Job Description
Senior Fortinet IT/OT Security Auditor
Assignment Overview
An experienced Fortinet Security Auditor is required to conduct a configuration and security audit of Fortinet infrastructure deployed across both IT and Operational Technology (OT) environments The assignment focuses on reviewing existing configurations, assessing compliance with security best practices, and providing actionable recommendations to improve the overall security posture.
The engagement is expected to last 5 to 10 days between July and August 2026, with on-site activities and occasional travel to multiple locations.
Key Responsibilities
Architecture and Configuration Review
Review existing Fortinet architecture and configurations.
Verify consistency between:
Target designs
High-level and low-level design documentation
Actual device configurations
Assess configurations within FortiGate and FortiManager environments.
Security Hardening Assessment
Evaluate device hardening measures, including:
Administrative access controls
Authentication mechanisms
Multi-factor authentication where applicable
Management plane security
Secure communication protocols
Validate compliance with:
Fortinet best practices
Recognized security standards such as CIS and ANSSI.
Security Policy Analysis
Assess firewall rule structures and policy organization.
Evaluate:
Readability and maintainability
Logical segmentation (zones, roles, flows)
Overall consistency and governance
Note: Business validation of individual traffic flows is outside the scope.
Security Feature Assessment
Review the implementation and effectiveness of:
IPS / IDS
Antivirus protection
Web filtering
Application control
SSL inspection
Sandboxing and advanced security features
Assess:
Proper activation and configuration
Alignment with vendor recommendations
Unused or underutilized security capabilities
Vulnerability and Version Analysis
Identify:
Unsupported or end-of-life versions
Missing patches
Exposure to known vulnerabilities
Evaluate risks associated with outdated systems.
Recommendations and Improvements
Provide:
Quick-win improvements
Security enhancement opportunities
Maturity improvement recommendations
Recommendations should be:
Practical and actionable
Risk-based
Prioritized according to technical impact and implementation effort
Deliverables
Detailed technical assessment report including:
Findings
Risks
Deviations from best practices
Recommendations
Executive summary
Feedback and presentation session
Required Experience and Qualifications
Mandatory Requirements
Minimum 5 years of proven Fortinet experience
Extensive experience with:
FortiGate
FortiManager
Security auditing
Configuration reviews and tuning
Experience working in critical OT environments
Strong understanding of IT and OT security requirements
Ability to deliver directly actionable recommendations
Experience with security hardening and compliance frameworks
Certifications
Fortinet FCSS Secure Networking certification or equivalent FCE certification
Relevant security certification(s)
Language Requirements
French language proficiency at B2 level (CEFR) or higher.
Preferred Profile
Senior security consultant with vendor-level Fortinet expertise
Strong understanding of OT availability and operational constraints
Experience performing non-intrusive security assessments
Proven experience delivering similar Fortinet audit engagements
Ability to present recent project references demonstrating comparable assignments
Additional Information
Assignment duration: Less than one year
Estimated workload: Approximately 2 days per week
On-call support: Not required
Knowledge transfer: Not required
Travel to multiple sites may be required; a valid driver's license and personal vehicle are recommended.
Background verification and professional reference checks may be required due to the sensitive nature of the environment.
