Infrastructure Security Specialist – Firewall

Description

We are seeking a highly skilled Infrastructure Security Specialist to join our team, focusing on the operational security and compliance of our network infrastructure. This role is pivotal in managing and maintaining our security posture through advanced firewall technologies. The ideal candidate will be responsible for configuring and administering Fortinet Next-Generation Firewalls, including policy management, IPS/IDS, and SSL inspection. You will also manage Web Application Firewall (WAF) rulesets to protect our applications, aligning with OWASP standards. Key duties include monitoring security logs, escalating incidents to the SOC, and coordinating vendor updates. This position plays a crucial role in vulnerability remediation, compliance audits, and maintaining meticulous documentation. You will work extensively with platforms such as Fortinet, Infoblox, and Nutanix to ensure a robust and secure environment. Your expertise will be vital in supporting our 8x5 operations with on-call availability for critical incidents.

Requirements

1. Minimum of 3 years of hands-on experience with Fortinet NG-FW, including policy creation, IPS/IDS configuration, and SSL inspection.

2. Proven experience in managing Web Application Firewall (WAF) policies with a strong understanding of OWASP top ten vulnerabilities.

3. Proficiency in monitoring firewall logs, analyzing traffic, and escalating security incidents to a Security Operations Center (SOC).

4. Demonstrated experience in supporting vulnerability remediation workflows and participating in compliance audits (e.g., PCI-DSS, ISO 27001).

5. Strong understanding of network infrastructure, including secure DNS (Infoblox) and Remote Access VPN solutions.

6. Practical experience with Nutanix/NCP and Fortinet Switches.

7. Excellent skills in documenting configurations, network diagrams, and maintaining detailed change logs.

Desirable

1. Experience in coordinating multi-vendor firmware updates and security patching.

2. Familiarity with security audit readiness and evidence collection/handling.

3. Understanding of SOC collaboration processes and incident response playbooks.

4. Preferred Certifications: Fortinet NSE4/NSE7, Nutanix Certified Professional (NCP), CISSP or CISM.

5. Experience with scripting or automation for security tasks.

Question	None	Beginner	Intermediate	Advanced	Expert
FortiGate Policy Design & Optimization
NAT / DNAT / SNAT Strategies
IPS/IDS Tuning & Signatures
SSL/TLS Deep Inspection
App Control & Web Filtering
Routing (Static, BGP, OSPF on FortiGate)
Segmentation & Micro-Segmentation
High Availability (A-P/A-A)
FortiManager Policy Packages / ADOMs
FortiAnalyzer Logging & Dashboards
Automation Stitches / REST API
Upgrade/Migration Planning & Cutovers

Question	None	Beginner	Intermediate	Advanced	Expert
WAF Policy Creation & Tuning
OWASP Top 10 Coverage
Bot Mitigation / DDoS Controls
False Positive Triage
mTLS / Certificate Pinning
Reverse Proxy / Load Balancer Integrations

Question	No Experience	Assisted	Owned with Guidance	Owned Independently	Led/Standardized
Log Analysis & Threat Hunting on Firewalls
Runbook / SOP Creation & Updates
Change Management & CAB Participation
P1/P2 Incident Handling & RCA
Vulnerability Remediation Coordination
Vendor Coordination for Escalations

Question	None	Beginner	Intermediate	Advanced	Expert
Secure DNS (Infoblox)
Remote Access VPN (IPSec/SSL)
PKI / Certificate Lifecycle
Privileged Access Management
Nutanix/NCP Security Hardening
Fortinet Switch Security

Question	None	Basic Awareness	Working Knowledge	Implemented Controls	Led Audits
NCA ECC
CST CRF
ISO 27001
PCI DSS
Internal Policy & Standards

1. Where does your salary sit today (so we can help it move up tomorrow)?*

2. What’s the number that’ll make you say "this is worth it"?*

3. What is your current employment status?*

4. Where are you currently located?*

5. On-call readiness for P1 incidents*

6. Notice period*

7. Years with Fortinet NGFW (FortiGate/Manager/Analyzer)*

8. Firewall & network security proficiency*

9. WAF & application security proficiency*

10. Operations & incident handling experience*

11. Networking & adjacent domains*

12. Compliance exposure*

13. Tools & platforms usage frequency (last 12 months)*

14. Certifications status

15. You must enable SSL inspection on a high-traffic gateway with minimal user impact. Outline your approach.*

16. A new WAF rule blocks a critical app feature. Explain how you would triage and tune safely.*

17. Describe your plan for a FortiGate HA firmware upgrade with rollback and success criteria.*

Upload Resume

Question	Never	Quarterly	Monthly	Weekly	Daily
FortiGate
FortiManager
FortiAnalyzer
WAF (FortiWeb/Other)
Infoblox
Nutanix/NCP

Question	Have it	Expired	In Progress	Planning	Not pursuing
Fortinet NSE4
Fortinet NSE7
Infoblox DNS Specialist
Nutanix Certified Professional
CISSP
CISM