Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Cloud Security Architecture

Good to have skills :

NA

Minimum

3

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: The Virtual Desktops & Bastion Host Specialist is responsible for deploying, managing, securing, and optimizing enterprise Virtual Desktop Infrastructure (VDI) and Bastion Host/Jump Server environments. This role ensures secure remote access, privileged access workflows, and high availability of mission-critical virtual desktop and access gateway platforms. Roles & Responsibilities: - Deploy and manage Bastion Hosts (CyberArk PSM, Teleport, Delinea, PBPS, custom secure jump servers). - Manage privileged session access and enforcement policies. - Configure MFA, role-based access control (RBAC), and least-privilege workflows. - Monitor, record, and audit privileged sessions for compliance and threat detection. - Troubleshoot connectivity issues between Bastion Hosts and backend servers. - Maintain high availability and failover strategies for Bastion infrastructure. - Deploy, configure, and manage VDI environments (Citrix / VMware Horizon / Microsoft AVD). - Maintain and optimize master images, golden images, and application layering. - Manage virtual desktop pools, session hosts, and user assignment policies. - Monitor system performance (CPU, RAM, storage, IOPS) and conduct capacity planning. - Troubleshoot user sessions, profile loading issues, application performance, and connectivity failures. - Implement profile management solutions (FSLogix, Citrix UPM, VMware DEM). - Ensure OS patching, AV updates, and compliance across all VDI instances. - Implement hardening standards for VDI and Bastion systems (CIS Benchmarks, STIGs). - Integrate VDI and Bastion hosts with SIEM, PAM, MFA, and identity platforms (AD, AAD, IDPs). - Conduct access reviews, audit facilitation, and compliance reporting. - Ensure logging, session recording, and secure credential workflows are active and functioning. - Maintain configuration baselines and follow Change Management processes (ITIL). - Automate provisioning, session lifecycle management, and monitoring tasks using scripts (PowerShell, Python). - Manage backup, recovery, and disaster recovery for VDI and Bastion platforms. - Conduct root cause analysis (RCA) for recurring issues. - Provide L3 support for VDI, remote access, Bastion Host issues. - Work closely with Infra, AD, Security, and Application teams to support business operations. - Document system designs, procedures, knowledge base articles, and SOPs. Professional & Technical Skills: - Must To Have Skills: Proficiency in Cloud Security Architecture. - Strong understanding of virtualization (VMware ESXi, Hyper-V), storage, and networking. - Experience with Provide L3 support for VDI, remote access, Bastion Host issues, CyberArk PSM, Teleport, Delinea, or other Bastion/Jump Server solutions - Knowledge of identity and access management in cloud environments. - Familiarity with compliance requirements related to cloud security. - Expertise with AD, Group Policy, MFA integrations, and SSO. Proficiency in PowerShell scripting. - Experience with monitoring tools (ControlUp, Director, Horizon Console, Azure Monitor, etc.). - Good understanding of security fundamentals, RBAC, privileged access workflows. - Strong troubleshooting and problem-solving abilities. - Ability to work in fast-paced environments and manage multiple priorities. - Good communication and stakeholder engagement skills. Additional Information: - The candidate should have minimum 6+ years of experience in VDI and/or Bastion Host administration. - This position is based at our Gurugram office. - A 15 years full time education is required. Certifications preferred: Citrix (CCA-V/CCP-V), VMware VCP-DTM, Microsoft AZ-140 (AVD), PAM/Bastion certifications where applicable. - Experience supporting large-scale enterprise environments (5K-20K+ VDI users).




15 years full time education