Senior Consulting Systems Engineer – NOC/SOC, SIEM/SOAR (MSSP & Service Provider) EMEA

Location: EMEA (remote) · Travel: up to 20% · Team: CSE Solutions EMEA – SP/MSSP

About the role

EMEA Service Providers and MSSPs need to turn security operations into a profitable, productized service line not just another cost centre. Fortinet's SOC platform (FortiSIEM, FortiSOAR, FortiAnalyzer, FortiSOC) gives them the multi-tenant, predictable-economics foundation to do it.

We're hiring a builder-operator for this. Someone who sees a gap in how MSSPs monetize SOC services, builds the working answer in the lab over a weekend, and is on stage three weeks later showing partners across EMEA how it works. The person who can't not build, and has strong opinions worth putting in front of a room.

You'll operate with autonomy. There is no playbook waiting for you — you'll create it, ship it, and tell the story. You'll join a team of ~20 peers across EMEA with a collaborative, peer-led culture: clear domain ownership, decisions made close to the work, and real voice in how the team operates.

What you'll own

• Build the proof, then show it. Stand up working demo environments, multi-tenant PoCs, and reference deployments end-to-end. Detection content, SOAR playbooks, integration glue, hunting queries, all written by you. Then take the work on stage: keynotes at Fortinet events and partner conferences, technical blogs, recorded demos, customer briefings.
• Productize SOC outcomes. Co-design managed NOC/SOC, MDR, and threat-hunting offerings with MSSP partners, mapping SIEM/SOAR/AI capabilities to service tiers, SLAs, and scalable commercial models. Bring the entrepreneurial lens: what would you productize if this were your business?
• Augment what's already selling. Existing managed services, managed SD-WAN, uniSASE, are prime ground for SOC-led upsell. Design the SecOps wrap that turns these into stickier, higher-margin offerings: managed detection on top of SD-WAN telemetry, automated response inside SASE policy enforcement, SOC-as-a-service tiers layered on uniSASE deployments.
• Win the technical bar. Lead architecture deep-dives, PoVs, and competitive displacements against major competitors, at the whiteboard, in the lab, and on stage.
• Enable at depth. Workshops, certification paths, and hands-on labs for Fortinet SEs, partner SOC analysts, and MSSP architects.
• Close the product loop. Be the SP/MSSP voice into Fortinet on multi-tenancy, AI-driven detection, and SecDevOps requirements, backed by what you've actually built.

What you bring

• 10+ years in security engineering, pre-sales architecture, or SOC operations, with real time spent inside or alongside an MSSP/MSP/SOC, building production systems.
• Deep, hands-on expertise with a major SIEM and a SOAR platform, including detection engineering, parser development, and playbook authoring.
• Strong scripting/automation skills (Python, REST APIs, IaC) and comfort with detection-as-code, CI/CD for SOC content, and AI-assisted triage.
• Working fluency in threat hunting, MITRE ATT&CK, incident response, and modern SecDevOps practices.
• Comfortable in front of a room with strong opinions worth listening to. Track record of conference talks, customer keynotes, or executive briefings. Because you have something to show, not because you enjoy the spotlight.
• Entrepreneurial instinct. You spot opportunities, build the proof yourself, and drive things to outcome without waiting for permission. You'd rather ship something imperfect than wait for the perfect plan.

Fluent English; a second major EMEA language is a strong plus

NSE4 certification is highly desirable (or similarv including another vendor cert) if you don't already have this, you will have to complete it as part of the interview process. (voucher provided)

#LI-NC1

---

Senior Consulting Systems Engineer – NOC/SOC, SIEM/SOAR (MSSP & Service Provider) EMEA Location: EMEA (remote) · Travel: up to 20% · Team: CSE Solutions EMEA – SP/MSSP About the role EMEA Service Providers and MSSPs need to turn security operations into a profitable, productized service line not just another cost centre. Fortinet's SOC platform (FortiSIEM, FortiSOAR, FortiAnalyzer, FortiSOC) gives them the multi-tenant, predictable-economics foundation to do it. We're hiring a builder-operator for this. Someone who sees a gap in how MSSPs monetize SOC services, builds the working answer in the lab over a weekend, and is on stage three weeks later showing partners across EMEA how it works. The person who can't not build, and has strong opinions worth putting in front of a room.