Senior Systems Engineer (Operating Systems – both Client & Server) – National Remote Access Services – Technology Services Group recruitment
Area Overview:
National Remote Access Services (NRAS) staff is part of the Technology Engineering Division which, in turn is part of TECS Engineering Department of Technology Services Group (TSG) in the Federal Reserve Bank of NY (FRBNY). NRAS National IT Service Organization (NITO) supports mobile and remote access to Federal Reserve System (FRS) computing resources nationwide. NRAS VPN staff is responsible for research, strategy development, design, deployment and management of systems in the areas of remote access VPNs, enterprise endpoint security, two-factor authentication and smartcard management systems. NRAS VPN staff also provides consulting and project resources in the area of its competence to other FRBNY and FRS entities as necessary.
Job Description:
The job of a Senior Systems Engineer on NRAS VPN Team is to research, develop, implement, manage and provide 3rd level support for enterprise level solutions in the areas of remote access, mobility, endpoint security and smartcard card management to rapidly evolving business and technical requirements of the growing mobile workforce of the Federal Reserve System.
Job Responsibilities:
- Provide operation support of the Symantec Endpoint Protection (SEP) infrastructure components, consisting of 2 SEP Managers and 2 databases serving over 28,000 clients.
- Take ownership of SEP related incidents and drive the investigation and troubleshooting activities, resulting in successful resolution and elimination of the root cause.
- Evaluate, design, implement, and provide operational support of remote and mobile communications access infrastructure components and client components, i.e. VPN gateways, and smart card management software;
- Troubleshoot and resolve technical issues related to remote access services, including VPN infrastructure and client components, smart card management systems and client components, enterprise desktop security components, etc.;
- Develop written documentation including project plans, policy and procedure, presentations, and other documents as necessary;
- Provide on-going 3rd level support of the remote access infrastructure including gateways and back-end servers;
- Work closely with support staff(s) responsible for providing local and/or national support for the NRAS remote access services to help ensure adequate information exchange and customer satisfaction;
- Provide technical consulting for lines of business and other support staffs on remote access related services and risk decisions;
- Research and keep abreast of new mobile computing and remote access products and solutions, virtual private network access, two factor authentication and other related technologies.
Skills
Critical Skills:
- Working knowledge of endpoint security solutions including:
- Managing host firewall products and the understanding the nuances of managing firewalls on mobile devices
- Device control solutions
- AV and Anti-spyware solutions, including managing, troubleshooting and reporting of signature updates, scans, malware detections and false positives
- HIDS and HIPS
- Host posture assessment and remediation
- Working knowledge of Windows (Server 2003/2008, 7, XP) Operating System, AD, GPOs, registry, command line and scripting. Ability to diagnose and resolve environmental issues that are affecting application functionality.
- Knowledge of application layer protocols and risks associated with permitting commonly used protocols (http / https, RDP, CIFS, etc.) across network boundaries.
- Demonstrable level of technical competence including
- A practical experience implementing and administrating common TCP/IP-based services across multiple platforms, including DNS, DHCP, HTTP, FTP, SSH, SMTP, etc.
- A thorough understanding of the OSI network model, Ethernet, TCP/IP and IP sub-netting
Required Skills:
- Working experience with desktop security technologies, personal firewall, intrusion detection and prevention, host integrity, etc.;
- Working experience with smart card technologies, interfaces and protocols (i.e. CAPI, PKCS, etc.) as well as secure communication technologies,
- Comprehensive working knowledge of Win2K8 server, and WinXP/Win7 workstation, and other standard computing platforms;
- Understanding of and working experience with IPSec VPN, SSL VPN and related secure communications technologies, solutions, products and protocols (i.e. SSL, TLS, IPSec, S/MIME, etc.)
- Technical knowledge of data communications fundamentals and principles and working experience with remote access solutions, including virtual private networks, encryption, authentication, access control methods and PKI components;
- Strong analytical and problem-solving skills, including the ability to manage external vendors responsible for problem resolution;
- Maintain awareness of remote access infrastructure security risks and properly address vulnerabilities;
- Ability to work independently or as part of a team and to balance multiple projects and conflicting priorities;
- Strong interpersonal skills, including the ability to interact with all levels of management, local and national support staff and customers, and external vendors; and
- Strong ability and interest in mastering new and emerging technologies.
Preferred Skills:
- Knowledge of SQL or other database technologies desirable;
- Knowledge of programming or scripting languages desirable;
- Familiarity and working experience with Mac OS 10 or Unix based client and server platforms;
- Knowledge of Bank implementation, change and support standards;
- Familiarity with Technical Project Management framework, proven project planning skills in effectively meeting deadlines on individual assignments;
- Familiarity and working knowledge with PKI and certificate authentication;
- Familiarity and working knowledge with Cisco WLAN and security.
Education/Certifications:
- Bachelor's degree in Computer Science or related discipline and/or equivalent work experience;
- 5+ years of related experience.