Principal, Cybersecurity Platform Operator External

Job Description:

Job title - Principal, Cybersecurity Platform operator external

The Purpose of this role

The job involves performing functions related to Network and Perimeter specialized Security Engineers including Cisco ISE, NAC (Network Access Control), TACACS, Certificate Authority Looking for an energetic, hard charging individual able to keep up in an exciting and fast-moving tea to enhance Fidelity's security posture. The candidate will be immersed in a quick changing environment in a very rapid changing threat landscape, working with numerous security professionals. The qualified candidate must be adaptable and able to work in a fast-paced environment where learning new skills and understanding new system architectures quickly is a key to success.

How your work impacts the organization

The Principal Cybersecurity Engineer will be working on external defense team to ensure indications of compromise are promptly identified and stakeholders are informed with actionable and complete information. This role will assist and coordinate with incident response staff, threat intelligence, vulnerability management, and perimeter security teams during response activities and cyber investigations. This position works closely with our ISO for each Business Unit and directly with internal and external customers.

• Strong experience in Cisco ISE (Identity Service Engine), TACACS+, RADIUS Certificate Authority

• Managed and maintained multiple Cisco ISE environments and SME in
  • RADIUS and TACACS policy configuration, including onboarding of new applications, working directly with app owners and providing guidance based on extensive knowledge of secure authentication integration.
  • Patching and upgrade planning for ISE systems.
  • Disaster Recovery tests (bi-annual for Wired/Wireless, annual for Guest Wi-Fi).
  • Certificate management, including updating/renewing ISE server certificates and guest portal certs via Venafi.
  • Cisco ISE licensing oversight, including maintaining the Cisco Smart Licensing model via the on-prem license server.
  • ISE system automation and backups via Jenkins jobs.
  • Monitoring and alerting through Splunk (custom dashboards and alarms).
  • Took part in monthly Cisco TAC calls to review issues, product roadmaps, and deployment health.
  • Supported the on-call rotation, responding to incidents via the ServiceNow platform.

• Implement and maintain network access control solutions using 802.1X, RADIUS and TACACS
• Perform daily monitoring, troubleshooting, and resolution of network access and
  security issues.
• Integrate Cisco ISE with network and other components systems
• ISE software upgrades, patches, migration .
• Create and maintain technical documentation and standard operating
  procedures (SOPs).

• Positive personality and can-do attitude; you also have good communication skills with an excellent command of the English language.
• Open-minded, empathic and a team-mate with a partnering approach and an enthusiastic and motivated personality, with demonstrated experience in solving complex challenges
• Intellectually curious and therefore remain abreast of new technologies and developments relating to technical products that might be used enterprise wide and software delivery methodologies
• Proficient in balancing business partner views and interests
• Team player with excellent interpersonal & communication skills (written and verbal)
• Senior technical and non-technical Stake holder management skills

• 7 to 9 years of security experience desired, preferably in a matrix-driven corporate environment.
• Mandatory Cisco Identity and Service Engine Experience or similar vendor products
• Ability to interact with both technical and non-technical staff, including management and executives, with experience articulating technical material in business terms.

• SME in 802.1X authentication and related EAP protocols (EAP-TLS, PEAP)