Azure Integration Engineer - Insurance
We are currently recruiting for an Azure Integration Engineer to join one of our Global Insurance Clients on a 6 month contract.
Please note this role is Inside IR35.
Responsibilities:
Work with the PKIaaS Vendor professional services and colleagues to: -
- Develop a RACI, detailing the shared responsibility between the SaaS vendor and areas of responsibility.
- Aid in determining the need for an owned Certificate policy (CP) and Certificate Practice Statement (CPS), or whether leveraging the SaaS providers' will suffice. If the former, aid in its development.
- Provide best-practice advice in determining the CA infrastructure hierarchy, taking account of multiple tenants in Azure, as well as multi-cloud services in AWS and OCI.
- Work with colleagues and the PKIaaS vendors', to write the remote Root key generation (RKG) ceremony scripts, using a shared/split key model, and test the RKG at the DR site.
- Develop a set of controls and standard operational procedures for the secure implementation, integration, and management of the PKI certificate authorities and certificate lifecycle management services, to meet Standards and Control Objectives.
- The development of an appropriate RBAC model, ensuring implementation of a least-privilege access model, and the appropriate Separation of Duties and dual control for key CA and CLM operations. Working with IAM teams to define and ensure creation of the appropriate groups and entitlement access packages within Entra ID.
- Documented integration for key infrastructure for certificate issuance/lifecycle management.
- Produce technical design of the PKIaaS, CLM and licensed features such as SSH certificates and Kubernetes integration
- Define and create IaC templates, that can be used by technology teams to facilitate the integration of the PKI and certificate lifecycle management with cloud deployed resources (Azure, AWS, OCI).
- Work with Security Defense team to identify security relevant alerts and integrate/push to Sentinel SIEM. Additional infrastructure elements (e.g. discovery scanners, CRL/OCSP) that need to be logged and alerted via SIEM should be identified, including relevant events, to ensure critical components are monitored.
Skills and Experience Requirements
-
Work with project management to agree priorities, detailed deliverables, and ensure successful delivery.
-
Provide a lead architecture/engineer resource, to manage backlog of partner deliverables and deliver to requirements.
-
Provide skilled resourced, as appropriate, to ensure success of deliverables.
-
For the delivery of operating procedures and controls resources will have experience of modern PKI CAs and CLM operating practices, processes and compliance requirements.
-
Alongside the experience/skills listed below, the partners' resources will have experience of working with development teams, IaC, using modern agile ways of working and a wide range of DevOps tooling.
-
At least, but not limited to, the following experience/skills to integrating PKI CA and CLM services and protocols with:
-
Microsoft Intune, including SCEP
-
Cloud Service Providers resources - Azure (majority of cloud workload), AWS and OCI. This includes integration with cloud native vaults in Azure, AWS, and OCI, as well as HashiCorp Vault.
-
Networking and Wifi services, including Meraki APs, Cisco, PaloAlto GlobalProtect and other VPN services,
-
Integration with Kubernetes, and ephemeral IaC/Certificates,
-
Service Now automation and workflow,
If this role is of interest to you or you would like to learn more, please apply now!
Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.