Job Title: Cloud Infrastructure Engineer Location: City of London Salary: £60,000 - £65,000, up to £70,000 for exceptional candidates Work Arrangement: Hybrid (mainly remote, with some in-office days) About the Role We are seeking an experienced Cloud Infrastructure Engineer to join our IT team, responsible for the design, implementation, and management of cloud environments, primarily using Azure. This role offers a unique opportunity to take ownership of a cloud environment, driving its optimisation and development. You will work closely with cross-functional teams to deliver infrastructure solutions that align with the organisation's evolving needs. As a new addition to our IT team of 14, which includes a dedicated infrastructure group of 6-7 members, this position has been created to bridge a key skills gap in our DevOps capabilities. The ideal candidate will have a strong background in traditional infrastructure management and have moved into the cloud and automation space, bringing expertise in both areas. Key Responsibilities Infrastructure Automation: Develop and maintain Infrastructure-as-Code (IaC) using tools such as Terraform to automate the provisioning, configuration, and management of Azure resources. This includes deploying and configuring virtual machines, storage, networking, and other essential cloud services. CI/CD Pipeline Management: Design and implement Continuous Integration and Continuous Deployment (CI/CD) pipelines using Azure DevOps or similar tools. Oversee automated deployments to ensure consistent and efficient software delivery across multiple environments. Cloud Migration Projects: Lead cloud migration projects from on-premises systems to Azure, ensuring a seamless transition while managing dependencies, data integrity, security protocols, and performance optimisation. Scripting and Automation: Utilise Scripting languages such as PowerShell or Python to automate routine tasks, improve operational efficiency, and maintain consistent configurations across environments. Security and Compliance: Implement and uphold security standards, including identity and access management, network security, data protection, and compliance within the cloud environment. Ensure adherence to industry best practices and regulatory requirements. Monitoring and Optimisation: Configure and manage monitoring solutions using Azure Monitor or similar tools. Set up alerts, define metrics, and proactively address issues to maintain optimal system performance and availability. Technical Support and Troubleshooting: Act as a subject matter expert for cloud infrastructure, providing technical guidance and support to other teams. Diagnose and resolve complex issues to minimise disruptions to business operations. Documentation and Knowledge Sharing: Develop and maintain comprehensive technical documentation, including architecture diagrams, standard operating procedures, and best practices. Lead knowledge-sharing sessions within the team. Microsoft 365 Management: Ensure the health and performance of the Microsoft 365 environment, focusing on security, reliability, and integration with other systems. On-Call Support: Participate in an on-call rotation to provide critical support outside of core working hours as required. Required Skills and Experience Demonstrable experience leading IT projects from inception to completion, particularly in cloud migration, infrastructure optimisation, and business continuity planning. Proven track record in an in-house environment (as opposed to Managed Service Provider backgrounds), with the ability to take full ownership of projects. Proficiency in Azure resource provisioning using Infrastructure-as-Code tools like Terraform. Hands-on experience in setting up and managing CI/CD pipelines with Azure DevOps or similar platforms. Strong Scripting skills in PowerShell, Python, or other languages for automation. Deep understanding of Azure security principles, compliance requirements, and monitoring tools. Excellent communication and collaboration skills to work effectively with various stakeholders. Relevant Azure certifications (eg, AZ-900, AZ-104, AZ-400) are advantageous. Knowledge of cybersecurity frameworks such as ISO27001 and Cyber Essentials Plus is a plus. Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent professional experience. Benefits 25 days of annual leave, plus additional days off over the Christmas period. Flexible benefits package with options to buy or sell holiday days. Hybrid working policy, with a combination of remote and office-based work. Comprehensive healthcare benefits, including private medical insurance and critical illness cover. Competitive pension scheme and life assurance. Opportunities for professional development, including support for certifications and training programmes. Employee wellbeing support, including generous sick pay, access to wellbeing programmes, and an Employee Assistance Programme. Additional perks such as wedding and birth vouchers, employee referral bonuses, and discounts on various services. In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business
18/09/2024
Full time
Job Title: Cloud Infrastructure Engineer Location: City of London Salary: £60,000 - £65,000, up to £70,000 for exceptional candidates Work Arrangement: Hybrid (mainly remote, with some in-office days) About the Role We are seeking an experienced Cloud Infrastructure Engineer to join our IT team, responsible for the design, implementation, and management of cloud environments, primarily using Azure. This role offers a unique opportunity to take ownership of a cloud environment, driving its optimisation and development. You will work closely with cross-functional teams to deliver infrastructure solutions that align with the organisation's evolving needs. As a new addition to our IT team of 14, which includes a dedicated infrastructure group of 6-7 members, this position has been created to bridge a key skills gap in our DevOps capabilities. The ideal candidate will have a strong background in traditional infrastructure management and have moved into the cloud and automation space, bringing expertise in both areas. Key Responsibilities Infrastructure Automation: Develop and maintain Infrastructure-as-Code (IaC) using tools such as Terraform to automate the provisioning, configuration, and management of Azure resources. This includes deploying and configuring virtual machines, storage, networking, and other essential cloud services. CI/CD Pipeline Management: Design and implement Continuous Integration and Continuous Deployment (CI/CD) pipelines using Azure DevOps or similar tools. Oversee automated deployments to ensure consistent and efficient software delivery across multiple environments. Cloud Migration Projects: Lead cloud migration projects from on-premises systems to Azure, ensuring a seamless transition while managing dependencies, data integrity, security protocols, and performance optimisation. Scripting and Automation: Utilise Scripting languages such as PowerShell or Python to automate routine tasks, improve operational efficiency, and maintain consistent configurations across environments. Security and Compliance: Implement and uphold security standards, including identity and access management, network security, data protection, and compliance within the cloud environment. Ensure adherence to industry best practices and regulatory requirements. Monitoring and Optimisation: Configure and manage monitoring solutions using Azure Monitor or similar tools. Set up alerts, define metrics, and proactively address issues to maintain optimal system performance and availability. Technical Support and Troubleshooting: Act as a subject matter expert for cloud infrastructure, providing technical guidance and support to other teams. Diagnose and resolve complex issues to minimise disruptions to business operations. Documentation and Knowledge Sharing: Develop and maintain comprehensive technical documentation, including architecture diagrams, standard operating procedures, and best practices. Lead knowledge-sharing sessions within the team. Microsoft 365 Management: Ensure the health and performance of the Microsoft 365 environment, focusing on security, reliability, and integration with other systems. On-Call Support: Participate in an on-call rotation to provide critical support outside of core working hours as required. Required Skills and Experience Demonstrable experience leading IT projects from inception to completion, particularly in cloud migration, infrastructure optimisation, and business continuity planning. Proven track record in an in-house environment (as opposed to Managed Service Provider backgrounds), with the ability to take full ownership of projects. Proficiency in Azure resource provisioning using Infrastructure-as-Code tools like Terraform. Hands-on experience in setting up and managing CI/CD pipelines with Azure DevOps or similar platforms. Strong Scripting skills in PowerShell, Python, or other languages for automation. Deep understanding of Azure security principles, compliance requirements, and monitoring tools. Excellent communication and collaboration skills to work effectively with various stakeholders. Relevant Azure certifications (eg, AZ-900, AZ-104, AZ-400) are advantageous. Knowledge of cybersecurity frameworks such as ISO27001 and Cyber Essentials Plus is a plus. Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent professional experience. Benefits 25 days of annual leave, plus additional days off over the Christmas period. Flexible benefits package with options to buy or sell holiday days. Hybrid working policy, with a combination of remote and office-based work. Comprehensive healthcare benefits, including private medical insurance and critical illness cover. Competitive pension scheme and life assurance. Opportunities for professional development, including support for certifications and training programmes. Employee wellbeing support, including generous sick pay, access to wellbeing programmes, and an Employee Assistance Programme. Additional perks such as wedding and birth vouchers, employee referral bonuses, and discounts on various services. In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position. DGH Recruitment Limited acts as both an Employment Agency and Employment Business
Request Technology - Craig Johnson
San Francisco, California
*We are unable to sponsor for this 6+ month straight contract role, no 3rd party candidates will be considered* Prestigious Enterprise Company is currently seeking a Cyber Security Infrastructure Engineer and Architect with Azure experience. Candidate will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. This role requires the solution of complex enterprise-scale information security problems. The role will design and develop new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Responsibilities: Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture. Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices. Cloud Security: Shared Responsibility model Secure services in the cloud Infrastructure security in the cloud Secure boundaries Authentication & Authorization security services in the Cloud Cloud Native VS Third party security capabilities Container Security Container security life cycle Image scanning Qualifications: Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks Preferred Skills: The candidate shall have the experience on developing secure view of architecture and secure design documents for different applications ability to lead the exercise of collecting the required data to produce the deliverables Ability to articulate the requirements in technical and non technical language Ability to defend secure design and support it with real life scenarios Ability to articulate the risk and findings in business language Explain vulnerabilities and threats Threat modelling Recent attacks Application Security Focus Areas Secure Code Development Secure SDLC Secure Agile development Testing Security requirements Writing security stories Web Application Security Owasp 10 SAST and DAST Scan API Security CI/CD pipeline Integrate security tools Security testing
17/09/2024
Project-based
*We are unable to sponsor for this 6+ month straight contract role, no 3rd party candidates will be considered* Prestigious Enterprise Company is currently seeking a Cyber Security Infrastructure Engineer and Architect with Azure experience. Candidate will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. This role requires the solution of complex enterprise-scale information security problems. The role will design and develop new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Responsibilities: Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture. Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices. Cloud Security: Shared Responsibility model Secure services in the cloud Infrastructure security in the cloud Secure boundaries Authentication & Authorization security services in the Cloud Cloud Native VS Third party security capabilities Container Security Container security life cycle Image scanning Qualifications: Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks Preferred Skills: The candidate shall have the experience on developing secure view of architecture and secure design documents for different applications ability to lead the exercise of collecting the required data to produce the deliverables Ability to articulate the requirements in technical and non technical language Ability to defend secure design and support it with real life scenarios Ability to articulate the risk and findings in business language Explain vulnerabilities and threats Threat modelling Recent attacks Application Security Focus Areas Secure Code Development Secure SDLC Secure Agile development Testing Security requirements Writing security stories Web Application Security Owasp 10 SAST and DAST Scan API Security CI/CD pipeline Integrate security tools Security testing
Security Engineering - PAM - Secrets SALARY: $150K - $160K plus 15% bonus LOCATION: DALLAS Secrets and privileged access management hardware security modules HSMs integrating secrets management PKI sessions management python ansible terraform and YAML HSMS MS PKI Hashicorp vault CyberArk AIM PSMP PVWA CPM vault leveraging APIs cryptographic operations As a member of the Secrets and Privileged Access Management team you are responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Primary Duties and Responsibilities: To perform this job successfully, an individual must be able to perform each primary duty satisfactorily. Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. Education and/or Experience: 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
17/09/2024
Full time
Security Engineering - PAM - Secrets SALARY: $150K - $160K plus 15% bonus LOCATION: DALLAS Secrets and privileged access management hardware security modules HSMs integrating secrets management PKI sessions management python ansible terraform and YAML HSMS MS PKI Hashicorp vault CyberArk AIM PSMP PVWA CPM vault leveraging APIs cryptographic operations As a member of the Secrets and Privileged Access Management team you are responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Primary Duties and Responsibilities: To perform this job successfully, an individual must be able to perform each primary duty satisfactorily. Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. Education and/or Experience: 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
Security Engineering - PAM - Secrets SALARY: $150K - $160K plus 15% bonus LOCATION: CHICAGO Secrets and privileged access management hardware security modules HSMs integrating secrets management PKI sessions management python ansible terraform and YAML HSMS MS PKI Hashicorp vault CyberArk AIM PSMP PVWA CPM vault leveraging APIs cryptographic operations As a member of the Secrets and Privileged Access Management team you are responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Primary Duties and Responsibilities: To perform this job successfully, an individual must be able to perform each primary duty satisfactorily. Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. Education and/or Experience: 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
17/09/2024
Full time
Security Engineering - PAM - Secrets SALARY: $150K - $160K plus 15% bonus LOCATION: CHICAGO Secrets and privileged access management hardware security modules HSMs integrating secrets management PKI sessions management python ansible terraform and YAML HSMS MS PKI Hashicorp vault CyberArk AIM PSMP PVWA CPM vault leveraging APIs cryptographic operations As a member of the Secrets and Privileged Access Management team you are responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Primary Duties and Responsibilities: To perform this job successfully, an individual must be able to perform each primary duty satisfactorily. Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. Education and/or Experience: 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
Long term contract role - remote rate is around $115 c2c CYBERSECURITY ENGINEER/ARCHITECT Must have very clear communication skills Mandatory Technical Skills: Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of IAM controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Additional Technical Skills: Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks Desired Skills: Architecture Skills The candidate shall have the experience on developing secure view of architecture and secure design documents for different applications ability to lead the exercise of collecting the required data to produce the deliverables Ability to articulate the requirements in technical and non technical language Ability to defend secure design and support it with real life scenarios Ability to articulate the risk and findings in business language Explain vulnerabilities and threats Threat modelling Recent attacks Application Security Focus Areas Secure Code Development Secure SDLC Secure Agile development Testing Security requirements Writing security stories Web Application Security Owasp 10 SAST and DAST Scan API Security CI/CD pipeline Integrate security tools Security testing Cloud Security Focus Area Shared Responsibility model Secure services in the cloud Infrastructure security in the cloud Secure boundaries Authentication & Authorization security services in the Cloud Cloud Native VS Third party security capabilities Container Security Container security life cycle Image scanning
17/09/2024
Project-based
Long term contract role - remote rate is around $115 c2c CYBERSECURITY ENGINEER/ARCHITECT Must have very clear communication skills Mandatory Technical Skills: Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of IAM controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Additional Technical Skills: Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks Desired Skills: Architecture Skills The candidate shall have the experience on developing secure view of architecture and secure design documents for different applications ability to lead the exercise of collecting the required data to produce the deliverables Ability to articulate the requirements in technical and non technical language Ability to defend secure design and support it with real life scenarios Ability to articulate the risk and findings in business language Explain vulnerabilities and threats Threat modelling Recent attacks Application Security Focus Areas Secure Code Development Secure SDLC Secure Agile development Testing Security requirements Writing security stories Web Application Security Owasp 10 SAST and DAST Scan API Security CI/CD pipeline Integrate security tools Security testing Cloud Security Focus Area Shared Responsibility model Secure services in the cloud Infrastructure security in the cloud Secure boundaries Authentication & Authorization security services in the Cloud Cloud Native VS Third party security capabilities Container Security Container security life cycle Image scanning
Contract - Cybersecurity Infrastructure Engineer/Architect Rate: Open Location: Remote in the United States *We are unable to provide sponsorship for this role* Qualifications 8+ years of Security Infrastructure focus with an emphasis on the following: Security Design, Infrastructure security, Cloud migration, Citrix cloud, SDWAN security, VPN, GitHub security, MS Power platform, MS co-pilot Experienced in large enterprise environments is a must Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Responsibilities Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture. Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
17/09/2024
Project-based
Contract - Cybersecurity Infrastructure Engineer/Architect Rate: Open Location: Remote in the United States *We are unable to provide sponsorship for this role* Qualifications 8+ years of Security Infrastructure focus with an emphasis on the following: Security Design, Infrastructure security, Cloud migration, Citrix cloud, SDWAN security, VPN, GitHub security, MS Power platform, MS co-pilot Experienced in large enterprise environments is a must Understanding of Azure native security services and best practices Strong knowledge of threat modelling and risk assessment technologies or frameworks Strong knowledge of network security protocols, best practices, and perimeter security tools Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management Understanding of common data protection technologies such as cryptography, tokenization, and hashing Responsibilities Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture. Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
Senior Network Engineer Hybrid with On-Call Network Design I have a client based in Yorkshire who is looking for a Senior Network Engineer with experience in architecture design to join their growing team on a hybrid basis. Would you or anyone you know be interested? The ideal candidate should have a solid background in supporting or working with public sector clients, including local authorities, healthcare, and educational institutions. A passion for network technology, along with strong problem-solving skills and excellent communication abilities, is essential for this role. Key Responsibilities: Network Design & Deployment : Lead the design, deployment, and management of LAN and WAN infrastructure at various locations, including customer sites. Technical Leadership & Escalation : Act as a senior technical resource, overseeing projects from initial planning and design to full implementation and providing technical guidance to resolve complex issues. Infrastructure Expertise : Manage edge and core switching, telecommunications Routers, wireless solutions, and fixed/wireless point-to-point connections. Network Security : Implement robust security measures, including Firewalls, VPNs, email security, web filtering, and two-factor authentication. Mentoring & Training : Provide mentorship to technical staff and assist in developing and delivering internal and external technical training programs. Compliance Support : Help clients achieve and maintain compliance with security standards such as ISO27001, Cyber Essentials, PSN Code of Connection, and PCI-DSS. Client Solutions : Take ownership of customer solutions, offering ongoing technical management and presenting designs and solutions as needed. Documentation & Reporting : Produce thorough design documentation and technical reports to ensure clear communication and effective project execution. Required Skills & Experience: Expertise in Networking : Strong understanding of TCP/IP, advanced network protocols, Unified Communications/telephony, wireless networking, and network security technologies. Certifications : Relevant certifications such as Cisco CCNP, Juniper JNCIP, or equivalent qualifications. Security Knowledge : Familiarity with enterprise Firewalls and at least three areas like VPNs, Unified Threat Management, email security, and web filtering. Project Leadership : Proven experience in designing, implementing, and troubleshooting network infrastructure projects. Technical Reporting : Skilled in producing detailed technical reports and documentation. Public Sector Experience : Prior experience working with or consulting for public sector organisations is highly desirable. Special Requirements: Participation in an on-call rotation for 24/7 support services. Ability to obtain a DBS clearance A full, valid UK driving license is mandatory.
12/09/2024
Full time
Senior Network Engineer Hybrid with On-Call Network Design I have a client based in Yorkshire who is looking for a Senior Network Engineer with experience in architecture design to join their growing team on a hybrid basis. Would you or anyone you know be interested? The ideal candidate should have a solid background in supporting or working with public sector clients, including local authorities, healthcare, and educational institutions. A passion for network technology, along with strong problem-solving skills and excellent communication abilities, is essential for this role. Key Responsibilities: Network Design & Deployment : Lead the design, deployment, and management of LAN and WAN infrastructure at various locations, including customer sites. Technical Leadership & Escalation : Act as a senior technical resource, overseeing projects from initial planning and design to full implementation and providing technical guidance to resolve complex issues. Infrastructure Expertise : Manage edge and core switching, telecommunications Routers, wireless solutions, and fixed/wireless point-to-point connections. Network Security : Implement robust security measures, including Firewalls, VPNs, email security, web filtering, and two-factor authentication. Mentoring & Training : Provide mentorship to technical staff and assist in developing and delivering internal and external technical training programs. Compliance Support : Help clients achieve and maintain compliance with security standards such as ISO27001, Cyber Essentials, PSN Code of Connection, and PCI-DSS. Client Solutions : Take ownership of customer solutions, offering ongoing technical management and presenting designs and solutions as needed. Documentation & Reporting : Produce thorough design documentation and technical reports to ensure clear communication and effective project execution. Required Skills & Experience: Expertise in Networking : Strong understanding of TCP/IP, advanced network protocols, Unified Communications/telephony, wireless networking, and network security technologies. Certifications : Relevant certifications such as Cisco CCNP, Juniper JNCIP, or equivalent qualifications. Security Knowledge : Familiarity with enterprise Firewalls and at least three areas like VPNs, Unified Threat Management, email security, and web filtering. Project Leadership : Proven experience in designing, implementing, and troubleshooting network infrastructure projects. Technical Reporting : Skilled in producing detailed technical reports and documentation. Public Sector Experience : Prior experience working with or consulting for public sector organisations is highly desirable. Special Requirements: Participation in an on-call rotation for 24/7 support services. Ability to obtain a DBS clearance A full, valid UK driving license is mandatory.