Unix Centrify Architect
Hire IT People, LLC
Job Seekers, Please send resumes to resumes@hireitpeople.com Short Description: see skills matrix
Job Description:Advanced experience in architecting infrastructure solutions including proven experience with infrastructure integration.
Complete Description: During the initial evaluation of the Centrify product the following business objectives were given and agreed upon by DTMB and MCS as requirements for the purchase of the product. We have attached and installed Centrify and connected Linux servers to Active Directory. The following tasks are needed to be completed to satisfy the agreed upon Business Objectives.
Resource Tasks:
1. Centrally Manage all user accounts to satisfy audit requirements.2. Provide detailed auditing of all tasks executed on all NGDI servers.3. Utilize RBAC to provide a higher level of security and maintain compliance with all the regulatory bodies.4. Configure solution according to standards to ensure proper operations.5. Provide the ability to have secure authentication without entering passwords with emphasis on the DMZ.6. Limit attack vectors in the event that a breach may occur.
1. TaskUpdate all servers with the appropriate DNS settings and validate that both forward and reverse lookup entries are created in the NGDS Domain
Issue This is to ensure proper operations. Pointing the servers to the correct DNS servers and populating the reverse DNS ensures that industry standards are adhered to and that we limit potential outages
2. TaskConfigure Kerberos authentication on all Linux servers so that there is no password keyed in at the time of logon. This will mitigate the passwords staying resident in memory where they can be retrieved by scraping the memory
IssueKerberos authentication – this was one of the requirements when we first were rolling out Centrify. Kerberos authentication means that passwords are not entered into the endpoint which protects against password theft through memory scraping.
3. TaskConfigure Centrify Zone Provisioning agent. This is the automated provisioning of users and groups into Centrify for granting permissions for accessing servers.
IssueThis automatically adds and removes users from the Centrify system. This reduces potential human errors during deploy and the auto removal ensures security holes are closed when a user is removed
4. TaskInstall Centrify Agent on all windows servers in NGDI. Configure and validate video
IssueTo reduce the chance of pivot attacks in windows we install Centrify on Windows and configure RBAC. With domain accounts the likely hood of a pivot attack after a breach is quite high.
5. TaskRemove user access from launching a console session through BladeLogic.
IssueThis is a breach in separation of duties. Unfortunately, in its current configuration the administrators of BSA have the ability to grant themselves access to data. Secondly the administrators are all connecting to the servers as root through the nsh that BladeLogic provides
6. TaskUpgrade all Centrify components to the latest code.
IssueThis would be to gain the enhancements in the newer versions, bug fixes and to provide any security patches that come with the upgrade
7. TaskDevelop and Configure Roles in Centrify for granting appropriate access to servers based on job function. (DBA, Sysadmin, WebAdmin, WASAdmin….etc.)
IssueToo many loose privileges leave countless back doors for potential attackers. The RBAC will tighten up privileges and reduce potential attack vectors
8. TaskFix Licensing server in Zone 1.49
IssueThere was a change in the licensing service with in Centrify. There should only be one license server per forest. Currently there are 2 in Zone 1.49.
SkillRequired / DesiredAmountof ExperienceUnix System AdministrationRequired5YearsExperience in creation, maintenance, and execution of system/administrative scripts such as Bash, Python, Power ShellRequired5YearsExperience with creation of scripts in Ansible to automate software provisioning, configuration management and application deploymentRequired2YearsExperience working with and configuration of user identity managementRequired5YearsExperience in deploying and administering storage hardware or logical storage arraysRequired5YearsExperience working in a Devops or Secops capacity in a 1000+ server environmentRequired5YearsExperience with working with CICD, containers, Docker, Kubernetes and/or OpenShift deployments and supportRequired2YearsExperience installing, configuring, and administering Red Hat Enterprise LinuxRequired5YearsExperience resolving intermediate issues with Configuration Management and Networking conceptsRequired5YearsExperience in performing security testing such vulnerability assessments or penetration tests to identify security misconfigurations or vulnerable SWRequired5YearsExperience in remediating security issues identified by vulnerability assessments or penetration testsRequired5YearsAbility to design, implement and operate systems with adherance to industry compliance such as PCI-DSS, HIPAA, ISO and identify policy violations or sRequired5Years.
Job Description:Advanced experience in architecting infrastructure solutions including proven experience with infrastructure integration.
Complete Description: During the initial evaluation of the Centrify product the following business objectives were given and agreed upon by DTMB and MCS as requirements for the purchase of the product. We have attached and installed Centrify and connected Linux servers to Active Directory. The following tasks are needed to be completed to satisfy the agreed upon Business Objectives.
Resource Tasks:
1. Centrally Manage all user accounts to satisfy audit requirements.2. Provide detailed auditing of all tasks executed on all NGDI servers.3. Utilize RBAC to provide a higher level of security and maintain compliance with all the regulatory bodies.4. Configure solution according to standards to ensure proper operations.5. Provide the ability to have secure authentication without entering passwords with emphasis on the DMZ.6. Limit attack vectors in the event that a breach may occur.
1. TaskUpdate all servers with the appropriate DNS settings and validate that both forward and reverse lookup entries are created in the NGDS Domain
Issue This is to ensure proper operations. Pointing the servers to the correct DNS servers and populating the reverse DNS ensures that industry standards are adhered to and that we limit potential outages
2. TaskConfigure Kerberos authentication on all Linux servers so that there is no password keyed in at the time of logon. This will mitigate the passwords staying resident in memory where they can be retrieved by scraping the memory
IssueKerberos authentication – this was one of the requirements when we first were rolling out Centrify. Kerberos authentication means that passwords are not entered into the endpoint which protects against password theft through memory scraping.
3. TaskConfigure Centrify Zone Provisioning agent. This is the automated provisioning of users and groups into Centrify for granting permissions for accessing servers.
IssueThis automatically adds and removes users from the Centrify system. This reduces potential human errors during deploy and the auto removal ensures security holes are closed when a user is removed
4. TaskInstall Centrify Agent on all windows servers in NGDI. Configure and validate video
IssueTo reduce the chance of pivot attacks in windows we install Centrify on Windows and configure RBAC. With domain accounts the likely hood of a pivot attack after a breach is quite high.
5. TaskRemove user access from launching a console session through BladeLogic.
IssueThis is a breach in separation of duties. Unfortunately, in its current configuration the administrators of BSA have the ability to grant themselves access to data. Secondly the administrators are all connecting to the servers as root through the nsh that BladeLogic provides
6. TaskUpgrade all Centrify components to the latest code.
IssueThis would be to gain the enhancements in the newer versions, bug fixes and to provide any security patches that come with the upgrade
7. TaskDevelop and Configure Roles in Centrify for granting appropriate access to servers based on job function. (DBA, Sysadmin, WebAdmin, WASAdmin….etc.)
IssueToo many loose privileges leave countless back doors for potential attackers. The RBAC will tighten up privileges and reduce potential attack vectors
8. TaskFix Licensing server in Zone 1.49
IssueThere was a change in the licensing service with in Centrify. There should only be one license server per forest. Currently there are 2 in Zone 1.49.
SkillRequired / DesiredAmountof ExperienceUnix System AdministrationRequired5YearsExperience in creation, maintenance, and execution of system/administrative scripts such as Bash, Python, Power ShellRequired5YearsExperience with creation of scripts in Ansible to automate software provisioning, configuration management and application deploymentRequired2YearsExperience working with and configuration of user identity managementRequired5YearsExperience in deploying and administering storage hardware or logical storage arraysRequired5YearsExperience working in a Devops or Secops capacity in a 1000+ server environmentRequired5YearsExperience with working with CICD, containers, Docker, Kubernetes and/or OpenShift deployments and supportRequired2YearsExperience installing, configuring, and administering Red Hat Enterprise LinuxRequired5YearsExperience resolving intermediate issues with Configuration Management and Networking conceptsRequired5YearsExperience in performing security testing such vulnerability assessments or penetration tests to identify security misconfigurations or vulnerable SWRequired5YearsExperience in remediating security issues identified by vulnerability assessments or penetration testsRequired5YearsAbility to design, implement and operate systems with adherance to industry compliance such as PCI-DSS, HIPAA, ISO and identify policy violations or sRequired5Years.
Confirm your E-mail: Send Email
All Jobs from Hire IT People, LLC