Position Summary
The Sr. Network Engineer — SD-WAN & Security is the senior platform operator for Encore’s managed VeloCloud SD-WAN and managed Fortinet customer practices within the Infrastructure Managed Services (IMS) team. This role owns day-to-day operations, change management, and incident escalation across a multi-customer book of business, with a primary focus on operating customer environments inherited from prior managed services providers. The engineer partners with the IT Operations Command Center (ITOCC) to operationalize platform support at scale and serves as the senior escalation point for the most complex SD-WAN and Fortinet incidents.
Responsibilities:
· Operate VeloCloud SD-WAN and Fortinet (FortiGate, FortiManager, FortiAnalyzer) platforms across Encore’s managed services customer book — including configuration changes, policy management, software upgrades, certificate rotations, and edge/appliance lifecycle.
· Lead transition activities when Encore takes over managed services from incumbent providers, including environment discovery, configuration audit, documentation reconstruction, and identification of stabilization risks before steady-state operations begin.
· Serve as the senior technical authority and final escalation point for SD-WAN and Fortinet incidents, problems, and major changes — including overlay routing analysis, path quality troubleshooting, FortiGate policy debugging, and root cause investigation.
· Operate as the Pilot engineer within Encore’s Pilot/Co-Pilot delivery model across the managed VeloCloud and Fortinet customer book, with customer engineers serving as the Co-Pilot through transition and steady-state operations.
· Partner with the IT Operations Command Center (ITOCC) to define alert thresholds, runbook libraries, and L2 triage procedures specific to VeloCloud and Fortinet so analysts can effectively support these environments at scale.
· Develop change management workflows, configuration templates, and automation (Ansible, Python, vendor APIs) to drive consistent, auditable changes across VeloCloud and Fortinet customer environments.
· Lead software version management, edge appliance lifecycle (RMA, replacement, refresh), and FortiGate hardware lifecycle across the customer book; manage relationships with VMware/Broadcom and Fortinet TAC for vendor escalations.
· Develop and maintain training materials, internal documentation, and template libraries that allow IMS and ITOCC teams to extend VeloCloud and Fortinet coverage to new customers as the practice grows.
· Serve as Encore’s deep technical authority on VeloCloud SD-WAN and Fortinet; support pre-sales conversations, customer scoping, and architecture decisions for new managed SD-WAN and managed security opportunities.
· Mentor IMS and ITOCC engineers on SD-WAN and Fortinet best practices and contribute to the evolving managed services roadmap (Bronze, Silver, Gold tier offerings).
· Other duties as assigned.
Qualifications:
· Bachelor’s degree in Information Technology, Computer Science, or related field; relevant industry certifications a strong plus.
· 7+ years of hands-on network engineering experience with at least 3+ years operating SD-WAN and/or enterprise firewall platforms in a managed services or multi-customer environment.
· Deep, demonstrable expertise with VMware/Broadcom VeloCloud SD-WAN at scale – VCO administration, edge deployment and troubleshooting, business policy configuration, overlay routing, gateway architecture, and software lifecycle management across multi-site deployments. Comfort with VeloCloud APIs and reporting a strong plus.
· Strong production experience with Fortinet platforms – FortiGate (firewall, IPSec/SSL VPN, SD-WAN), FortiManager, FortiAnalyzer; policy design, security profiles, HA pairs, and FortiOS upgrades. Regulated environment experience (financial services, healthcare, K-12) a plus.
· Strong networking fundamentals – BGP, OSPF, IPSec, NAT, QoS, and overlay/underlay design; automation fluency with Ansible, Python (Netmiko, requests for REST APIs), or equivalent; comfort with YAML, Jinja templating, and Git-based configuration workflows.
· Demonstrated experience taking over managed network environments from incumbent providers – environment discovery, configuration audit, documentation reconstruction, and stabilization; familiarity with adjacent SD-WAN (Cisco SD-WAN, Silver Peak) or firewall platforms (Palo Alto, Check Point) a plus.
· Prior MSP or managed services experience strongly preferred; experience leading customer-facing engagements as the senior technical lead; Fortinet NSE 4/5/7, VeloCloud/VMware SD-WAN certifications, or CCNP-level routing certification highly desirable.