The Identity and Access Management team is part of the Technology and Risk Office and provides the Plan, Build and Run functions for enterprise wide Identity and Access Management solutions. The Network Access Management Engineering position is responsible for design and engineering functions for Network Access Management solutions. As a member of the Network Access Management team, you will utilize your technical skills to ensure the successful design, engineering, implementation and operation of solutions for remote access, access management for wireless and wired network, and privileged access for network device management.
This position requires: attention to detail, the development of detailed security documentation and procedures, strong team skills, the ability to work independently as well as with others, the ability to multi-task assignments, and the communication of complex technical information to team members, all levels of management and customers. The candidate should have experience working in a large enterprise and be able to work well under pressure.
Essential Functions:
- Provide Design and Engineering support for Network Access Management solutions
- Proposing and presenting network access management configuration changes and technology upgrade paths to IT management
- Third-level troubleshooting, problem identification, problem resolution and/or resolution recommendation activities in support of first- and second-level teams
- Infrastructure Access component hardware/software upgrades
- Engineering, implementation and operation of Infrastructure Access solutions at Data Centers and Kaiser facilities
- Infrastructure Access vulnerabilities research and investigations, including proposal of alternative implementation options
- Infrastructure Access consulting for new projects
- Infrastructure Access reviews of proposed projects
- Implementation of new solutions and risk mitigation techniques
- Receipt, evaluation and implementation of inbound Infrastructure Access user and device provisioning/deprovisioning service requests
- On-call activities in support of 7x24 security infrastructure and HA service goals
Qualifications:
Basic Qualifications:
- Bachelor's degree in a related field and/or a minimum of 4 years of equivalent work experience.
- A minimum of 10 years of experience in Information Technology (IT) including development, implementation, communication, monitoring and maintenance of information security policies and procedures.
- Excellent communications and problem solving skills are a must for this position.
- Strong networking background and experience, with the ability to do troubleshooting of both access control and network related problems.
- Candidate should have an understanding of concepts of strong two-factor authentication, AAA, access control and least privilege.
- Significant exposure to VPN (both IPSec- and SSL-based), RADIUS, TACACS, and RSA SecurID
Preferred Qualifications:
- Master's degree
-Experience with 802.1x, WPA2 Enterprise, authentication and access controls in a mobile environment, and mobile device security are all highly desirable.
- Experience with CiscoSecure ACS v4 for Windows and CiscoSecure ACS v5, and Cisco ASA v8 and Cisco ASDM v6 are highly desirable.
- Experience with Remedy Service Management and Problem Management would be a plus.
- A CCNA and the CISCO Certified Security Specialist certification and/or CISSP or other general Security certification is a plus.
- UNIX/LINUX experience and/or scripting skills would be a plus.
- Macintosh, Windows, iOS, Android experience would also be a plus.
External hires must pass a background check/drug screen.
We are proud to be an equal opportunity/affirmative action employer.