Senior Secure Platform Specialist

About the RoleWe are seeking a Senior Secure Platform Specialist to lead the design, security, lifecycle management, and automation of our secure landing zone infrastructure, built on VMware vSphere, VMware Aria, Linux, Windows, Omnissa Horizon (VDI), and CyberArk. This hybrid role combines infrastructure expertise, security engineering, compliance alignment, and cross-functional collaboration, serving as the trusted authority for secure platform operations.The ideal candidate brings deep technical expertise and strategic thinking, with full accountability across the infrastructure lifecycle, compliance (e.g., NIST 800-53), and governance. You’ll work closely with InfoSec, HPC teams, IT, DevOps, and the Export Compliance Office to ensure that both the platform and its workloads meet evolving operational, legal, and regulatory standards.ResponsibilitiesOwn the full lifecycle (design, deploy, operate, optimize, and decommission) of critical infrastructure platforms vSphere & Aria Secure Landing ZoneArchitect and administer secure vSphere clusters and Aria Operations/Automation instancesConfigure distributed resource scheduling, security hardening, workload segmentation, and capacity planningMonitor with Aria Ops for compliance, performance, and availabilityLead host patching, firmware updates, and decommissioning processes for end-of-life infrastructureArchitect and manage the CyberArk Core Vault, DR Vault, PVWA, CPM, and PSMOnboard and govern privileged accounts and credential lifecycles (human and non-human)Enforce session isolation, recording, and vaulting policiesIntegrate CyberArk with IdPs, SIEMs, and ITSM systemsOversee upgrades, platform health, and safe retirementDesign and maintain VDI infrastructure (Connection Servers, Unified Access Gateways, Load Balancing)Configure user pools, Smart Policies, MFA, and security controls for sensitive accessManage golden image lifecycle, patching, and pool recompositionMonitor performance, login behavior, and entitlement driftRetire unused pools and infrastructure with compliance traceabilityOwn enforcement and alignment of NIST 800-53 controls within infrastructureMaintain audit readiness: documentation, POAMs, evidence collection, control mappingContinuously assess platform configurations for compliance drift and automate remediationImplement export boundary enforcement in coordination with Export Compliance OfficerImplement Infrastructure-as-Code and automated workflows for provisioning, security patching, and audit evidence generationUse tools like Terraform, Ansible, PowerShell, or Python to reduce manual effort and enforce consistencyIntegrate Aria, CyberArk, and VDI infrastructure into CI/CD and DevOps pipelines to secure deploymentsDevelop reusable templates, runbooks, and guardrails for internal developers and IT engineersAct as the central point of coordination for platform-level security and lifecycle operations:Information Security/GRC: align with security policies, audits, and compliance attestationIT Operations: coordinate upgrades, maintenance, and incident responseHPC and Scientific Computing Teams: ensure secure enablement of high-performance, regulated workloadsExport Compliance Officer: validate regional data boundaries, export-controlled operations, and workload placementEnterprise Architects: support secure platform modernization and alignment with cloud transformation initiatives QualificationsBachelor’s or Master’s in Cybersecurity, Computer Science, or a related fieldCISSP, CISM, or GCCCVMware VCAP/VCIX, Horizon SpecialistLinux, Windows OSCyberArk DefenderITIL v4, TOGAF, or enterprise architecture frameworksRequired Skills8–12+ years of experience in infrastructure, security engineering, or platform operationsVMware vSphere, Aria Operations/AutomationOmnissa Horizon (VMware Horizon)CyberArk (PAM Suite, Core Vault, PSM, CPM)Linux & Windows Server administrationAutomation tools: Ansible, Terraform, PowerCLI, Python, CI/CD Pipelines, IaCMonitoring and logging platforms (Aria Ops for Logs, Splunk, ELK)NIST 800-53rev5 security controls and tailoring processExport compliance regimes and license-bound workload constraints