At CERN, the European Organization for Nuclear Research, physicists and engineers are probing the fundamental structure of the universe. Using the world's largest and most complex scientific instruments, they study the basic constituents of matter - fundamental particles that are made to collide together at close to the speed of light. The process gives physicists clues about how particles interact, and provides insights into the fundamental laws of nature. Find out more on http://home.cern.
As Digital Identity Management Systems Engineer you will take a leading role in the planning, design, implementation, testing and commissioning, operation, maintenance and development work associated with digital identity management systems, platforms, services and applications.
In the IT department*, Collaboration, Devices and Applications (CDA) group, you will join the team operating, supporting and enhancing the sophisticated CERN identity management, authentication, authorization, resource management, certification and federation infrastructure. More specifically, you will work on the MALT** FreeIPA project whose aim is to replace the existing Active Directory (AD) infrastructure by Kerberos and LDAP services, based on FreeIPA (open source Identity Management solution).
* IT department: http://information-technology.web.cern.ch/
** MALT project: https://malt.web.cern.ch/malt/
- Capture and analyse the requirements of the major user communities to steer the service design.
- Develop the future CERN Directory Services based on FreeIPA, including;
- Stable and scalable deployment of FreeIPA, using puppet.
- Enhancement of CERN’s virtual computing infrastructure management tools to support FreeIPA.
- Enhancement of CERN’s Directory Service clients to support FreeIPA, such as by host certificate creation and keytab installation.
- Document the new service from the administration and user perspectives.
Master's degree or PhD or equivalent relevant experience in the field of Information Technologies or a related field.
You have demonstrated experience in the implementation and operation of complex digital identity management services, especially with the FreeIPA solution and Kerberos.
More specifically, you have extensive experience in the configuration, deployment and management of identity management solutions, and in system administration.
You also have demonstrated experience in the computer security domain.
Demonstrated experience in large scale (>50,000 hosts and users) mixed Linux and Windows computing infrastructure management is a strong plus.
- Configuration and use of information management systems: Puppet.
- Knowledge of operating systems: Linux.
- Knowledge of best practices for implementing ICT security standards and policies, including security hardening of services.
- Architecture and design of ICT systems, in particular complex services which include redundancy configuration and storage architectures, and which rely on, and are integrated with, CERN IT infrastructure services.
- Solving problems: identifying, defining and assessing problems, taking action to address them Testing solutions for long-term suitability, cross-checking with all concerned before implementation. Finding the information needed to solve problems; making objective judgments based on all the facts available.
- Working in teams: building and maintaining constructive and effective work relationships working well in groups and readily fitting into a team; participating fully and taking an active role in team activities supporting and acting in accordance with team decisions; accepting joint responsibility for team successes and shortcomings.
- Communicating effectively: ensuring that information, procedures and decisions are appropriately documented delivering presentations in a structured and clear way; adjusting style and content to the audience; responding calmly and confidently to questions.
- Achieving results: delivering high quality work on time and fulfilling expectations defining clear objectives, milestones and deliverables before initiating work/ project.
Spoken and written English or French: ability to understand and speak the other language in professional contexts. Ability to draw-up technical specifications and/or scientific reports and to make oral presentations in at least one of the two languages.
Eligibility and closing date:
Diversity has been an integral part of CERN's mission since its foundation and is an established value of the Organization. Employing a diverse workforce is central to our success. We welcome applications from all Member States and Associate Member States.
This vacancy will be filled as soon as possible, and applications should normally reach us no later than 23.04.2021 at 12PM CET.
Contract type: Limited duration contract (2 years). Subject to certain conditions, holders of limited-duration contracts may apply for an indefinite position.
These functions require:
- Work during nights, Sundays and official holidays, when required by the needs of the Organization.
- Stand-by duty, when required by the needs of the Organization.
Job grade: 6-7
Job reference: IT-CDA-IC-2021-30-LD
Benchmark Job Title: Computing Enginee