Needed Network Security Engineer or Cyber Security Engineer with Ivanti Connect Secure exp / Ivanti Connect Secure Consultant (Hybrid) - NY/ FL

Position: Network Security Engineer with Ivanti Connect Secure exp / Ivanti Connect Secure Consultant (Hybrid)

Direct Client

Location: Hudson Street, FL/ New York, NY

Contract: 12+ Months

Note: Remote Work 80 %, On site (Campus) 20%

Job Description:

CUNY requires a Senior Network Security Engineer consultant to assist with configuration, evaluating existing config and migration of configuration including authentication services, user realms and profiles, from old appliance to new appliance. The project also includes the implementation of multiple domain authentication and validation of the configurations against a new domain authentication structure.

Mandatory Qualifications:

• Possesses a minimum of five years (60 months) of hands on experience with Ivanti Pulse Secure and Ivanti Connect Secure products.
• Demonstrates a strong understanding of Networking protocols, including but not limited to and Security concepts such as firewalls, VPNs, encryption, and Authentication protocols (LDAP, SAML, RADIUS, MFA).
• Has practical experience with Next-Generation Firewalling technologies.
• Possesses a strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.

Core Responsibilities and Essential Duties:

1. Assessment

• Authentication Setup Assessment:
• Inventory all user realms, profiles, and configurations on the PSA devices.
• Assess the compatibility of current configurations with the new ISA platform and the new domain authentication structure.
• New Domain Authentication Assessment:
• Review the architecture and configuration of the new domain environment.
• Identify potential integration challenges and ensure readiness for authentication migration.

1. Planning

• Migration and Testing Plan:
• Develop a comprehensive migration plan for user realms and profiles, incorporating testing against the new domain environment.
• Define prerequisites for integration, including trust relationships, certificates, and access control configurations.
• Establish rollback procedures to address any migration or authentication issues.
• Pre-Migration Preparation:
• Prepare ISA devices to receive migrated configurations and support the new domain authentication structure.
• Coordinate with client teams to align schedules and test periods.

1. Migration Execution

• Data and Configuration Migration:

• Extract user realms, profiles, and authentication settings from the PSA devices.
• Transform and adapt extracted data for compatibility with ISA devices and the new domain environment.
• Load configurations onto ISA devices in a phased manner.

• Domain Authentication Configuration:

• Enable and configure multiple domain authentication on ISA devices.
• Integrate and validate authentication protocols (SAML, Kerberos, LDAP) with the new domain structure.

1. Validation and Testing

• Functional Testing:

• Test authentication workflows for all user realms and profiles against the new domain authentication structure.
• Validate user access for each domain, ensuring no disruptions or policy violations.

• Failover Testing:

• Test failover and redundancy scenarios to confirm system reliability.

• New Domain Compatibility Testing:

• Verify that the migrated configurations work seamlessly within the new domain authentication setup.
• Address and resolve any compatibility or integration issues.

1. Documentation and Knowledge Transfer:

• Document all migration procedures, challenges, and resolutions.
• Provide knowledge transfer to CUNY staff through detailed documentation and live demonstrations.

1. Collaboration and Support:

• Work closely with CUNY s teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration.

Essential duties:

Key responsibilities include, but are not limited to:

• Provision Access for SSL VPN Users
• Configure Authentication Servers
• Create, configure and map Role and Realm and Resources
• Document all changes
• Create method of procedures
• Workday provisioning/ mapping Auth server/ mapping or creating roles and realms / troubleshooting as needed
• Other duties as assigned.

Assessment

• Create a Current State Report
• Complete Ivanti Pulse Secure environment assessments
• Review Remote Access architecture
• Complete configuration and security assessment of all devices
• Understand and document bandwidth utilization and inventory
• Identify all issues in all layers of the architecture

Recommendations

• Authentication requirements

• Areas to create redundancy
• Hardening of the network
• Areas to upgrade technology
• Estimated cost of the upgrades
• Opportunities for cost avoidance
• Value adds for the upgrades

Create Future State Report

• Future State Architecture map
• Future state for management of devices.
• Network and scalability projections
• Lifecycle of the future state network security upgrades
• Anticipated next gen technology.

Best Regards

Kyle,

Sr. US IT Recruiter

Infinity Tech Group Inc,

12 N Route 17 Suite # 201 Paramus NJ 07652

(Office) Ext 327

Email:

LinkedIn:

Certifications: NMSDC / WBENC and MWBE Certified

Awards: Fast 50 Asian American businesses in USA

Partners: SAS Partner

New Jersey | Hyderabad | Chennai| Pune | London | New Hampshire