Platform / Security Architect

Location: Phoenix, AZ, United States
Date Posted: 07-03-2018
Job Title : Platform / Security Architect
Location:  Phoenix, AZ.

 


Description:
Here is scope for an engagement in AZ starting in 1-2 weeks for 4 months. This resource must be highly skilled in consultancy with great communication skills and will need to drive discovery workshops and solutions. This is not an implementation role, but more of an an advisory role. This customer is highly skilled in another hadoop distribution, so expectations are high for this Architect to lead their transition to client's.

1. HDP Security Review and Configuration ¿ Development Environment
a. Execute security discovery and design workshop
i. Review security layers including, perimeter security (Knox, Ambari SSL) and client communication to the cluster
ii. Review pros and cons of SSL for different components
iii. Generate Client recommendation list for security setup
b. Review HDP, Ambari, edge node system pre-requisites are met
c. Review current HDP cluster:
i. Security requirements for authentication, authorization and auditing
ii. Review users/group definitions and access policies
iii. Architecture review including platform services
d. Security configuration
i. Configure Kerberos, using KDC
ii. LDAP design and integration with Hadoop
iii. Ranger Configuration
1. Review ranger configuration and make necessary updates through Ambari
2. Review fine grained access control across HDFS, Hive, Knox and YARN
3. Assist to build sample policies for access to files, folders, databases, tables and/or columns.
4. Assist to setup policy enforcement across HDP stack
5. Review data at rest encryptions requirements and provide Client recommendations
iv. Knox configuration for perimeter security
1. Review single point of access
a. Kerberos encapsulation
b. REST API hierarchy
c. Review perimeter security
d. Review and configure SSO, if agreed by both parties
2. Centralized and Secure API
a. Central API management
b. Eliminate SSH ¿edge node¿
c. Review security integration options for non-default services, if desired
v. Atlas review and configuration
1. Create policies, including but not limited to HBase and Kafka
2. Review and configure Kerberos setting
3. Enable SSL
4. Setup knox proxy for atlas
5. Install sample metadata
6. Restart service
e. Run Platform test and validation
f. Build operations run book (development) for Customer

2. HDP Security Review and Configuration ¿ Production Environment
a. Review operational runbook and Production environment readiness
i. Identify any gaps in setup and configuration
ii. Review findings from development environment
b. Execute security discovery and design workshop, for production environment
i. Review perimeter security and KNOX
ii. Review and recommend SSL configuration for Ambari and HDP UI¿s
iii. Provide best practices recommendation for securing cluster
c. Review current HDP cluster:
i. Security requirements for authentication, authorization and auditing
ii. Review users/group definitions and access policies
iii. Architecture review including platform services deployment
iv. Generate a recommendation list for any changes into the environment (architecture and or services)
d. Security configuration
i. Configure Kerberos, using KDC
ii. LDAP design and integration with Hadoop
iii. Review Client recommendation for platform security (perimeter, gateway, in-cluster)
iv. Provide cluster security best practices recommendations
v. Ranger Configuration
1. Review ranger configuration and make necessary updates through Ambari
2. Review fine grained access control across HDFS, Hive, Knox and YARN
3. Assist to build sample policies for access to files, folders, databases, tables and/or columns.
4. Assist to setup policy enforcement across HDP stack
vi. Knox configuration for perimeter security
1. Review single point of access
a. Kerberos encapsulation
b. REST API hierarchy
c. Review perimeter security
d. Review and configure SSO, if required
2. Centralized and Secure API
a. Central API management
b. Eliminate SSH ¿edge node¿
c. Review security integration options for non-default services, if desired
vii. Atlas review and configuration
1. Create policies, including but not limited to HBase and Kafka
2. Review and configure Kerberos setting
3. Enable SSL
4. Setup knox proxy for atlas
5. Install sample metadata
6. Restart service
e. Run Platform test and validation
f. Update operations Runbook for Customer
g. Execute knowledge transfer session, for up to one (1) day

3. HDF Use-Case Best Practices & Recommendation
a. Review HDF cluster
i. Services deployment process
ii. Services update/patching process
iii. Operations and management of cluster, using Ambari
1. Review and update/configure HDF stack (Schema registry, SAM, Nifi, Kafka)
2. Review and update/configure schema registry and SAM for high-availability, if required
3. Perform platform validation tests
b. Security Review and Configuration
i. Install and configure KDC
ii. Verify Ambari configuration for HDF services
iii. Configure Knox for NiFi access
1. Validate NiFi access via Knox
iv. Verify and configure Ranger for NiFi
v. Configure authorization using Ranger
1. Create policies for NiFi access
2. Create a sample Kafka policy
3. Create a sample Storm policy
4. Enable Customer SME on Ranger policy setup and configuration
c. Provide HDF best practices for Nifi
i. Processors and memory, disk I/O and compute recommendations
ii. Review nifi performance properties from configuration file and Client tuning recommendation
iii. Nifi template create and manage best practices
d. Review Client best practices for flow development, test and promotion to production
e. Perform Knowledge transfer and hand-off




Central Business Solutions, Inc,
37600 Central Ct.
Suite #214
Newark, CA 94560.
Central Business Solutions, Inc(A Certified Minority Owned Organization)
Checkout our excellent assessment tool: http://www.skillexam.com/
Checkout our job board : http://www.job-360.net/
=====================================================
Central Business Solutions, Inc
37600 Central Court Suite 214 Newark CA, 94560
Phone: (510)-713-9900, 510-573-5500 Fax: (510)-740-3677
Web: http://www.cbsinfosys.com
=====================================================
or
this job portal is powered by CATS