_3.22.35 p. m..png?1781029368)
Identity and Access Engineer, Fortinet
EVOCS OVERVIEW
EVOCS’s journey began with a mission to empower businesses with advisory expertise, empowered with idealtechnologies to provide them with comprehensive solutions to grow and prosper.
Founded by a team of passionate experts, EVOCS has grown into a trusted partner to a growing number of leaders across their respective industries. Our roots in employee-managed operations reflect our commitment to quality, consistency, and client success.
If you enjoy working in a hyper-fast-growing company, are eager to be part of an agile team, and want to be part of our success story, then let’s talk!
EVOCS (Evolution Cloud Service, Inc.) is an IT services firm providing skilled security engineering resources to enterprise clients. We are engaging a fractional Identity and Access Engineer for a firewall security remediation program at a global data center operator. The environment is approximately 150 physical FortiGate firewalls across roughly 55 sites in North America, EMEA, and APAC, centrally managed through FortiManager and FortiAnalyzer, with FortiAuthenticator and Active Directory for administrative access and a hybrid Azure-hosted component.
You will be embedded as an extension of the client's network security team, working alongside their internal engineers and the assessment team under the client's direction, with EVOCS providing the engagement framework, coordination, and support.
The Role
You own identity hardening across an approximately 150-device FortiGate estate as a fractional specialist. The realistic profile is a Fortinet-ecosystem engineer with strong identity depth, often from a partner or managed-security background, rather than a pure product specialist. Your designs are reviewed by the program Architect, and you coordinate with the Team Lead.
Responsibilities
- FortiAuthenticator and AD integration: integrate administrative authentication fleet-wide against FortiAuthenticator and Active Directory.
- MFA rollout: deploy multi-factor authentication for administrative access across the estate.
- RBAC and admin profiles: design and enforce role-based access and admin profiles.
- Access hardening: apply trusted-host restrictions, harden SSL-VPN, and eliminate local and shared administrator accounts.
- Protocol integration: RADIUS, TACACS+, SAML, and LDAP or LDAPS integration work as required.
Required Qualifications
- 5+ years in identity and access engineering.
- Significant hands-on FortiAuthenticator experience; a production deployment or a major integration preferred.
- Deep Active Directory: authentication flows, LDAP and LDAPS, group-based authorization.
- MFA rollout experience for privileged or administrative user populations.
- Fluency in the FortiGate administrative access model: admin profiles, trusted hosts, role-based access.
- FCP or NSE 4 level, or FortiAuthenticator specialization (NSE 5 or FCP elective), preferred.
Preferred Qualifications
- Identity certifications such as Microsoft SC-300.
- Experience eliminating shared and local admin accounts at fleet scale.
- Background with a Fortinet partner or managed-security provider.
Pay Range for jobs in the US.
Pay Range
$75 - $90 USD
👥 Our Values
We are privileged to serve our loyal customer base in our mission to build lasting relationships with our clients based on trust and mutual success. We strive to deliver exceptional quality and consistency through a white-glove approach. By empowering businesses with tailored solutions and insights, we help them achieve their goals and navigate the ever-evolving tech landscape.
The values we live by:
- Customer-centric Solutions
- Innovation & Excellence
- Integrity & Transparency
- Data-driven Decision Making
📝 Need to Know
The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Apply for this job
*
indicates a required field
