Role Summary
Own secure, resilient infrastructure for both sites: FortiGate, LAN/WiFi, AD/Windows
Server, Microsoft 365/Azure, backups/DR, vulnerability management. Acts as change
approver and security authority for daytoday operations.
Core Responsibilities
- Network & Perimeter: FortiGate SDWAN/VPN, policy hygiene, logging, config backups;
VLAN/WiFi segmentation; ISP/vendor management.
- Identity & Servers: AD OU/GPO design; joiner/mover/leaver; BitLocker/USB controls;
Windows patching/WSUS (or equivalent).
- Cloud & Microsoft 365: Conditional Access/MFA;
Exchange/SharePoint/OneDrive/Teams administration; baseline hardening and Secure
Score review.
- Resilience: Define RPO/RTO; quarterly restore tests across servers and Microsoft 365;
document evidence and lessons learned.
- Security Governance: Vulnerability remediation; incident playbooks; MDR/SOClite
vendor liaison; quarterly firewall rule reviews.
- Documentation: Network diagrams, baselines, SOPs; monthly risk & KPI reports.
Key Performance Indicators (KPIs)
Internet/VPN uptime 99.5%; P1 MTTR
Patch compliance 95% across servers and endpoints. Backup restore test pass rate 95% per quarter; documented RPO/RTO. Critical vulnerability remediation time < 15 days.
Firewall configuration backups: 100% monthly.
Minimum Qualifications & Experience
- 1012 years overall in infrastructure/security, with 3+ years handson across FortiGate,
AD/GPO, and Microsoft 365/Azure.
- Preferred Certifications: Fortinet NSE 4 / FCPNetwork Security (or higher); Microsoft
AZ104 (Azure Administrator).
- Nicetohave: Microsoft SC200 (Security Operations); ITIL 4 Foundation.
Skills & Behaviors
- FortiGate policy design; IPsec/SSLVPN; VLANs/L3 routing; AD/GPO administration;
Microsoft 365 admin; basic PowerShell.
- Incident handling under pressure; structured documentation; strong vendor
management and stakeholder communication.
Skills: firewall,microsoft,azure,management
