Ivanti ICS Security Engineer

This engagement involves the configuration, evaluation of existing setups, and comprehensive migration of configurations including authentication services, user realms, and profiles from legacy appliances to new Ivanti Secure Appliance (ISA) hardware or virtual appliances. A key component of this project is the implementation and validation of multiple domain authentication against a new domain authentication structure.

Key Responsibilities:

• Assessment & Analysis:
• Inventory all existing user realms, profiles, and configurations on current Ivanti PSA devices.
• Assess the compatibility of current configurations with the new ISA platform and the new domain authentication architecture.
• Review the architecture and configuration of the new domain environment, identifying potential integration challenges.
• Planning & Preparation:
• Develop a comprehensive migration plan for user realms and profiles, including a detailed testing strategy against the new domain environment.
• Define prerequisites for integration, including trust relationships, certificates, and access control configurations.
• Establish robust rollback procedures.
• Prepare ISA devices to receive migrated configurations and support the new domain authentication structure.
• Migration & Implementation:
• Extract user realms, profiles, and authentication settings from PSA devices.
• Transform and adapt extracted data for compatibility with ISA devices and the new domain environment.
• Load configurations onto ISA devices in a phased, controlled manner.
• Enable and configure multiple domain authentication on ISA devices.
• Integrate and validate authentication protocols (e.g., SAML, Kerberos, LDAP) with the new domain structure.
• Validation & Testing:
• Conduct thorough functional testing of authentication workflows for all user realms and profiles.
• Validate user access for each domain, ensuring no disruptions or policy violations.
• Perform failover and redundancy testing to confirm system reliability.
• Verify seamless operation of migrated configurations within the new domain authentication setup.
• Documentation & Knowledge Transfer:
• Document all migration procedures, configurations, challenges encountered, and resolutions.
• Provide comprehensive knowledge transfer to the client's staff through detailed documentation and live demonstrations.
• Collaboration & Support:
• Work closely with the client s networking, application, and support teams to troubleshoot issues and ensure smooth integration.
• Configure Authentication Servers; create, configure, and map Roles, Realms, and Resources.
• Create "Current State" and "Future State" reports, including architecture maps, management plans, and scalability projections.

Mandatory Qualifications & Experience:

• 7 years of overall cybersecurity experience.
• 5 years of direct, hands-on experience with Ivanti Pulse Secure and Ivanti Connect Secure products (including PSA, ISA, and VM appliances).
• Demonstrable strong understanding of Networking protocols (TCP/IP, DNS, etc.).
• In-depth knowledge of Security concepts, including firewalls, VPNs (specifically SSL VPN), encryption, and authentication protocols (LDAP, SAML, RADIUS, MFA).
• Practical, hands-on experience with Next-Generation Firewalling (NGFW) technologies.
• Strong working knowledge of utilizing Microsoft Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.