Network Security Engineer (Fortinet)

The Fortinet practice needs an L3 owner — someone who designs, delivers, and sets the standard for the team. For a strong profile, there's a path toward technical leadership of the Fortinet capability.
Prague-based, remote-friendly, permanent contract — freelance possible.
100 000–120 000 CZK/month + 25 % annual bonus + company car.

I'm interested

Job Type

Permanent
Contract

Job type

Full time

Salary

100.000 - 120.000 CZK

Location

Hlavní město Praha
Hybrid

ID

STQ_526_JOB


About our client

International technology group with 30+ years in the market, 800+ professionals, and offices across Central and Eastern Europe. They deliver projects in IT infrastructure, data centres, cloud solutions, and cybersecurity.
The company is growing — new projects, new clients, expanding demand. The Network & Security division runs a team of 20 engineers across Cisco, Checkpoint, Palo Alto, and Fortinet. Fortinet projects are picking up and the team needs someone who can take that capability to the next level. This is a place where you build and implement, not just operate.

WHY THIS ROLE EXISTS NOW:
The company is growing and Fortinet projects are expanding. The team currently has two mid-level Fortinet engineers — they need an L3 who can own the capability, drive delivery, and set standards.
There's a clear gap: strong demand from clients, growing project pipeline, but no senior Fortinet specialist to lead it.

Job description

Role / Mission:
You're coming in as the strongest Fortinet person on the team. The team is a mix of juniors, mids, and seniors across platforms — right now there are two people working with Fortinet at a mid level. You're L3, the one who drives it forward.
You design solutions for clients, you're the technical authority in presentations and consultations, and you pull the heavier delivery.
After 12 months, this is what good looks like: a stabilised Fortinet practice in the team, completed projects, and clients who know you by name. For a top profile, there's a natural path toward technical leadership of the Fortinet part — but first and foremost, they need someone who's strong technically and can communicate.

Key Responsibilities:
— You design, implement, and service network security solutions — primarily Fortinet (FortiGate, FortiManager, FortiAnalyzer)
— You're the L3 escalation point for the team — you handle what others can't yet
— You communicate directly with clients — technical presentations, consultations, solution proposals
— You work with presales and sales — you help sell what you'll then build
— You contribute to cloud-based Fortinet deployments (AWS/Azure)
— You share know-how with the team — you set standards and help juniors and mids grow

What This Role Is NOT:
— Not pure operations — you won't spend your days on tickets and routine maintenance
— Not a management role — you don't formally manage people, but you lead them technically
— Not isolated work — without client and team communication, this doesn't work

Operating Model:
Prague-based, remote-friendly. More time in the office during onboarding. After that, remote is possible — but you're expected at the office or client sites as needed. Most of the business is in and around Prague, so a reasonable commute matters. Permanent contract preferred, freelance possible for the right profile. Standard L3 on-call rotation within the team. Czech or Slovak proficiency required. Direct report: Head of Network & Security division.

Requirements

What Matters Most:
— Fortinet hands-on — strong experience with FortiGate, NGFW, VPN, IPS. Fortinet is the primary vendor here, not one of many
— Minimum 5 years in network security — design, implementation, service. Not just monitoring
— Client-facing communication — you can present solutions, consult, and defend a proposal. This is non-negotiable
— Security concepts — NGFW, NAC, SASE, SD-WAN, WAF. You understand them, not just list them

Fluent Czech or Slovak required. English at a level where you can handle a normal working discussion.

Nice to Have:
— Experience with Cisco or Palo Alto (the team works with these vendors too)
— FCP, CCNP, or PCNSE certification
— Cloud deployments (AWS/Azure) and IaaC principles
— Python for automation
— University degree

These are nice to have — not hard filters.

Offer & Terms

Freelance possible
— Company car
— Company laptop + phone
— Multisport card · Employer pension contribution (DDS) · HW/SW purchase allowance · Language courses · Financial bonuses for life events (birth of a child, wedding) · Company events, team buildings, sports activities · Extra days off
— Certification support — Fortinet NSE track, vendor training budget

More information

Interested? Apply or get in touch:
| linkedin.com/in/jirisoljak

No CV needed — a LinkedIn profile and a few sentences about yourself is enough.

You'll speak directly with a senior IT recruiter with hands-on IT background — 450+ hires. A relevant conversation without the HR fluff.

Process:
— Short intro call (15–30 min)
— Maximum 2 rounds — if there's a fit, a decision can come after the first one
— In-person meeting before the final decision
— You'll know where you stand at every step

EU work authorization required. No visa sponsorship.

I'm interested
I am interested
>_Let us know about you

    Similar jobs


    Security Operations Engineer – SIEM & Platform

    Location

    Hlavní město Praha
    Remote

    Job Type

    Permanent

    Field

    Networks / Security

    Salary

    90.000 - 130.000

    Our client is a global technology and professional services company with a Cyber Center in Prague. The team serves enterprise clients across multiple industries and operates as a mature, production-grade security operation — not a lab, not a pilot. The Prague team is around 270 professionals. The security operations unit has ~80 people, including roughly 27 engineers who own the technical layer — SIEM platforms, detection pipelines, incident response tooling. English is the language of client-facing work; Czech is day-to-day inside the team. Why This Role Exists Now: The security operations team is expanding. Two new engineers are joining — this is one of two roles being filled at the same time. The other role goes deeper on cloud SIEM (separate ad). The team has experienced engineers who know the detection architecture well, and now is a good moment to join — the knowledge transfer opportunity is real and accessible from day one. If you've been in an MSSP environment where detection ownership stays with the vendor or a central content team — this role is built differently. Most MSSP setups give you the SIEM. This one gives you the rules.What Matters Most: We're not looking for someone who ticked every checkbox on a certification list. Three things actually matter: — SIEM hands-on time — you've worked with Splunk (SPL queries, correlation searches) or Microsoft Sentinel (KQL, analytics rules) for at least 2 years in a production environment — Linux system knowledge — you understand how logs are generated, how syslog works, what endpoint telemetry looks like — Detection thinking — you can write a correlation rule from scratch, explain why it's tuned the way it is, and recognize when a low-severity alert is worth investigating English needs to be solid for reading technical documentation and writing client-facing reports. If your background is primarily QRadar or ArcSight — that's a valid starting point. We care more about your engineering instincts than the vendor logo. Nice to Have: — Experience with Chronicle/Google SecOps — YARA-L rules, UDM data model — Familiarity with QRadar or ArcSight from client or previous employer environments — Security certifications: GCIA, CEH, CompTIA Security+, Microsoft SC-200, or Splunk Core Certified — Scripting for automation — Python, PowerShell, or bash for log parsing or playbook triggers Don't let the nice-to-haves stop you. If you have the three core things, the rest can be learned.Role / Mission: Your job is to keep the SIEM infrastructure healthy and make sure the detections it runs actually catch things worth catching. Day-to-day: monitoring and triaging alerts, maintaining log source pipelines, tuning correlation rules, and working with analysts when something escalates. You'll also write and maintain playbooks so the team doesn't reinvent the wheel during incidents. Tech context: the team runs Splunk and Microsoft Sentinel as primary platforms. QRadar and ArcSight in the mix from legacy clients. Chronicle/Google SecOps is present in some environments — knowledge there is a plus. Success in 12 months: you own your detection playbooks, you've added at least one meaningful improvement to the ingestion or detection layer, and when someone has a question about platform behavior, they come to you first. Key Responsibilities: — Monitor, triage, and investigate alerts across SIEM platforms (primarily Splunk and Microsoft Sentinel) — Build, tune, and maintain detection rules and correlation logic — SPL, KQL, or both — Maintain SIEM infrastructure: log sources, ingestion pipelines, platform health, onboarding new data feeds — Write and update incident response playbooks; support L1/L2 analysts during active investigations — Participate in on-call rotation; contribute to post-incident documentation and lessons learned What This Role Is NOT: — Not a pure L1 analyst position — you're here to engineer and improve, not just watch dashboards — Not a client-facing sales or advisory role — this is delivery, inside the engine room — Not a solo build-from-scratch project — you're joining an existing team with live infrastructure Operating Model: Standard working hours, no shift work. On-call is a shared rotation across the engineering team. Hybrid setup in Prague or fully remote is also possible. Reports to: Head of Security Engineering. English for client documentation; Czech for internal team communication. Travel is minimal.Interested? Let's Talk If this sounds like your kind of challenge, apply now — let's build something great together. Throughout the process, you'll be guided by a senior recruiter with hands-on IT experience. Straightforward, technically grounded, without unnecessary recruitment overhead. Send your CV or LinkedIn profile to or reach out via linkedin.com/in/jirisoljak Interview process: — Intro call with SITEQ recruiter — 30 minutes, we'll explain the role and client context — First interview with the team lead — get to know each other, talk about the team and day-to-day — Technical interview with a senior engineer from the security operations team — hands-on discussion, no trick questions — Offer Please note: this position is open only to candidates eligible to work in the EU without visa sponsorship, able to reside and work in the Czech Republic.

    Principal QRadar Engineer / SIEM Competence Lead

    Location

    Hlavní město Praha
    Hybrid

    Job Type

    Permanent
    Contract

    Field

    Networks / Security

    Salary

    90.000-150.000 CZK

    Česká technologická společnost specializovaná na kybernetickou bezpečnost, která více než deset let poskytuje služby v oblasti bezpečnostního monitoringu, detekce hrozeb a provozu SOC. Pokrývá celý cyklus bezpečnostních řešení – od architektonického návrhu a implementace, přes migrace a integrace, až po dlouhodobý provoz, konzultační podporu a rozvoj bezpečnostních služeb. Tým odborníků pracuje napříč doménami SIEM, SOAR, EDR/XDR, NDR, Data Security, network visibility, threat hunting a vulnerability & patch managementu. Technologicky staví na širokém portfoliu platforem, například IBM QRadar, Palo Alto XSIAM/XDR ekosystému, Fortinet SecOps, SentinelOne, Greycortex nebo Flowmon, doplněných o vlastní nástroje a interní know-how. Přístup společnosti je postavený na kombinaci Threat Intelligence, Purple Teamingu a proaktivního vyhledávání hrozeb. Projekty probíhají v prostředí velkých enterprise organizací i subjektů kritické infrastruktury, s důrazem na odbornou kvalitu, technologickou nezávislost a úzkou spolupráci se zákazníky.• Expertní zkušenost s IBM QRadar – práce s Offenses, AQL, correlation rules, DSM, parsingem a onboardingem log source. • Znalost datových zdrojů a jejich významu pro detekce (firewally, OS logy, identity, aplikace, proxy, síťové prvky, cloud služby). • Schopnost navrhovat, ladit a validovat detekční logiku v prostředí QRadar a orientovat se v architektuře SIEM řešení. • Znalost principů detection engineering a práce s rámcem MITRE ATT&CK. • Přehled v infrastruktuře a běžných bezpečnostních technologiích (proxy, IDS/IPS, WAF, identity služby, operační systémy, cloud). • Zkušenost s dalšími SIEM nebo SOAR platformami (např. FortiSIEM, Splunk, Elastic, Microsoft Sentinel, XSOAR/XSIAM, Resilient) je výhodou, nikoli podmínkou. • Schopnost konzultovat technická řešení, vést věcné diskuse a komunikovat s bezpečnostním i infrastrukturním týmem zákazníka. • Analytické myšlení, pečlivost a schopnost samostatně rozhodovat v technických otázkách. • Angličtina na úrovni běžné technické komunikace a práce s dokumentací.Pozice je vhodná pro technického experta nebo architekta, který se může věnovat čistě technické práci, nebo se postupně stát hlavním kompetenčním lídrem celé SIEM Engineering Competence. • Návrh, konfigurace a rozvoj bezpečnostních řešení postavených na IBM QRadar SIEM – architektura, datové toky, integrační model a optimalizace prostředí. • Realizace projektů v oblasti SIEM implementací, onboarding nových log source, DSM mapping a event parsing. • Tvorba, úpravy a ladění correlation rules, AQL dotazů a detekční logiky. • Práce s Offenses, tuning alertů, validace detekcí a návrh navazujících workflow. • Podíl na rozvoji use-case knihovny a mapování detekcí na MITRE ATT&CK. • Konzultační a technická podpora zákazníků při návrhu detekčních strategií a optimalizaci SIEM pravidel. • Účast na proaktivních aktivitách (analýza dat, threat hunting, baseline chování). • Analýza možností a trendů v oblasti SIEM/SOAR technologií a podíl na rozvoji dalších platforem mimo IBM QRadar (např. FortiSIEM, XSIAM ingest nebo jiné konkurenční SIEMy). • Spolupráce na technologickém rozvoji SIEM stacku firmy a příležitost pracovat i s dalšími vendory v rámci SIEM Engineering Competency. • Spolupráce s interními týmy a přenos know-how.Pozice je vhodná pro technicky zaměřené specialisty, konzultanty i architekty. Otevřená je zkušeným mediorům i seniorům, kteří mají přehled napříč moderními bezpečnostními technologiemi. Pozice je nabraná přímo s vedením společnosti a technickými experty, takže dostanete přesné informace o reálném fungování týmu i používaných technologiích. Zaujalo? Ozvěte se! Výběrovým procesem vás provede seniorní IT recruiter s reálnou technickou a doménovou zkušeností – žádné obecné fráze, ale věcná a profesionální debata. This opportunity is open only to candidates based in the Czech Republic with valid EU work authorization and a registered EU freelance/business license (B2B). No visa sponsorship is available.

    IT jobs