Epicareer Might not Working Properly
Learn More

Fortinet Firewall Architect

Salary undisclosed

Apply on


Original
Simplified

Summary

This is a highly technical role and as a senior position, requires extensive knowledge of many domains in the Information Security & IT Management realm, as well as deep and wide knowledge of Fortinet Fabric, applications, and products; this knowledge extends to all network switch LAN/WAN technology including wireless access systems.

Responsibilities

  • Assess and document current network LAN/WAN/WiLAN infrastructure and architect a future run state that meets organizational goals for approval, to be followed up with full execution.
  • Maintain and improve Infosec systems to provide maximum uptime, scalability, continuity, functionality, and integration with the Fortinet Security Fabric and third-party/fabric-partner tools.
  • Identify gaps in Infosec infrastructure security and privacy capabilities, working with internal teams and developers to remedy and improve the systems and products.
  • Review and improve the completeness and visibility of global log/event data while delivering useful dashboards, alerts, and automation integration to the Incident Response (IR), Computer Security Incident Response Team (CSIRT), and Security operations Center (SOC) teams.
  • Perform Blue/Red exercises against the infrastructure to validate event parsing, alert fidelity, incident veracity, and SOC response.
  • Serve as an internal subject matter expert to assess cyber threats and to secure the organization by leading the IR, TH, re-architecture, and remediation efforts.
  • Work with SOC Team to identify visibility gaps and system usability issues, as well as to deliver Infosec tooling improvements via configuration, parser improvements, or by raising bugs to development teams.
  • Develop, implement, and communicate vulnerability mitigation strategies to IT and development teams.
  • Identify, document, and monitor tactics, techniques, and procedures used by threat actors targeting Fortinet and the broader industry.
  • Proactively research new attack vectors that may affect Fortinet infrastructure and applications.
  • Develop strategies, evaluate solutions, then design and implement tools, processes, and controls to validate and ensure that security and privacy are designed into Fortinet infrastructure and applications while adhering to policy, compliance, and governance requirements.

Requirements

  • 10+ years of experience as an Information Security Researcher or Engineer, working with multiple Fortinet products including the core products, as well as FortiSIEM, FortiClient, FortiEDR (possess Fortinet NSE 7 Certification or equivalent knowledge).
  • Security expertise.
  • 5-7 years of experience in LAN/WAN/Internet services administration.
  • 5+ years of experience in penetration testing, vulnerability testing, blue/red teaming.
  • Practical understanding of the tactical application of various compliance frameworks including monitoring and validating compliance.
  • Ability to design network and security solutions effectively, utilizing Visio.
  • Ability to create Bill of Materials (BOM).
  • In-depth understanding of computer and network security, protocols, packet analysis, authentication & authorization, security protocols, and attack methods.
  • Experience with penetration testing including exploitation tools and methods.
  • Experience with vulnerability scanners including Qualys, Tenable/Nessus, Nexpose, Whitehat Sentinel, Acunetix, or similar.
  • Experience with forensic data capture, evidence preservation, and data extraction and analysis.
  • Functional programming/scripting experience with the ability to develop custom scripts to automate or simplify tasks involving data gathering/munging.
  • Proficiency in the administrative operation, configuration, and debugging/troubleshooting of Linux, Windows, macOS, Active Directory, Exchange, etc. including SSO/MFA technologies.
  • Knowledge of the following technologies: Routing, Switching, VPN, LAN, WAN, Network Security, Stateful Firewalling, NGFW, Firewall Policies, Identity Based Policies, NAT, IPS, Anti-Malware, Botnet, Application Control, DDoS, Web filtering.
  • In-depth understanding of the following technologies and protocols: TCP/IP, IPv4, IPv6, Supernetting & Subnetting, DNS, HTTP, SMTP, RADIUS, LDAP, Active Directory, PKI, IKE, Certificates, L2TP, SSL Decryption, SSL VPN, IPSEC, NAT, Stateful Firewall, Firewall Policies, 802.1Q, VLANs, LACP, MD5, SSH, SSL, SHA1, SHA512, 3DES, AES.
  • Experience with encryption and authentication technologies.
  • Technical knowledge in Wi-Fi, Load Balancing & Application Delivery, Ethernet Switching, ACI, API, 2-Factor Authentication, Malware Sandboxes, Mail Gateways, Web Application Firewalling, Cloud (AWS, Azure, etc.), SDN, NFV, Virtualization, Centralized Management, SIEM, and Data Center Redundancy.
  • Hands-on experience in networking and in-depth understanding of common network protocols (TCP/IP, GRE, IPsec, BGP, OSPF, MPLS, VRRP, STP, IPsec, SNMP).
  • Hands-on experience with Carrier/ISP routing in building and managing large-scale BGP environments with publicly routable autonomous systems, route arbitration, peering, IRRs, etc.
  • Hands-on experience in security including, access, and application control in security products and technologies (e.g., firewalls, IDS/IPS, DDoS, VPN, Web application firewall), as well as site and content categorization and SSL encrypt/decrypt functions.

Preferred

  • CISSP Certification.
  • Fortinet NSE 7 Certification.

This is a Direct Hire opportunity with our client located in Overland Park, KS. Annual bonus and excellent benefits package. H-1B Visa sponsorship is not available for this opportunity. No third-parties, please.

#remote

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job