Beschreibung
1-2 days per week = 50-100 days per annum2024: ca. 36
2025: ca. 66
Project environment:
50 Hertz is a Transmission System Operator and serves the Eastern part of Germany. The IT infrastructure of the company needs to be evolved with a clear focus on increasing security and operational efficiency. The “Infrastructure 2.0”-project will define the architecture for the new infrastructure. The top level design phase is planned to be finished at the End of 2024, followed by detailed design phase in 2025 and the implementation in the following years.
Project goal:
Provide a comprehensive IT infrastructure design with focus on security and operational effectiveness
Ihre Aufgaben
Design a Next-Generation Active Directory Infrastructure with extensive Automation: Objective:
Conceptualize and design a cutting-edge Active Directory (AD)
Utilize the latest AD features for seamless scalability and security
Implement GitOps for version-controlled infrastructure management and automation for configuring deployment, ensuring rapid adaptation to evolving business needs
Focus on complex forest and domain configurations, multi-site replication, and granular group policy management
Ensure least privilege access and regulatory compliance in alignment with organizational requirements
Consider strict RBAC approaches
Ensure comprehensive OS/SW-patching- and autoimage-update mechanisms
Design Identity Management Solutions with Secure Authentication Protocols
Objective: Conceptualize and design modern identity management solutions using secure standards for domain-overspanning authentication and authorization, ensuring seamless integration with on-prem enterprise environments
Design adaptive authentication standards to enhance security and user experience
Utilize automation pipelines for seamless deployment and management of authentication services
Utilize GitOps for declarative configuration management, enabling efficient scaling and continuous delivery of identity services
Conceptualize a PKI Ecosystem with Secure Key Management and GitOps Integration
Objective: Design and conceptualize a robust PKI and Vault ecosystem with secure key management practices
Develop automated processes for credential rotation and cryptographic key management to enhance security posture
Integrate key management with GitOps workflows to automate certificate lifecycle management and ensure compliance
Employ advanced cryptographic techniques to enhance security and facilitate seamless key distribution across the infrastructure
Conceptualize the Enforcement of Zero Trust Security Principles
Objective: Define hands-on Zero Trust security principles and strategies
Design automated solutions to mitigate security risks and enforce strict access controls based on identity and context
Unsere Anforderungen
Microsoft Active Directory (AD)
Proficient in Microsoft Active Directory (AD) design, deployment, and management, including expertise in complex forest and domain architectures, multi-site replication, and group policy management, defining granular permissions based on user roles, groups, and organizational hierarchy, ensuring least privilege access and regulatory compliance. Further extensive knowledge in rollout-, update- and patching-methods
PKI Implementation
Extensive knowledge of Public Key Infrastructure (PKI) implementation, including certificate authority (CA) design, certificate lifecycle management, and secure (auto) key distribution mechanisms
Identity Management
Deep understanding of Identity Management concepts and solutions, encompassing user provisioning, authentication, authorization, and single sign-on (SSO) across diverse enterprise environments.
Password(less) Technologies
Expertise in developing and enforcing robust password(less) policies and secure authentication mechanisms, including multi-factor authentication (MFA), smart card authentication, biometric authentication as well as the rotation of sensitive credentials and cryptographic keys
Identity Federation Protocols
Skilled in designing and implementing secure identity federation protocols like OAuth, OpenID Connect, and SAML, enabling seamless authentication and authorization across heterogeneous systems and applications
Zero Trust Security Principles
Familiarity with Zero Trust security principles and implementation strategies, including microsegmentation, continuous authentication, and dynamic access controls, to mitigate security risks in modern IT environments
GitOps Methodologies / Ansible-based Windows Management / Operational Management Efficiency
Strong expertise in operational management practices via GitOps methodologies, utilizing version control systems like Github for infrastructure as code (IaC) management, automated deployment, and configuration drift management. Skilled in Ansible-based Windows management within a fully automated AD environment, utilizing Ansible playbooks for automated configuration management, orchestration, and compliance enforcement across Windows servers and applications
Multi-Security-Zoning Principles
Skilled in implementing multi-security-zoning principles for network and system architecture design, enforcing segmentation and isolation of critical assets and sensitive data, enhancing resilience against cyber threats and ensuring regulatory compliance by appropriate concepts of firewalling, loadbalancing, APM and ASM