Description
Security Architecture support for technical infrastructure architecture.
Must have: Kerberos, single-sign on, architecture risk assesments and security architecture.
Location: The Hague, the Netherlands
Duration: around 6 months
Scope of the service
1. Support the teams with expert advice on best practices for security perimeter defence.
2. Perform architecture risk assessments both for in-house developed solutions, custom of the shelf products and outsourced solutions.
3. Assist in the design of the future security perimeter architecture including Firewall, IDPS, malware protection, denial of service attack prevention
4. Document security controls through the Troux enterprise architecture management suite
5. Document security standards, guidelines and best practices
6. Translate requirements for confidentiality, integrity and availability of data into a security architecture
Deliverables
1. Gap analysis of the current state architecture and industry best practice architectures
2. Future state architecture including description of required capabilities
3. Risk assessments and mitigations for transformation programmes and integration architectures.
4. Documented security patterns
Requirements
The candidate should have experience with the design of security architectures following industry best practice patterns.
Specific technical experience in a production environment of:
Firewalls: Nokia-Checkpoint, Juniper Netscreen, mainstream vendors
IDPS: mainstream vendors, host-based and network based intrusion detection.
SSL VPN: Mainstream products
Web Access Management: Mainstream approaches
Authentication: Radius, Kerberos, Single-Sign On, Vasco tokens, Federation(SAML, WSFed), WebSSO, two factor authentication
Authorization: Role based access control, Rules based authorization
Network: LAN, WAN, SAN
Communication protocols: HTTP, TCP/IP, HTTPS,
Enterprise Security Architecture: Zachman,TOGAF, SABSA
Application Development Platforms: Java, .NET
Operating Systems: Windows, Unix, Linux
Identity Repositories: LDAP, Active Directory, RACF