University of California - Los Angeles Health
Principal Wireless Network Engineer (flex-hybrid)
University of California - Los Angeles Health, Los Angeles, California, United States, 90079
Description
The Principal Wireless Network Engineer is the subject matter expert taking the lead role in design, implementation, operations and maintenance of Wireless Networks. In addition, the position will take a lead on design, implementation, operations and maintenance of Network Access Control (NAC) on Wired and Wireless Networks.
This SME will also be responsible for: Performing new Wireless and AAA/NAC solution evaluation and proof-of-concept. IOT/IOMT Security and Clinical Analytics platforms (like Medigate & Zingbox) integration with Aruba ClearPass, Cisco ISE. Monitoring the Wireless Network, AAA/NAC Systems via API integration or Syslog with Splunk, Aruba UXI Sensors, Aruba Central, and Airwave. Monitoring and reporting the Security Posture of Wired and Wireless endpoints leveraging the available dashboards. Automation of Network Access Control related configuration scripts for the Aruba & Cisco Network edge switches. Monitoring the Network edge ports deviation from NAC standard templates and automating the remediation action. Build/Improve the Wired & Wireless NAC dashboards for managing the operations and to fulfill various other Business requirements leveraging API, Syslog, Webhooks of ClearPass Policy Manager and Cisco Identity Services Engine. Identifying configuration gaps with respect to the network security and work with appropriate technology teams towards remediation. Implement multi-factor authentication, okta integration for SSO, network segmentation, rogue network device detection and mitigation. Creating SOPs, technical articles, building topology, workflow and traffic flow diagrams for AAA/NAC functions & Wireless Networks. Evaluate and implement other potential products & technologies in the market which could improve the endpoint profiling, categorization and help improve the security posture of overall network edge layer. Renewal of certificates in all the Wireless and Wired network devices including ClearPass servers for HTTPS, Web-Auth (Captive Portal), EAP-TLS. Configuring and maintaining the integrations with MDM solutions like AirWatch, JAMF & Secure LDAP with Active Directory. Determining the unapproved endpoints for IT Security Risk Assessment and determining the safe and secure ways of onboarding the enterprise, medical and IOT devices. This position also requires participation in 24x7 On-Call rotation providing after hours support for all technologies and products UCLA Health IT supports which includes Campus Routing/Switching, Data Center ACI, Voice, Wireless & WAN. This flexible hybrid role allows for a blend of remote and on-site work, requiring presence on-site at least twice a week, within 2 hours of being asked to come on-site, or as needed based on operational requirements. Please note, travel to the "home office" location is not reimbursed. Each employee will complete a FlexWork Agreement with their manager to outline expectations and ensure mutual understanding. These arrangements are periodically reviewed and may be adjusted or terminated as necessary. Salary offers are based on a variety of factors including qualifications, experience, and internal equity. The full salary range for this position is $112,900.00 - $256,900.00 annually. The University anticipates offering a salary between the 25th and 75th percentile of this range. As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer. Qualifications
EDUCATION & CERTIFICATIONS: *Bachelor's degree with 10+ years' experience or master's degree with 8+ years' experience in a large network enterprise environment with network design infrastructure technology experience, and with hands on network security design/support role experience. *At least one of the following: Aruba Certified ClearPass Expert or Cisco Certified Internetworking Expert - Security (ACCX or CCIE-Security). KNOWLEDGE, SKILLS, ABILITIES: *Expert level knowledge on AAA, NAC, WPA/WPA2 Enterprise, Wired and Wireless 802.1x, RADIUS, TACACS, IPSec, GRE, PKI, Guest Onboarding & management solution. *Experience in Wireless LAN (802.11), Aruba or Cisco Wireless Networking products. *Network architecture design and implementation of AAA/NAC projects. *Skilled in implementing project management methodologies. *Technological research and design. *Experience leading large scale Network Security Project Implementations. *Effective communication and interpersonal skills. *Problem resolution / mentoring and coaching skills. *Serves as a visionary by identifying new opportunities for process improvements, standards, initiatives and technology adoption. OPERATING SYSTEMS & SOFTWARE: *Aruba OS, Aruba ClearPass Policy Manager, Aruba Airwave Management Platform, Aruba Central, Aruba UXI/CAPE Network & Application Performance monitoring tool, Windows, macOS, Microsoft Office Suite, Visio, Packet Analyzers (Wireshark, Omni peek). HARDWARE: *Aruba ClearPass Policy Manager (CPPM) or Cisco ISE, Aruba Wireless Controller/Access Points or Cisco Wireless Controllers/Access Points, Aruba or Cisco Switches. TECHNOLOGIES: *AAA, 802.1x, EAP-PEAP/TLS/TTLS, EAP-FAST, RADIUS, TACACS, PKI, IPSec, GRE, Web-Auth (Captive Portal), 802.11, mDNS, VRRP, HSRP, QoS, Security/Firewall, Infoblox (DNS/DHCP), API, Webhooks, SNMP, NetFlow, Syslog.
#J-18808-Ljbffr
The Principal Wireless Network Engineer is the subject matter expert taking the lead role in design, implementation, operations and maintenance of Wireless Networks. In addition, the position will take a lead on design, implementation, operations and maintenance of Network Access Control (NAC) on Wired and Wireless Networks.
This SME will also be responsible for: Performing new Wireless and AAA/NAC solution evaluation and proof-of-concept. IOT/IOMT Security and Clinical Analytics platforms (like Medigate & Zingbox) integration with Aruba ClearPass, Cisco ISE. Monitoring the Wireless Network, AAA/NAC Systems via API integration or Syslog with Splunk, Aruba UXI Sensors, Aruba Central, and Airwave. Monitoring and reporting the Security Posture of Wired and Wireless endpoints leveraging the available dashboards. Automation of Network Access Control related configuration scripts for the Aruba & Cisco Network edge switches. Monitoring the Network edge ports deviation from NAC standard templates and automating the remediation action. Build/Improve the Wired & Wireless NAC dashboards for managing the operations and to fulfill various other Business requirements leveraging API, Syslog, Webhooks of ClearPass Policy Manager and Cisco Identity Services Engine. Identifying configuration gaps with respect to the network security and work with appropriate technology teams towards remediation. Implement multi-factor authentication, okta integration for SSO, network segmentation, rogue network device detection and mitigation. Creating SOPs, technical articles, building topology, workflow and traffic flow diagrams for AAA/NAC functions & Wireless Networks. Evaluate and implement other potential products & technologies in the market which could improve the endpoint profiling, categorization and help improve the security posture of overall network edge layer. Renewal of certificates in all the Wireless and Wired network devices including ClearPass servers for HTTPS, Web-Auth (Captive Portal), EAP-TLS. Configuring and maintaining the integrations with MDM solutions like AirWatch, JAMF & Secure LDAP with Active Directory. Determining the unapproved endpoints for IT Security Risk Assessment and determining the safe and secure ways of onboarding the enterprise, medical and IOT devices. This position also requires participation in 24x7 On-Call rotation providing after hours support for all technologies and products UCLA Health IT supports which includes Campus Routing/Switching, Data Center ACI, Voice, Wireless & WAN. This flexible hybrid role allows for a blend of remote and on-site work, requiring presence on-site at least twice a week, within 2 hours of being asked to come on-site, or as needed based on operational requirements. Please note, travel to the "home office" location is not reimbursed. Each employee will complete a FlexWork Agreement with their manager to outline expectations and ensure mutual understanding. These arrangements are periodically reviewed and may be adjusted or terminated as necessary. Salary offers are based on a variety of factors including qualifications, experience, and internal equity. The full salary range for this position is $112,900.00 - $256,900.00 annually. The University anticipates offering a salary between the 25th and 75th percentile of this range. As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer. Qualifications
EDUCATION & CERTIFICATIONS: *Bachelor's degree with 10+ years' experience or master's degree with 8+ years' experience in a large network enterprise environment with network design infrastructure technology experience, and with hands on network security design/support role experience. *At least one of the following: Aruba Certified ClearPass Expert or Cisco Certified Internetworking Expert - Security (ACCX or CCIE-Security). KNOWLEDGE, SKILLS, ABILITIES: *Expert level knowledge on AAA, NAC, WPA/WPA2 Enterprise, Wired and Wireless 802.1x, RADIUS, TACACS, IPSec, GRE, PKI, Guest Onboarding & management solution. *Experience in Wireless LAN (802.11), Aruba or Cisco Wireless Networking products. *Network architecture design and implementation of AAA/NAC projects. *Skilled in implementing project management methodologies. *Technological research and design. *Experience leading large scale Network Security Project Implementations. *Effective communication and interpersonal skills. *Problem resolution / mentoring and coaching skills. *Serves as a visionary by identifying new opportunities for process improvements, standards, initiatives and technology adoption. OPERATING SYSTEMS & SOFTWARE: *Aruba OS, Aruba ClearPass Policy Manager, Aruba Airwave Management Platform, Aruba Central, Aruba UXI/CAPE Network & Application Performance monitoring tool, Windows, macOS, Microsoft Office Suite, Visio, Packet Analyzers (Wireshark, Omni peek). HARDWARE: *Aruba ClearPass Policy Manager (CPPM) or Cisco ISE, Aruba Wireless Controller/Access Points or Cisco Wireless Controllers/Access Points, Aruba or Cisco Switches. TECHNOLOGIES: *AAA, 802.1x, EAP-PEAP/TLS/TTLS, EAP-FAST, RADIUS, TACACS, PKI, IPSec, GRE, Web-Auth (Captive Portal), 802.11, mDNS, VRRP, HSRP, QoS, Security/Firewall, Infoblox (DNS/DHCP), API, Webhooks, SNMP, NetFlow, Syslog.
#J-18808-Ljbffr