Network Engineer II

CBTS

About The Position

The Network Engineer II – Fortinet is responsible for 24×7 operational support and optimization of enterprise FortiGate Secure SD‑WAN within a Managed Services (MS) and Network‑as‑a‑Service (NaaS) environment. This Tier‑3 engineering role supports complex customer environments across hybrid, cloud, and global networks, requiring strong multi‑vendor networking fundamentals and the ability to support adjacent SD‑WAN platforms. The engineer directly influences customer satisfaction, service quality, incident resolution, and collaborates closely with Managed Services Security, Managed Services Network, Engineering, Presales Architecture, Product, and Service Management teams.

Requirements

4+ years of hands‑on network engineering experience.
Strong experience configuring and supporting: Routers, switches, firewalls, hubs, WAN infrastructure
Experience with hardware and software firewalls: Palo Alto, Fortinet, Check Point
Hands‑on expertise with FortiGate Secure SD‑WAN.
Strong understanding of: Cloud‑delivered security architectures SD‑WAN overlays, underlays, service insertion models Traffic steering and policy enforcement
Advanced WAN and routing expertise: BGP OSPF
Strong knowledge of: High availability and redundancy design QoS and application‑aware routing NAT and firewall concepts TCP/IP and dynamic routing protocols
Experience with one or more of the following: Fortinet Secure SD‑WAN Cisco SD‑WAN, Meraki Arista VeloCloud Juniper Mist / SSR
Ability to translate architectures and concepts across vendors
Proficiency with: Network monitoring and performance analysis tools Visio for detailed network diagrams
Fortinet NSE3 required
Bachelor’s degree in a related field, or equivalent practical experience.

Nice To Haves

Prior network design or sales engineering experience is a plus.
Familiarity with: Wireless technologies and site surveys Security intelligence sources (CERT, BugTraq)
Fortinet NSE4 or higher (SASE track) highly recommended
Cisco CCNA or CCNP highly recommended

Responsibilities

Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for the Fortinet network stack, with emphasis on Fortinet Secure SD‑WAN.
Troubleshoot and resolve complex issues involving: FortiGate Secure SD‑WAN control and data planes IPsec/SSL VPN, BGP, NAT, firewall policy enforcement
Lead high‑severity incident response, customer communication, and root cause analysis (RCA).
Serve as the technical escalation point during major outages.
Lead and support Fortinet architectures: Fortinet SD‑WAN branch and hub designs Fortinet ZTNA, SWG, FWaaS
Own the full service lifecycle: Customer onboarding Change management Platform upgrades and migrations Decommissioning
Validate and enforce: Security policies Routing and segmentation strategies High availability and resiliency standards
Support advanced routing implementations: BGP (policy control, filtering, failover) OSPF
Enable and support hybrid and cloud connectivity: AWS (VPC, Transit Gateway) Azure (vNET, vWAN, ExpressRoute) Google Cloud Platform (VPC)
Ensure optimized traffic steering, SLA adherence, performance, and application visibility.
Support: Zero Trust Network Access (ZTNA) Secure Web Gateway (SWG) Cloud‑delivered firewall policies (FWaaS)
Integrate FortiGate/FortiSASE with: Identity providers (SAML, MFA) Remote and mobile user access models
Partner with security teams to align network enforcement with enterprise security posture.
Contribute to automation and standardization using: APIs, Python, Ansible, Terraform (preferred)
Improve observability through: Fortinet dashboards Monitoring platforms (LogicMonitor, SNMP, API‑based telemetry)
Develop and maintain: SOPs and operational runbooks Troubleshooting and escalation guides Service readiness documentation for new Prisma releases
Mentor Tier‑1 and Tier‑2 engineers.
Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering.