Job Description

Job Title: Senior Ivanti Connect Secure Consultant / Senior Network Security Engineer

Company: Recruiting on behalf of our client

Location: New York, NY (Hybrid - 80% Remote, 20% On-site)

Job Type: Contract, Full-time

Duration: Approximately 3 Months (450 hours)

Projected Start Date: On or before May 28, 2025

Overview:

We are seeking a highly skilled and experienced Senior Network Security Engineer with specialized expertise in Ivanti Connect Secure (formerly Pulse Secure) solutions. This is a critical role supporting a project focused on the migration and configuration of Ivanti Connect Secure appliances and the implementation of multiple domain authentication within a new domain structure. The consultant will play a key role in assessing current configurations, planning and executing the migration from older PSA devices to new ISA devices, validating configurations, and providing essential documentation and knowledge transfer.

Responsibilities:

The core responsibilities and essential duties for this role include, but are not limited to:

• Assessment: Inventorying existing Ivanti user realms, profiles, and configurations on current devices (PSA). Assessing the compatibility of these configurations with the new platform (ISA) and a new domain authentication structure. Reviewing the architecture and configuration of the new domain environment to identify potential integration challenges. Creating a Current State Report, completing Ivanti Pulse Secure environment assessments, reviewing the Remote Access architecture, assessing device configurations and security, documenting bandwidth utilization and inventory, and identifying issues across all architecture layers.
• Planning: Developing a comprehensive migration plan for user realms and profiles, including testing against the new domain environment. Defining technical prerequisites for integration such as trust relationships, certificates, and access control configurations. Establishing clear rollback procedures. Preparing the new platform devices (ISA) and coordinating with client teams for schedules and testing.
• Migration Execution: Extracting data and configurations from current devices. Transforming and adapting this data for compatibility with the new platform and the new domain environment. Loading configurations onto the new platform devices in a phased approach. Enabling and configuring multiple domain authentication on the new devices. Integrating and validating authentication protocols such as SAML, Kerberos, and LDAP with the new domain structure. This also includes provisioning access for SSL VPN users, configuring authentication servers, and creating/configuring/mapping roles, realms, and resources.
• Validation & Testing: Performing thorough functional testing of authentication workflows against the new domain structure for all migrated user realms and profiles. Validating user access for each domain to ensure no disruptions. Testing failover and redundancy scenarios. Verifying migrated configurations function seamlessly within the new domain setup and resolving any compatibility or integration issues.
• Documentation & Knowledge Transfer: Documenting all migration procedures, challenges encountered, and resolutions. Providing knowledge transfer to internal staff through detailed documentation and live demonstrations. This involves mentoring team members, identifying key knowledge areas, creating necessary documents, manuals, and guidelines, and ensuring all work is fully documented for replication. Documenting all changes and creating method of procedures.
• Collaboration: Working closely with client teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration.
• Recommendations: Based on assessments, providing recommendations for authentication requirements, areas for redundancy, network hardening, technology upgrades, estimated upgrade costs, cost avoidance opportunities, and value adds. Creating a Future State Report including architecture maps, device management plans, scalability projections, lifecycle planning for upgrades, and anticipated next-gen technology.
• Other Duties: Handling Workday provisioning, mapping authentication servers, mapping or creating roles and realms, and troubleshooting as needed. Performing other assigned duties.

Required Qualifications:

Candidates must possess the following mandatory qualifications:

1. A minimum of five years (60 months) of hands-on experience with Ivanti Pulse Secure and Ivanti Connect Secure products.
2. A strong understanding of Networking protocols and Security concepts such as firewalls, VPNs, encryption, and Authentication protocols (LDAP, SAML, RADIUS, MFA).
3. Practical experience with Next-Generation Firewalling technologies.
4. A strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.

Additional Requirements:

• Minimum 84 months (7 years) of overall experience.
• Skill Level: Senior/Expert with 7 years of Cybersecurity Experience in Ivanti SSL VPN solutions.
• Typical Daily Work Hours: 9 am – 5 pm, with one hour for lunch.
• Flexibility for evening or weekend work may be necessary for system-related tasks.
• Designated Work Location: 80% Remote Work, 20% On-site in New York, NY.
• Typical Software Used: Ivanti Connect Secure and Client.
• Typical Hardware Used: Ivanti Appliances including ISA, PSA, and VM.
• Security requirements apply to the candidate.
• Potential training and knowledge transfer to client staff is applicable.
• No anticipated travel is required.

Evaluation:

Candidates will be evaluated based on their demonstrated experience, skills, and qualifications as presented in their resume and during the interview process.

To Apply:

If you meet the qualifications and are interested in this opportunity, please submit your resume

Job Tags

Similar Jobs