CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com . Network Engineer II – Fortinet The Network Engineer II – Fortinet is responsible for 24×7 operational support and optimization of enterprise FortiGate Secure SD‑WAN within a Managed Services (MS) and Network‑as‑a‑Service (NaaS) environment. This Tier‑3 engineering role supports complex customer environments across hybrid, cloud, and global networks, requiring strong multi‑vendor networking fundamentals and the ability to support adjacent SD‑WAN platforms. The engineer directly influences customer satisfaction, service quality, incident resolution , and collaborates closely with Managed Services Security, Managed Services Network, Engineering, Presales Architecture, Product, and Service Management teams. Key Responsibilities 24×7 Operations & Tier‑3 Escalation Participate in a 24×7 on‑call rotation as a Tier‑3 escalation engineer for the Fortinet network stack, with emphasis on Fortinet Secure SD‑WAN. Troubleshoot and resolve complex issues involving: FortiGate Secure SD‑WAN control and data planes IPsec/SSL VPN, BGP, NAT, firewall policy enforcement Lead high‑severity incident response, customer communication, and root cause analysis (RCA). Serve as the technical escalation point during major outages. Fortinet Engineering & Lifecycle Management Lead and support Fortinet architectures: Fortinet SD‑WAN branch and hub designs Fortinet ZTNA, SWG, FWaaS Own the full service lifecycle: Customer onboarding Change management Platform upgrades and migrations Decommissioning Validate and enforce: Security policies Routing and segmentation strategies High availability and resiliency standards Routing, SD‑WAN & Cloud Networking Support advanced routing implementations: BGP (policy control, filtering, failover) OSPF Enable and support hybrid and cloud connectivity: AWS (VPC, Transit Gateway) Azure (vNET, vWAN, ExpressRoute) Google Cloud Platform (VPC) Ensure optimized traffic steering, SLA adherence, performance, and application visibility. Security & Zero Trust Networking Support: Zero Trust Network Access (ZTNA) Secure Web Gateway (SWG) Cloud‑delivered firewall policies (FWaaS) Integrate FortiGate/FortiSASE with: Identity providers (SAML, MFA) Remote and mobile user access models Partner with security teams to align network enforcement with enterprise security posture. Automation, Tooling & Operational Maturity Contribute to automation and standardization using: APIs, Python, Ansible, Terraform (preferred) Improve observability through: Fortinet dashboards Monitoring platforms (LogicMonitor, SNMP, API‑based telemetry) Develop and maintain: SOPs and operational runbooks Troubleshooting and escalation guides Service readiness documentation for new Prisma releases Mentor Tier‑1 and Tier‑2 engineers. Collaborate with Architecture, Product, and Service Management teams to evolve the Prisma SASE managed offering. Required Technical Skills Fortinet Stack (Core Focus) Hands‑on expertise with FortiGate Secure SD‑WAN. Strong understanding of: Cloud‑delivered security architectures SD‑WAN overlays, underlays, service insertion models Traffic steering and policy enforcement Networking Fundamentals Advanced WAN and routing expertise: BGP OSPF Strong knowledge of: High availability and redundancy design QoS and application‑aware routing NAT and firewall concepts TCP/IP and dynamic routing protocols Multi‑Vendor Networking Awareness Experience with one or more of the following: Fortinet Secure SD‑WAN Cisco SD‑WAN, Meraki Arista VeloCloud Juniper Mist / SSR Ability to translate architectures and concepts across vendors Qualifications & Experience Supervisory Responsibilities None. Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.