Job Description
Roles & Responsibilities
2.1 Fortinet Security Infrastructure
▪ Design, deploy, configure, and manage Fortinet FortiGate Next-Generation Firewalls (NGFW) across all Group sites and entities
▪ Administer and maintain FortiManager for centralised policy management, device provisioning, and configuration across the multi-site Fortinet estate
▪ Configure and manage FortiWAF (Web Application Firewall) to protect web-facing applications and portals against OWASP Top 10 threats and application-layer attacks
▪ Develop, review, and enforce firewall security policies, NAT rules, VPN configurations (IPSec and SSL), and traffic shaping policies
▪ Maintain and optimise Fortinet Security Fabric integrations including FortiAnalyzer, FortiSwitch, FortiAP, and FortiClient where deployed
▪ Conduct regular firewall rule base reviews and clean-up exercises to ensure policies align with the principle of least privilege
▪ Manage firmware upgrades and patch cycles across all Fortinet devices in accordance with the Group’s change management and patch management processes
2.2 Network Access Control (NAC)
▪ Configure, manage, and maintain Network Access Control (NAC) solutions to enforce device compliance and access policies across wired and wireless networks
▪ Implement 802.1X port-based authentication for all corporate network access points, integrated with Active Directory and RADIUS (FortiAuthenticator or equivalent)
▪ Define and enforce NAC policies for endpoint compliance checks including operating system patch level, antivirus status, and certificate validity before granting network access
▪ Manage guest network access, BYOD policies, and quarantine VLAN procedures for non-compliant or unrecognised devices
▪ Maintain and audit NAC access logs and generate periodic compliance reports for IT management review
2.3 Network Infrastructure & Architecture
▪ Design and maintain network segmentation architecture including VLANs, DMZ zones, and micro-segmentation to limit lateral movement and enforce security boundaries
▪ Administer routing protocols (BGP, OSPF, EIGRP) and switching technologies (STP, LACP, VTP) across campus and data centre environments
▪ Manage SD-WAN configurations and WAN link failover across multi-site Group locations
▪ Maintain site-to-site and remote access VPN infrastructure for secure connectivity across Group entities and remote users
▪ Monitor network performance and capacity across all sites using network monitoring tools (SolarWinds, PRTG, FortiAnalyzer, or equivalent)
▪ Respond to and resolve network incidents within defined SLA timeframes, performing root cause analysis and preventive action documentation
2.4 Patch Management
▪ Manage and execute the network infrastructure patch management lifecycle including vulnerability identification, patch testing, scheduling, deployment, and post-patch verification
▪ Maintain an up-to-date patch status register for all network devices including firewalls, switches, routers, wireless controllers, and access points
▪ Coordinate firmware and software upgrades for all network infrastructure in compliance with the Group’s change management process and approved maintenance windows
▪ Monitor vendor security advisories (Fortinet PSIRT, Cisco PSIRT, and equivalent) and assess applicability and urgency of security patches within the Group environment
▪ Produce monthly patch compliance reports for IT management, identifying devices with outstanding critical or high-severity patches and their remediation timelines
2.5 Security Operations Support
▪ Collaborate with the Group IT security team on network-related security incidents, investigations, and threat containment activities
▪ Support the implementation and maintenance of network security monitoring using SIEM platforms, reviewing firewall and IPS logs for anomalous activity
▪ Participate in vulnerability assessments and penetration testing remediation activities related to network infrastructure
▪ Contribute to the development and maintenance of network security policies, standards, and procedures in alignment with ISO 27001, NIST, and UAE regulatory requirements (NESA, NCA)
2.6 Support Engineering (as required)
▪ Provide Level 2 and Level 3 infrastructure and network support to end users and business units across the Group as and when required
▪ Assist with IT helpdesk escalations related to network connectivity, VPN access, and firewall-blocked services
▪ Support new site setups, office moves, and network infrastructure expansions across Arenco Group entities
▪ Participate in IT on-call rotation for critical network infrastructure incidents outside of standard business hours as required by operational needs
▪ Document all support activities, configurations, and resolutions in the IT service management platform
2.7 Avaya IP Office PABX System
● Administer and maintain the Avaya IP Office PABX system across all Arenco Group sites, including system configuration, user administration, hunt groups, call routing, and auto-attendant programming
● Configure and manage Avaya IP Office extensions, SIP trunks, Direct Inward Dialling (DID), voicemail, and call recording settings in line with Group business requirements
● Integrate Avaya IP Office with the corporate network infrastructure, ensuring QoS policies are applied to VoIP traffic to maintain call quality across WAN and LAN links
● Perform system health checks, software upgrades, and licence management for the Avaya IP Office platform, ensuring firmware and software are maintained at vendor-supported versions
● Troubleshoot and resolve IP telephony issues including call quality degradation, registration failures, SIP trunk faults, and voicemail system errors in a timely manner
● Maintain accurate documentation of the Avaya IP Office system configuration, extension registers, trunk assignments, and dial plan across all Group sites
● Liaise with Avaya-authorised partners and telecom service providers for escalated support, hardware replacement, and system expansion projects