Subject Matter Expert

Orange Business is here!

About us

Join us at Orange Business!

We are a network and digital integrator that understands the entire value chain of the digital world, freeing our customers to focus on the strategic initiatives that shape their business.

Every day, you will collaborate with a team dedicated to providing consistent, sustainable global solutions, no matter where our customers operate. With over 30,000 employees across Asia, the Americas, Africa, and Europe, we offer a dynamic environment to develop and perfect your skills in a field filled with exciting challenges and opportunities.

About the role

We are looking for an experienced Subject Matter Expert – Multi OEM responsible for advanced deployment,  troubleshooting, design validation, and escalation handling of enterprise security infrastructure across multiple OEM platforms. The role requires deep technical expertise in next-generation firewalls, VPN technologies, threat prevention systems, and network security architecture.

The engineer will act as the highest technical escalation point (L3) for security incidents, complex changes, and infrastructure issues while supporting SOC, L1/L2 teams, and service delivery stakeholders.

 

Key Responsibilities

• Deploy, configure, and support Zscaler ZIA/ZPA, SASE architecture, firewalls (Palo Alto/CP or other OEMs), VPNs, and OT security (IEC 62443 segmentation).

 

• Manage Claroty xDome Secure Access, threat monitoring, incident response, and compliance audits.

 

• Integrate tools (SIEM, IAM), automate policies, and conduct vulnerability assessments for IT/OT convergence.
• Act as L3 escalation point for complex network security incidents and troubleshooting.
• Perform advanced configuration, tuning, and optimization of enterprise firewall infrastructure.
• Configure, troubleshoot and manage VPN tunnels (IPsec / SSL VPN) on enterprise firewalls such as Check Point Security Gateway, Fortinet FortiGate, Cisco ASA, Cisco FTD and Palo Alto Networks PAN-OS.
• Manage complex network environments using Multi-Domain Security Management (MDS/MDC).
• Architect and implement SASE Solutions for vendors like Zscaler, Fortinet, Palo Alto  etc.
• Manage SIEM solution, Email protection, XDR,XSOAR, NDR etc
• Perform Vulnerability assessment & Penetration testing with tools like Qualys, Nessus, etc
• Lead complex change implementations, migrations, and security upgrades.
• Conduct root cause analysis (RCA) for major incidents and recurring issues.
• Design and review secure network architecture and segmentation strategies.
• Perform security hardening and best-practice configuration across platforms.
• Ensure compliance with ITIL change, incident, and problem management processes.
• Provide technical mentorship and guidance to L1/L2 engineers.
• Support SOC investigations and threat mitigation activities
• Maintain technical documentation, runbooks, and architecture diagrams.
• Participate in security audits, vulnerability remediation, and compliance initiatives.

Required Multi-OEM Expertise

Hands-on experience with three or more of the following security platforms:

• Palo Alto Networks – NGFW, Panorama, Threat Prevention
• Fortinet – FortiGate, Forti Manager, Forti Analyzer
• Cisco – ASA, Firepower, FMC
• Check Point Software Technologies – Check Point Firewall, Checkpoint Cloud guard, VSX etc
• Juniper Networks – SRX Firewall
• Zscaler – ZDTA / ZDTE / ZDXA / ZIA / ZPA Cloud Security
• F5 – WAF / Application Security (added advantage)
• SIEM - IBM Qradar, Splunk etc

Technical Skills

• Zscaler/SASE Expertise: Hands-on with ZIA (Internet Access: SWG, DLP, CASB), ZPA (Private Access: ZTNA), policy config, SSL inspection, troubleshooting, integrations (Azure AD/Okta, SIEM), and Zero Trust principles.
• Firewalls & VPN: Proficiency in on-prem/cloud firewalls (e.g., Palo Alto, Cisco), IPS/IDS, site-to-site/RAVPN, DMVPN, rules/policies, and traffic analysis (Wireshark, tcp dump), IDS/IPS
• OT Security: Knowledge of ICS/SCADA/PLC protocols, IEC 62443/NIST 800-82, network segmentation, Claroty xDome secure access, Purdue model, vulnerability assessments for industrial systems, and minimal-downtime hardening.
• Foundational Networking: TCP/IP, DNS, HTTP/S, routing/switching, cloud (AWS/Azure), endpoint basics, scripting (Python/Bash).

Certifications (Preferred)

• Palo Alto Networks – PCNSE
• Fortinet – NSE 5 / NSE 7
• Cisco – CCNP Security
• Check Point Software Technologies – CCSE
• Zscaler – ZDTA / ZDTE
• Cloud (AWS/Azure) exposure
• ISACA – CISM (optional for senior roles)

About you

Experience

• 8+ years of experience in Network Security operations or engineering with proven Zscaler/SASE, firewall/VPN, OT/ICS hands-on
• Strong experience in multi-vendor enterprise environments
• Exposure to banking / manufacturing/ Utilities / large enterprise security infrastructure / 
• Experience in 24x7 SOC / Managed Security Services

Soft Skills

• Strong analytical and troubleshooting capabilities
• Ability to handle critical incidents under pressure
• Excellent communication with stakeholders and leadership
• Strong documentation and reporting skills
• Ability to mentor junior engineers
• Zero Trust mindset

You bring a can-do attitude, tackle challenges head-on and challenge the status quo with new and innovative ideas.

What we offer

• Global Opportunities: Work in multi-national teams with opportunity to collaborate with colleagues and customers from all over the world.• Flexible Work Environment: Flexible working hours and possibility to combine work from office and home (hybrid ways of working).• Professional Development: training programs and upskilling/re-skilling opportunities.• Career Growth: Internal growth and mobility opportunities within Orange.• Caring and Daring Culture: Health and well-being programs and benefits, diversity & inclusion initiatives, CSR and employee connect events.• Reward Programs: Employee Referral Program, Change Maker Awards.

Only your skills matter

Regardless of your age, gender identity, race, ethnic origin, religion/belief, sexual orientation, marital status, neuroatypia, disability, veteran status or appearance, we encourage diversity within our teams because it is a strength for the collective and a vector of innovation. Orange Group is a disabled-friendly company and equal opportunity employer: don't hesitate to tell us about your specific needs.

Responsibilities

We are looking for an experienced Subject Matter Expert – Multi OEM responsible for advanced deployment, troubleshooting, design validation, and escalation handling of enterprise security infrastructure across multiple OEM platforms. The role requires deep technical expertise in next-generation firewalls, VPN technologies, threat prevention systems, and network security architecture.


The engineer will act as the highest technical escalation point (L3) for security incidents, complex changes, and infrastructure issues while supporting SOC, L1/L2 teams, and service delivery stakeholders.


 
Key Responsibilities


- Deploy, configure, and support Zscaler ZIA/ZPA, SASE architecture, firewalls (Palo Alto/CP or other OEMs), VPNs, and OT security (IEC 62443 segmentation).


 
- Manage Claroty xDome Secure Access, threat monitoring, incident response, and compliance audits.


 
- Integrate tools (SIEM, IAM), automate policies, and conduct vulnerability assessments for IT/OT convergence.


- Act as L3 escalation point for complex network security incidents and troubleshooting.


- Perform advanced configuration, tuning, and optimization of enterprise firewall infrastructure.


- Configure, troubleshoot and manage VPN tunnels (IPsec / SSL VPN) on enterprise firewalls such as Check Point Security Gateway, Fortinet FortiGate, Cisco ASA, Cisco FTD and Palo Alto Networks PAN-OS.


- Manage complex network environments using Multi-Domain Security Management (MDS/MDC).


- Architect and implement SASE Solutions for vendors like Zscaler, Fortinet, Palo Alto  etc.


- Manage SIEM solution, Email protection, XDR,XSOAR, NDR etc


- Perform Vulnerability assessment & Penetration testing with tools like Qualys, Nessus, etc


- Lead complex change implementations, migrations, and security upgrades.


- Conduct root cause analysis (RCA) for major incidents and recurring issues.


- Design and review secure network architecture and segmentation strategies.


- Perform security hardening and best-practice configuration across platforms.


- Ensure compliance with ITIL change, incident, and problem management processes.


- Provide technical mentorship and guidance to L1/L2 engineers.


- Support SOC investigations and threat mitigation activities


- Maintain technical documentation, runbooks, and architecture diagrams.


- Participate in security audits, vulnerability remediation, and compliance initiatives.



Required Multi-OEM Expertise


Hands-on experience with three or more of the following security platforms:


- Palo Alto Networks – NGFW, Panorama, Threat Prevention


- Fortinet – FortiGate, Forti Manager, Forti Analyzer


- Cisco – ASA, Firepower, FMC


- Check Point Software Technologies – Check Point Firewall, Checkpoint Cloud guard, VSX etc


- Juniper Networks – SRX Firewall


- Zscaler – ZDTA / ZDTE / ZDXA / ZIA / ZPA Cloud Security


- F5 – WAF / Application Security (added advantage)


- SIEM - IBM Qradar, Splunk etc



Technical Skills


- Zscaler/SASE Expertise: Hands-on with ZIA (Internet Access: SWG, DLP, CASB), ZPA (Private Access: ZTNA), policy config, SSL inspection, troubleshooting, integrations (Azure AD/Okta, SIEM), and Zero Trust principles.


- Firewalls & VPN: Proficiency in on-prem/cloud firewalls (e.g., Palo Alto, Cisco), IPS/IDS, site-to-site/RAVPN, DMVPN, rules/policies, and traffic analysis (Wireshark, tcp dump), IDS/IPS


- OT Security: Knowledge of ICS/SCADA/PLC protocols, IEC 62443/NIST 800-82, network segmentation, Claroty xDome secure access, Purdue model, vulnerability assessments for industrial systems, and minimal-downtime hardening.


- Foundational Networking: TCP/IP, DNS, HTTP/S, routing/switching, cloud (AWS/Azure), endpoint basics, scripting (Python/Bash).



Certifications (Preferred)


- Palo Alto Networks – PCNSE


- Fortinet – NSE 5 / NSE 7


- Cisco – CCNP Security


- Check Point Software Technologies – CCSE


- Zscaler – ZDTA / ZDTE


- Cloud (AWS/Azure) exposure


- ISACA – CISM (optional for senior roles)