Overview
The Digital Infrastructure Security Engineer Analyst will be responsible for designing, implementing, and operating security solutions for authentication, identity management, and technological infrastructure monitoring within the project. The role focuses on secure identity, authentication, and access management.
Key Responsibilities
- Implement and maintain authentication and Single Sign-On (SSO) platforms, ensuring integration with internal and external systems.
- Plan centralized authentication architecture with high availability and resilience.
- Define realms, clients, roles, and groups according to organizational security policies.
- Structure multi-tenant environments (production, staging, and testing).
- Configure federation with external identity providers (e.g., Azure AD, Google Workspace, LDAP, AD FS).
- Ensure compatibility and correct implementation of authentication and authorization protocols (OpenID Connect, OAuth 2.0, SAML 2.0, LDAP).
- Administer and evolve security and monitoring tools in on-premises and multi-cloud environments.
- Lead the lifecycle of security tools, including deployment, integration, tuning, and troubleshooting.
- Develop internal security automation solutions using Python, Node.js, and React.
- Coordinate vulnerability mitigation and Common Vulnerabilities and Exposures (CVEs) application.
- Monitor, adjust, and strengthen network controls, proxy, and Cloud Access Security Broker (CASB).
- Support internal and external audits by providing evidence, logs, and technical reports.
- Act as a technical reference in information security and infrastructure for DevOps, Cloud, and Engineering teams.
- Ensure the facilitation of knowledge construction and sharing.
Required Experience
- Candidates with a Bachelor's degree must have a minimum of 2 years of experience in infrastructure security engineering, information security, and/or operation of centralized authentication environments, SSO, or identity management.
- Desired skills include experience in Keycloak, SAML 2.0, OIDC, OAuth 2.0, LDAP, cloud infrastructure (Azure and AWS), proxy and CASB, security automation and integration (Python, Node.js, REST APIs, Webhooks), DevSecOps, secure CI/CD pipelines, secret management, monitoring and observability, container security, and policy management.
Qualifications
- Advanced University Degree (Master's or equivalent) in Information Technology, Computer Science, Computer Engineering, Information Systems, Information Security, or related fields is required.
- Alternatively, a University Degree (Bachelor's) in the mentioned areas, combined with 2 additional years of qualified experience, will be considered in lieu of an Advanced University Degree.
