Senior Network Security Engineer (Ivanti SSL VPN)?

Overview

On Site
BASED ON EXPERIENCE
Full Time
Contract - W2
Contract - Independent

Skills

Test Plans
Access Control
PSA
Kerberos
Functional Testing
Workflow
Testing
Failover
Reliability Engineering
Compatibility Testing
Migration
Knowledge Transfer
Documentation
Demonstrations
Collaboration
ProVision
SSL VPN
Servers
Workday
Provisioning
Mapping
Remote Access
Security Analysis
Inventory
Hardening
Reporting
Management
Network
Scalability
Network Security
Computer Networking
Firewall
Virtual Private Network
Encryption
LDAP
SAML
RADIUS
Multi-factor Authentication
Active Directory
Authentication
Authorization
Oracle Linux
Performance Management
Project Management
Preventive Maintenance
Hudson
Entrepreneurship
IT Strategy
Partnership
Application Development
Cyber Security
Recruiting
Life Insurance

Job Details

We are seeking a Senior Network Security Engineer consultant to assist with configuration, evaluating existing config and migration of configuration including authentication services, user realms and profiles, from old appliance to new appliance. The project also includes the implementation of multiple domain authentication and validation of the configurations against a new domain authentication structure. Senior/Expert (7) years Cybersecurity Experience in Ivanti SSL VPN solution a must.

Core Responsibilities:

Assessment:
Authentication Setup Assessment:
  • Inventory all user realms, profiles, and configurations on the PSA devices.
  • Assess the compatibility of current configurations with the new ISA platform and the new domain authentication structure.
New Domain Authentication Assessment:
  • Review the architecture and configuration of the new domain environment.
  • Identify potential integration challenges and ensure readiness for authentication migration.
Planning:
Migration and Testing Plan:
  • Develop a comprehensive migration plan for user realms and profiles, incorporating testing against the new domain environment.
  • Define prerequisites for integration, including trust relationships, certificates, and access control configurations.
  • Establish rollback procedures to address any migration or authentication issues.
Pre-Migration Preparation:
  • Prepare ISA devices to receive migrated configurations and support the new domain authentication structure.
  • Coordinate with client teams to align schedules and test periods.
Migration Execution:
Data and Configuration Migration:
  • Extract user realms, profiles, and authentication settings from the PSA devices.
  • Transform and adapt extracted data for compatibility with ISA devices and the new domain environment.
  • Load configurations onto ISA devices in a phased manner.
Domain Authentication Configuration:
  • Enable and configure multiple domain authentication on ISA devices.
  • Integrate and validate authentication protocols (SAML, Kerberos, LDAP) with the new domain structure.
Validation and Testing:
Functional Testing:
  • Test authentication workflows for all user realms and profiles against the new domain authentication structure.
  • Validate user access for each domain, ensuring no disruptions or policy violations.
Failover Testing:
  • Test failover and redundancy scenarios to confirm system reliability.
New Domain Compatibility Testing:
  • Verify that the migrated configurations work seamlessly within the new domain authentication setup.
  • Address and resolve any compatibility or integration issues.
Documentation and Knowledge Transfer:
  • Document all migration procedures, challenges, and resolutions.
  • Provide knowledge transfer to CUNY staff through detailed documentation and live demonstrations.
Collaboration and Support:
  • Work closely with CUNY's teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration.
Essential Duties:
  • Provision Access for SSL VPN Users
  • Configure Authentication Servers
  • Create, configure and map Role and Realm and Resources
  • Document all changes
  • Create method of procedures
  • Workday provisioning/mapping Auth server/mapping or creating roles and realms/troubleshooting as needed
  • Other duties as assigned
Assessment:
  • Create a Current State Report
  • Complete Ivanti Pulse Secure environment assessments
  • Review Remote Access architecture
  • Complete configuration and security assessment of all devices
  • Understand and document bandwidth utilization and inventory
  • Identify all issues in all layers of the architecture
Recommendations:
  • Authentication requirements
  • Areas to create redundancy
  • Hardening of the network
  • Areas to upgrade technology
  • Estimated cost of the upgrades
  • Opportunities for cost avoidance
  • Value adds for the upgrades
Create Future State Report
  • Future State Architecture map
  • Future state for management of devices.
  • Network and scalability projections
  • Lifecycle of the future state network security upgrades
  • Anticipated next gen technology.
Mandatory Qualifications:
  1. Possesses a minimum of five years (60 months) of hands- on experience with Ivanti Pulse Secure and Ivanti Connect Secure products.
  2. Demonstrates a strong understanding of Networking protocols, including but not limited to and Security concepts such as firewalls, VPNs, encryption, and Authentication protocols (LDAP, SAML, RADIUS, MFA).
  3. Has practical experience with Next-Generation Firewalling technologies.
  4. Possesses a strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.

Additional Details:
  • Daily Work Hours: 9am - 5pm, with one hour for lunch.
    • Job duties require flexibility, evening or weekend work may be needed as required for system-related tasks
  • Designated Work Location: Remote Work 80%, On site (Campus) 20%
    • Office location is 395 Hudson Street, 6th FL, New York, NY 10014.

Spruce Technology, Inc. is a mid-size, award-winning (Inc 5000, SmartCEO, Entrepreneur of the Year) technology services firm with a steadily growing portfolio of commercial and government clients. Spruce provides innovative technology solutions, specialized IT staff, and IT strategy consulting nationwide. Spruce maintains partnerships with major technology vendors and continually develops leading-edge offerings in service areas such as digital experience, data services, application development, infrastructure, cyber security, and IT staffing.

Spruce Technology, Inc. is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Consistent with the Americans with Disabilities Act, it is the policy of Spruce Technology, Inc. to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process.

All full-time employees are eligible for the following benefits:
Medical, dental, vision health benefits
Life Insurance and AD&D (paid by company)
401k, Flexible and Dependent Care Spending Account plans.
Paid-time Off or Paid Sick Leave (amount dependent on position level and if required by state).

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.