For our client in Berlin we are looking for a freelance Senior IT Architect(m/f/d).

# Key data
Start: 01/06/2024
End: 31.12.2025 (with the option to extend)
Capacitiy: 2024: approx. 36PT, 2025: 66PT
Location: 95% remote and 5% Berlin
Contract: Contracting/Freelance

#Task

1. Design a Next-Generation Active Directory Infrastructure with extensive Automation: Objective: Conceptualize and design a cutting-edge Active Directory (AD). Utilize the latest AD features for seamless scalability and security. Implement GitOps for version-controlled infrastructure management and automation for configuring deployment, ensuring rapid adaptation to evolving business needs. Focus on complex forest and domain configurations, multi-site replication, and granular group policy management. Ensure least privilege access and regulatory compliance in alignment with organizational requirements. Consider strict RBAC approaches. Ensure comprehensive OS/SW-patching- and autoimage-update mechanisms.

2. Design Identity Management Solutions with Secure Authentication Protocols: Objective: Conceptualize and design modern identity management solutions using secure standards for domain-overspanning authentication and authorization, ensuring seamless integration with on-prem enterprise environments. Design adaptive authentication standards to enhance security and user experience. Utilize automation pipelines for seamless deployment and management of authentication services. Utilize GitOps for declarative configuration management, enabling efficient scaling and continuous delivery of identity services.

3. Conceptualize a PKI Ecosystem with Secure Key Management and GitOps Integration: Objective: Design and conceptualize a robust PKI and Vault ecosystem with secure key management practices. Develop automated processes for credential rotation and cryptographic key management to enhance security posture. Integrate key management with GitOps workflows to automate certificate lifecycle management and ensure compliance. Employ advanced cryptographic techniques to enhance security and facilitate seamless key distribution across the infrastructure. 9

4. Conceptualize the Enforcement of Zero Trust Security Principles: Objective: Define hands-on Zero Trust security principles and strategies. Design automated solutions to mitigate security risks and enforce strict access controls based on identity and context.

#Must-Haves

• Microsoft Active Directory (AD)
• PKI Implementation
• Identity Management
• Password(less) Technologies
• Identity Federation Protocols
• Zero Trust Security Principles
• GitOps Methodologies / Ansible-based Windows Management / Operational Management Efficiency
• Multi-Security-Zoning Principles

#Requirments

1. Proficient in Microsoft Active Directory (AD) design, deployment, and management, including expertise in complex forest and domain architectures, multi-site replication, and group policy management, defining granular permissions based on user roles, groups, and organizational hierarchy, ensuring least privilege access and regulatory compliance. Further extensive knowledge in rollout-, update- and patching-methods.

2. Extensive knowledge of Public Key Infrastructure (PKI) implementation, including certificate authority (CA) design, certificate lifecycle management, and secure (auto) key distribution mechanisms.

3. Deep understanding of Identity Management concepts and solutions, encompassing user provisioning, authentication, authorization, and single sign-on (SSO) across diverse enterprise environments.

4. Expertise in developing and enforcing robust password(less) policies and secure authentication mechanisms, including multi-factor authentication (MFA), smart card authentication, biometric authentication as well as the rotation of sensitive credentials and cryptographic keys.

5. Skilled in designing and implementing secure identity federation protocols like OAuth, OpenID Connect, and SAML, enabling seamless authentication and authorization across heterogeneous systems and applications.

6. Familiarity with Zero Trust security principles and implementation strategies, including microsegmentation, continuous authentication, and dynamic access controls, to mitigate security risks in modern IT environments.

7. Strong expertise in operational management practices via GitOps methodologies, utilizing version control systems like Github for infrastructure as code (IaC) management, automated deployment, and configuration drift management. Skilled in Ansible-based Windows management within a fully automated AD environment, utilizing Ansible playbooks for automated configuration management, orchestration, and compliance enforcement across Windows servers and applications.

8. Skilled in implementing multi-security-zoning principles for network and system architecture design, enforcing segmentation and isolation of critical assets and sensitive data, enhancing resilience against cyber threats and ensuring regulatory compliance by appropriate concepts of firewalling, loadbalancing, APM and ASM

If you are interested in this project, I would be pleased to receive your current CV with information about your availability and your current hourly rate.

Please do not hesitate to contact me if you have any questions!