This position is no longer open for applications

Platform Engineer (AWS Openshift)

Platform Engineer (AWS Openshift) (AWSPlatform) London, England

Salary: GBP850 - GBP950 per day
Gibbs Hybrid require a Platform Engineer with strong AWS Openshift skills to work with a world leading IT services contractor on one of their prestigious government accounts. To be considered for the role, you must hold an active SC clearance.

Day rate: £850-£950
Hybrid: Central London/remote
Sector: Government (You must have an active SC clearance)
Length of contract: Initial 6 months – extensions likely

Role: AWS Openshift- SC Clearance required
Spec: During implementation the Secure Cloud Platform function will establish AWS native security controls required for the cloud platform to securely function and communicate with other entities. The Secure Cloud Platform function will work closely with other security tracks (application and container security, ISMS, data security, Operational security and Vulnerability management) to provide inputs and shape the design and implementation of each track.

a. Security input to the design of the hosting platform (AWS). This track will cut across all other security tracks and will include security inputs related to native AWS controls and services but not limited to fresh landing zone construct or an extension from an existing landing zone, security hub configuration, AWS config rules, VPC and Subnet, NACL, Security groups, AWS firewall, IPS rules, AWS KMS, ACM, AWS Macie, AWS IAM, HSM, Secrets manager.
b. Security input to the design of the OpenShift environment
i. Defining hardening policies and standards
ii. Container Security Tooling – design configuration for Red Hat Advanced Container Security (ACS)
c. Malicious code controls using the Trend Micro Deep Security malware module
i. For virtual machines specific to lot 2– by implementing and configuring Trend Micro Deep Security agents
ii. To scan files imported to the integration platform specific to Lot 2 – by implementing a script to scan files in a nominated folder using Trend Micro Deep Security. Files that pass the scan will be copied to an “output” folder for the integration platform to collect and forward.
d. Security input to the design of the identity and access management and privilage access management:
i. This will include the creation of a self-service mechanism for requests and renewals.
e. Security input to the design and implementation of the build pipeline tooling (for both integration hub and service operations) – providing input to the configurations of the various DevSecOps tools being integrated into the pipeline (including SCA, SAST and DAST). This activity will leverage the shared DevOps pipeline.
f. Hand-over the support of the DevSecOps tools (including Red Hat ACS) and anti-virus tooling (Trend Micro Deep Security and associated scanning script) to the client
g. Provide input to PKI, DLP, Application Security and DevSecOps, Operational security and vulnerability management tracks.
h. Provide inputs to operational security processes (ISMS)
i. Compliance management
ii. Vulnerability management
iii. Disposal processes
i. A vulnerability scanning service by implementing Tenable.SC scanning software in AWS.
i. The operating systems to be covered will be supported versions of Linux and Windows
ii. Vulnerability scans will be performed monthly and the raw scanning results handed over to the client without any additional validation or ranking being performed, beyond what the Tenable tool being used provides.
Provide inputs to design of AWS network firewall
i. Define the configuration for policies and rules to be implemented in the AWS network firewall
ii. Provide with inputs to the client on routing policies with AWS network firewall and Transit Gateway
iii. Support AWS network Firewall changes

All applicants must have active UK security clearance to be considered for this position.