Key skills
DNS AdministrationBind 9.XLinux AdministrationPython ScriptingAnsible AutomationSecurity Policy EnforcementSyslog ConfigurationOS Kernel ModificationsOS Access Control HardeningDNS MonitoringPythonAnsible
About this role
Calance is a company seeking a DNS Engineer for a 12+ months contract. The role involves being a senior level subject matter expert in DNS, responsible for the design, stability, performance, and security of DNS services, as well as implementing new configurations and optimizing existing ones.
Responsibilities:
- Create a “Current Design” document of the enterprise DNS IT infrastructure
- Highlighting all DNS flows and zone forwarding
- Identify every Recursive Server and Authoritative Server, noting where DNS servers exist within the Green and Yellow zone of the network
- Leveraging the Current Design Document identify all gaps and opportunities to improve the design and create a gap analysis design document, highlighting all opportunities for improvement for both functionality and security
- Create and provide a new enterprise DNS design document that contains all enhancements that address gaps and inefficiencies, focusing primarily on improving the security posture of the DNS infrastructure
- Perform peer level reviews with both internal network engineering and security architects
- Obtain approval from Security on the new design
- Break the new design into a phased approach (each DC will be a separate phase)
- Build the new DNS environment in each phase for each DC including testing and validation as well as monitoring and alerting
- Complete new build documentation for as build design
- Train personnel to maintain the new environment
- Create new disaster recovery documents and procedures
- Perform disaster recovery testing
- Maintain and operate the new design, fixing and addressing any config changes that need to be applied to adjust to new findings
Requirements:
- Senior level SME in DNS-ideally from a service provider environment
- Senior level Linux Administration
- DNS Configuration
- Bind
- Python Scripting & Automation
- Ability to perform an end to end assessment and audit of the DNS environment
- Post audit deliver an architectural report and provide recommendations and challenge current design
- Create a 'Current Design' document of the enterprise DNS IT infrastructure
- Highlighting all DNS flows and zone forwarding
- Identify every Recursive Server and Authoritative Server, noting where DNS servers exist within the Green and Yellow zone of the network
- Leveraging the Current Design Document identify all gaps and opportunities to improve the design and create a gap analysis design document, highlighting all opportunities for improvement for both functionality and security
- Create and provide a new enterprise DNS design document that contains all enhancements that address gaps and inefficiencies, focusing primarily on improving the security posture of the DNS infrastructure
- Perform peer level reviews with both internal network engineering and security architects
- Obtain approval from Security on the new design
- Break the new design into a phased approach (each DC will be a separate phase)
- Build the new DNS environment in each phase for each DC including testing and validation as well as monitoring and alerting
- Complete new build documentation for as build design
- Train personnel to maintain the new environment
- Create new disaster recovery documents and procedures
- Perform disaster recovery testing
- Maintain and operate the new design, fixing and addressing any config changes that need to be applied to adjust to new findings
- Bind 9.X experience (NAMED configuration experience)
- DNS administration experience with an industry leading IPAM (Diamond IP, Infoblox, etc.)
- Linux (RHEL 8/9) experience
- OS Kernel modifications
- OS Access Control Hardening experience
- Security policy enforcements (Net groups, power broker, etc.)
- Syslog configuration
- Python scripting experience
- Ansible automation platform experience
- DNS monitoring experience (leveraging BIND stats info)