The AAA Implementation Engineer is responsible for delivering technical implementation services that support the evolution and ongoing maintenance of the AAA infrastructure. This includes involvement in a variety of projects, system upgrades, service and feature enhancements, as well as remediation and break-fix activities. All work must adhere to the organization’s current architectural standards, technology roadmaps, governance, and change management policies. While the primary focus is on implementation and validation engineering, the role also requires a strong understanding of design engineering, AAA policies, security posture, protocols, and cluster deployment and maintenance. The AAA Implementation Engineer will collaborate directly with both internal and external stakeholders—including Architecture, Product Engineering, Design/Implementation Engineering, Change Management, Service and Product Management, Finance, Business Management, and Operations teams—as well as various levels of senior management.
Key Roles and Responsibilities
· Attend Project Meetings as needed.
· Creates Change documents and changes
· Scheduling of the changes with the assigned engineer
· Ensures change documents are peer reviewed are approved
· Representing change records (CRQs) on various calls
· Representing on regional pre-CAB Weekly
· Socializing changes to the other peer teams regionally so they can represent changes in region.
· Coordinates with other teams for change knowledge transfer
· Following up with Testers / Testing Coordination for all Changes
· Ensuring Peer Reviews are attached to CRQs / Chasing Approvals
· Attends various change review calls including AAA weekly internal change calls – weekly
· Reviews test plans and results, ability to assist in driving to root cause.
· Collaborate with other internal/external Bank teams such as Operations, Engineering, and requestors on core design requirements/standards and risk assessment.
· Leverage designated tools and resources to create NCDs that will drive implementation during a pre-approved change window as necessary.
· Ensure initiatives\changes are well defined with success criteria, ownership, and realistic but firm schedules.
· Rehearse changes in the lab.
· Works during weekends to implement changes. Low risk changes can be performed during the week.
· Ensures no risks are associated with the change.
· Ensure changes are user acceptance tested and authentication logs are successful after post implementation.
· Building, updating and sending Change Communication templates for weekend changes
· Works with release managers to create changes.
· Update schedule as changes is completed and new work orders are added.
· Coordinates with vendors during changes if devices need to be swapped or any type of datacenter local onsite support is needed.
· Create work orders and other requests to engage Blackbox and device, firewall and IP services updates
· Validates changes via working with users as part of user acceptance testing, creation and implementation of test plans (automated and manual), verify logs and test results.
Preferred Experience and Attributes
· Strong subject matter expertise across various enterprise identity authentication technologies ranging from AAA (RADITACACS), 802.1X technologies (Wired/Wireless), RSA and token-based systems.
- Experience with Aruba ClearPass Policy Server or Cisco Identity Services Engine (ISE) is required.
- Experience with Network Access Control (NAC) 802.1X for Wired and Wireless networks is required.
- Experience working with SSL Certificate Authorities and certificate management.
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and authorization protocols, cryptography, application security, load balancing.
- Experience with tools such as Splunk, Excel, ideally experience in automation.
- Expert understanding of network protocols TCP/IP, HTTP, HTTPS, SSL, TLS, 802.1.X, etc.
- Experience with testing and change validation, root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architectural preferred.
- Experience with Remote Access (VPN posture) is preferred.
- Experience with Secure Cloud Analytics (Stealthwatch) is preferred.
· Project Management, ITSM
· Experience with Change Management and CAB processes and procedures.
· Focused on execution, delivery, and commitment to dates. Ability to work in a high-paced environment. Can manage risk - is a good decision maker. Understands the big picture; ability to relate to the firm’s strategy and actions and how they support our business results.
· Leadership: be a self-starter, self-directed and show initiative.
· Demonstrates ownership: Is accountable and influential/can hold others accountable (professionally).
· Strong written and verbal communications skills. Ability to communicate and influence upward as well as laterally.
· Organized and detail oriented.
· Familiarity with working in regulated and/or large global enterprises is a plus
Requirements
· Bachelor’s degree in engineering, computer science, business, finance or related field/technical training. Post Graduate Degree a plus
· Must have strong analytical skills.
· Minimum of 8-12 years’ experience required in technical role supporting network project(s)/program(s).
· Experience with: Clearpass, Stealthwatch, ICE, AAA, SPLUNK, load balancing, captive portals, NA3RC, automation, network configuration, certificates, cluster build, upgrade and configuration.
· Working knowledge of Excel and MS Project
· Financial services (Insurance, Banking, Investment banking), is a plus.
· Ability to be nimble and flexible; prioritize workload, proactively react to issues and consistently react to shifting deadlines.
· Ability to work weekends (as needed) for migration work
Never miss an opportunity! Create an alert based on the job you applied for.
