Cisco Secure Access Control System (CS ACS) Engineer
Plano 2 (31062), United States of America, Plano, Texas
At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.
Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.
Cisco Secure Access Control System (CS ACS) Engineer
Capital One ("What's in your wallet?") the technology company that delivers outstanding customer experiences and ultra-cool financial products is seeking a Senior Cisco Secure Access Control System Engineer to support our existing security construct while planning for the next generation of administrative network access control and programmatic integrations. We love to automate, write code, and persistent in incremental improvements through an organization wide Agile delivery methodology. If working with extraordinary talent in a fast paced, always improving, and highly collaborative environment sounds intriguing, then you should apply now!
As a Capital One Lead Platform Engineer in the Data Network team, you will work with talented Network Architecture, Engineering and Operations teams to ensure uniform access to network assets and management systems. You will support integrations with enterprise identity stores, establish policy that governs administrative access control, coordinate upgrades and patching to ensure operational continuity of the Cisco Secure Access Control System (ACS) platform, write automation to reduce or outright eliminate the need for manual day to day administration, perform research as the foundation for leadership's decision on the platform's roadmap, work closely with stakeholders and vendors to ensure available features are communicated, explored, and planned for implementation.
- User Administration, Authentication, and Accounting (AAA) policy definition for ACS users and administrators
- Maintaining enterprise recertification workflow processes
- Monitor distributed system health and restore failed instances to maintain platform resiliency
- Provide expertise on ACS log interpretation for audit, compliance, risk, and security teams
- Support Privileged User Monitoring
- Support IAM and PAM integrations
- Playbook development to support at arm's length Security Intelligence Center monitoring
- Support Local Account Vaulting and Out of Band management authentication
- Audit artifact collection and representation for security constructs supporting all network device assets and management systems.
- NIST maturation support
- Authorization and Shell profile construction
- Vendor Specific Attribute (VSA) dictionary definition and mapping
- IETF definition and mapping
- Platform architecture and evergreening
- High school diploma, GED or equivalent certification or military experience.
- At least 7 years of experience in all technical aspects of TACACS/RADIUS authentication control system(s) in a multi-vendor, multiple networking technology environment
- At least 7 year of experience AAA (TACACS/RADIUS) Supporting Route/Switch, Firewall, Load Balancer, Proxy, and IP Telephony devices
- At least 5 years of experience TACACS Shell profile components and command authorization sets.
- At least 5 years of experience RADIUS Authorization Profile construction, definition, and incorporation of VSA and IETF attributes.
- Bachelor's degree in Network, Security, or IT focused discipline
- Cisco or 3rd party training on Cisco Secure ACS or Cisco Secure ISE
- 5 years of experience as a technical lead in a large enterprise network
- 2 years of experience with RHEL or CentOS
- 2 years of experience with Active Directory / LDAP attributes and automation reporting extraction.
- 2 years of experience with Cisco ISE experience in deployment and migration from ACS to ISE
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
No agencies please. Capital One is an Equal Opportunity Employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at
Meet Some of Capital One's Employees
Head Of Design
Ryan and his team of designers and developers work at The Shop, a combined technology workshop and retail hub, to create meaningful financial products and services.
Back to top