Identity Federation Manager
Bring the physics world closer together! Enable our steadily growing researcher community to use their home institute's computing account to access CERN's computing resources. Negotiate the principles and policies such that computing accounts uniformly meet basic security standards. Join the CERN Computer Security Team in the IT department and help balance our academic openness with "security". CERN, take part!
Identity Federation Manager for the Academic Community in the IT Department, Departmental Infrastructure Group (IT-DI), Computer Security Team (IT-DI-CSO).
With the steadily growing community of HEP institutes collaborating with CERN and contributing to joint projects (like the WLCG: cern.ch/wlcg) but also with the widening of CERN's computing resources to other sciences (HelixNebula, e.g. CERN as a cloud service provider), the current model of providing every participant with a CERN computing account does not scale anymore. Instead, federated identities, i.e. computing accounts issued by individual universities and institutes themselves which are subsequently permitted to access CERN's computing resources are the best alternative currently. However, to embark on such an alternative, tight coordination of the technical implementation and related subjects like trust, vouching, security, data privacy and data dissemination ("attributes") are necessary.
Currently on-going activities in this domain are REFEDS (www.refeds.org), EduGAIN (www.geant.org/Services/Trust_identity_and_security/eduGAIN), AARC (aarc-project.eu), and Sirtfi (refeds.org/sirtfi) to name a few.
You will join
The CERN Computer Security Team (cern.ch/security), which is mandated to secure and protect all aspects of the computing infrastructure of CERN as well as its operations and reputation against any kind of cyber-threats.
As an Identity Federation Manager in the IT department, you will liaise with universities, institutes and other relevant stakeholders worldwide in order to drive forward an efficient, flexible, trustworthy and secure enabling of identity federation accounts at CERN. This includes the deployment of the current policies, negotiation and implementation of new policies and the co-ordination of any (other) aspect which enhances the trust, security, and data privacy principles within the corresponding federations. Close contact with the WLCG will also be beneficial since identity federations have strong similarities to the policy bodies governing the WLCG.
As a service manager, you will be in charge of the implementation and integration of the different services and tools to fulfil the practical objectives of federation: integration with CERN Single Sign-on, integration of multifactor tokens when available, design and implementation of a new fine-grained authorization service taking into account Federated Identities, WLCG support, etc.
As a member of the Computer Security Team, you are also supposed to participate in the CERN CERT (Computer Emergency Response Team) and contribute to the resolution of computer security incidents.
Master's degree in the field of computer science or related field, or equivalent.
The experience required for this post is:
- Proven capabilities in negotiating policies within an international collaboration of academic stakeholders, ideally already with a tight network of contacts within the international academic HEP community and/or the WLCG.
- Demonstrated experience in the computer security domain on computer, network or software security, or as computer systems administrator.
The technical competencies required for this post are:
- Solution architecture: user relationship management, requirements definition and management, systems design.
- System software administration: good knowledge of the Linux/UNIX operating system and in particular of shell scripting.
- Programming/software development: (Perl, Python, and/or C), other languages or technologies would be a plus.
The behavioural competencies required for this post are:
- Achieving results: delivering high quality work on time and fulfilling expectations; driving work/projects along and seeing them through to their conclusion; having a structured and organised approach towards work; being able to set priorities and plan tasks with results in mind.
- Communicating effectively: successfully changing other people's opinions by persuasive arguments; expressing opinions, ideas and suggestions with conviction and in a logical/structured manner; keeping to the point; delivering presentations in a structured and clear way; adjusting style and content to the audience; responding calmly and confidently to questions.
- Learning and sharing knowledge: keeping up-to-date with developments in own field of expertise and readily absorbing new information; sharing knowledge and expertise freely and willingly with others; coaching others to ensure knowledge transfer.
- Solving problems: identifying, defining and assessing problems, taking action to address them; adopting a pragmatic approach; understanding the value of adopting generic rather than `gold -plated' technical solutions; addressing complex problems by breaking them down into manageable components.
- Working in the interests of the Organization: championing new initiatives within and beyond the scope of own job; promoting synergy and cooperation between the various parts of the Organization.
The language competencies required are:
- Spoken and written English; ability to draw-up technical specifications and/or scientific reports, and/or to make oral presentations.
- Basic knowledge of French language or an undertaking to acquire it rapidly.
Employing a diverse and international workforce is a CERN core value and central to our success. We welcome applications from all Member States irrespective of gender, age, disability, sexual orientation, race, religion or personal situation.
This vacancy will be filled as soon as possible, and applications should normally reach us no later than 25.05.2017.
By applying here, you allow CERN to consider your application for any position it considers relevant with respect to your profile. Please ensure you update your profile regularly with any relevant information and that you inform the recruitment service if you wish your file to be removed from the database.
We offer a limited-duration contract for a period of 5 years. Limited-duration contracts shall terminate by default on their date of expiry. Subject to certain conditions, holders of limited-duration contracts may apply for an indefinite position.
These functions require:
- Stand-by duty, when required by the needs of the Organization.
- Work during nights, Sundays and official holidays, when required by the needs of the Organization.