Senior Firewall & Network Security Engineer
It's fun to work in a company where people truly BELIEVE in what they're doing!
The Senior Firewall & Network Security Engineer (NGFW) is a senior, hands on technical specialist responsible for the end to end operational management of the organisation’s Next Generation Firewall (NGFW) security services, with primary experience in Fortinet FortiGate and similar enterprise firewall platforms. The role ensures effective delivery of layer 7 firewalling, intrusion prevention, VPN, application control, web filtering (including directory integrated policies), anti malware protections, and internal segmentation controls, safeguarding business operations while enabling secure connectivity.This role is accountable for secure policy enforcement, continuous optimization and recertification of firewall rules, incident response, security hygiene (patching/backups), and compliance reporting, operating in alignment with security standards and governance processes.
WHAT YOU WILL DO:
•Own and operate NGFW services including next‑generation layer‑7 firewalling, ensuring secure and resilient perimeter protection.
•Configure, manage, and tune network intrusion detection/prevention (IPS/IDS) controls, including rules configuration aligned to business requirements and security recommendations.
•Manage VPN services (remote access and site‑to‑site), supporting secure connectivity and troubleshooting across the firewall estate
•Implement and maintain application control (application‑aware policy enforcement) to reduce risk and improve security posture.
•Implement and maintain web filtering with directory integration, enforcing organisational internet access policies and updating content filtering as OEM updates are released.
•Operate and maintain anti‑virus / malware protection services on the NGFW platform to protect against malicious websites, exploits, and malware.
•Perform regular modelling, testing, execution, and tracking of firewall rule/policy changes based on business requirements, ensuring governance alignment
•Conduct monitoring and audit of firewall configurations against agreed standards and approved changes, ensuring configuration integrity and compliance.
•Drive optimisation and periodic recertification of rules and policies, ensuring they remain effective, minimal, and aligned to good practice principles.
•Implement and manage internal network segmentation controls to support secure zoning and reduce lateral movement risk.
•Handle and resolve incidents, alerts, exceptions, and exposures associated with firewall and perimeter security controls, including root cause analysis and remediation guidance.
•Ensure NGFW platform hygiene, including patching in line with OEM recommendations and maintaining secure operational posture.
•Perform configuration backups and store them according to best practice, supporting recoverability and operational continuity.
•Provide actionable operational security communications by notifying stakeholders of major security/health issues with context and remediation recommendations.
•Maintain and support centralised logging and reporting integrations for analysis and operational visibility (e.g., external logging to an analyser platform) where implemented.
•Produce security and compliance reporting on incidents raised and compliance status, aligned to reporting requirements and frequency.
•Assist with defining and maintaining vulnerability scan policy and related firewall security inputs
WHAT YOU WILL BRING TO THE TABLE:
Key attributes and competencies
·Strong hands on expertise operating NGFW security controls (Layer 7 firewalling, IPS/IDS, VPN, application control, web filtering, malware protections).
·Strong policy governance capability: change modelling/testing, configuration audit, and periodic policy optimisation/recertification.
·Incident leadership: ability to handle and resolve alerts, exceptions, and exposures with structured RCA and pragmatic remediation.
·Ability to balance security and availability, ensuring secure enablement of business connectivity while maintaining controls.
Experience and Qualifications
·5–10 years’ experience in enterprise firewall / network security operations
·Proven hands on experience with Fortinet FortiGate NGFW operations (policy, IPS, VPN, web filtering, application control, AV/UTM services
·Experience with similar enterprise firewall technologies (advantageous) and operating in change controlled environments.
Qualifications & Certifications
·Relevant IT qualification (Diploma/Degree preferred).
·Fortinet NSE / Fortinet Professional certifications (strongly preferred), e.g.:
·NSE 4 / FCP Network Security (core operations), NSE 5 (analysis/management)
·NSE 7 (advanced troubleshooting/enterprise design & operations)
In accordance with the employment equity plan of Tiger Brands and its employment equity goals and targets, preference may be given, but is not limited, to candidates from under-represented designated groups.