- Unified Device Identity Service: APIs, plugins, and general availability readiness to support
- Compute, Networking, Storage for cloud and on-prem based deployments.
- Tactical and operational support for edge security infrastructure such as Web Application
- Firewalls and Rate Limiting Services.
- Hardware Attestation Service: API, plugins, and attestors to support
- Support SecOps teams through workload attestation services that allow for policy definitions
- and invocation.
This may include Workload and Agentic identity issuance and attestation.
- Workload and hardware attestation infrastructure support that includes utilization of open
- source software such as SPIFFE, SPIRE, and Keylime.
- Signing of JWT for services that enable application-level token verification.
- Support of IAM related initiatives such as decommission of PingFed and the creation of Auth IDP.
- Deployment utilizing existing and new pipelines, including integration into managed CI/CD pipelines and repos (including enhancements)
- Creation of and maintenance of scale, sanity, functional, and regression tests.
- Observability dashboards, alarming and alerting via pager duty
- Maintenance of services, open-source images, and developed services that meet patching guidelines for CVE and security / vulnerability response.
- Integration of source code with managed repo’s, integration, and deployments
Key Skills:
The tech stack to be used to support the items above are
PKI, Golang, Python, ArgoCD, Helm, Kubernetes, Istio , Zero Trust, SPIFFE, SPIRE, Envoy, Istio Rate Limit Service, OIDC Flows, and AI related topics such as MCP and RAG.
Knowledge of cloud-based services running in service meshes is expected
#J-18808-Ljbffr