Beschreibung
For our client we are looking for a Domain Architect Security (f/m/d)Outline data:
Start: asap
Duration: 31.12.2024++
Workload: Full-time (not negotiable)
Location: 25% Berlin onsite, 75% remote (3 weeks remote / 1 week Berlin)
Role:
The infrastructure product group offers data center services that are provided via a software stack for other product lines within the program. The Security Architect is member of the Infrastructure Architecture team.
The architect is responsible for aligning with the strategy and vision of the Lead Infrastructure Architect and with other architects in the group (i.e., network, storage, software architects).
The Security Architect is responsible for architecture of Infrastructure wide security including Network, Compute, Virtualization, Storage and Software, and for products provided to Infrastructure customers. The architect does this in conjunction and through consultation with the other infrastructure technology architects.
Targets:
The Security Architect is responsible for the following technology areas.
- PKI (HSM, CA, ACME, …) - Private & Public
- Firewalls (Internet, Internal, Customers, Network/App Policy, OS FWs: NG, UFW, firewalld etc)
- Zero Trust - Core & Customer
- Intrusion Detection/Prevention
- Day0 Analysis & Remediation
- Client Access
- IAM (Services, Apps, Admins, Customers (Client Access) Technology Platforms)
- “Infrastructure Platform Wide Security” (Compute, Network, Virtualization, Storage, Iaas, …)
Skills (must-have):
- Thales HSM
- HashiCorp Vault (PKI, ACME)
- RedHat IPA/Certificate System (PKI, ACME)
- DigiCert PKI
- NG FW - Palo Alto, Fortinet
- Linux FW - UFW, firewalld
- Secure Client Access solutions (VPN) – PA, Fortinet, other …
- Zero Trust architectures (internal engineering/admins and customer access)
- IDS/IPS architectures – monitoring, detection and intervention through automated processes.
- Day0 monitoring/analysis/prevention (as per previous point)
- IAM / AAA solutions for internal administration individuals/systems and for customer access (remote access), customer network/application access.
- IAM – HashiCorp Vault, RedHat IPA, freeRadius, …
- DNSSec
- Observability Solutions - Logging/Metrics - Loki, Grafana, Prometheus, ELK
Network Routing Protocol Security
- Server endpoint security – immutable OS’s
- Linux Security
- Windows Security
- Packet Inspection Skills
- Fluent English in speech and writing (at least C1)
** PLEASE NOTE THAT EXPERIENCE IN PUBLIC CLOUDS (AZURE, GCP, AWS, ETC) IS NOT RELEVANT FOR THIS ROLE. THIS IS A PRIVATE ON-PREMISES CLOUD BUILT FROM THE GROUND UP**