Senior IT Architecture Infrastructure (m/f/d) - Ref. 105473
- Contract
For our client in Berlin we are looking for a freelance Senior IT Architect(m/f/d).
# Key data
Start: 01/06/2024
End: 31.12.2025 (with the option to extend)
Capacitiy: 2024: approx. 36PT, 2025: 66PT
Location: 95% remote and 5% Berlin
Contract: Contracting/Freelance
#Task
1. Design a Next-Generation Active Directory Infrastructure with extensive Automation: Objective: Conceptualize and design a cutting-edge Active Directory (AD). Utilize the latest AD features for seamless scalability and security. Implement GitOps for version-controlled infrastructure management and automation for configuring deployment, ensuring rapid adaptation to evolving business needs. Focus on complex forest and domain configurations, multi-site replication, and granular group policy management. Ensure least privilege access and regulatory compliance in alignment with organizational requirements. Consider strict RBAC approaches. Ensure comprehensive OS/SW-patching- and autoimage-update mechanisms.
2. Design Identity Management Solutions with Secure Authentication Protocols: Objective: Conceptualize and design modern identity management solutions using secure standards for domain-overspanning authentication and authorization, ensuring seamless integration with on-prem enterprise environments. Design adaptive authentication standards to enhance security and user experience. Utilize automation pipelines for seamless deployment and management of authentication services. Utilize GitOps for declarative configuration management, enabling efficient scaling and continuous delivery of identity services.
3. Conceptualize a PKI Ecosystem with Secure Key Management and GitOps Integration: Objective: Design and conceptualize a robust PKI and Vault ecosystem with secure key management practices. Develop automated processes for credential rotation and cryptographic key management to enhance security posture. Integrate key management with GitOps workflows to automate certificate lifecycle management and ensure compliance. Employ advanced cryptographic techniques to enhance security and facilitate seamless key distribution across the infrastructure. 9
4. Conceptualize the Enforcement of Zero Trust Security Principles: Objective: Define hands-on Zero Trust security principles and strategies. Design automated solutions to mitigate security risks and enforce strict access controls based on identity and context.
#Must-Haves
- Microsoft Active Directory (AD)
- PKI Implementation
- Identity Management
- Password(less) Technologies
- Identity Federation Protocols
- Zero Trust Security Principles
- GitOps Methodologies / Ansible-based Windows Management / Operational Management Efficiency
- Multi-Security-Zoning Principles
#Requirments
1. Proficient in Microsoft Active Directory (AD) design, deployment, and management, including expertise in complex forest and domain architectures, multi-site replication, and group policy management, defining granular permissions based on user roles, groups, and organizational hierarchy, ensuring least privilege access and regulatory compliance. Further extensive knowledge in rollout-, update- and patching-methods.
2. Extensive knowledge of Public Key Infrastructure (PKI) implementation, including certificate authority (CA) design, certificate lifecycle management, and secure (auto) key distribution mechanisms.
3. Deep understanding of Identity Management concepts and solutions, encompassing user provisioning, authentication, authorization, and single sign-on (SSO) across diverse enterprise environments.
4. Expertise in developing and enforcing robust password(less) policies and secure authentication mechanisms, including multi-factor authentication (MFA), smart card authentication, biometric authentication as well as the rotation of sensitive credentials and cryptographic keys.
5. Skilled in designing and implementing secure identity federation protocols like OAuth, OpenID Connect, and SAML, enabling seamless authentication and authorization across heterogeneous systems and applications.
6. Familiarity with Zero Trust security principles and implementation strategies, including microsegmentation, continuous authentication, and dynamic access controls, to mitigate security risks in modern IT environments.
7. Strong expertise in operational management practices via GitOps methodologies, utilizing version control systems like Github for infrastructure as code (IaC) management, automated deployment, and configuration drift management. Skilled in Ansible-based Windows management within a fully automated AD environment, utilizing Ansible playbooks for automated configuration management, orchestration, and compliance enforcement across Windows servers and applications.
8. Skilled in implementing multi-security-zoning principles for network and system architecture design, enforcing segmentation and isolation of critical assets and sensitive data, enhancing resilience against cyber threats and ensuring regulatory compliance by appropriate concepts of firewalling, loadbalancing, APM and ASM
If you are interested in this project, I would be pleased to receive your current CV with information about your availability and your current hourly rate.
Please do not hesitate to contact me if you have any questions!
ähnliche Jobs
Gehalt
Negotiable
Ort
Berlin (10117), Berlin
Sector
IT
Location
Berlin
Company - Germany
Harvey Nash
Job Type
Contract
Beschreibung
Für unseren Kunden im Großraum Berlin suchen wir aktuell nach einen freiberuflichen SAP Middleware Berater:innen. Eckdaten: Start: 01.06.2024Ende: 31.12.2025 (mit Option zur Verlängerung)Auslastung: 2
Referenz
BBBH105858_1714461486
Verfallsdatum
01/01/0001
Autor
Anni VuAutor
Anni VuGehalt
Verhandelbar
Ort
Oldenburg (26122), Niedersachsen
Sector
IT
Location
Düsseldorf
Company - Germany
Harvey Nash
Job Type
Contract
Beschreibung
Für unseren Kunden aus dem Energiesektor suchen wir derzeit einen Consultant (m/w/d) für Implementierung einer Genesys-Telefonieanlage. #Eckdaten:Start: 20. Mai 2024Ende: 30.06.2025Auslastung: 180-200
Referenz
BBBH105815_1714375902
Verfallsdatum
01/01/0001
Autor
Rebecca ThutAutor
Rebecca ThutGehalt
Negotiable
Ort
Düsseldorf (40212), Nordrhein-Westfalen
Sector
IT
Location
Düsseldorf
Company - Germany
Harvey Nash
Job Type
Contract
Beschreibung
For our client based in Düsseldorf we are looking for a freelance Project Manager for Renewables (m/f/d). #Project description: The client is currently in the process of further expanding its wind and
Referenz
BBBH105816_1714135379
Verfallsdatum
01/01/0001
Autor
Anni VuAutor
Anni Vu
Hallo, ich bin Anni,
und verantworte diesen Job