Infrastructure Engineer Lead - GBS IND

Job Description:

Process Overview*

The role of the AAA Implementation Engineer is to provide technical implementation services to support the evolution and ongoing support of the AAA infrasture to projects (all types), upgrades, service and feature enhancements and for remediation/break-fix services.  The work is always in alignment to the current and approved architectural, roadmaps, technology standards and templates, governance and change management policies set forth by the firm.  While the role primarily has an implementation and validation engineering focus, a strong understanding of design engineering concepts is required.

Job Description*

The role of the Authentication, Authorization and Accounting (AAA) Implementation Engineer is to provide technical implementation services to support the evolution and ongoing support of the AAA environment in response to projects (all types), upgrades, service and feature enhancements and for  remediation/break-fix services they work closely with Program and Project Managers and other support and service providers..  The work is always in alignment to the current and approved architectural, roadmaps, technology standards and templates, process, governance and change management policies set forth by the firm.  AAA is part of the control for wired, wireless, device access and re, mote users. Ability to work as part of a team as well as individually depending on project. While the role primarily has an implementation and validation engineering focus, a strong understanding of AAA policy, posture, protocols and cluster deployment and maintenance concepts are required. They also need to forecast the delivery and track of multi-phase work against change and release calendar(s). They need to fully understand and adhere to the bank change processes.

They must be mindful of how their role impacts the firm’s business and reputation.  Concepts such as driving value, always delivering quality, keeping commitments, being on-time and under-budget, effective and detailed communications. Managing time is critical, developing and managing tasks efficiently is the key to success. 

This position will interface directly with internal and external customers/suppliers/providers, Architecture, Product Engineering, Design/Implementation engineering, Change, Service and Product Management, finance and business management and Operations teams.  Interface with various levels of senior management.  Strong written, verbal and presentation skills are a must.  The candidate must be able to work on their own and successfully in team settings in various sizes and locations.  Adherence and use of standards, product sets, templates, systems, and artifacts are important to the success change, the department and the firm at large.

Familiarity with working in regulated and/or large global enterprises is a plus.

Key Technology areas of focus for the role include:

Clearpass, Stealthwatch, ICE, AAA, SPLUNK, load balancing, Excel, MS Project, captive portals, NA3RC, automation, network configuration, automation, certificates, cluster build, upgrade and configuration. 

Responsibilities*

• Attends Project Meetings as needed.
• Creates change documents and changes.
• Scheduling of the changes with the assigned engineer
• Representing change records (CRQs) on various calls
• Representing on regional pre-CAB Weekly
• Socializing changes to the other peer teams regionally so they can represent changes in region.
• Following up with Testers / Testing Coordination for all Changes
• Ensuring Peer Reviews are attached to CRQs / Chasing Approvals
•  AAA weekly internal change calls – weekly
• Attends various change review calls
• Reviews test plans and results, ability to assist in driving to root cause.
• Collaborate with other internal/external Bank teams such as Operations, Engineering, and requestors on core design requirements/standards and risk assessment.
• Leverage designated tools and resources to create NCDs that will drive implementation during a pre-approved change window as necessary.
• Ensure initiatives\changes are well defined with success criteria, ownership, and realistic but firm schedules.
• Ensures change documents are peer reviewed are approved.
• Coordinates with other teams for change knowledge transfer
• Rehearse changes in the lab.
• Works during weekends to implement changes. Low risk changes can be performed during the week.
• Ensures no risks are associated to the change.
• Ensures changes are user acceptance tested and authentication logs are successful after post implementation.
• Will need extensive knowledge on AAA, ISE and Clearpass environments.
• Works with release managers to create changes.
• Coordinates with vendors during changes if devices need to be swapped or any type of datacenter local onsite support is needed.
• Validates changes via working with users as part of user acceptance testing.
• Validates changes via creation and implementation of test plans (manual and automated)
• Validates changes via verification of logs and test results.
• Building, updating and sending Change Communication templates for the weekends changes
• Update Schedule as changes are completed and new work orders are added
• Run change bridges and handling the CRQ communications as needed
• Create work orders and other requests to engage Blackbox and device, firewall and IP services updates

Requirements*

Education* Bachelor’s degree in engineering, computer science, business, finance or related field/technical training.  Must have strong analytical skills. ,.

* Graduation / Post Graduation

* Certifications If Any:

Experience Range*

Minimum of 8 -12 years’ experience required in Technical role supporting network project/programs

* __8-12 __Years

Foundational Skills*

• Strong subject matter expertise across various enterprise identity authentication technologies ranging from AAA (RADIUS/TACACS), 802.1X technologies (Wired/Wireless), RSA and token-based systems.
• Experience with Aruba ClearPass Policy Server or Cisco Identity Services Engine (ISE) is required.
• Experience with Network Access Control (NAC) 802.1X for Wired and Wireless networks is required.
• Experience with Remote Access (VPN posture) is preferred.
• Experience with Secure Cloud Analytics (Stealthwatch) is preferred.
• Experience working with SSL Certificate Authorities, and certificate management.
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and authorization protocols, cryptography, and application security, load balancing.
• Experience with tools such as Splunk, Excel, ideally experience in automation.
• Expert understanding of network protocols TCP/IP, HTTP, HTTPS, SSL, TLS, 802.1.X, etc.
• Experience with testing and change validation, root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architectural preferred.
• Project Management, ITSM

• Experience with Change Management and CAB processes and procedures.
• Leadership: be a self-starter, self-directed and shows initiative.
• Focused on execution, delivery, and commitment to dates.   Ability to work in a high paced environment. Can manage risk; is a good decision maker. Understands the big picture; can relate to the firm’s strategy and actions and how they support our business results.
• Demonstrates ownership: Is accountable and influential/can hold others accountable (professionally).
• Strong written and verbal communications skills.  Ability to communicate and influence upward as well as laterally.
• Organized and detail oriented.