CyberTec
Cloud- Cyber and Network Infrastructure Architect : HYBRID.
CyberTec, Tampa, Florida, us, 33646
Role: Cloud- Cyber and Network Infrastructure Architect with Ivanti SSL VPN solution.
CLIENT: CUNY
ONLY LOCAL TO NJ-NY
(Commutable Distance from Brooklyn, NY) FULLY ONSITE Please share the candidate's profile in below format Full Name of Candidate: Email of Candidate: Phone: Immigration: Location: RATE based on Profile and years as Lead: 80 on C2C LinkedIn IS MUST:
Candidate must have LinkedIn account Visa -USC,GC ,GCEAD. Assignment Title:
Cloud- Cyber and Network Infrastructure Architect with Ivanti SSL VPN solution.
Work Location: HYBRID (80% from home, 20% Onsite)
395 Hudson Street, 6th FL, New York, NY 10014
Role : Cloud- Cyber and Network Infrastructure Architect with Ivanti SSL VPN solution.
Designated Work Location:
Remote Work 80%, On site (Campus) 20% Office location is 395 Hudson Street, 6th FL, New York, NY 10014. Senior/Expert (15+) years Cybersecurity Experience in Ivanti SSL VPN solution.
Typical Software Used for Engagement
Ivanti Connect Secure and Client
Typical Hardware Used for Engagement
Appliance ISA, PSA, VM
Mandatory Qualifications:
1.
Possesses a minimum of five years (60 months) of hands- on experience with Ivanti Pulse Secure and Ivanti Connect Secure products. 2. Demonstrates a strong understanding of Networking protocols, including but not limited to and Security concepts such as firewalls, VPNs, encryption, and Authentication protocols (LDAP, SAML, RADIUS, MFA). Has practical experience with Next-Generation Firewalling technologies. Possesses a strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.
Core Responsibilities and Essential Duties:
1.Assessment • Authentication Setup Assessment: o Inventory all user realms, profiles, and configurations on the PSA devices. o Assess the compatibility of current configurations with the new ISA platform and the new domain authentication structure. • New Domain Authentication Assessment: o Review the architecture and configuration of the new domain environment. o Identify potential integration challenges and ensure readiness for authentication migration. 2 . Planning • Migration and Testing Plan: o Develop a comprehensive migration plan for user realms and profiles, incorporating testing against the new domain environment. o Define prerequisites for integration, including trust relationships, certificates, and access control configurations. o Establish rollback procedures to address any migration or authentication issues. • Pre-Migration Preparation: o Prepare ISA devices to receive migrated configurations and support the new domain authentication structure. o Coordinate with client teams to align schedules and test periods. 3.
Migration Execution • Data and Configuration Migration: o Extract user realms, profiles, and authentication settings from the PSA devices. o Transform and adapt extracted data for compatibility with ISA devices and the new domain environment. o Load configurations onto ISA devices in a phased manner. • Domain Authentication Configuration: o Enable and configure multiple domain authentication on ISA devices. o Integrate and validate authentication protocols (SAML, Kerberos, LDAP) with the new domain structure. 4.
Validation and Testing • Functional Testing: o Test authentication workflows for all user realms and profiles against the new domain authentication structure. o Validate user access for each domain, ensuring no disruptions or policy violations. • Failover Testing: o Test failover and redundancy scenarios to confirm system reliability. • New Domain Compatibility Testing: o Verify that the migrated configurations work seamlessly within the new domain authentication setup. o Address and resolve any compatibility or integration issues. 5.
Documentation and Knowledge Transfer: o Document all migration procedures, challenges, and resolutions. o Provide knowledge transfer to CUNY staff through detailed documentation and live demonstrations. 6.
Collaboration and Support: o Work closely with CUNY's teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration. Essential duties: Key responsibilities include, but are not limited to: o Provision Access for SSL VPN Users o Configure Authentication Servers o Create, configure and map Role and Realm and Resources o Document all changes o Create method of procedures o Workday provisioning/ mapping Auth server/ mapping or creating roles and realms / troubleshooting as needed o other duties as assigned. Assessment o Create a Current State Report o Complete Ivanti Pulse Secure environment assessments o Review Remote Access architecture o Complete configuration and security assessment of all devices o Understand and document bandwidth utilization and inventory o Identify all issues in all layers of the architecture Recommendations o Authentication requirements o Areas to create redundancy o Hardening of the network o Areas to upgrade technology o Estimated cost of the upgrades o Opportunities for cost avoidance o Value adds for the upgrades Create Future State Report o Future State Architecture map o Future state for management of devices. o Network and scalability projections o Lifecycle of the future state network security upgrades o Anticipated next gen technology.
ONLY LOCAL TO NJ-NY
(Commutable Distance from Brooklyn, NY) FULLY ONSITE Please share the candidate's profile in below format Full Name of Candidate: Email of Candidate: Phone: Immigration: Location: RATE based on Profile and years as Lead: 80 on C2C LinkedIn IS MUST:
Candidate must have LinkedIn account Visa -USC,GC ,GCEAD. Assignment Title:
Cloud- Cyber and Network Infrastructure Architect with Ivanti SSL VPN solution.
Work Location: HYBRID (80% from home, 20% Onsite)
395 Hudson Street, 6th FL, New York, NY 10014
Role : Cloud- Cyber and Network Infrastructure Architect with Ivanti SSL VPN solution.
Designated Work Location:
Remote Work 80%, On site (Campus) 20% Office location is 395 Hudson Street, 6th FL, New York, NY 10014. Senior/Expert (15+) years Cybersecurity Experience in Ivanti SSL VPN solution.
Typical Software Used for Engagement
Ivanti Connect Secure and Client
Typical Hardware Used for Engagement
Appliance ISA, PSA, VM
Mandatory Qualifications:
1.
Possesses a minimum of five years (60 months) of hands- on experience with Ivanti Pulse Secure and Ivanti Connect Secure products. 2. Demonstrates a strong understanding of Networking protocols, including but not limited to and Security concepts such as firewalls, VPNs, encryption, and Authentication protocols (LDAP, SAML, RADIUS, MFA). Has practical experience with Next-Generation Firewalling technologies. Possesses a strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.
Core Responsibilities and Essential Duties:
1.Assessment • Authentication Setup Assessment: o Inventory all user realms, profiles, and configurations on the PSA devices. o Assess the compatibility of current configurations with the new ISA platform and the new domain authentication structure. • New Domain Authentication Assessment: o Review the architecture and configuration of the new domain environment. o Identify potential integration challenges and ensure readiness for authentication migration. 2 . Planning • Migration and Testing Plan: o Develop a comprehensive migration plan for user realms and profiles, incorporating testing against the new domain environment. o Define prerequisites for integration, including trust relationships, certificates, and access control configurations. o Establish rollback procedures to address any migration or authentication issues. • Pre-Migration Preparation: o Prepare ISA devices to receive migrated configurations and support the new domain authentication structure. o Coordinate with client teams to align schedules and test periods. 3.
Migration Execution • Data and Configuration Migration: o Extract user realms, profiles, and authentication settings from the PSA devices. o Transform and adapt extracted data for compatibility with ISA devices and the new domain environment. o Load configurations onto ISA devices in a phased manner. • Domain Authentication Configuration: o Enable and configure multiple domain authentication on ISA devices. o Integrate and validate authentication protocols (SAML, Kerberos, LDAP) with the new domain structure. 4.
Validation and Testing • Functional Testing: o Test authentication workflows for all user realms and profiles against the new domain authentication structure. o Validate user access for each domain, ensuring no disruptions or policy violations. • Failover Testing: o Test failover and redundancy scenarios to confirm system reliability. • New Domain Compatibility Testing: o Verify that the migrated configurations work seamlessly within the new domain authentication setup. o Address and resolve any compatibility or integration issues. 5.
Documentation and Knowledge Transfer: o Document all migration procedures, challenges, and resolutions. o Provide knowledge transfer to CUNY staff through detailed documentation and live demonstrations. 6.
Collaboration and Support: o Work closely with CUNY's teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration. Essential duties: Key responsibilities include, but are not limited to: o Provision Access for SSL VPN Users o Configure Authentication Servers o Create, configure and map Role and Realm and Resources o Document all changes o Create method of procedures o Workday provisioning/ mapping Auth server/ mapping or creating roles and realms / troubleshooting as needed o other duties as assigned. Assessment o Create a Current State Report o Complete Ivanti Pulse Secure environment assessments o Review Remote Access architecture o Complete configuration and security assessment of all devices o Understand and document bandwidth utilization and inventory o Identify all issues in all layers of the architecture Recommendations o Authentication requirements o Areas to create redundancy o Hardening of the network o Areas to upgrade technology o Estimated cost of the upgrades o Opportunities for cost avoidance o Value adds for the upgrades Create Future State Report o Future State Architecture map o Future state for management of devices. o Network and scalability projections o Lifecycle of the future state network security upgrades o Anticipated next gen technology.