Network Engineer IV – Fortinet/FortiSASE

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.

The Network Engineer IV – Fortinet/FortiSASE is a senior technical engineer and Fortinet  subject‑matter expert responsible for the 24×7 operational support and optimization of enterprise FortiSASE and FortiGate Secure SD-WAN, within a Managed Services (MS) and Network‑as‑a‑Service (NaaS) environment.

This role serves as a Tier‑3 escalation engineer, supporting complex customer environments across hybrid, cloud, and global networks, while maintaining strong multi‑vendor networking fundamentals and supporting adjacent SASE and SD‑WAN platforms as required.

The engineer directly influences customer satisfaction, service quality, and incident resolution outcomes, and collaborates closely with Managed Services Security, Managed Services Network, Engineering, Presales Architecture, Product, and Service Management teams.

Key Responsibilities

24×7 Operations & Tier‑3 Escalation

• Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for Fortinet network stack with a focus on Fortinet Secure SD-WAN and FortiSASE..
• Troubleshoot and resolve complex issues across:
• • FortiGate Secure SD-WAN control and data planes
  • FortiSASE (ZTNA, SWG, FWaaS)
  • IPsec/ SSL VPN, BGP, NAT, and firewall policy enforcement
• Lead high‑severity incident response, customer communications, and root cause analysis (RCA).
• Act as a technical escalation point during major outages.

Fortinet/ SASE Engineering & Lifecycle Management

• Lead support Fortinet/FortiSASE architectures, including:
• • Fortinet SD‑WAN branch and hub designs
  • Fortigate/FortiSASE for ZTNA, SWG, and FWaaS
• Own the full service lifecycle:
• • Customer onboarding
  • Change management
  • Platform upgrades and migrations
  • Decommissioning
• Validate and enforce:
• • Security policies
  • Routing and segmentation strategies
  • High availability and resiliency standards

Routing, SD‑WAN & Cloud Networking

• Support advanced routing implementations:
• • BGP (required) including policy control, filtering, and failover
  • OSPF
• Enable and support hybrid and cloud connectivity:
• • AWS (VPC, Transit Gateway)
  • Azure (vNET, vWAN, ExpressRoute)
  • Google Cloud Platform (VPC)
• Ensure optimized traffic steering, SLA adherence, performance, and application visibility.

Security & Zero Trust Networking

• Support:
• • Zero Trust Network Access (ZTNA)
  • Secure Web Gateway (SWG)
  • Cloud‑delivered firewall policies (FWaaS)
• Integrate FortiGate/FortiSASE with:
• • Identity providers (SAML, MFA)
  • Remote and mobile user access models
• Partner with security teams to align network enforcement with enterprise security posture.

Automation, Tooling & Operational Maturity

• Contribute to automation and standardization using:
• • APIs, Python, Ansible, or Terraform (preferred)
• Improve observability through:
• • Fortinet dashboards
  • Monitoring platforms (e.g., LogicMonitor, SNMP, API‑based telemetry)
• Develop and maintain:
• • SOPs and operational runbooks
  • Troubleshooting and escalation guides
  • Service readiness documentation for new Prisma releases
• Mentor Tier‑1 and Tier‑2 engineers.
• Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering.

Required Technical Skills

Prisma SASE (Core Focus)

• Hands‑on expertise with:
• • FortiGate Secure SD-WAN
  • FortiSASE
• Strong understanding of:
• • Cloud‑delivered security architectures
  • SD‑WAN overlays, underlays, and service insertion models
  • Traffic steering and policy enforcement

Networking Fundamentals

• Advanced WAN and routing expertise:
• • BGP (required)
  • OSPF
• Strong knowledge of:
• • High availability and redundancy design
  • QoS and application‑aware routing
  • NAT and firewall concepts
  • TCP/IP and dynamic routing protocols

Multi‑Vendor Networking Awareness

Experience with one or more of the following (Prisma remains the primary focus):

• Fortinet Secure SD‑WAN / FortiSASE
• Cisco SD‑WAN, Meraki
• Arista VeloCloud
• Juniper Mist / SSR
• Ability to translate architectures and concepts across vendors

Qualifications & Experience

• 10+ years of hands‑on network engineering experience.
• Strong experience with configuration and support of:
• • Routers, switches, firewalls, hubs, and WAN infrastructure
• Experience with hardware and software firewalls:
• • Palo Alto, Fortinet, Check Point
• Prior experience in network design or sales engineering is a plus.
• Proficiency with:
• • Network monitoring and performance analysis tools
  • Visio for detailed network diagrams
• Familiarity with:
• • Wireless technologies and site surveys
  • Security intelligence sources (e.g., CERT, BugTraq)
• Fortinet FCP-SASE required.
• Fortinet NSE 6-SASE or higher SASE track highly recommended.
• Cisco certifications (CCNP or CCIE) highly recommended.

#LI-PK1 #LI-REMOTE #LI-NETWORKENGINEER

Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.