SD‑WAN branch and hub designs, Fortigate/FortiSASE for ZTNA, SWG, and FWaaS
- Own the full service lifecycle: Customer onboarding, Change management, Platform upgrades and migrations, Decommissioning
- Validate and enforce: Security policies, Routing and segmentation strategies, High availability and resiliency standards
- Support advanced routing implementations: BGP (required) including policy control, filtering, and failover, OSPF
- Enable and support hybrid and cloud connectivity: AWS (VPC, Transit Gateway), Azure (vNET, vWAN, ExpressRoute), Google Cloud Platform (VPC)
- Ensure optimized traffic steering, SLA adherence, performance, and application visibility
- Support: Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud‑delivered firewall policies (FWaaS)
- Integrate FortiGate/FortiSASE with: Identity providers (SAML, MFA), Remote and mobile user access models
- Partner with security teams to align network enforcement with enterprise security posture
- Contribute to automation and standardization using: APIs, Python, Ansible, or Terraform (preferred)
- Improve observability through: Fortinet dashboards, Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
- Develop and maintain: SOPs and operational runbooks, Troubleshooting and escalation guides, Service readiness documentation for new Prisma releases
- Mentor Tier‑1 and Tier‑2 engineers
- Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering
Requirements:
- 10+ years of hands-on network engineering experience
- Strong experience with configuration and support of: Routers, switches, firewalls, hubs, and WAN infrastructure
- Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
- Prior experience in network design or sales engineering is a plus
- Proficiency with: Network monitoring and performance analysis tools
- Visio for detailed network diagrams
- Familiarity with: Wireless technologies and site surveys
- Security intelligence sources (e.g., CERT, BugTraq)
- Fortinet FCP-SASE required
- Fortinet NSE 6-SASE or higher SASE track highly recommended
- Cisco certifications (CCNP or CCIE) highly recommended
- APIs, Python, Ansible, or Terraform