Must have terraform experience.
Manager Notes (12/7/20)
- Block’s, GTC (Governance, Transparency and Compliance) team has a need for a Senior SW Engineer/.Net resource who has experience deploying applications into the cloud environment and understands what that deployment looks like. This person will mentor an inhouse, Lead Developer and Architect come up to speed.
- The contractor must be a strong developer and understands security really well. The client wants to figure out when their dev pipelines come through, Permissioning on the applications that get registered for Azure Active Directory, to be able to look at that and go to their internal team when challenge needs to happen if they are trying to get permission on the app or if they didn’t do the Permissioning correctly and need to separate it out from a front end and a back end.
- They must have senior level experience with development and security. Their architect was performing the responsibility however, they need someone else so the architect can focus on architect responsibilities.
Side note: Their architect has been helping, but they need to bring in a resource to help their Lead Developer come up to speed. He is not a traditional developer. He started out in the call center and is self-taught and went through training. They need someone who can mentor and lead him on how to look at the code and maintain the code. He will need to learn that for the team to come up with their abilities with the cloud. If the current developer is not able to get up to speed, then they would either keep the contractor longer or convert.
Technologies:
MUST HAVE:
- .net, Azure DevOps (ADO) and Terraform are technologies their developers are leveraging.
- Azure Active Directory (Azure AD) – anything to do with Azure AD is where they focus all their Identity on OpenID Connect for registrations
- Understand OpenID Connect (OIDC) and SAML re: registration/authentication
- OpenID Connect - registrations are using OpenID Connect (OIDC) – OPEN OP has been the universal standard for cloud-to-cloud federations
- SAML - has been the traditional method (i.e. it is an open standard for exchanging authentication and authorization data between parties),but started to unify standards using Open Ops which has been the universal standard to open ID connections and is where OIDC comes in play
- MS Graph – is the API layer, where they are permissioning access to application.
- EXCELLENT COMMUNICATION SKILLS
- SAML and OpenID are both significant part of what we are building out. We have SAML applications that we are migrating to OpenID and most all new apps are written for OpenID.
NICE TO HAVE…BIG PLUS:
- Saviynt – a super BIG PLUS if they know anything about Savient, like really good with Savient to help back up Amanda with performing principle activities, drive design and everything into implementation
- MySQL - Experience helps since it is backend to Savient. They have issues with queries that are written in My SQL
- He did say if the person has Identity Access Space experience building .net applications or Azure DevOps pipelines that would be a “nice to have”
Interview feedback (1/27/91):
When asked where I.S. fell short the manager said, “we understand the superficial aspect of what we need done but need help actually doing it. He was uneasy answering questions and uncomfortable with topics regarding how he led/mentored a team. He struggled with the right frame of answer, didn’t demonstrate the right approach”.
The manager said they need someone who can demonstrate and share successes, along with failures, on how to:
- get code into Azure DevOps and Azure
- build out in Azure DevOps pipelines to perform maintenance of code in Identity Access System.
- Able to give examples with finer points of execution
- Terraform expertise
- Provide solution so their infrastructure is deployed with pipelines built in Azure DevOps with Terraform
- Explain and train them in Azure DevOps with Terraform pipeline
SAMPLE QUESTIONS FOR VETTING: (note: looking for someone with hands on experience. Share specific examples of your experience on applications you have worked on)
- Please describe some of the things you have promoted into the cloud and how you had a hand in leading, managing and making updates?
- Share/demonstrate experience with build pipeline, ADO, and things of that nature. Have you set that up and worked it through ADO? If so, please share in detail?
- Can you take one application as an example and walk through the authentication, registration, and API permissions.
- Don’t explain how it works, explain how you would configure?
- How would you do an application register?
- Where would you do the API permissions?
- What kind of permissions would you set for the application registration?
- How does Azure know if there is a read or write permission?
- Have you worked with Graph API? How have you used it? What was the purpose of using it?