Skip to content

Secrets Management Service Engineer (IT-CD-CC-2024-50-GRAE)

Contract: 24 months, with a possible extension up to 36 months maximum. Target start date: 01-September-2024 REF: IT-CD-CC-2024-50-GRAE

Description

Join CERN's IT department as a member of the Compute & Devices (CD) group, that manages end-user desktop and mobile services, supports various operating systems (Windows, macOS, Linux, iOS, and Android), deploys core productivity applications like Microsoft Office, and offers interactive terminal services and batch farms for physics analysis. As a member of the Compute and Configuration (CC) section of the CD group, you will be participating in maintaining and supporting scientific computing services essential for laboratory operations and experiments, including the Worldwide LHC Computing Grid.

You will be responsible for the productionising and for the evolution of the central IT secret management service, that manages secrets for all puppet managed machines in the CERN Data Centre, for the OKD OpenShift containers and for the central batch infrastructure. CC section has been running a central secret management system for puppet infrastructure for over 10 years, and now we're migrating to HashiCorp Vault, which is a more modern secret management solution.

Your main functions will include:

  • Actively participate to productionise and help to evolve the central IT secret management service.
  • Create the secret storage model in HashCorp Vault and migrate the existing secrets. Integrate the HashCorp Vault secrets backend for existing systems.
  • Collaborate with new customers from different departments at CERN to study their secret storage needs and prototype HashiCorp Vault solutions that meet their requirements.
  • To phase out the old infrastructure completely, validate a new GitLab-based solution for the access control of the Configuration Management tools on CERN Data Centre.

Profile

Skills and/or knowledge

Technical skills:

  • Excellent knowledge in Python and Linux OS distributions.
  • Additional assets: Good knowledge in HashiCorp Vault, OIDC, kerberos, raft and RDBMS.
  • Strong analytical skills. Experience in running OpenSource solutions.

Behavior competencies:

  • Demonstrating flexibility
  • Solving problems
  • Communicating effectively
  • Language requirements: Fluent in English

Offer

A monthly stipend ranging between 5119 and 5631 Swiss Francs (net of tax).