Beschreibung
1 Project description50 Hertz is a Transmission System Operator and serves the Eastern part of Germany. The IT infrastructure
of the company needs to be evolved with a clear focus on increasing security and operational efficiency. The
“Infrastructure 2.0”-project will define the architecture for the new infrastructure. The top level design phase is planned to be finished at the End of 2024, followed by detailed design phase in 2025 and the im-plementation in the following years.
2 Tasks / Activity description
1. Design a Next-Generation Active Directory Infrastructure with extensive Automation:
Objective: Conceptualize and design a cutting-edge Active Directory (AD). Utilize the latest AD features for seamless scalability and security. Implement GitOps for version-controlled infrastructure management and automation for configuring deployment, ensuring rapid adaptation to evolving business needs. Focus on complex forest and domain configurations, multi-site replication, and granular group policy manage-ment. Ensure least privilege access and regulatory compliance in alignment with organizational require-ments. Consider strict RBAC approaches. Ensure comprehensive OS/SW-patching- and autoimage-update mechanisms.
2. Design Identity Management Solutions with Secure Authentication Protocols:
Objective: Conceptualize and design modern identity management solutions using secure standards for domain-overspanning authentication and authorization, ensuring seamless integration with on-prem en-terprise environments. Design adaptive authentication standards to enhance security and user experi-ence. Utilize automation pipelines for seamless deployment and management of authentication services. Utilize GitOps for declarative configuration management, enabling efficient scaling and continuous deliv-ery of identity services.
3. Conceptualize a PKI Ecosystem with Secure Key Management and GitOps Integration:
Objective: Design and conceptualize a robust PKI and Vault ecosystem with secure key management prac-tices. Develop automated processes for credential rotation and cryptographic key management to en-hance security posture. Integrate key management with GitOps workflows to automate certificate lifecycle management and ensure compliance. Employ advanced cryptographic techniques to enhance security and facilitate seamless key distribution across the infrastructure.
4. Conceptualize the Enforcement of Zero Trust Security Principles:
Objective: Define hands-on Zero Trust security principles and strategies. Design automated solutions to mitigate security risks and enforce strict access controls based on identity and context.
3 Goal
Provide a comprehensive IT infrastructure design with focus on security and operational effectiveness
4 Profile requirements
1. Proficient in Microsoft Active Directory (AD) design, deployment, and management, including
expertise in complex forest and domain architectures, multi-site replication, and group policy
management, defining granular permissions based on user roles, groups, and organizational
hierarchy, ensuring least privilege access and regulatory compliance. Further extensive knowledge in
rollout-, update- and patching-methods.
2. Extensive knowledge of Public Key Infrastructure (PKI) implementation, including certificate authority
(CA) design, certificate lifecycle management, and secure (auto) key distribution mechanisms.
3. Deep understanding of Identity Management concepts and solutions, encompassing user
provisioning, authentication, authorization, and single sign-on (SSO) across diverse enterprise
environments.
4. Expertise in developing and enforcing robust password(less) policies and secure authentication
mechanisms, including multi-factor authentication (MFA), smart card authentication, biometric
authentication as well as the rotation of sensitive credentials and cryptographic keys.
5. Skilled in designing and implementing secure identity federation protocols like OAuth, OpenID
Connect, and SAML, enabling seamless authentication and authorization across heterogeneous
systems and applications.
6. Familiarity with Zero Trust security principles and implementation strategies, including microsegmen-tation, continuous authentication, and dynamic access controls, to mitigate security risks in
modern IT environments.
7. Strong expertise in operational management practices via GitOps methodologies, utilizing version
control systems like Github for infrastructure as code (IaC) management, automated deployment, and
configuration drift management. Skilled in Ansible-based Windows management within a fully
automated AD environment, utilizing Ansible playbooks for automated configuration management,
orchestration, and compliance enforcement across Windows servers and applications.
8. Skilled in implementing multi-security-zoning principles for network and system architecture design,
enforcing segmentation and isolation of critical assets and sensitive data, enhancing resilience
against cyber threats and ensuring regulatory compliance by appropriate concepts of firewalling,
loadbalancing, APM and ASM
Necessary competencies (must-have):
1. Microsoft Active Directory (AD)
2. PKI Implementation
3. Identity Management
4. Password(less) Technologies
5. Identity Federation Protocols
6. Zero Trust Security Principles
7. GitOps Methodologies / Ansible-based Windows Management / Operational Management Efficien-cy 8. Multi-Security-Zoning Principles
4 additional information
Start: 01.06.2024
Duration: 31.12.2025; extension possible
Volume: 1-2 days per week = 50-100 days per annum
2024: ca. 36
2025: ca. 66
Work Location: Remote, Berlin (95%,5%)
5 Next steps
If you think that these requirements match with your skills, please send us an email with your CV and hourly rate (remote/onsite) via email
You don’t need to apply for the same position more than once. We offer you the most advanta-geous conditions, which are standardized. When quoting hourly rates, keep in mind that the client may be price sensitive and that the duration of the projects should be considered. Besides, there is often a good chance of extension.
If you have any questions, please feel free to contact us via email.
Best regards,
Your joyIT Team