FortiClient VPN & Fortinet Security Engineer (L3)

We are seeking an experienced L3 Fortinet Engineer with deep expertise in the FortiClient VPN platform. This role owns the end to end FortiClient solution, including server-side (FortiGate & FortiClient EMS) and client-side (Windows & macOS) operations.
The ideal candidate is hands-on and capable of architecting, configuring, patching, upgrading, and troubleshooting FortiClient VPN in enterprise environments, acting as the highest escalation point (L3) for complex VPN and endpoint connectivity issues.
• Own and operate the FortiClient VPN platform end to end
• Design, deploy, and maintain FortiClient EMS and VPN architectures
• Configure and manage SSL VPN / IPsec VPN on FortiGate firewalls
• Perform L3-level troubleshooting across client, server, OS, and network layers
• Patch, upgrade, and manage FortiClient and EMS versions
• Diagnose and resolve client-side issues on Windows and macOS
• Act as escalation point for complex VPN incidents and root cause analysis
• Collaborate with network, security, and endpoint teams
• Create and maintain technical documentation and operational procedures
1. FortiClient VPN Platform – Core & Mandatory
• Strong L3-level experience with FortiClient VPN
• Hands-on administration of FortiClient EMS:
o Policy and profile management
o Client deployment and configuration
o Certificate management and distribution
o Version control, upgrades, and rollbacks
• Full lifecycle management of FortiClient:
o Installation, configuration, patching, and upgrades
o Troubleshooting client failures and instability
• Advanced troubleshooting of:
o SSL VPN connectivity issues
o Authentication and authorization problems
o Certificate, TLS, and encryption errors
o Client compatibility issues across OS versions
2. FortiGate VPN – Server Side
• Expert configuration of SSL VPN and IPsec VPN on FortiGate
• Integration between FortiGate and FortiClient EMS
• User/group-based access control and policy enforcement
• VPN performance tuning and security hardening
• High Availability (HA) considerations for VPN services
3. Endpoint & Operating System Expertise
• Strong hands-on support for:
o Windows 10 / 11
o macOS
• Client-side diagnostics:
o Log analysis
o Driver and network stack troubleshooting
o OS security and permission conflicts
• Experience patching and maintaining endpoint software in enterprise environments
4. Advanced Networking & L3 Skills
• Solid understanding of:
o TCP/IP, DNS, DHCP
o Routing concepts (static, OSPF, BGP – working knowledge)
• Packet capture and traffic analysis
• Root cause analysis across network and endpoint layers
5. Supporting / Nice-to-Have Skills
• Fortinet SD-WAN experience
• FortiManager and FortiAnalyzer exposure
• Identity integrations:
o Active Directory
o LDAP / RADIUS
o MFA solutions
• Experience with cloud-based FortiGate deployments (Azure / AWS)
Experience & Qualifications
• 5+ years in network security, VPN, or endpoint security roles
• Proven L3 support or engineering experience
• Strong hands-on troubleshooting background
• Fortinet certifications preferred:
o NSE 4 / NSE 5 / NSE 7
• Excellent documentation and communication skills