Job Specifications
Role-Technical Design Authority– Secure Networks
Location-Home based with travel to customer sites/team meetings when required
Salary-Negotiable
Why this role exists
We’re expanding to deliver a wave of customer network transformations. The TDA is our post-sales technical lead and trusted advisor, responsible for shaping and delivering robust designs, guiding customers through SD-WAN and SASE adoption, and ensuring implementations land cleanly into service.
You’ll be hands-on enough to own Low Level Design and Migration Runbooks and cut-through on complex problems, yet customer centric enough to build confidence, challenge constructively, and become 'first call' for strategic technical decisions.
Experience we’re looking for
• Track record delivering multi-site SD-WAN/SASE transformations as the lead designer/authority.
• Evidenced 'trusted advisor' relationships with enterprise or public-sector customers.
• Hands-on with Fortinet SD-WAN/SASE/ ZTNA in production, including policy design and troubleshooting.
• Comfortable guiding engineers and challenging scope/assumptions to keep delivery on track.
Key Responsibilities
What you’ll do
• Own solution design: Produce high-quality High-Level and Low-Level Designs for SDWAN, Secure SD-Branch and SASE, integrating NGFW, ZTNA, and Cloud-connect, aligned to customer outcomes and delivery constraints.
• Lead delivery technically: Act as Design Authority across project phases, providing technical governance, standards, and 'go/no-go' on design changes; assure quality of build, test and service transition artefacts.
• Be the trusted advisor: Run customer workshops, translate business drivers into technical decisions, challenge assumptions, and guide stakeholders through risk/benefit trade-offs for transformation programmes.
• Close the loop with pre-sales: Review RFPs/RFIs and proposed architectures, contributing design options, scope assumptions, and delivery estimates that can be sold and delivered on time and within budget.
• Harden security posture: Define and validate SASE/Zero-Trust policies, ZTNA access models, identity-aware segmentation, and secure site templates; align with Nasstar security frameworks and customer policies.
• Operational handover: Ensure designs are operable: documentation, config standards, test plans, knowledge transfer and run-books to transition smoothly into support.
• Continuous improvement: Capture lessons learned, contribute to design standards, templates and automation; mentor engineers and influence productised delivery patterns for SD-WAN/SASE.
Skills, Knowledge and Expertise
Core technical skills
• Fortinet SD-WAN & SASE: FortiGate (physical/VM), FortiManager/FortiAnalyzer, SD-WAN overlays, performance-based routing, segmentation; SASE policy definition; ZTNA (client and gateway).
• Routing & overlays: BGP, OSPF, IPsec, GRE; dual-underlay/dual-hub; DIA/MPLS migrations.
• Firewalling & security: NGFW policies, IDS/IPS, SSL inspection, cert chains and device PKI hygiene; Zero-Trust principles and identity-aware access.
• LAN/WAN & Wi-Fi: Campus/branch designs, SD-Branch, switching/wireless patterns and site standards.
• Cloud & edge: Private DC, interconnect, cloud on-ramps; design guardrails for resilience and failover.
Professional skills
• Customer-centric communicator who can translate business constraints into clear technical decisions and articulate risk/impact in plain English.
• Pragmatic, delivery-minded: balances 'strategic ideal' vs. 'tactical path' to meet timelines and budgets.
• Comfortable chairing design workshops and Design Authority forums, documenting outcomes and holding teams to standards
Nice to have
• Operational Technology (OT) Security: Exposure to OT network segmentation, asset zoning (ISA/IEC 62443 concepts), secure remote access for plant or retail edge, and constrained-environment change practices.
• Broader vendor familiarity (Cisco/Meraki/Juniper) to read/critique designs and handle heterogeneous estates.
Certifications (preferred)
• Fortinet NSE 4–7 (or progress toward).
• Cisco/Juniper routing certs helpful (CCNP, JNCIS/JNCIP).
• Security certs a plus (e.g. CISSP, GIAC) and any exposure to ISA/IEC 62443 for OT.
Benefits
At Nasstar, we know the importance of looking after our employees – after all, it’s the team that underpins our business!
In addition to a competitive salary, supportive teams, and a real opportunity to progress in your career with a forward-thinking organisation, our benefits package includes:
25 days’ holiday (excluding bank holidays) + Your Birthday Off
Flexible working – it’s important to maintain a work/life balance, as such, we will consider any written request for flexible working
Virtual working – we practice what we preach and empower our people to work remotely
Top tech – Leading services and solutions aren’t just for our clients; we supply best-of-breed software and hardware for all our staff too
4x annual salary life assurance
Heal
About the Company
At Nasstar, we specialise in transformative technology.
Our integrated suite of managed services delivers everything from cloud optimisation and application modernisation to networking, security and self-serve tools. With a consultative approach at our core, we modernise and manage technology to help our clients succeed in today's competitive business world.
Through strategic consultation, to implementation and management, we provide the vision and the mechanics needed to create transformational change for our clients.
Know more