Security Transformation Practitioner
Security Managed Services Analyst
|
Full time
|
Experience: 2-5 years
Job No. ATCI-5489173-S2002862
|
Bengaluru
|
Required Skill: Cisco Identity Services Engine (ISE)
Project Role : Security Transformation Practitioner
Project Role Description : Design, develop, and implement security solutions to safeguard digital assets and business operations. Integrate security controls into enterprise systems, applications, and processes to protect against cyber threats, unauthorized access, and data breaches.
Must have skills : Cisco Identity Services Engine (ISE)
Good to have skills : NA
Minimum 2 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary:
As a Security Transformation Practitioner, you will engage in the design, development, and implementation of security solutions aimed at safeguarding digital assets and business operations. Your typical day will involve collaborating with various teams to integrate security controls into enterprise systems, applications, and processes, ensuring robust protection against cyber threats, unauthorized access, and data breaches. You will also analyze existing security measures and recommend enhancements to fortify the organization's security posture, while staying updated on the latest security trends and technologies to effectively address emerging threats.
Roles & Responsibilities:
- Implement & Manage Cisco ISE for NAC: Lead the deployment and configuration of Cisco Identity Services Engine (ISE) to provide robust network access control for client environments.
- Ensure that only authorized and compliant devices connect to client networks by leveraging ISE features like device profiling, posture assessment, and guest/BYOD access management. Integrate ISE with directory services (e.g., Active Directory) and certificate authorities for seamless user authentication and certificate-based network access. Regularly update and tune ISE policies to align with evolving security requirements and to maintain a zero-trust approach to network access.
- Design & Operate Palo Alto Next-Gen Firewalls: Design, deploy, and maintain Palo Alto Networks firewalls as part of a multi-layered defense strategy protecting client applications and data. Configure security policies, NAT rules, and App-ID based controls on Palo Alto Next-Generation Firewalls to enable fine-grained traffic filtering and threat prevention. Utilize advanced Palo Alto features such as IPS/IDS, content filtering, WildFire for zero-day malware detection, and User-ID integration to enforce security based on user identity and behavior. Set up and manage VPN connectivity (GlobalProtect) for secure remote access and site-to-site VPNs, ensuring encryption and protection of data in transit. Leverage Panorama (Palo Alto s centralized management) to manage firewall deployments at scale, maintaining consistent security policies and performing efficient rule updates across multiple client firewalls. Conduct regular firewall rule base reviews and optimizations to eliminate unnecessary access and ensure alignment with best practices.
- Documentation & Training: Develop and maintain thorough documentation for all security solutions and changes. This includes creating network security architecture diagrams, ISE policy configuration documents, firewall rule change logs, standard operating procedures (SOPs), and client-specific security policy guides. Ensure that all design and configuration changes are clearly recorded and accessible to both the internal team and the client s IT stakeholders. In addition, lead knowledge transfer and training sessions for clients internal teams to ensure they understand the deployed security controls. Provide user-friendly guides or runbooks for day-to-day management of ISE (e.g., onboarding new devices, managing network access for users) and Palo Alto firewalls (e.g., updating security policies, responding to alerts).
Professional & Technical Skills:
- Cisco ISE Expertise: In-depth knowledge of Cisco Identity Services Engine (ISE) and Network Access Control concepts. Ability to configure Cisco ISE for 802.1X authentication, device profiling, posture assessment, guest access, and Bring Your Own Device (BYOD) scenarios. Familiarity with ISE integration into heterogeneous networks. Strong troubleshooting skills with ISE components (e.g., debugging authentication issues, analyzing ISE live logs, monitoring RADIUS Live Sessions) to quickly resolve access problems.
- Palo Alto Networks Firewall Mastery: Hands-on experience with Palo Alto Networks Next-Generation Firewalls, including designing and implementing firewall architectures for medium to large enterprises. Proficient in creating and optimizing firewall policies, NAT rules, and VPN configurations. Expertise in Palo Alto s advanced features – such as content security subscriptions (Threat Prevention, URL Filtering, WildFire sandboxing), GlobalProtect VPN for remote users, SSL decryption, and user identification services. Experience managing multi-site or multi-device firewall deployments using Panorama for centralized management and log analysis. Ability to perform firmware upgrades, backups, and high-availability (HA) configurations on Palo Alto appliances. Industry knowledge of comparable next-gen firewall platforms (Cisco Firepower, Fortinet, etc.) is a plus, but deep familiarity with Palo Alto s platform is required.
- Network Security Fundamentals: Strong foundation in general networking and security principles. Thorough understanding of networking protocols and concepts (TCP/IP, VLANs, subnetting, routing protocols like OSPF/BGP, VPN technologies, etc.) and how to apply security controls to them. Proficiency in configuring and securing network devices such as routers, switches, and wireless LAN controllers, including implementing Access Control Lists (ACLs), Quality of Service (QoS), NAT, and segmentation rules across various platforms. Familiarity with intrusion detection/prevention systems, web proxies, DDoS protection, and other network security tools is expected. Comfortable using network analysis and diagnostic tools (e.g., Wireshark, tcpdump) to troubleshoot complex connectivity or security issues.
- Certification: Information Security, or related field (or equivalent professional experience).
- Professional certifications are highly valued – in particular, Cisco Security certifications (CCNP Security, CCIE Security) and/or Palo Alto Networks Certified Network Security Engineer (PCNSE) are strongly preferred. These demonstrate validated expertise with Cisco s and Palo Alto s platforms, respectively. Additional relevant certs such as Cisco Certified Specialist
– Security Identity Management (SISE) (300-715) or Palo Alto PCNSA, and broader security certifications like CISSP or CCSP are a plus and indicate a commitment to ongoing professional development.
- Multi-Vendor & Cloud Security Experience: While Cisco ISE and Palo Alto are the primary focus, experience with additional network security technologies is beneficial. Familiarity with other firewall and VPN platforms (e.g., Cisco ASA/Firepower, Check Point, Fortinet) or load balancers like F5 can be useful in heterogeneous client environments. Experience with cloud security controls (AWS and Azure network security groups, cloud-native firewalls, or SASE solutions like Zscaler) is a strong plus, as many clients operate hybrid cloud environments. Understanding how to integrate on-premises security (like ISE NAC and hardware firewalls) with cloud-based security services will set you apart.
- Advanced Security Certifications: In addition to the required certifications, any further industry certifications that demonstrate broad security expertise or specialized skills will be advantageous. Relevant examples include Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or vendor-specific expert-level certs such as Cisco CCIE Security or Palo Alto Networks PCNSE (if not already obtained).
Additional Information:
- The candidate should have Minimum 3 years of experience in IT security with a focus on network security and infrastructure security.
- Proven track record in roles such as Network Security Engineer or Security Consultant, with hands-on work in deploying and managing network access control systems and firewall technologies in enterprise environments.
- Experience in client-facing or consulting roles is highly desirable, as this position requires direct engagement with customers to design and implement security solutions.
- A 15 years full time education is required.
Project Role Description : Design, develop, and implement security solutions to safeguard digital assets and business operations. Integrate security controls into enterprise systems, applications, and processes to protect against cyber threats, unauthorized access, and data breaches.
Must have skills : Cisco Identity Services Engine (ISE)
Good to have skills : NA
Minimum 2 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary:
As a Security Transformation Practitioner, you will engage in the design, development, and implementation of security solutions aimed at safeguarding digital assets and business operations. Your typical day will involve collaborating with various teams to integrate security controls into enterprise systems, applications, and processes, ensuring robust protection against cyber threats, unauthorized access, and data breaches. You will also analyze existing security measures and recommend enhancements to fortify the organization's security posture, while staying updated on the latest security trends and technologies to effectively address emerging threats.
Roles & Responsibilities:
- Implement & Manage Cisco ISE for NAC: Lead the deployment and configuration of Cisco Identity Services Engine (ISE) to provide robust network access control for client environments.
- Ensure that only authorized and compliant devices connect to client networks by leveraging ISE features like device profiling, posture assessment, and guest/BYOD access management. Integrate ISE with directory services (e.g., Active Directory) and certificate authorities for seamless user authentication and certificate-based network access. Regularly update and tune ISE policies to align with evolving security requirements and to maintain a zero-trust approach to network access.
- Design & Operate Palo Alto Next-Gen Firewalls: Design, deploy, and maintain Palo Alto Networks firewalls as part of a multi-layered defense strategy protecting client applications and data. Configure security policies, NAT rules, and App-ID based controls on Palo Alto Next-Generation Firewalls to enable fine-grained traffic filtering and threat prevention. Utilize advanced Palo Alto features such as IPS/IDS, content filtering, WildFire for zero-day malware detection, and User-ID integration to enforce security based on user identity and behavior. Set up and manage VPN connectivity (GlobalProtect) for secure remote access and site-to-site VPNs, ensuring encryption and protection of data in transit. Leverage Panorama (Palo Alto s centralized management) to manage firewall deployments at scale, maintaining consistent security policies and performing efficient rule updates across multiple client firewalls. Conduct regular firewall rule base reviews and optimizations to eliminate unnecessary access and ensure alignment with best practices.
- Documentation & Training: Develop and maintain thorough documentation for all security solutions and changes. This includes creating network security architecture diagrams, ISE policy configuration documents, firewall rule change logs, standard operating procedures (SOPs), and client-specific security policy guides. Ensure that all design and configuration changes are clearly recorded and accessible to both the internal team and the client s IT stakeholders. In addition, lead knowledge transfer and training sessions for clients internal teams to ensure they understand the deployed security controls. Provide user-friendly guides or runbooks for day-to-day management of ISE (e.g., onboarding new devices, managing network access for users) and Palo Alto firewalls (e.g., updating security policies, responding to alerts).
Professional & Technical Skills:
- Cisco ISE Expertise: In-depth knowledge of Cisco Identity Services Engine (ISE) and Network Access Control concepts. Ability to configure Cisco ISE for 802.1X authentication, device profiling, posture assessment, guest access, and Bring Your Own Device (BYOD) scenarios. Familiarity with ISE integration into heterogeneous networks. Strong troubleshooting skills with ISE components (e.g., debugging authentication issues, analyzing ISE live logs, monitoring RADIUS Live Sessions) to quickly resolve access problems.
- Palo Alto Networks Firewall Mastery: Hands-on experience with Palo Alto Networks Next-Generation Firewalls, including designing and implementing firewall architectures for medium to large enterprises. Proficient in creating and optimizing firewall policies, NAT rules, and VPN configurations. Expertise in Palo Alto s advanced features – such as content security subscriptions (Threat Prevention, URL Filtering, WildFire sandboxing), GlobalProtect VPN for remote users, SSL decryption, and user identification services. Experience managing multi-site or multi-device firewall deployments using Panorama for centralized management and log analysis. Ability to perform firmware upgrades, backups, and high-availability (HA) configurations on Palo Alto appliances. Industry knowledge of comparable next-gen firewall platforms (Cisco Firepower, Fortinet, etc.) is a plus, but deep familiarity with Palo Alto s platform is required.
- Network Security Fundamentals: Strong foundation in general networking and security principles. Thorough understanding of networking protocols and concepts (TCP/IP, VLANs, subnetting, routing protocols like OSPF/BGP, VPN technologies, etc.) and how to apply security controls to them. Proficiency in configuring and securing network devices such as routers, switches, and wireless LAN controllers, including implementing Access Control Lists (ACLs), Quality of Service (QoS), NAT, and segmentation rules across various platforms. Familiarity with intrusion detection/prevention systems, web proxies, DDoS protection, and other network security tools is expected. Comfortable using network analysis and diagnostic tools (e.g., Wireshark, tcpdump) to troubleshoot complex connectivity or security issues.
- Certification: Information Security, or related field (or equivalent professional experience).
- Professional certifications are highly valued – in particular, Cisco Security certifications (CCNP Security, CCIE Security) and/or Palo Alto Networks Certified Network Security Engineer (PCNSE) are strongly preferred. These demonstrate validated expertise with Cisco s and Palo Alto s platforms, respectively. Additional relevant certs such as Cisco Certified Specialist
– Security Identity Management (SISE) (300-715) or Palo Alto PCNSA, and broader security certifications like CISSP or CCSP are a plus and indicate a commitment to ongoing professional development.
- Multi-Vendor & Cloud Security Experience: While Cisco ISE and Palo Alto are the primary focus, experience with additional network security technologies is beneficial. Familiarity with other firewall and VPN platforms (e.g., Cisco ASA/Firepower, Check Point, Fortinet) or load balancers like F5 can be useful in heterogeneous client environments. Experience with cloud security controls (AWS and Azure network security groups, cloud-native firewalls, or SASE solutions like Zscaler) is a strong plus, as many clients operate hybrid cloud environments. Understanding how to integrate on-premises security (like ISE NAC and hardware firewalls) with cloud-based security services will set you apart.
- Advanced Security Certifications: In addition to the required certifications, any further industry certifications that demonstrate broad security expertise or specialized skills will be advantageous. Relevant examples include Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or vendor-specific expert-level certs such as Cisco CCIE Security or Palo Alto Networks PCNSE (if not already obtained).
Additional Information:
- The candidate should have Minimum 3 years of experience in IT security with a focus on network security and infrastructure security.
- Proven track record in roles such as Network Security Engineer or Security Consultant, with hands-on work in deploying and managing network access control systems and firewall technologies in enterprise environments.
- Experience in client-facing or consulting roles is highly desirable, as this position requires direct engagement with customers to design and implement security solutions.
- A 15 years full time education is required.
15 years full time education
Bengaluru
Equal Employment Opportunity Statement
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.
We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.
We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.
At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.
Join Accenture to work at the heart of change. Visit us at www.accenture.com.
We have been alerted to the existence of fraudulent messages asking job seekers to set up payment to cover various costs associated with establishing employment at Accenture. No one is ever required to pay for employment at Accenture. If you are contacted by someone asking for payment, please do not respond, and contact us at india.fc.check@accenture.com immediately.