AppSec Jobs
← Back to all jobs

Fortinet

Senior Security Engineer

Sunnyvale, CAWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Fortinet

Fortinet, Inc. is a global cybersecurity company founded in 2000 and headquartered in Sunnyvale, California. The company specializes in integrated and automated security solutions designed to protect enterprises, service providers, and government organizations from cyber threats. Fortinet's core product is the FortiGate series of next-generation firewalls, which combine multiple security features into a single platform for high performance. Over the years, Fortinet has expanded its offerings to include the Security Fabric architecture for unified network security, management tools like FortiManager, and various subscription services for real-time threat protection. The company has also developed solutions for wireless access, cloud security, and network access control. Fortinet emphasizes broad, automated cybersecurity, catering to a wide range of clients from small businesses to large enterprises. Fortinet has established partnerships with major organizations across various sectors, including telecommunications, technology, and government, showcasing its commitment to enterprise-scale cybersecurity solutions.

Industry

computer & network security

Employees

15,000

5265 engineers

Revenue

$6.8B

Website

Visit →

Security at Fortinet

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Fortinet's AppSec philosophy centers on a Secure Development Lifecycle (SDLC) where 'security is baked into the product from inception' and covers every stage from design to end-of-life.
  • They advocate for a 'Shift Left' approach, integrating security seamlessly into the earliest stages of development.
  • Their mission emphasizes a DevOps-first mindset, aiming to automate AppSec testing within CI/CD paradigms to enable developers rather than acting as a traditional gatekeeper.

Security Team

The AppSec function at Fortinet falls under the Chief Information Security Officer (CISO), Carl Windsor, who oversees global teams including product security and information security. Sundar Krish serves as the General Manager of DevSecOps following the acquisition of Sken.ai. The team includes roles such as DevOps Engineers for FortiAppSec who focus on building CI/CD pipelines and collaborating across Development, Product, and QA teams. As of April 30, 2026, at least one active job posting for a DevOps Engineer (FortiAppSec) was identified, though total team headcount is not publicly available.

Key Initiatives

Key initiatives include the Fortinet Product Security Incident Response Team (PSIRT), which coordinates security for over 40 products and aims for a 90-day mean time to resolution for vulnerabilities. The company has also updated its 'Secure-by-Design' and 'Secure-by-Default' standards to ensure security is integrated into SDLC policy at the earliest stages. There is no public evidence of a formal 'Security Champions' program or major new AppSec initiatives launched within the last six months.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.