Apply now »

Specialist-Infrastructure Operations_2058

Find more jobs
Job Level:  Professional
Location: 

IN

Area of Expertise:  IT & Tech Engineering
Unit:  Allianz Technology
Employing Entity:  Allianz Technology SE India Branch
Job Type:  Full-Time
Remote Job:  Hybrid working
Employment Type:  Permanent
ID:  94825
Position Cluster:  Non-Executive

HSM Operation [HSM]

You are responsible for the end-to-end operation of four Thales Luna 7 HSMs (two in production and two in integration), which are multi factor quorum enabled (USB PED Keys are required to execute critical commands). This includes lifecycle management (patching, vulnerability management, hardware replacement, backups, etc.), conduction of key ceremonies, implementation of new HSM use cases, execution of regular security controls, continuous service improvement (e.g. documentation & automation), conduction of regular DR tests, etc.

 

Operational Tasks

  1. Patching & Vulnerability Management
  • Ensure HSM’s are running on the latest suitable Firmware (test in integration -> rollout in production)
  1. Incident Handling
  • Ensure SLA conform incident handling/resolution (incl. root cause analyses, problem handling, etc.)
  1. Luna Client Packaging
  • Regularly order new packaging for Luna Client SW in case there is a new version released
  1. Hardware Lifecycle Management
  • Ensure Hardware is replaced before EOL
  1. Security Controls
  • Execute regular security controls (log analysis, review of access rights, etc.)
  1. HSM Use Case extension / overhaul
  • Implement new HSM use cases (e.g. onboarding of a new use case, replacement of an existing use case)
  1. Key Ceremonies
  • Preparation and execution of Key Ceremonies (creation of new cryptographic keys, which is required during onboarding of new use cases)
  1. DR Tests
  • Regular execution of DR tests
  1. SIEM Alerts
  • Investigation of SIEM Alerts

Ciphertrust Manager Operation [CTM]

You are responsible for the end-to-end operation of four Thales Ciphertrust Manager k470 appliances (two in production and two in integration). This includes lifecycle management (patching, vulnerability management, hardware replacement, backups, etc.), execution of service requests, execution of regular security controls, continuous service improvement (e.g. documentation & automation), conduction of regular DR tests, etc.

 

Operational Tasks

  1. Patching & Vulnerability Management
  • Ensure CTM appliances are running on the latest suitable Firmware (test in integration -> rollout in production)
  1. Incident Handling
  • Ensure SLA conform incident handling/resolution (incl. root cause analyses, problem handling, etc.)
  1. Hardware Lifecycle Management
  • Ensure Hardware is replaced before EOL
  1. Security Controls
  • Execute regular security controls (log analysis, review of access rights, etc.)
  1. Service Requests
  • Implement CTM service requests (e.g. on- / offboarding of Transparent Encryption Clients, on- / offboarding of KMIP Clients, on- / offboarding of Cloud Key Management environments, etc.)
  1. DR Tests
  • Regular execution of DR tests
  1. SIEM Alerts
  • Investigation of SIEM Alerts

 

Public Key Infrastructure Operation [PKI]

You are responsible for the end-to-end operation of the local Swiss PKI, which is an intermediate CA of the Allianz Group PKI (Allianz Root CA III). This includes lifecycle management (patching, vulnerability management, hardware replacement, backups, etc.) of the underlying infrastructure (servers, application software, webserver, etc.), consulting in case of certificate issues, execution of regular security controls, conduction of regular DR tests, supporting the phase out of the local PKI Service (planned for end of 2026)

 

Operational Tasks

  1. Patching & Vulnerability Management
  • Ensure PKI application is running on the latest suitable software (test in development -> integration -> rollout in production)
  1. Incident Handling
  • Ensure SLA conform incident handling/resolution (incl. root cause analyses, problem handling, etc.)
  1. Software Lifecycle Management
  • Ensure PKI is decommissioned / replaced before EOL
  1. Security Controls
  • Execute regular security controls (log analysis, review of access rights, etc.)
  1. Consulting Requests
  • Consult customers (most of the time system admins or similar) with certificate issues
  1. DR Tests
  • Regular execution of DR tests
  1. SIEM Alerts
  • Investigation of SIEM Alerts

 

Skill Requirements & Qualifications

Skill / Knowledge

Tasks

HSM

CTM

PKI

Tools Proficiency: Expertise in common tools such as ServiceNow, Jira, Confluence, PowerBI, Excel, PowerPoint

X

X

X

Security Standards and Practices: Understanding of security frameworks like ISO 27001, NIST, and best practices for network security as well as GISF

X

X

X

Network and System Security: Strong understanding of network protocols, firewall management, encryption techniques (SSL/TLS, IPsec and others), IDS/ISP, traffic patterns, threat indicators. Ability to interpret anomalies and behavioral alerts. Expertise in analyzing network flows and understanding ports and protocols Ability to identify and assess security risks.

X

X

X

 

 

Skill / Knowledge

Tasks

HSM

CTM

PKI

Lifecycle Management: Knowledge of IT asset lifecycle management and end-of-life processes. Ability to manage EOL/EOS components

X

X

X

Change and Patch Management: In-depth knowledge of Allianz Change- and Patch-Management Processes

X

X

X

Collaboration: Strong interpersonal skills to work effectively with international teams and stakeholders. Supportive Attitude. Stakeholder Engagement.

X

X

X

Communication Skills (English): Ability to communicate technical information clearly and understandably, both in writing and verbally.

X

X

X

Cultural Awareness: Sensitivity to work in a diverse and multicultural environment.

X

X

X

Certified Thales CipherTrust Data Security Platform (DSP) Professional

 

 

X

 

Successfully passed Thales Luna HSM 7 Core Certification Course

X

 

 

Public Key Infrastructure In-depth knowledge of Public Key Infrastructure

 

 

X

Encryption In-depth knowledge and understanding of encryption algorithms (especially how and where to use them + ideally: mathematical understanding of encryption algorithms), expertise to judge appropriateness and security of cryptographic solutions, in-depth knowledge of ISP#2

X

X

X

OpenTrust PKI In-depth knowledge of the OpenTrust PKI application

 

 

X

 

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
  • Minimum of 5 years of experience in security engineering, HSM operation, PKI operation, Ciphertrust Manager operation (formerly known as Vormetric) or a related field.
  • Relevant certifications such as CISSP, CISM, CEH or similar are highly desirable.

Required Tools & Access

Required Tool or Access

Tasks

HSM

CTM

PKI

Office365 Subscription (Outlook, Word, Excel, PowerPoint, OneNote, MS Teams, etc.)

X

X

X

Group Mailbox AzTec CH Security: allianztechnology-ch.security@allianz.com

X

X

X

ServiceNow and Membership in Assignment Group A.TEC.CH.ITSM.IT-SECURITY. GIAM-Roles: Asset Viewer, Change Owner, Configuration Viewer, Incident Support, Problem Analyst, ITSM Service Portfolio User, Requestor Infrastructure, Requestor Workplace, Requestor Application,

X

X

X

SharePoint AzTec CH Security

X

X

X

Confluence (CMP): AzTec CH - Security Home - AzTec CH - Security - JMP Confluence

X

X

X

Jira (JMP) Project of Cluster Security: AzTec CH - Security - JMP JIRA

X

X

X

FCC-Tool and IP-Admin Tool

X

X

X

IRM (Local Server Inventory Tool), Only accessible with Swiss (AzCH) Local Identity

X

X

X

Confluence (CMP): AzTec CH - Security Home - AzTec CH - Security - JMP Confluence, Home - IT Security Analyst - Home - IT Security Analyst - JMP Confluence, Allianz Switzerland - Fact Sheet - Home - IT Security Analyst - JMP Confluence

X

X

X

HSM Access (currently local accounts)

X

 

 

CTM Access (currently local accounts)

 

X

 

PKI Web Access (Custom Admin Certificates required)

 

 

X

AZ_SWITZERLAND_WIN_OPERATING-PLATFORM_EU (Access to Jumpservers for data transfer)

 

 

X

HSM-Access-from-AMC-CH (AAD Security Group)

X

 

 

AZ_SWITZERLAND_WIN_PKI_EU (for GPAM Access to PKI Servers)

 

 

X

Citrix Apps: cmd & FileExplorer (S80 Account + sga-xen-cmd + sga-xen-explorer AD Groups)

X

X

X

Chocolatey (MobaXTerm, OpenSSL, Softerra LDAP Browser)

X

X

X

LunaClient + Putty (AMC SW Store)

X

 

 

CipherTrust Manager CLI toolkit (no installation required)

 

X

 

Access to sr06848 (CTM Backup Server)

 

X

 

 

Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges, is what makes us a unique employer. Together we can build an environment where everyone feels empowered and has the confidence to explore, to grow and to shape a better future for our customers and the world around us. 

 

At Allianz, we stand for unity: we believe that a united world is a more prosperous world, and we are dedicated to consistently advocating for equal opportunities for all. And the foundation for this is our inclusive workplace, where people and performance both matter, and nurtures a culture grounded in integrity, fairness, inclusion and trust. 

 

We therefore welcome applications regardless of ethnicity or cultural background, age, gender, nationality, religion, social class, disability or sexual orientation, or any other characteristics protected under applicable local laws and regulations. 

 

Great to have you on board. Let's care for tomorrow. 

 

Note: Having different strengths, experiences, perspectives and approaches is an integral part of Allianz‘ company culture. One means to achieve this is a regular rotation of Allianz Executive employees across functions, Allianz entities and geographies. Therefore, the company expects from its employees a general openness and a high motivation to regularly change positions and collect experiences across Allianz Group.

Apply now »