High Level scope of Security POD for Private cloud engagement.
Security [Cloud-Identity, Zero Trust, Account isolation]
Summary:
- Security is paramount in the construction of Customer’s private cloud. This will encompass everything from identity management to zero-trust architectures and account isolation.
- With a focus on IAM, network structuring, and enhancing the self-service experience, envisions a robust and secure environment that can autonomously cater to user needs.
Design:
- Secret and certificate management across Infrastructure and applications.
- Choose a security framework that aligns with Customer's regulatory requirements and operational best practices.
- Implement an evaluation process for selecting identity management and security tools.
- RBAC based access for cluster namespaces, Service Mesh isolation between tenants.
- Container Registry mirroring and container image signing to minimize security threads from within the build process.
Technology selection/recommendations:
- Secret Management: CyberArk, Vault
- IAM: CyberArk, Azure AD
- Static Container Scanning: Trivy, Snyk. sBOM (Bill of Material): Syft/Grype Runtime Container Security: Falco/Red Hat Advanced Cluster Security
- Policy/Regulation compliance: OPA/ Red Hat ACS/Kyverno
- Reporting/Observability: Grafana, Prometheus, Red Hat Advanced Cluster Security
Security Architect Job Description
Required skills
- Accountable for translating private cloud implementation into a well-defined blueprint that uses Cloud Security Products to enhance IT security. Understands the vision and enabler to autonomously cater to user needs.
- In-depth knowledge of system design and architecture with the technologies and experience implementing a wide range of solutions
- Strong understanding of identity and access management, including mitigating credential theft
- Ability to be a technically strong individual with an IT Security background who has demonstrated skill in managing product teams; solid understanding of how IT Security enhances Digital Transformation and identifies new ways of helping bring new business solutions to market while remaining secure
- Leading a team of IAM, network structuring, and enhancing the self-service experience.
- Act as a Thought Leader to stakeholders such as CISOs and executive sponsor with regards to emerging technologies and market trends
- Accountable for customer orientated communications plan, focusing on strategic business value
- Work closely with the project team, CISO to manage and govern security forums with CISOs, NITSOs, CIOs and CTOs
Qualifications:
- Minimum 8 years of qualified experience
- Bachelor's degree in computer science(s), information technology/security, systems engineering or relevant work experience
- Good to have Professional certifications in information technology and cloud security -- CISSP preferred CCSP (optional), CISA (optional), CEH (optional), OSCP (optional); Architect Certification,