Senior IT Architect Infrastructure Core Services(f/m/d) wanted! Ref.Nr. 3642!

For a project we are currently looking for a Senior IT Architecture Infrastructure Core Services(f/m/d).

Tasks

• Design a Next-Generation Active Directory Infrastructure with extensive Automation:
• Implement GitOps for version-controlled infrastructure management automation for configuring deployment
• Implement GitOps for version-controlled infrastructure management
• Ensure comprehensive OS/SW-patching- and auto-image-update mechanisms
• Design Identity Management Solutions with Secure Authentication Protocols
• Design adaptive authentication standards to enhance security and user experience
• Conceptualize a PKI Ecosystem with Secure Key Management and GitOps Integration:
• Develop automated processes for credential rotation and cryptographic key management to enhance security posture
• Integrate key management with GitOps workflows to automate certificate lifecycle management and ensure compliance
• Conceptualize the Enforcement of Zero Trust Security Principles

Requirements

• Proficient in Microsoft Active Directory (AD) design, deployment, and management, including expertise in complex forest and domain architectures, multi-site replication, and group policy management, defining granular permissions based on user roles, groups, and organizational hierarchy, ensuring least privilege access and regulatory compliance. Further extensive knowledge in rollout-, update- and patching-methods
• Extensive knowledge of Public Key Infrastructure (PKI) implementation, including certificate authority (CA) design, certificate lifecycle management, and secure (auto) key distribution mechanisms
• Deep understanding of Identity Management concepts and solutions, encompassing user provisioning, authentication, authorization, and single sign-on (SSO) across diverse enterprise environments
• Expertise in developing and enforcing robust password(less) policies and secure authentication mechanisms, including multi-factor authentication (MFA), smart card authentication, biometric authentication as well as the rotation of sensitive credentials and cryptographic keys
• Skilled in designing and implementing secure identity federation protocols like OAuth, OpenID Connect, and SAML, enabling seamless authentication and authorization across heterogeneous systems and applications
• Strong expertise in operational management practices via GitOps methodologies, utilizing version control systems like Github for infrastructure as code (IaC) management, automated deployment, and configuration drift management. Skilled in Ansible-based Windows management within a fully automated AD environment, utilizing Ansible playbooks for automated configuration management, orchestration, and compliance enforcement across Windows servers and applications
• Skilled in implementing multi-security-zoning principles for network and system architecture design, enforcing segmentation and isolation of critical assets and sensitive data, enhancing resilience against cyber threats and ensuring regulatory compliance by appropriate concepts of firewalling, loadbalancing, APM and ASM

Order Type: contract

Location: remote

Start: July 2024

volume: 1-2 days per week = 50-100 days per annum

2024: ca. 36

2025: ca. 66

Duration: end of 2025 (with option of contract extension)

If you are interested, please let us know your salary expectations/ hourly rate and your availability. We are looking forward to your application in an MS-Word-readable format quoting the reference-number 3642.

Any Questions? Call Nadezda Baldandorzhieva +49 176 427 481 65.