Location: New York, NY, United States

Fortinet is seeking a Consulting Data Security Architect within the Advanced Consulting Security
Engineering (CSE) organization. This role serves as a senior technical authority supporting
strategic data security initiatives across endpoint, user risk, and data protection domains. The
position partners closely with Product Management, Field Sales, Professional Services, and
customers to deliver high-impact proof-of-concept engagements, advanced architectural designs,
and sales enablement. This is a hands-on engineering and architecture role requiring deep
operating system knowledge, data security domain expertise, scripting and automation proficiency,
and the ability to translate complex business requirements into secure, scalable technical designs.

Responsibilities
• Support high-profile proof-of-concept (POC) and proof-of-value (POV) engagements for
strategic opportunities
• Architect and design complex data security and endpoint protection environments
• Provide deep technical guidance on endpoint data security, user risk management,
classification frameworks, and metadata-driven controls
• Develop and maintain automation scripts for endpoint and agent deployment
• Translate regulatory and business requirements into enforceable technical policy frameworks
• Develop reference architectures and best-practice deployment patterns
• Lead technical sales engagements in collaboration with Field SEs and Account Teams
• Develop and deliver technical enablement and training programs
• Support Product Management with market-driven feature prioritization
• Provide technical mentorship across the CSE organization

Technical Protocol & Security Specificity Requirements
• Transport Security: TLS 1.2/1.3, mTLS, HTTPS inspection, SSH, IPsec (IKEv2), QUIC/HTTP3,
SMTPS/STARTTLS, LDAPS
• Encryption at Rest: BitLocker, LUKS, FileVault, EFS, TPM integration, Secure Boot chains
• Key Management: PKCS#11, KMIP, HSM integration, Cloud KMS (AWS KMS, Azure Key
Vault, GCP KMS)
• Data Classification & Metadata: Microsoft Information Protection (MIP), Sensitivity Labels,
EDM, regex pattern matching, XMP, EXIF, Dublin Core
• Data Formats: JSON, XML, YAML, CSV, Parquet, Office Open XML, PDF object structures,
SQL/NoSQL schemas
• Endpoint OS Internals (Windows): WFP, ETW, LSASS protections, Kernel/filter drivers, NTFS
ADS, SMB, Group Policy
• Endpoint OS Internals (Linux): SELinux, AppArmor, eBPF, inotify, PAM, Auditd, POSIX ACLs
• macOS Security: Endpoint Security Framework, System Extensions, TCC
• Identity Protocols: SAML 2.0, OAuth 2.0, OIDC, SCIM, LDAP, Kerberos, RADIUS,
FIDO2/WebAuthn
• DLP Enforcement Methods: Inline proxy DLP, Endpoint agent DLP, API-based SaaS DLP,
CASB architectures, Clipboard/USB control, OCR detection
• Cloud & Storage Protocols: S3 API, NFS, SMB 3.0, WebDAV, REST APIs, gRPC, object
storage semantics, pre-signed URLs
• Telemetry & Logging: Syslog, CEF, LEEF, Kafka pipelines, OpenTelemetry, Windows Event
Logs
• Regulatory Alignment: HIPAA technical safeguards, PCI DSS encryption controls, GDPR data
handling, NIST 800-53, ISO 27001 Annex A

Experience Requirements
• 5–10 years of experience in data security, endpoint protection, or user risk solutions
• Strong scripting and automation capabilities (Python, PowerShell, Bash)
• Deep Windows and Linux operating system knowledge; macOS familiarity
• Experience designing secure enterprise architectures across hybrid environments
• Ability to communicate complex engineering decisions to executive and technical stakeholders

Preferred Qualifications
• Experience with Fortinet solutions including FortiDLP
• Experience with competitive platforms (Cyberhaven, CrowdStrike, Symantec)
• Public cloud architecture experience (AWS, Azure, GCP)
• Technical sales leadership and engineering mentorship experience

Education
• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field and/or
equivalent experience required
• Advanced degree preferred