Security Engineer

Role Summary

• The L3 Security Engineer leads advanced-level troubleshooting, designs secure architectures, optimizes firewall/SD-WAN deployments, and handles critical security incidents. They provide leadership to L2 teams, develop automation, drive improvements in policies, and collaborate with SOC and architecture teams to maintain a robust security posture.

Key Responsibilities

FortiGate Firewall Advanced Architecture & Troubleshooting

• Architect enterprise FortiGate deployments:
• Active/Active & Active/Passive HA
• Advanced Routing (OSPF, BGP, ECMP)
• Segmentation & Zero Trust Policy Models

Perform deep-dive troubleshooting on:

• Asymmetric routing, session drops
• Application control/IPS/AV issues
• Performance degradation, CPU spikes
• Design and optimize firewall policies using best practices: least privilege, object reuse, rule cleanup.
• Conduct advanced traffic analysis using packet captures and flow tracing.
• Lead firewall migration and large-scale rule redesign projects.

Fortinet SD-WAN Design & Optimization

• Architect SD-WAN infrastructure and application SLA strategies.
• Optimize steering rules, performance SLAs, and WAN failover logic.
• Troubleshoot complex SD-WAN issues:
• Dynamic path selection failures
• Link quality fluctuations
• Overlay tunnel instability
• Integrate SD-WAN with MPLS, DIA, 4G/5G circuits.

FortiClient SSL VPN Advanced Support

• Design SSL VPN architectures with dual-factor authentication, SAML/LDAP, AD integration.
• Troubleshoot complex VPN issues:
• Routing conflicts
• Packet fragmentation
• Split tunneling vs. full tunnel problems
• EMS/Zero Trust posture integration
• Conduct forensic analysis of compromised or suspicious VPN sessions.

FortiAnalyzer + FortiManager Enterprise-Level Management

• Architect centralized configuration management (ADOMs, workflows).
• Automate deployments via scripts / APIs using FortiManager.
• Design custom log and reporting dashboards for compliance and threat analytics.
• Perform log forensics for incidents and threat investigations.

F5 SSL VPN (F5 APM) Advanced Design

• Architect APM solutions including:
• Advanced access policies
• SSO, identity federation, OAuth, SAML
• Endpoint posture detection
• Troubleshoot APM authentication loops, profile conflicts, certificate trust issues.
• Integrate APM with external IDP/LDAP/Radius systems.

NIPS (Network Intrusion Prevention System)

• Architect and tune IPS/IDS signatures for optimal detection with minimal false positives.
• Perform deep forensic analysis of intrusion attempts.
• Design IPS bypass, inline deployments, and fail-open strategies.
• Integrate NIPS with SIEM & SOC workflows.

Additional Responsibilities

• Act as SME for major incidents and escalations.
• Conduct root cause analysis (RCA) for chronic and recurring issues.
• Produce HLD/LLD, SOPs, security standards, and hardening guides.
• Lead patching/upgrades, version strategy, and high-risk changes.
• Support compliance audits and security risk assessments.
• Mentor and train L1/L2 engineers.

Skills Required

• Mastery of firewall, IPS, VPN, routing, and SD-WAN technologies.
• Deep knowledge of PKI, certificates, and encryption standards.
• Expertise in packet analysis (Wireshark, tcpdump, FortiGate debug).
• Understanding of cloud integration (Azure/AWS firewalls, SD-WAN).
• Good scripting skills (Python, API, Ansible).

Experience

• Upto 14 years relevant experience of enterprise security engineering.

Preferred Certifications:

• Fortinet NSE6 / NSE7
• CCNP Security / CCIE Security.