Technical Design Authority– Secure Networks

• Track record delivering multi-site SD-WAN/SASE transformations as the lead designer/authority. • Evidenced 'trusted advisor' relationships with enterprise or public-sector customers. • Hands-on with Fortinet SD-WAN/SASE/ ZTNA in production, including policy design and troubleshooting. • Comfortable guiding engineers and challenging scope/assumptions to keep delivery on track.

• Own solution design: Produce high-quality High-Level and Low-Level Designs for SDWAN, Secure SD-Branch and SASE, integrating NGFW, ZTNA, and Cloud-connect, aligned to customer outcomes and delivery constraints.• Lead delivery technically: Act as Design Authority across project phases, providing technical governance, standards, and 'go/no-go' on design changes; assure quality of build, test and service transition artefacts. • Be the trusted advisor: Run customer workshops, translate business drivers into technical decisions, challenge assumptions, and guide stakeholders through risk/benefit trade-offs for transformation programmes.• Close the loop with pre-sales: Review RFPs/RFIs and proposed architectures, contributing design options, scope assumptions, and delivery estimates that can be sold and delivered on time and within budget. • Harden security posture: Define and validate SASE/Zero-Trust policies, ZTNA access models, identity-aware segmentation, and secure site templates; align with Nasstar security frameworks and customer policies. • Operational handover: Ensure designs are operable: documentation, config standards, test plans, knowledge transfer and run-books to transition smoothly into support. • Continuous improvement: Capture lessons learned, contribute to design standards, templates and automation; mentor engineers and influence productised delivery patterns for SD-WAN/SASE. Core technical skills • Fortinet SD-WAN & SASE: FortiGate (physical/VM), FortiManager/FortiAnalyzer, SD-WAN overlays, performance-based routing, segmentation; SASE policy definition; ZTNA (client and gateway).

• Routing & overlays: BGP, OSPF, IPsec, GRE; dual-underlay/dual-hub; DIA/MPLS migrations. • Firewalling & security: NGFW policies, IDS/IPS, SSL inspection, cert chains and device PKI hygiene; Zero-Trust principles and identity-aware access. • LAN/WAN & Wi-Fi: Campus/branch designs, SD-Branch, switching/wireless patterns and site standards. • Cloud & edge: Private DC, interconnect, cloud on-ramps; design guardrails for resilience and failover.

• Customer-centric communicator who can translate business constraints into clear technical decisions and articulate risk/impact in plain English. • Pragmatic, delivery-minded: balances 'strategic ideal' vs. 'tactical path' to meet timelines and budgets. • Comfortable chairing design workshops and Design Authority forums, documenting outcomes and holding teams to standards  Nice to have • Operational Technology (OT) Security: Exposure to OT network segmentation, asset zoning (ISA/IEC 62443 concepts), secure remote access for plant or retail edge, and constrained-environment change practices.

• Broader vendor familiarity (Cisco/Meraki/Juniper) to read/critique designs and handle heterogeneous estates.  Certifications (preferred) • Fortinet NSE 4–7 (or progress toward). • Cisco/Juniper routing certs helpful (CCNP, JNCIS/JNCIP). • Security certs a plus (e.g. CISSP, GIAC) and any exposure to ISA/IEC 62443 for OT. At Nasstar, we know the importance of looking after our employees – after all, it’s the team that underpins our business!In addition to a competitive salary, supportive teams, and a real opportunity to progress in your career with a forward-thinking organisation, our benefits package includes: