Engineer (IdM/PKI Services)
- Working Location: Mons, Belgium
- Security Clearance: NATO Cosmic Top Secret
- Language: High proficiency level in English language
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
- Extensive knowledge of modern communication and Internet Protocol (IP) based networking technologies and systems including security aspects
- 3 years extensive experience with PKI System development, design, management
- Extensive knowledge of Information security and Cryptography (symmetric and asymmetric encryption, public key infrastructure (PKI) encryption, public key encryption, hash functions, digital signatures, digital certificates)
- Working knowledge of router and switches configuration
- Practical experience in Windows Servers, RHEL and VMware system administration
- Knowledge of the principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications
- Experience with SQL database administration
- Extensive experience in operating systems backup and restore
- Practical experience in:
Scripting (Python, PowerShell)
SSL, TLS, and OpenSSL
Desirable Qualifications/Experience:
- VMware (VCA, VCP) and Linux RHEL system administration
- CISCO CCNA
- Microsoft Certified Solution Associate (MCSA)
- Microsoft Certified Solutions Expert (MCSE)
- Experience in development and implementation of computer security policies
DUTIES/ROLE:
- Manage the NATO wide NPKI Registration Authorities
- Maintain the day-to-day NATO wide PKI systems and components
- Manage and control of the lifecycle of end users and devices certificates
- Manage NPKI virtualize infrastructure
- Manage NPKI networking components
- Manage NPKI hardware infrastructure
- Manage the NPKI LDAP directory service and support HTTP service
- Responsible for the NCIA ITSM ticketing system
- Responsible for WNES- auto enrolment service, CSR SCEP
- Enrolment over Secure Transport (EST); Entrust Administration Services components especially in context of ITM and NPKI Mitigation projects new services development and deployment
- Responsible for Enterprise Mobile Mobility configuration, integration, maintenance
- Responsible for LDAP directory service configuration and maintenance
- Responsible for Online Certificate Status Protocol (OCSP) and Time Stamp management
- Responsible for Database maintenance, dedicated for NPKI
- Responsible Card Management System deployment, integration and day-to-day management
- Responsible for Hardware Security Module (HSM) firmware upgrade and management in different Date Centre location
- Responsible for the creation of PKI related guidance
- Certificate Authority Log analysis, (Troubleshoot the system ALARM/ERRORS and monitor user activity)
- Support Smart Card enrolment and certificate creation process
- Maintain the day-to-day operations /management /backup/restore of the PKI systems
- Provide technical support and assistance to ITM Operating Authorities and NPKI-Mitigation project team
- Provide 2nd and 3rd level technical support of CIS services to the NPKI customers
- Designing of new PKI components
- Responsible for the creation and maintenance of Standard Operating Procedures within the NPKI as part of modifications or additions to current capabilities
- Documenting of all new PKI services
- Installation and maintenance of NPKI components
- Be flexible to work outside normal office hours in response to crises, operational requirements