We are looking for a skilled L2 Fortinet Firewall Engineer to manage, monitor, and support network security infrastructure with a primary focus on Fortinet firewall technologies. The candidate will be responsible for configuring, maintaining, and troubleshooting FortiGate firewalls and related network security tools to ensure optimal security and performance across the enterprise network.
Key Responsibilities:
- Install, configure, and maintain Fortinet security appliances (FortiGate, FortiManager, FortiAnalyzer, FortiAP).
- Manage firewall policies, NAT rules, VPNs (IPSec/SSL), and UTM features.
- Monitor and respond to network security alerts, logs, and incidents via FortiAnalyzer and SIEM tools.
- Perform regular health checks, patch management, and firmware upgrades for Fortinet devices.
- Work with L1 teams to resolve escalated issues and assist in root cause analysis of firewall-related incidents.
- Assist in network segmentation, traffic flow design, and firewall optimization efforts.
- Document configurations, changes, incident reports, and operational procedures.
- Support compliance audits by providing necessary firewall logs, reports, and evidence.
- Collaborate with network and security teams on integrated projects and incident responses.
Required Skills:
- 45 years of hands-on experience in network security, with a focus on Fortinet firewalls.
- Strong understanding of firewall concepts, routing protocols, NAT, VPN, and layer 3/4 security policies.
- Experience with FortiManager and FortiAnalyzer for centralized management and reporting.
- Familiarity with WAN/LAN infrastructure, switching, load balancers, and IPS/IDS systems.
- Proficiency in troubleshooting tools such as Wireshark, tcpdump, and Fortinet CLI.
- Understanding of network security best practices, including zero-trust, least privilege, and defense in depth.
Preferred Qualifications:
- Fortinet NSE 4 (or higher) certification is highly preferred.
- Exposure to cloud security configurations (AWS/Azure/GCP) is a plus.
- Experience working with other security tools (e.g., Palo Alto, Check Point, Cisco ASA) is an advantage.
- Basic knowledge of scripting (Python, Bash) for automation is a plus.
