Opening of an LD post in DI-CSO: Identity Federation Manager
The IT department will publish soon on the CERN job portal the following Computing Engineer job:
Identity Federation Manager for the Academic Community in the Departmental Infrastructure Group, Computer Security Team (IT-DI-CSO).
With the steadily growing community of HEP institutes collaborating with CERN and contributing to joint projects (like the WLCG; cern.ch/wlcg) but also with the widening of CERN’s computing resources to other sciences (HelixNebula, e.g. CERN as a cloud service provider), the current model of providing every participant with a CERN computing account does not scale anymore. Instead, federated identities, i.e. computing accounts issued by individual universities and institutes themselves, which are subsequently permitted to access CERN’s computing resources are the best alternative currently. However, to embark on such an alternative, tight coordination of the technical implementation and related subjects like trust, vouching, security, data privacy and data dissemination (“attributes”) are necessary. Currently on-going activities in this domain are REFEDS (www.refeds.org), EduGAIN (www.geant.org/Services/Trust_identity_and_security/eduGAIN), AARC (aarc-project.eu), and Sirtfi (refeds.org/sirtfi) to name a few.
You will join
The CERN Computer Security Team (cern.ch/security), which is mandated to secure and protect all aspects of the computing infrastructure of CERN as well as its operations and reputation against any kind of cyber-threats.
As Identity Federation Manager in the IT department, you will liaise with universities, institutes and other relevant stakeholders worldwide in order to drive forward an efficient, flexible, trustworthy and secure enabling of identity federation accounts at CERN. This includes the deployment of the current policies, negotiation and implementation of new policies, and the co-ordination of any (other) aspect which enhances the trust, security, and data privacy principles within the corresponding federations. Close contact with the WLCG will also be beneficial since identity federations have strong similarities to the policy bodies governing the WLCG.
As a Service Manager, you will be in charge of the implementation and integration of the different services and tools to fulfil the practical objectives of Federation: Integration with CERN Single Sign-on, integration of multifactor tokens when available, design and implementation of a new fine-grained authorization service taking into account Federated Identities, WLCG support, etc.
As a member of the Computer Security Team, you are also supposed to participate in the CERN CERT (Computer Emergency Response Team) and contribute to the resolution of computer security incidents.
Master's Degree in the field of Computer Science or related field, or equivalent.
Experience and Competencies
The experience required for this post is:
- Proven capabilities in negotiating policies within an international collaboration of academic stakeholders, ideally already with a tight network of contacts within the international academic HEP community and/or the WLCG.
- Demonstrated experience in the computer security domain, on computer, network or software security, or as computer system administrator.
- The technical competencies required for this post are:
- Solution Architecture, User Relationship Management, Requirements definition and management, systems design
- Good knowledge of the Linux/UNIX operating system and in particular of shell scripting and
- programming (Perl, Python, and/or C), other languages or technologies would be a plus;
The behavioural competencies required for this post are:
- Achieving results: Delivering high quality work on time and fulfilling expectations; having a structured and organised approach towards work; being able to set priorities and plan tasks with results in mind; driving work / projects along and seeing them through to their conclusion.
- Communicating effectively: Successfully changing other people's opinions by persuasive arguments; delivering presentations in a structured and clear way; adjusting style and content to the audience; responding calmly and confidently to questions; expressing opinions, ideas and suggestions with conviction and in a logical/structured manner; keeping to the point.
- Learning and sharing knowledge: Keeping up-to-date with developments in own field of expertise and readily absorbing new information; sharing knowledge and expertise freely and willingly with others; coaching others to ensure knowledge transfer; creating or participating in forums to exchange experience, comparing techniques and learn from others.
- Solving problems: Identifying, defining and assessing problems, taking action to address them; addressing complex problems by breaking them down into manageable components; adopting a pragmatic approach; understanding the value of adopting generic rather than 'gold -plated' technical solutions.
- Working in the interest of the Organization: Championing new initiatives within and beyond the scope of own job; promoting synergy and cooperation between the various parts of the Organization.
The language competencies required for this post are:
- Spoken and written English: ability to draw-up technical specifications and/or scientific reports, and/or to make oral presentations. Basic knowledge of French language or an undertaking to acquire it rapidly.
If you are attracted by this post please discuss your interest directly with Stefan Lueders or Tim Smith (since the selected person will work closely with the IT-CDA Group too).
Not for you? You can nevertheless help the Organization finding the right candidates by talking to your internal contacts and/or signing up for eqipia (link is external), our employee referral support tool which will make it easy for you to publicise these jobs in your network.
Don’t hesitate to contact our HRA, Isabel Pumares Arguelles if you have questions or comments.