Job Title : Ivanti Connect Secure Consultant (ICS)
Location : NYC, NY(Hybrid)
We are currently seeking candidates who meet the following qualification
Mandatory Qualifications :
- Minimum of five years (60 months) of hands-on experience with Ivanti Pulse Secure and Ivanti Connect Secure products.
- Strong understanding of networking protocols and security concepts, including but not limited to firewalls, VPNs, encryption, and authentication protocols (LDAP, SAML, RADIUS, MFA).
- Practical experience with next-generation firewalling technologies.
- Strong working knowledge of utilizing Active Directory for authentication, authorization, and resource access within the context of Ivanti Connect Secure.
Core Responsibilities and Essential Duties :
Assessment :Inventory all user realms, profiles, and configurations on the PSA devices.
Assess the compatibility of current configurations with the new ISA platform and the new domain authentication structure.Review the architecture and configuration of the new domain environment.Identify potential integration challenges and ensure readiness for authentication migration.Planning :Develop a comprehensive migration plan for user realms and profiles, incorporating testing against the new domain environment.
Define prerequisites for integration, including trust relationships, certificates, and access control configurations.Establish rollback procedures to address any migration or authentication issues.Prepare ISA devices to receive migrated configurations and support the new domain authentication structure.Coordinate with client teams to align schedules and test periods.Migration Execution :Extract user realms, profiles, and authentication settings from the PSA devices.
Transform and adapt extracted data for compatibility with ISA devices and the new domain environment.Load configurations onto ISA devices in a phased manner.Enable and configure multiple domain authentication on ISA devices.Integrate and validate authentication protocols (SAML, Kerberos, LDAP) with the new domain structure.Validation and Testing :Test authentication workflows for all user realms and profiles against the new domain authentication structure.
Validate user access for each domain, ensuring no disruptions or policy violations.Test failover and redundancy scenarios to confirm system reliability.Verify that the migrated configurations work seamlessly within the new domain authentication setup.Address and resolve any compatibility or integration issues.Documentation and Knowledge Transfer :Document all migration procedures, challenges, and resolutions.
Provide knowledge transfer to client staff through detailed documentation and live demonstrations.Collaboration and Support :Work closely with client teams, including networking, application, and support teams, to troubleshoot issues and ensure smooth integration.
Additional Duties :
Provision access for SSL VPN users.Configure authentication servers.Create, configure, and map roles, realms, and resources.Document all changes and create methods of procedures.Perform workday provisioning, mapping authentication servers, and creating or mapping roles and realms.Troubleshoot as needed.Assessment and Reporting :
Create a current state report and complete Ivanti Pulse Secure environment assessments.Review remote access architecture and complete configuration and security assessments of all devices.Understand and document bandwidth utilization and inventory.Identify all issues across the architecture layers.Recommendations :
Define authentication requirements.Identify areas for redundancy and network hardening.Recommend technology upgrades and provide estimated costs.Identify opportunities for cost avoidance and value-added upgrades.Future State Reporting :
Create a future state architecture map.Develop future state management plans for devices.Provide network and scalability projections.Outline the lifecycle of future state network security upgrades.Identify anticipated next-generation technology.If you meet these qualifications, please submit your application via link provided in Linkedin.
Kindly do not call the general line to submit your application.
