SonicJobs Logo
Left arrow iconBack to search

Azure Integration Engineer - Insurance

Lorien
Posted 19 days ago, valid for 7 days
Location

London, Greater London EC1R 0WX

Salary

£60,000 - £72,000 per annum

info
Contract type

Full Time

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

Sonic Summary

info
  • We are seeking a PKIaaS Delivery Partner with project experience in the insurance sector for a 6-month contract role.
  • The position requires at least 5 years of relevant experience in modern PKI CAs and CLM operating practices, with a strong focus on cloud services like Azure, AWS, and OCI.
  • The successful candidate will collaborate with professional services and internal teams to develop and implement best practices for certificate management and security protocols.
  • This role is classified as Inside IR35 and offers a competitive salary of £600-£700 per day.
  • If interested, please apply now to learn more about this opportunity.

PKIaaS Delivery Partner - Insurance

We are currently recruiting for a Delivery Partner with PKIaaS project experience to join one of our Global Insurance Clients on a 6 month contract.

Please note this role is Inside IR35.

High Level Deliverable:

Work with the PKIaaS Vendor professional services and colleagues to: -

  • Develop a RACI, detailing the shared responsibility between the SaaS vendor and areas of responsibility.
  • Aid in determining the need for an owned Certificate policy (CP) and Certificate Practice Statement (CPS), or whether leveraging the SaaS providers' will suffice. If the former, aid in its development.
  • Provide best-practice advice in determining the CA infrastructure hierarchy, taking account of multiple tenants in Azure, as well as multi-cloud services in AWS and OCI.
  • Work with colleagues and the PKIaaS vendors', to write the remote Root key generation (RKG) ceremony scripts, using a shared/split key model, and test the RKG at the DR site.
  • Work with colleagues to develop and test DR/BCP plans in relation to aspects of the service/infrastructure under controls
  • Ensure simplified automated certificate management workflows, that enforce compliance to organisational policies, that enable both users and machine identities to request, retrieve and revoke PKI certificates via respective APIs/Connectors.
  • Develop a set of controls and standard operational procedures for the secure implementation, integration, and management of the PKI certificate authorities and certificate lifecycle management services, to meet Standards and Control Objectives.
  • The development of an appropriate RBAC model, ensuring implementation of a least-privilege access model, and the appropriate Separation of Duties and dual control for key CA and CLM operations. Working with IAM teams to define and ensure creation of the appropriate groups and entitlement access packages within Entra ID.
  • Processes surrounding management of certificate profiles/templates.
  • Approvals processes for certificate issuance and revocation (part of integration with ticketing system)
  • Documented integration for key infrastructure for certificate issuance/lifecycle management.
  • Integration of the PKIaaS with IdP (Entra ID) to facilitate SSO and MFA enforcement.
  • Produce technical design of the PKIaaS, CLM and licensed features such as SSH certificates and Kubernetes integration
  • Perform technical implementation of the PKIaaS, CLM, SSH certificates and Kubernetes integration, such that artefacts created during initial pilot phases can be reused to integrate technology teams' infrastructure during subsequent wider rollout to teams
  • Define and create IaC templates, that can be used by technology teams to facilitate the integration of the PKI and certificate lifecycle management with cloud deployed resources (Azure, AWS, OCI).
  • Work with Security Defense team to identify security relevant alerts and integrate/push to Sentinel SIEM. Additional infrastructure elements (e.g. discovery scanners, CRL/OCSP) that need to be logged and alerted via SIEM should be identified, including relevant events, to ensure critical components are monitored.
  • Work with the Vendor and team to integrate the PKI and CLM tooling with ticketing tool.

Skills and Experience Requirements

  • Work with project management to agree priorities, detailed deliverables, and ensure successful delivery.
  • Provide a lead architecture/engineer resource, to manage backlog of partner deliverables and deliver to requirements.
  • Provide skilled resourced, as appropriate, to ensure success of deliverables.
  • For the delivery of operating procedures and controls resources will have experience of modern PKI CAs and CLM operating practices, processes and compliance requirements.
  • Alongside the experience/skills listed below, the partners' resources will have experience of working with development teams, IaC, using modern agile ways of working and a wide range of DevOps tooling.
  • At least, but not limited to, the following experience/skills to integrating PKI CA and CLM services and protocols with:
    • Microsoft Intune, including SCEP
    • Cloud Service Providers resources - Azure (majority of cloud workload), AWS and OCI. This includes integration with cloud native vaults in Azure, AWS, and OCI, as well as HashiCorp Vault.
    • Networking and Wifi services, including Meraki APs, Cisco, PaloAlto GlobalProtect and other VPN services,
    • Integration with Kubernetes, and ephemeral IaC/Certificates,
    • Service Now automation and workflow,
    • Services and protocols: SCEP, ACME, EST, OCSP and CRL, KMIP, CMPv2,
    • Certificate file formats: PEM, DER, PFX/PKCS#12, PKCS#7, PKCS#10, PKCS#11

If this role is of interest to you or you would like to learn more, please apply now!

Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.

Apply now in a few quick clicks

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.