Network Security Engineer (Fortinet)

The Fortinet practice needs an L3 owner — someone who designs, delivers, and sets the standard for the team. For a strong profile, there's a path toward technical leadership of the Fortinet capability.
Prague-based, remote-friendly, permanent contract — freelance possible.
100 000–120 000 CZK/month + 25 % annual bonus + company car.

Mám zájem

Typ

Permanent
Contract

Úvazek

Full time

Finance

100.000 - 120.000 CZK

Lokalita

Hlavní město Praha
Hybrid

ID

STQ_526_JOB


About our client

International technology group with 30+ years in the market, 800+ professionals, and offices across Central and Eastern Europe. They deliver projects in IT infrastructure, data centres, cloud solutions, and cybersecurity.
The company is growing — new projects, new clients, expanding demand. The Network & Security division runs a team of 20 engineers across Cisco, Checkpoint, Palo Alto, and Fortinet. Fortinet projects are picking up and the team needs someone who can take that capability to the next level. This is a place where you build and implement, not just operate.

WHY THIS ROLE EXISTS NOW:
The company is growing and Fortinet projects are expanding. The team currently has two mid-level Fortinet engineers — they need an L3 who can own the capability, drive delivery, and set standards.
There's a clear gap: strong demand from clients, growing project pipeline, but no senior Fortinet specialist to lead it.

Job description

Role / Mission:
You're coming in as the strongest Fortinet person on the team. The team is a mix of juniors, mids, and seniors across platforms — right now there are two people working with Fortinet at a mid level. You're L3, the one who drives it forward.
You design solutions for clients, you're the technical authority in presentations and consultations, and you pull the heavier delivery.
After 12 months, this is what good looks like: a stabilised Fortinet practice in the team, completed projects, and clients who know you by name. For a top profile, there's a natural path toward technical leadership of the Fortinet part — but first and foremost, they need someone who's strong technically and can communicate.

Key Responsibilities:
— You design, implement, and service network security solutions — primarily Fortinet (FortiGate, FortiManager, FortiAnalyzer)
— You're the L3 escalation point for the team — you handle what others can't yet
— You communicate directly with clients — technical presentations, consultations, solution proposals
— You work with presales and sales — you help sell what you'll then build
— You contribute to cloud-based Fortinet deployments (AWS/Azure)
— You share know-how with the team — you set standards and help juniors and mids grow

What This Role Is NOT:
— Not pure operations — you won't spend your days on tickets and routine maintenance
— Not a management role — you don't formally manage people, but you lead them technically
— Not isolated work — without client and team communication, this doesn't work

Operating Model:
Prague-based, remote-friendly. More time in the office during onboarding. After that, remote is possible — but you're expected at the office or client sites as needed. Most of the business is in and around Prague, so a reasonable commute matters. Permanent contract preferred, freelance possible for the right profile. Standard L3 on-call rotation within the team. Czech or Slovak proficiency required. Direct report: Head of Network & Security division.

Requirements

What Matters Most:
— Fortinet hands-on — strong experience with FortiGate, NGFW, VPN, IPS. Fortinet is the primary vendor here, not one of many
— Minimum 5 years in network security — design, implementation, service. Not just monitoring
— Client-facing communication — you can present solutions, consult, and defend a proposal. This is non-negotiable
— Security concepts — NGFW, NAC, SASE, SD-WAN, WAF. You understand them, not just list them

Fluent Czech or Slovak required. English at a level where you can handle a normal working discussion.

Nice to Have:
— Experience with Cisco or Palo Alto (the team works with these vendors too)
— FCP, CCNP, or PCNSE certification
— Cloud deployments (AWS/Azure) and IaaC principles
— Python for automation
— University degree

These are nice to have — not hard filters.

Offer & Terms

Freelance possible
— Company car
— Company laptop + phone
— Multisport card · Employer pension contribution (DDS) · HW/SW purchase allowance · Language courses · Financial bonuses for life events (birth of a child, wedding) · Company events, team buildings, sports activities · Extra days off
— Certification support — Fortinet NSE track, vendor training budget

More information

Interested? Apply or get in touch:
| linkedin.com/in/jirisoljak

No CV needed — a LinkedIn profile and a few sentences about yourself is enough.

You'll speak directly with a senior IT recruiter with hands-on IT background — 450+ hires. A relevant conversation without the HR fluff.

Process:
— Short intro call (15–30 min)
— Maximum 2 rounds — if there's a fit, a decision can come after the first one
— In-person meeting before the final decision
— You'll know where you stand at every step

EU work authorization required. No visa sponsorship.

Mám zájem
Mám zájem

Podobné pozice


IAM / Identity Security Analyst

Lokalita

Hlavní město Praha
Hybrid

Typ

Permanent
Contract

Obor

Networks / Security

Finance

75.000 - 110.000 CZK

International technology group with 30+ years in the market, 800+ professionals, and offices across Central and Eastern Europe. They deliver projects in IT infrastructure, data centres, cloud solutions, and cybersecurity. The company is growing — clients are expanding their demand, new projects are coming in, and there's space for new competencies. The Cyber Security / IAM division currently works heavily with the IdStory platform, but the environment includes other IAM/IDM solutions too. They need someone who can handle the full cycle from analysis to implementation. Why This Role Exists Now: Client demand for identity security is growing. The IAM division is expanding its project portfolio and needs someone who can own the full delivery cycle — from analysis through architecture to go-live. There's space for new competencies and platforms beyond IdStory. The right person can shape what the IAM practice looks like going forward.What Matters Most: — IAM/IDM experience — minimum 3–5 years in IT security / IAM. Real implementation experience, not just operations — IAM platforms — IdStory, SailPoint, One Identity, Entra ID, Okta, or similar. Knowing one superficially isn't enough — Client-facing communication — analysis, consultations, presenting solutions. This is non-negotiable — Integration and APIs — REST, SOAP, GraphQL. You know how to connect systems Fluent Czech or Slovak required. English at a level where you can handle a normal working discussion. Nice to Have: — SQL and databases — you work with data, not just look at GUIs — Scripting (Groovy, PowerShell, Python) — Basic Linux knowledge — Identity governance concepts and identity lifecycle management — Experience with HR systems and their integration with IAM These are nice to have — not hard filters.Role / Mission: You own the full cycle — from the first client workshop through architecture to go-live. You walk into a client's environment, map what's actually there, ask the right questions, pull the data together into a document, and design a new architecture. Then you implement it. You're an analyst and implementer in one — not someone who waits for a spec. After 12 months, this is what good looks like: completed projects, clients who trust you, and working identity integrations in real environments. Key Responsibilities: — You analyse customer requirements and design IAM/IDM architecture — You implement and integrate identity solutions into client environments — You handle incidents and operational support within SLA — not as the core of your work, but as part of it — You create technical documentation — actually useful materials, not formal paperwork — You provide technical consultations to clients — You contribute to presales — solution proposals, presentations, technical input for bids — You work with sales, presales, support, and delivery teams What This Role Is NOT: — Not AD administration — you won't be resetting passwords and creating accounts — Not a pure operations role — SLA tickets are part of the job, but not the core — Not an isolated position — client and team communication is key Operating Model: Prague-based, remote-friendly. More time in the office during onboarding. After that, remote is possible — but you're expected at the office or client sites as needed. Most of the business is in and around Prague, so a reasonable commute matters. No 24/7 on-call. Permanent contract preferred, freelance possible. Czech or Slovak proficiency required. Direct report: Head of Network & Security division.More Information: Interested? Apply or get in touch: | linkedin.com/in/jirisoljak No CV needed — a LinkedIn profile and a few sentences about yourself is enough. You'll speak directly with a senior IT recruiter with hands-on IT background — 450+ hires. A relevant conversation without the HR fluff. Process: — Short intro call (15–30 min) — Maximum 2 rounds — if there's a fit, a decision can come after the first one — In-person meeting before the final decision — You'll know where you stand at every step EU work authorization required. No visa sponsorship.

Network Security Engineer / Architect (NDR)

Lokalita

Hlavní město Praha
Hybrid

Typ

Permanent
Contract

Obor

Networks / Security

Finance

90.000-140.000 CZK

Česká technologická společnost specializovaná na kybernetickou bezpečnost, která více než deset let poskytuje služby v oblasti bezpečnostního monitoringu, detekce hrozeb a provozu SOC. Pokrývá celý cyklus bezpečnostních řešení – od architektonického návrhu a implementace, přes migrace a integrace, až po dlouhodobý provoz, konzultační podporu a rozvoj bezpečnostních služeb. Tým odborníků pracuje napříč doménami SIEM, SOAR, EDR/XDR, NDR, Data Security, network visibility, threat hunting a vulnerability & patch managementu. Technologicky staví na širokém portfoliu platforem, například IBM QRadar, Palo Alto XSIAM/XDR ekosystému, Fortinet SecOps, SentinelOne, Greycortex nebo Flowmon, doplněných o vlastní nástroje a interní know-how. Přístup společnosti je postavený na kombinaci Threat Intelligence, Purple Teamingu a proaktivního vyhledávání hrozeb. Projekty probíhají v prostředí velkých enterprise organizací i subjektů kritické infrastruktury, s důrazem na odbornou kvalitu, technologickou nezávislost a úzkou spolupráci se zákazníky.• Praktická zkušenost s návrhem, implementací nebo provozem řešení typu NDR / Network Detection & Response. • Silná orientace v síťových technologiích – TCP/IP, routing, switching, VLAN, VPN, firewalling, DNS, proxy, load balancers. • Schopnost analyzovat síťový provoz (PCAP, NetFlow/IPFIX, metadata, TLS handshake, DNS anomálie). • Zkušenost s některou z NDR platforem (např. Darktrace, Vectra, ExtraHop, Corelight, Cisco Secure Network Analytics nebo obdobné řešení). • Schopnost navrhovat architekturu sběru síťových dat (SPAN/TAP, flow export, cloud traffic mirroring). • Tvorba a ladění detekční logiky nad síťovou telemetrií (anomálie, laterální pohyb, C2 komunikace, exfiltrace dat). • Orientace v MITRE ATT&CK a schopnost mapovat síťové indikátory na konkrétní techniky útoku. • Zkušenost s integrací NDR do SIEM / XDR ekosystému a definice korelačních scénářů. • Schopnost vést technickou diskusi se zákazníkem – návrh detekční strategie, umístění senzorů, optimalizace viditelnosti. • Zkušenost s incident analysis na síťové vrstvě (threat hunting, forenzní analýza komunikace). • Přehled v oblasti šifrování a jeho dopadu na viditelnost (TLS inspection, JA3 fingerprinting, metadata-based detection). • Schopnost pracovat samostatně a nést odpovědnost za rozvoj NDR kompetence. • Angličtina pro technickou komunikaci.Náplň práce • Návrh a rozvoj řešení v oblasti Network Detection & Response (NDR) a network visibility, včetně posouzení vhodnosti technologií (např. Flowmon, Greycortex a další) a jejich integrace do širší bezpečnostní architektury. • Architektonický návrh monitoringu síťové komunikace – segmentace, sběr flow dat (NetFlow/IPFIX), analýza anomálií a laterálního pohybu. • Konzultační podpora zákazníků při návrhu síťové detekční strategie a optimalizaci stávajících bezpečnostních opatření. • Odborné vedení projektů zaměřených na implementaci NDR řešení, integraci do SIEM/XDR ekosystému a rozvoj detekčních use-case scénářů. • Tvorba a validace detekční logiky nad síťovými toky a metadaty, návrh korelačních scénářů napříč síťovou a aplikační vrstvou. • Zapojení do threat hunting aktivit zaměřených na síťové anomálie a pokročilé útoky. • Spolupráce s týmy infrastruktury (network, firewall, proxy, IDS/IPS) při návrhu bezpečnostní architektury. • Integrace NDR výstupů do SIEM a SOAR workflow pro automatizaci reakce. • Podíl na rozvoji Network Detection kompetence v rámci společnosti – technologický směr, metodika, přenos know-how.Pozice je vhodná pro technicky zaměřené specialisty, konzultanty i architekty. Otevřená je zkušeným mediorům i seniorům, kteří mají přehled napříč moderními bezpečnostními technologiemi. Pozice je nabraná přímo s vedením společnosti a technickými experty, takže dostanete přesné informace o reálném fungování týmu i používaných technologiích. Zaujalo? Ozvěte se! Výběrovým procesem vás provede seniorní IT recruiter s reálnou technickou a doménovou zkušeností – žádné obecné fráze, ale věcná a profesionální debata. This opportunity is open only to candidates based in the Czech Republic with valid EU work authorization and a registered EU freelance/business license (B2B). No visa sponsorship is available.

Práce v IT