Senior Secure Platform Specialist

Job Purpose We are seeking a Senior

Secure Platform Specialist

to lead the design, security, lifecycle management, and automation of our secure landing zone infrastructure, built on VMware vSphere, VMware Aria, Linux, Windows, Omnissa Horizon (VDI), and CyberArk. This hybrid role combines infrastructure expertise, security engineering, compliance alignment, and cross‑functional collaboration, serving as the trusted authority for secure platform operations.

The ideal candidate brings deep technical expertise and strategic thinking, with full accountability across the infrastructure lifecycle, compliance (e.g., NIST 800‑53), and governance. You’ll work closely with InfoSec, HPC teams, IT, DevOps, and the Export Compliance Office to ensure that both the platform and its workloads meet evolving operational, legal, and regulatory standards.

Major Accountabilities Own the full lifecycle (design, deploy, operate, optimize, and decommission) of critical infrastructure platforms.

vSphere & Aria Secure Landing Zone

Architect and administer secure vSphere clusters and Aria Operations / Automation instances

Configure distributed resource scheduling, security hardening, workload segmentation, and capacity planning

Monitor with Aria Ops for compliance, performance, and availability

Lead host patching, firmware updates, and decommissioning processes for end‑of‑life infrastructure

CyberArk Privileged Access Management

Architect and manage the CyberArk Core Vault, DR Vault, PVWA, CPM, and PSM

Onboard and govern privileged accounts and credential lifecycles (human and non‑human)

Enforce session isolation, recording, and vaulting policies

Integrate CyberArk with IdPs, SIEMs, and ITSM systems

Oversee upgrades, platform health, and safe retirement

Omnissa Horizon (VDI)

Design and maintain VDI infrastructure (Connection Servers, Unified Access Gateways, Load Balancing)

Configure user pools, Smart Policies, MFA, and security controls for sensitive access

Manage golden image lifecycle, patching, and pool recomposition

Monitor performance, login behavior, and entitlement drift

Retire unused pools and infrastructure with compliance traceability

Security & Compliance Management

Own enforcement and alignment of NIST 800‑53 controls within infrastructure

Maintain audit readiness : documentation, POAMs, evidence collection, control mapping

Continuously assess platform configurations for compliance drift and automate remediation

Implement export boundary enforcement in coordination with Export Compliance Officer

DevSecOps Enablement & Automation

Implement Infrastructure‑as‑Code and automated workflows for provisioning, security patching, and audit evidence generation

Use tools like Terraform, Ansible, PowerShell, or Python to reduce manual effort and enforce consistency

Integrate Aria, CyberArk, and VDI infrastructure into CI / CD and DevOps pipelines to secure deployments

Develop reusable templates, runbooks, and guardrails for internal developers and IT engineers

Cross‑Functional Collaboration

Information Security / GRC : align with security policies, audits, and compliance attestation

IT Operations : coordinate upgrades, maintenance, and incident response

HPC and Scientific Computing Teams : ensure secure enablement of high‑performance, regulated workloads

Export Compliance Officer : validate regional data boundaries, export‑controlled operations, and workload placement

Enterprise Architects : support secure platform modernization and alignment with cloud transformation initiatives

Person Requirements Competencies

Strategic Infrastructure Leadership

– Lead platform lifecycle planning, modernization, and long‑term roadmap execution.

Security Architecture & Enforcement

– Apply Zero Trust principles, privileged access management, and secure workload segmentation across virtualized environments.

Compliance Execution & Audit Readiness

– Manage compliance alignment with NIST 800‑53, export controls, and licensing conditions; own POAM resolution and control documentation.

Infrastructure Automation Expertise

– Deliver scalable, consistent infrastructure through Infrastructure‑as‑Code and automated remediation pipelines.

Cross‑Functional Communication & Influence

– Bridge the gap between engineering, InfoSec, compliance, and operations teams; translate technical decisions into risk and policy terms.

Lifecycle Ownership Accountability

– Fully own the planning, deployment, operations, optimization, and decommissioning of platform infrastructure components.

Risk‑Driven Decision Making

– Prioritize security, compliance, and performance trade‑offs based on business risk and operational impact.

Qualifications

Bachelor’s or Master’s in Cybersecurity, Computer Science, or a related field

Preferred Certifications :

• CISSP, CISM, or GCCC
• VMware VCAP / VCIX, Horizon Specialist
• Linux, Windows OS
• CyberArk Defender
• ITIL v4, TOGAF, or enterprise architecture frameworks

Experience

8–12+ years of experience in infrastructure, security engineering, or platform operations

Demonstrated expertise with VMware vSphere, Aria Operations / Automation; Omnissa Horizon (VMware Horizon); CyberArk (PAM Suite); Linux & Windows Server administration; Automation tools : Ansible, Terraform, PowerCLI, Python, CI / CD Pipelines, IaC; Monitoring and logging platforms (Aria Ops for Logs, Splunk, ELK)

Knowledge of :

NIST 800‑53rev5 security controls and tailoring process

Export compliance regimes and license‑bound workload constraints

#J-18808-Ljbffr