Platform / Security Architect

Location: Portland, OR, United States
Date Posted: 02-07-2018
Job Title: Platform / Security Architect 
Location: Portland, OR.



We are looking for a Platform and Security Architect to assist our customer starting 12-Feb or 19-Feb onsite in Portland, OR for 45 days. Scope is below.

HDP Cluster Security Design and Installation on 5 Clusters on Azure.

1.Architecture Review for Development, QA (East and West) and Production (East and West) Environment

a.Architecture review for existing development environment
b.Review QA East and West environment

i.Document cluster topology
ii.Document any differences in environment details including hardware, software, network and/or service accounts

c.Review service check results
d.Review roles and responsibilities, including project resource allocations
e.Review AD KDC integration requirements
f.Review Kerberization including cross-domain trust, if required
g.Agreed upon project plan for security implementation

2.DEVELOPMENT: Security and Kerberization

a.Review data classification, lineage, security and lifecycle management
b.Validate cluster readiness for security setup, including Kerberos
c.Configure Kerberos for cluster authentication
d.Test and validate services integration with AD KDC
e.Apache Ranger: Authorization

i.Review fine grained control access across HDFS, Hive, HBase, Knox and YARN
ii.Assist to build sample policies for access to files, folders, databases, tables or columns
iii.Review policy setup for individual or groups
iv.Assist to setup policy enforcement across HDP stack
v.Review data at rest encryption
f.Apache Knox: Perimeter Security
i.Review single point of access

1.Kerberos encapsulation
2.REST API hierarchy
3.Review perimeter security

ii.Centralized and Secure API

1.Central API management
2.Eliminate SSH edge node

iii.Review security integration options
iv.Review proxy configuration of non-default services, if required
g.Build Runbook with detailed steps

3.QA: East and West Clusters

a.Review East and West cluster configuration including

i.Security implementation
ii.Testing and Cutover Plan
iii.Review Runbook steps for QA

b.Review data classification, lineage, security and lifecycle management
c.Validate cluster readiness for security setup, including Kerberos
d.Configure Kerberos for cluster authentication
e.Test and validate services integration with AD KDC
f.Apache Ranger: Authorization

i.Review fine grained control access across HDFS, Hive, HBase, Knox and YARN
ii.Assist to build sample policies for access to files, folders, databases, tables or columns
iii.Review policy setup for individual or groups
iv.Assist to setup policy enforcement across HDP stack
v.Review data at rest encryption
g.Apache Knox: Perimeter Security
i.Review single point of access

1.Kerberos encapsulation
2.REST API hierarchy
3.Review perimeter security

ii.Centralized and Secure API

1.Central API management
2.Eliminate SSH edge node

iii.Review security integration options
ivReview proxy configuration of non-default services, if required
h.Update Runbook with QA details, including cutover plan

4.PRODUCTION: East and West Clusters
a.Review East and West cluster configuration including

i.Security implementation
ii.Testing and Cutover Plan
iii.Production jobs validation for cutover
iv.Review Runbook steps for QA

b.Review data classification, lineage, security and lifecycle management
c.Validate cluster readiness for security setup, including Kerberos
d.Configure Kerberos for cluster authentication
e.Test and validate services integration with AD KDC
f.Apache Ranger: Authorization

i.Review fine grained control access across HDFS, Hive, HBase, Knox and YARN
ii.Assist to build sample policies for access to files, folders, databases, tables or columns
iii.Review policy setup for individual or groups
iv.Assist to setup policy enforcement across HDP stack
v.Review data at rest encryption

g.Apache Knox: Perimeter Security

i.Review single point of access

1.Kerberos encapsulation
2.REST API hierarchy
3.Review perimeter security

ii.Centralized and Secure API

1.Central API management
2.Eliminate SSH edge node

iii.Review security integration options
iv.Review proxy configuration of non-default services, if required

h.Update Runbook with Production details

5.Knowledge Transfer
a.Client will work with Customer and hold Knowledge Transfer meetings with Customer-designated personnel, for an agreed upon duration.
b.Review security architecture and Ranger/Knox/HDFS configuration




Central Business Solutions, Inc,
37600 Central Ct.
Suite #214
Newark, CA 94560.
Central Business Solutions, Inc(A Certified Minority Owned Organization)
Checkout our excellent assessment tool: http://www.skillexam.com/
Checkout our job board : http://www.job-360.net/
=====================================================
Central Business Solutions, Inc
37600 Central Court Suite 214 Newark CA, 94560
Phone: (510)-713-9900, 510-573-5500 Fax: (510)-740-3677
Web: http://www.cbsinfosys.com
=====================================================
or
this job portal is powered by CATS