Senior Network Security Engineer
Evolution Cloud Services (EVOCS) · Denver, CO · Yesterday
Information Technology$75–$90/hrFull-time
Position Summary
We are seeking an experienced Senior Network Security Engineer with deep, hands-on expertise in Fortinet technologies and multi-region network security architecture.
Key Responsibilities
- Design, deploy, and manage enterprise-grade Fortinet firewall infrastructure (FortiGate) across multiple geographic regions, ensuring standardized policy frameworks and localized compliance where required
- Administer FortiManager for centralized policy management, device provisioning, and configuration consistency across all regional firewall deployments
- Operate and maintain FortiAnalyzer for log aggregation, threat correlation, security event analysis, and compliance reporting across the global environment
- Architect and implement Fortinet Security Fabric integrations including FortiSIEM, FortiEDR, FortiNAC, and FortiSandbox to deliver cohesive, end-to-end threat detection and response capabilities
- Develop and manage SD-WAN solutions using Fortinet SD-WAN, optimizing performance, resilience, and security for multi-site connectivity
- Lead the planning and execution of multi-region firewall migrations, upgrades, and new site deployments with minimal business disruption
- Conduct regular firewall audits and rule-base reviews to identify and remediate policy bloat, misconfiguration, and unnecessary exposure
- Partner with network, cloud, and security operations teams to integrate perimeter security controls with cloud-native security services (AWS, Azure, GCP) and zero trust architecture initiatives
- Develop and maintain network security documentation including architecture diagrams, standard operating procedures, runbooks, and change management records
- Participate in security incident response activities, including firewall log analysis, traffic forensics, containment actions, and post-incident remediation
- Monitor network security posture through threat intelligence feeds, vulnerability assessments, and proactive tuning of IPS/IDS, web filtering, and antivirus profiles
- Collaborate with compliance and risk teams to ensure firewall configurations meet regulatory requirements (e.g., PCI-DSS, HIPAA, SOC 2, ISO 27001)
- Evaluate and recommend new Fortinet capabilities, firmware releases, and adjacent technologies to strengthen the organization's security posture
Required Qualifications
- 7+ years of enterprise network security engineering experience, including 4+ years of hands-on Fortinet firewall administration and architecture
- Deep expertise in FortiGate firewall configuration, policy management, HA clustering, and multi-VDOM environments
- Proven experience managing Fortinet deployments across multiple geographic regions or data centers with FortiManager centralized management
- Solid understanding of networking fundamentals: BGP, OSPF, VLAN, VPN (IPSec/SSL), QoS, and routing protocols in a multi-site environment
- Experience designing and implementing Fortinet SD-WAN solutions for enterprise multi-site connectivity
- Familiarity with zero trust network access (ZTNA) principles and implementation within the Fortinet Security Fabric
- Experience integrating firewall environments with cloud platforms (AWS, Azure, or GCP), including FortiGate-VM and cloud-native security group management
- Strong understanding of network security frameworks, threat modeling, and defense-in-depth architecture
- Experience supporting compliance and audit activities related to firewall configuration (PCI-DSS, SOC 2, HIPAA, or similar)
- Fortinet NSE 4 certification (minimum); NSE 5, NSE 6, or NSE 7 strongly preferred
- Excellent documentation, communication, and cross-functional collaboration skills
Preferred Qualifications
- Fortinet NSE 7 — Enterprise Firewall, SD-WAN, or Network Security Architect certifications
- Experience with Fortinet Security Operations Center (SOC) tools including FortiSIEM and FortiSOAR
- Background supporting global template or network standardization programs across diverse regional environments
- Experience with network automation and infrastructure-as-code tooling (Ansible, Terraform, Python scripting for Fortinet APIs)
- Familiarity with SASE architecture and cloud-delivered security services
- Additional vendor certifications (CCNP Security, Palo Alto PCNSE, or equivalent) demonstrating broad network security breadth
- Experience in regulated industries (financial services, healthcare, manufacturing) with associated compliance obligations
- Background in incident response and threat hunting using network traffic analysis and firewall telemetry