Cloud Security Engineer

SASE Cloud Cyber Security Admin/Integration

Boston MA

 Description

· The Cloud Cybersecurity SASE Administrator and Integration Engineer will support SASE solution and Zero Trust initiatives at the MBTA.

· This role will be involved in the full lifecycle implementation of a Zscaler SASE implementation from initial build, ongoing operations, and ZTNA integration to existing MBTA systems. Initially this role primarily will be heavily involved with a Zscaler based SASE Implementation and deployment.

· The right candidate will have the ability to adapt to changing technology and apply it to the customer’s needs.

· Great communication, leadership and personal skills are a must. The successful candidate will be a self-starter, someone who can work independently, and will be flexible in a fast-paced environment.

Description of Duties:

·Perform initial configuration and setup of the SASE cloud (Internet Access, Private Access, digital experience, SAML, add-ons, etc.)

·Assist with various implementation projects as they relate to Azure, Intune, Office 365, and application cloud migrations. Investigate and apply SASE best practices.

·Day to day administration of the SASE Document SASE standard operating procedures and protocols. 

·Create SASE dashboards and reports to monitor and ensure SASE health. 

·Coordinate and leverage threat intelligence to prevent and remediate vulnerabilities and threats.

· Receive and fulfill technical work assignments – ServiceNow and data calls. 

· Fulfill policy requests to fine tune operations of the SASE Standards that align with Information Security Policies Monitor, troubleshoot and resolve user experience issues and provide remediation recommendations

·Assist other system and security engineers in optimizing policies and user configuration.

·Document issues and escalate to next tier or vendor support, as necessary. 

·Monitor systems consoles and remediate alerts. 

·Perform policy administration for web proxies, URL filtering, secure web gateway, CASB, and data loss prevention. Integration with Microsoft products like Azure Active Directory and Microsoft Conditional Access Policies  Integration with EDR products like CrowdStrike

Qualifications:

· Bachelor’s and five (5) years or more experience SASE implementation experience – Zscaler a Plus

· Knowledge of enterprise network security technologies including but not limited to: HTTP and web security technologies, proxies, caches, firewalls, SSL/TLS, GRE and IPsec tunneling, SD-WAN, VPN''s, and DLP.

· Proven hands-on experience with systems installation, configuration and administration of routers/switches, macOS, UNIX/Linux and Windows-based systems (prior GPO, Active Directory/LDAP and SSO/SAML experience desirable) Practical experience working with routing and switching products, including troubleshooting; You have worked with Channel partners and have a solid understanding of a channel-centric go to market approach. You understand SaaS based technologies and their implications for the enterprise.

·Strong problem-solving skills, ability to analyze complex problems and use a systematic approach to gain quick resolution, often under pressure Development of security policies for:  Firewall  Secure Web Gateway  CASB  Web Proxy  Data Loss Prevention ZTNA Access Integration experience in at least one of the following areas:     

SASE client configuration  ?

 Identity Provider integration (preferably Azure AD) 

Threat intelligence sharing (preferably CrowdStrike) 

Desired Experience/Skills/Attributes: Zscaler experience a plus Federal / State Government implementation experience a plus. 

Zero Trust awareness and experience a plus.

 Zero trust certifications a plus. 

Vendor certifications a plus.  Federal Zero Trust implementation/integration experience a plus