API Security Architect for Multinational Client in the Hague

WE ARE LOOKING FOR AN API SECURITY ARCHITECT TO WORK AT OUR MULTINATIONAL CLIENT IN THE HAGUE

EXPECTED TASKS AND DELIVERABLES BY THE CONSULTANTS

- Formalize the security requirements for the various use cases mentioned below and taking into account dependencies with ongoing initiatives such as:
- Definition of an IAM approach by the Office security team
- Selection of an API Management Platform
- Introduction of a Case Management System based on BeInformed technology, including a rules engine, requiring fine-grained access control based on the role an individual user has in a specific case.
- Design security architectures covering the use cases according to industry standards and best practices. Design decisions and their rational will be documented. The designs will cover authentication as well as coarse and fine-grained authorization and logging.
- Validate the security architectures through a proof of concept demonstrating how the architecture meets the security requirements in the various use cases
- Provide guidelines and reusable patterns supporting the current state as well as the future state including the implementation of an IAM system, an API management platform and an implemented Case Management system
- Provide a roadmap describing the transition from the current state to the future state.
- In addition, the access control architecture should be able to take account of the context (eg mobile, location, authentication strength, ...) of a access attempt and cater for both coarse-rained and fine-grained access control rules.

EDUCATIONAL AND EXPERIENCE

- University degree with minimum 7 years of experience in design of secure webAPIs
- Expert knowledge of federation technologies and protocols including
- Active Directory, Active Directory Federation Services
- oAuth, SAML
- Expert knowledge of authentication standards such as Kerberos, SPNEGO
- Deep understanding of authorization mechanisms supporting fine-and coarse-grained authorization and externalization of authorization from business applications
- Profound knowledge and understanding of security architecture with at least 7+ years in application security
- Expert knowledge of J2EE technologies
- Expert knowledge of REST architectural constraints and development of Restful web services
- Experience with externalizing authorization from Java applications through authorization engines and/or business rules engines
- Knowledge and experience with Prince 2
- Being active in a multi-cultural environment, the Contractor shall have a very good level of English (oral and written).
- The knowledge of German and French will be an advantage

infeurope is a Luxembourg-based IT service provider, designing, developing and managing multilingual information and documentary systems in many application areas and business sectors. For more than 33 years we have delivered IT systems and solutions, and IT consultancy and staffing services, to our clients in Luxembourg and across Europe.