Function
Network Security Operations
Experience
2-4 years (enterprise firewall / network security
required)
Coverage
AMER & EMEA business hours; 24x7 on-call
participation required
Role Overview
Ascendion is seeking an L2 Network Security Engineer for a managed services engagement supporting a global enterprise client's network security infrastructure. The L2 team owns security incidents, service requests, routine maintenance, and
infrastructure projects across corporate offices, distribution centers, and
manufacturing plants worldwide. Strong Fortinet firewall fundamentals and the
discipline to execute changes carefully in a live production security
environment are essential.
What You'll Do
Incident Management
Monitor firewall management and
network monitoring platforms for security alerts, device health events, and
connectivity failures; triage, investigate, and resolve within SLA.
Respond to firewall HA failover
events, device-down alerts, and site-impacting security incidents, coordinating
with on-site support teams where physical access is required.
Troubleshoot site-to-site IPSec
VPN incidents: tunnel drops, routing issues over VPN, and connectivity failures
for remote sites or vendor connections.
Investigate user-reported
access blocks: determine whether the cause is a policy rule, content category,
or security control; resolve or escalate with documented justification.
Participate in the 24x7 on-call
rotation for P1/P2 security incidents.
Own every ticket through
closure. When L3 engagement is needed, escalate with full troubleshooting
context and coordinate until the issue is resolved.
Service Requests
Evaluate and process
URL/website access requests: assess categorization, apply whitelist or block
changes, and confirm resolution with the requester.
Create, modify, and delete
firewall policies and NAT rules.
Create, modify, and
decommission site-to-site IPSec VPN tunnels; validate connectivity and routing
post-change.
Configure VLAN interfaces and
firewall segmentation for network changes, including OT environments.
Process security exception
requests consistently against defined policy; escalate borderline cases with
documented analysis.
Block threat
intelligence-sourced IPs and domains as directed.
Routine Maintenance
Execute firmware and software
upgrades for firewall infrastructure on approved schedules; perform pre- and
post-change validation.
Perform regular health checks
on firewall infrastructure and management platforms; document findings and open
problem tickets in the ITSM platform to drive root cause analysis with L3.
Manage certificate lifecycle
for firewall and security platform components: track expiry dates, generate
CSRs, coordinate with the CA, deploy renewed certificates, and validate
post-deployment.
Perform account and credential
maintenance per the client's security rotation schedule.
Maintain and improve runbooks,
SOPs, and knowledge base articles; ensure documentation is accurate and up to
date.
Author change requests for
scheduled maintenance and security infrastructure work: document scope,
rollback plan, and validation steps; obtain CAB approval before execution.
Project Support
Deploy and configure firewalls
for new sites per defined build standards: staging, policy configuration, and
cutover coordination.
Support HA Pair Replacements
configure replacement hardware, validate failover behavior, and coordinate
maintenance windows.
Maintain CMDB accuracy: update
asset records following deployments, changes, or decommissions.
Required Qualifications
2-4 years of hands-on
experience in firewall administration or network security operations in an
enterprise environment.
Solid working knowledge of
Fortinet FortiGate: policy management, NAT, routing, VPN (SSL-VPN and/or
IPSec), HA configuration.
Working knowledge of
FortiManager for centralized firewall policy and configuration management; this
is the primary management platform in this environment.
Working knowledge of core
network security principles: stateful inspection, web/URL filtering, traffic
logging, and security event analysis.
Experience executing changes
under structured change management in production environments.
Experience opening and managing
Fortinet TAC cases; able to gather firewall diagnostics, write clear problem
statements, and drive vendor escalations to resolution.
Proven ability to manage a
high-volume queue of concurrent incidents, service requests, and maintenance
tasks against SLA response and resolution targets.
Experience processing work
through an enterprise ITSM tool (Ivanti, ServiceNow, Remedy, or equivalent);
ticket quality and SLA adherence are reviewed regularly.
Ability to document firewall changes, incident
findings, and security exceptions clearly; audit trails and change