Sr. Network Engineer | Hybrid

We have urgent requirement of Sr. Network Engineer | Hybrid. Please revert if you are interested to apply.

Sr. Network Engineer

Location: NYC, New York

Type: Contract

Client is looking for a Sr. Network Security Engineer, with expertise in Ivanti for a short term (3 month) project.

The role is hybrid (80% remote and 20% onsite). Local candidates only please.

Job duties require flexibility, evening or weekend work may be needed as required for system-related tasks.

Mandatory Qualifications:

Possesses a minimum of five years (60 months) of hands-on experience with Ivanti Pulse Secure and Ivanti Connect Secure products.

Demonstrates a strong understanding of Networking protocols, including but not limited to and Security concepts such as firewalls, VPNs, encryption, and Authentication protocols (LDAP, SAML, RADIUS, MFA).

Has practical experience with Next-Generation Firewalling technologies.

Possesses a strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.

Core Responsibilities and Essential Duties:

1. Assessment:

Authentication Setup Assessment:

Inventory all user realms, profiles, and configurations on the PSA devices.

Assess the compatibility of current configurations with the new ISA platform and the new domain authentication structure.

New Domain Authentication Assessment:

Review the architecture and configuration of the new domain environment.

Identify potential integration challenges and ensure readiness for authentication migration.

2.Planning:

Migration and Testing Plan:

Develop a comprehensive migration plan for user realms and profiles, incorporating testing against the new domain environment.

Define prerequisites for integration, including trust relationships, certificates, and access control configurations.

Establish rollback procedures to address any migration or authentication issues.

Pre-Migration Preparation:

Prepare ISA devices to receive migrated configurations and support the new domain authentication structure.

Coordinate with client teams to align schedules and test periods.

3.Migration Execution:

Data and Configuration Migration:

Extract user realms, profiles, and authentication settings from the PSA devices.

Transform and adapt extracted data for domain environment.

Domain Authentication Configuration:

Enable and configure multiple domain authentication on ISA devices.

Integrate and validate authentication protocols (SAML, Kerberos, LDAP) with the new domain structure.

4.Validation and Testing:

Functional Testing:

Test authentication workflows for all user realms and profiles against the new domain authentication structure.

Validate user access for each domain, ensuring no disruptions or policy violations.

Failover Testing:

Test failover and redundancy scenarios to confirm system reliability.

New Domain Compatibility Testing:

Verify that the migrated configurations work seamlessly within the new domain authentication setup.

Address and resolve any compatibility or integration issues.

5.Documentation and Knowledge Transfer:

Document all migration procedures, challenges, and resolutions.

Provide knowledge transfer to staff through detailed documentation and live demonstrations.

6.Collaboration and Support:

Work closely with the client's teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration.

Essential duties:

Key responsibilities include, but are not limited to:

Provision Access for SSL VPN Users.

Configure Authentication Servers.

Create, configure and map Role and Realm and Resources.

Document all change.

Create method of procedures.

Workday provisioning/ mapping Auth server/mapping or creating roles and realms /troubleshooting as needed.

Other duties as assigned.

Assessment:

Create a Current State Report.

Complete Ivanti Pulse Secure environment assessments.

Review Remote Access architecture.

Complete configuration and security assessment of all devices.

Understand and document bandwidth utilization and inventory.

Identify all issues in all layers of the architecture.

Recommendations:

Authentication requirements.

Areas to create redundancy.

Hardening of the network.

Areas to upgrade technology.

Estimated cost of the upgrades.

Opportunities for cost avoidance.

Value adds for the upgrades.

Create Future State Report:

Future State Architecture map

Future state for management of devices.

Network and scalability projections.

Lifecycle of the future state network security upgrades.

Anticipated next gen technology.

Training:

Training and knowledge transfer to staff including mentoring employees, identifying the knowledge to be transferred, mapping out the key stakeholders and setting clear objectives and expectations for the knowledge transfer process.

Document the knowledge that needs to be transferred including but not limited to creating documents, manuals and guidelines.

All work performed during the engagement (development, deployment, configuration, integration, performance testing) must be fully and clearly documented to allow both processes and their products to be replicated in additional environments by staff with reproducible results.

Demonstration and other in-person knowledge transfers must be provided as requested to supplement documentation.

Avnish Rao

Technical Recruiter