Amsterdam, Noord-Holland
Job Summary
Need a secure access file transfer engineer with Devops knowlege
Key Responsibilities
Job Responsibilities : Design and operate the interactive access service based on Apache Guacamole, containerized on OpenShift, translating HTTPS to native protocols (SSH, RDP, SQL, VNC) Build and maintain the file transfer service using S3 presigned URLs with time-bound expiry and tenant-scoped bucket/path access controls Engineer tenant isolation within shared SaaS-style deployments, ensuring each consuming team only accesses their own targets through predefined connections and network-level controls Design credential lifecycle automation: retrieval/seeding at session start, reset/removal at session stop, integrated with Privileged Access Management and credential stores Build session recording and logging pipelines shipping audit data to tenant-specified log repositories (Kafka, S3, Git) Implement metering and billing event generation for per-tenant consumption tracking Develop CI/CD pipelines for automated platform lifecycle management: provisioning, start, stop, decommissioning (immutable infrastructure / cattle model) Collaborate with security teams to refine detection scenarios every sprint and maintain audited control reporting (Seven IT Risk Controls, COBIT framework) Define and monitor SLIs/SLOs: start latency, session success rate, recording completeness, tenant isolation violations, credential reset compliance
Skill Requirements
Skill Requirement : 3+ years hands-on experience with Kubernetes/OpenShift in production (deployment, networking, RBAC, persistent storage, operators) Proficiency in Go and Python for platform service development, automation, and tooling Strong Linux systems engineering (SSH, networking, security hardening, systemd) Container orchestration and CI/CD pipeline design (Helm, ArgoCD, Tekton, or equivalent) S3-compatible object storage (MinIO or AWS S3): presigned URLs, bucket policies, IAM integration Azure DevOps for backlog management, CI/CD pipelines, and release workflows Infrastructure as Code: Terraform, Ansible, or equivalent Understanding of security principles: zero-trust, defence-in-depth, protocol insulation, MFA, credential management Experience with IAM systems, directory services integration, and conditional access policies Familiarity with logging and monitoring stacks (Kafka, Elasticsearch, Prometheus/Grafana)
Other Requirements
Other Requirement : VMware Cloud Foundation (VCF) experience or familiarity with VCF-based infrastructure Experience with Privileged Access Management tooling (CyberArk, HashiCorp Vault) Experience with Apache Guacamole or similar remote access gateway technologies RDP and Windows Server administration knowledge Experience in regulated financial services environments (DORA, NIS2, or equivalent regulatory frameworks) Understanding of network segmentation and firewall rule management SOC2 Type 2 reporting or equivalent security assurance frameworks Experience designing metering/billing event pipelines for internal platform products
#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-#body.unify div.unify-button-container .unify-apply-now: focus, #body.unify div.unify-button-container .unify-apply-
