Senior Secure Platform Specialist

We are seeking a Senior Secure Platform Specialist to lead the design, security, lifecycle management, and automation of our secure landing zone infrastructure, built on VMware vSphere, VMware Aria, Linux, Windows, Omnissa Horizon (VDI), and CyberArk. This hybrid role combines infrastructure expertise, security engineering, compliance alignment, and cross‑functional collaboration, serving as the trusted authority for secure platform operations.

The ideal candidate brings deep technical expertise and strategic thinking, with full accountability across the infrastructure lifecycle, compliance (e.g., NIST 800‑53), and governance. You’ll work closely with InfoSec, HPC teams, IT, DevOps, and the Export Compliance Office to ensure that both the platform and its workloads meet evolving operational, legal, and regulatory standards.

Own the full lifecycle (design, deploy, operate, optimize, and decommission) of critical infrastructure platforms.

• Architect and administer secure vSphere clusters and Aria Operations/Automation instances
• Configure distributed resource scheduling, security hardening, workload segmentation, and capacity planning
• Monitor with Aria Ops for compliance, performance, and availability
• Lead host patching, firmware updates, and decommissioning processes for end‑of‑life infrastructure

• Architect and manage the CyberArk Core Vault, DR Vault, PVWA, CPM, and PSM
• Onboard and govern privileged accounts and credential lifecycles (human and non‑human)
• Enforce session isolation, recording, and vaulting policies
• Integrate CyberArk with IdPs, SIEMs, and ITSM systems
• Oversee upgrades, platform health, and safe retirement

• Design and maintain VDI infrastructure (Connection Servers, Unified Access Gateways, Load Balancing)
• Configure user pools, Smart Policies, MFA, and security controls for sensitive access
• Manage golden image lifecycle, patching, and pool recomposition
• Monitor performance, login behavior, and entitlement drift
• Retire unused pools and infrastructure with compliance traceability

• Own enforcement and alignment of NIST 800‑53 controls within infrastructure
• Maintain audit readiness: documentation, POAMs, evidence collection, control mapping
• Continuously assess platform configurations for compliance drift and automate remediation
• Implement export boundary enforcement in coordination with Export Compliance Officer

• Implement Infrastructure‑as‑Code and automated workflows for provisioning, security patching, and audit evidence generation
• Use tools like Terraform, Ansible, PowerShell, or Python to reduce manual effort and enforce consistency
• Integrate Aria, CyberArk, and VDI infrastructure into CI/CD and DevOps pipelines to secure deployments
• Develop reusable templates, runbooks, and guardrails for internal developers and IT engineers

• Information Security/GRC: align with security policies, audits, and compliance attestation
• IT Operations: coordinate upgrades, maintenance, and incident response
• HPC and Scientific Computing Teams: ensure secure enablement of high‑performance, regulated workloads
• Export Compliance Officer: validate regional data boundaries, export‑controlled operations, and workload placement
• Enterprise Architects: support secure platform modernization and alignment with cloud transformation initiatives

• Strategic Infrastructure Leadership – Lead platform lifecycle planning, modernization, and long‑term roadmap execution.
• Security Architecture & Enforcement – Apply Zero Trust principles, privileged access management, and secure workload segmentation across virtualized environments.
• Compliance Execution & Audit Readiness – Manage compliance alignment with NIST 800‑53, export controls, and licensing conditions; own POAM resolution and control documentation.
• Infrastructure Automation Expertise – Deliver scalable, consistent infrastructure through Infrastructure‑as‑Code and automated remediation pipelines.
• Cross‑Functional Communication & Influence – Bridge the gap between engineering, InfoSec, compliance, and operations teams; translate technical decisions into risk and policy terms.
• Lifecycle Ownership Accountability – Fully own the planning, deployment, operations, optimization, and decommissioning of platform infrastructure components.
• Risk‑Driven Decision Making – Prioritize security, compliance, and performance trade‑offs based on business risk and operational impact.

• Bachelor’s or Master’s in Cybersecurity, Computer Science, or a related field
• Preferred Certifications:
• • CISSP, CISM, or GCCC
• • VMware VCAP/VCIX, Horizon Specialist
• • Linux, Windows OS
• • CyberArk Defender
• • ITIL v4, TOGAF, or enterprise architecture frameworks

• 8–12+ years of experience in infrastructure, security engineering, or platform operations
• Demonstrated expertise with VMware vSphere, Aria Operations/Automation; Omnissa Horizon (VMware Horizon); CyberArk (PAM Suite); Linux & Windows Server administration; Automation tools: Ansible, Terraform, PowerCLI, Python, CI/CD Pipelines, IaC; Monitoring and logging platforms (Aria Ops for Logs, Splunk, ELK)

• NIST 800‑53rev5 security controls and tailoring process
• Export compliance regimes and license‑bound workload constraints