Domain Architect Security

X

Apply for this position

Allowed Type(s): .pdf, .doc, .docx

SHORT DESCRIPTION:

The infrastructure product group offers data center services that are provided via a software stack for other product lines within the program. The Security Architect is a member of the Infrastructure Architecture team.

The architect is responsible for aligning with the strategy and vision of the Lead Infrastructure Architect and with other architects in the group (i.e., network, storage, and software architects).

The Security Architect is responsible for the architecture of infrastructure-wide security including Network, Compute, Virtualization, Storage and Software, and for products provided to EDP Infrastructure customers. The architect does this in conjunction and through consultation with the other infrastructure technology architects.

ABOUT THE CLIENT:

The EDP team is building an internal platform for software product developers to accelerate the development and delivery of software products to tackle the massive challenges facing the energy sector. The EDP Platform is a service-oriented, cloud-native platform that is being built to provide application teams with self-service capabilities to develop, run, and operate their software products. EDP Platform provides services for application infrastructure, data, service lifecycle management, application build and delivery as well as services to operate their software products. The EDP Platform is deployed as a hybrid cloud, encompassing both private cloud and select public clouds.

We are looking for talented, experienced, and motivated individuals in the following roles to join the EDP team to take EDP to its next level.

YOU WILL:

As this is an architecture role, it is expected that the individual is self-motivating, in that they take it upon themselves (be proactive) to identify and/or research new ways of doing things, new technologies, and inventing new ways to provide the required solutions and overcome technical challenges.

Architecture solutions are expected to be provided end to end providing a full solution even where this must be coordinated with other architects or software engineering. Where gaps are apparent is up to the architect to figure out how to correct this but holistically and not in a point solution manner.

The Security Architect is responsible for the following technology areas:

  • PKI (HSM, CA, ACME, …) – Private & Public
  • Firewalls (Internet, Internal, Customers, Network/App Policy, OS FWs: NG, UFW, firewalld etc)
  • Zero Trust – Core & Customer
  • Intrusion Detection/Prevention
  • Day0 Analysis & Remediation
  • Client Access
  • IAM (Services, Apps, Admins, Customers (Client Access) Technology Platforms)
  • “Infrastructure Platform Wide Security” (Compute, Network, Virtualization, Storage, Iaas, …)

YOU NEED:

This is a senior architectural role; therefore the individual must have and at least 7 years working in the specified technology area, and able to demonstrate this experience along-side demonstrating real world experience of the entire life cycle of products and/or resources.

The architectures will be owned by the architect through the entire lifecycle therefore being fully responsible.

Must-have competencies / skills (must have unless otherwise noted)

  • Thales HSM
  • HashiCorp Vault (PKI, ACME)
  • RedHat IPA/Certificate System (PKI, ACME)
  • DigiCert PKI
  • NG FW – Palo Alto, Fortinet
  • Linux FW – UFW, firewalld
  • Secure Client Access solutions (VPN) – PA, Fortinet, other …
  • Zero Trust architectures (internal engineering/admins and customer access)
  • IDS/IPS architectures – monitoring, detection and intervention through automated processes.
  • Day0 monitoring/analysis/prevention (as per previous point)
  • IAM / AAA solutions for internal administration individuals/systems and for customer access (remote
  • access), customer network/application access.
  • IAM – HashiCorp Vault, RedHat IPA, freeRadius, …
  • DNSSec
  • Observability Solutions – Logging/Metrics – Loki, Grafana, Prometheus, ELK, …
  • Network Routing Protocol Security
  • Server endpoint security – immutable OS’s
  • Linux Security
  • Windows Security
  • Packet Inspection Skills
  • Fluent English in speech and writing (at least C1)

WOULD BE A PLUS:

There are no defined preferred competencies, additional skills we be evaluated and are of benefit but are not required. It is paramount that all skills at a senior level are proven in the “Must Have” section.

WE OFFER:

While we’re still crafting the details of this exciting opportunity, we encourage you to submit your resume and express your interest in being part of an exceptional team. Don’t miss out on the chance to be part of something special. Apply now and let’s shape the future together!

Fill in the Form to Download the Checklist

You’re one step away from gauging your Nearshore Readiness