Senior Fortinet IT/OT Security Auditor-ORE001014
Job Description:
Senior Fortinet IT/OT Security Auditor
Assignment Overview
An experienced Fortinet Security Auditor is required to conduct a configuration and security audit of Fortinet infrastructure deployed across both IT and Operational Technology (OT) environments. The assignment focuses on reviewing existing configurations, assessing compliance with security best practices, and providing actionable recommendations to improve the overall security posture.
The engagement is expected to last 5 to 10 days between July and August 2026, with on-site activities and occasional travel to multiple locations.
Key Responsibilities
Architecture and Configuration Review
- Review existing Fortinet architecture and configurations.
-
Verify consistency between:
- Target designs
- High-level and low-level design documentation
- Actual device configurations
- Assess configurations within FortiGate and FortiManager environments.
Security Hardening Assessment
-
Evaluate device hardening measures, including:
- Administrative access controls
- Authentication mechanisms
- Multi-factor authentication where applicable
- Management plane security
- Secure communication protocols
-
Validate compliance with:
- Fortinet best practices
- Recognized security standards such as CIS and ANSSI.
Security Policy Analysis
- Assess firewall rule structures and policy organization.
-
Evaluate:
- Readability and maintainability
- Logical segmentation (zones, roles, flows)
- Overall consistency and governance
Note: Business validation of individual traffic flows is outside the scope.
Security Feature Assessment
Review the implementation and effectiveness of:
- IPS / IDS
- Antivirus protection
- Web filtering
- Application control
- SSL inspection
- Sandboxing and advanced security features
Assess:
- Proper activation and configuration
- Alignment with vendor recommendations
- Unused or underutilized security capabilities
Vulnerability and Version Analysis
-
Identify:
- Unsupported or end-of-life versions
- Missing patches
- Exposure to known vulnerabilities
- Evaluate risks associated with outdated systems.
Recommendations and Improvements
Provide:
- Quick-win improvements
- Security enhancement opportunities
- Maturity improvement recommendations
Recommendations should be:
- Practical and actionable
- Risk-based
- Prioritized according to technical impact and implementation effort
Deliverables
-
Detailed technical assessment report including:
- Findings
- Risks
- Deviations from best practices
- Recommendations
- Executive summary
- Feedback and presentation session
Required Experience and Qualifications
Mandatory Requirements
- Minimum 5 years of proven Fortinet experience
-
Extensive experience with:
- FortiGate
- FortiManager
- Security auditing
- Configuration reviews and tuning
- Experience working in critical OT environments
- Strong understanding of IT and OT security requirements
- Ability to deliver directly actionable recommendations
- Experience with security hardening and compliance frameworks
Certifications
- Fortinet FCSS Secure Networking certification or equivalent FCE certification
- Relevant security certification(s)
Language Requirements
- French language proficiency at B2 level (CEFR) or higher.
Preferred Profile
- Senior security consultant with vendor-level Fortinet expertise
- Strong understanding of OT availability and operational constraints
- Experience performing non-intrusive security assessments
- Proven experience delivering similar Fortinet audit engagements
- Ability to present recent project references demonstrating comparable assignments
Additional Information
- Assignment duration: Less than one year
- Estimated workload: Approximately 2 days per week
- On-call support: Not required
- Knowledge transfer: Not required
- Travel to multiple sites may be required; a valid driver's license and personal vehicle are recommended.
- Background verification and professional reference checks may be required due to the sensitive nature of the environment.