Role: AWS Openshift - SC Clearance required
Spec: During implementation the Secure Cloud Platform function will establish AWS native security controls required for the cloud platform to securely function and communicate with other entities. The Secure Cloud Platform function will work closely with other security tracks (application and container security, ISMS, data security, Operational security and Vulnerability management) to provide inputs and shape the design and implementation of each track.
a. Security input to the design of the hosting platform (AWS). This track will cut across all other security tracks and will include security inputs related to native AWS controls and services but not limited to fresh landing zone construct or an extension from an existing landing zone, security hub configuration, AWS config rules, VPC and Subnet, NACL, Security groups, AWS firewall, IPS rules, AWS KMS, ACM, AWS Macie, AWS IAM, HSM, Secrets manager.
b. Security input to the design of the OpenShift environment
i. Defining hardening policies and standards
ii. Container Security Tooling - design configuration for Red Hat Advanced Container Security (ACS)
c. Malicious code controls using the Trend Micro Deep Security malware module
i. For virtual machines specific to lot 2- by implementing and configuring Trend Micro Deep Security agents
ii. To scan files imported to the integration platform specific to Lot 2 - by implementing a script to scan files in a nominated folder using Trend Micro Deep Security. Files that pass the scan will be copied to an "output" folder for the integration platform to collect and forward.
d. Security input to the design of the identity and access management and privilage access management:
i. This will include the creation of a self-service mechanism for requests and renewals.
e. Security input to the design and implementation of the build pipeline tooling (for both integration hub and service operations) - providing input to the configurations of the various DevSecOps tools being integrated into the pipeline (including SCA, SAST and DAST). This activity will leverage the shared DevOps pipeline.
f. Hand-over the support of the DevSecOps tools (including Red Hat ACS) and anti-virus tooling (Trend Micro Deep Security and associated scanning script) to Consulting
g. Provide input to PKI, DLP, Application Security and DevSecOps, Operational security and vulnerability management tracks.
h. Provide inputs to operational security processes (ISMS)
i. Compliance management
ii. Vulnerability management
iii. Disposal processes
i. A vulnerability scanning service by implementing Tenable.SC scanning software in AWS.
i. The operating systems to be covered will be supported versions of Linux and Windows
ii. Vulnerability scans will be performed monthly and the raw scanning results handed over to Consulting without any additional validation or ranking being performed, beyond what the Tenable tool being used provides.
j. Provide inputs to design of AWS network firewall
i. Define the configuration for policies and rules to be implemented in the AWS network firewall
ii. Provide with inputs to consulting on routing policies with AWS network firewall and Transit Gateway
iii. Support AWS network Firewall changes
Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds.
Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
