Profilbild von Jozsef Gorzas Software-Architekt, Entwickler für Identitäts- und Zugriffsmanagement (IAM) aus FrankfurtamMain

Jozsef Gorzas

nicht verfügbar bis 01.06.2024

Letztes Update: 08.03.2024

Software-Architekt, Entwickler für Identitäts- und Zugriffsmanagement (IAM)

Firma: SENSE GmbH
Abschluss: Master in Software-Engineering
Stunden-/Tagessatz: anzeigen
Sprachkenntnisse: deutsch (verhandlungssicher) | englisch (gut)

Dateianlagen

Profile-Gorzas-20231027_271023.pdf

Skills

PROGRAMMIER-/SCRIPTSPRACHEN
Java, C#, C, C++, Shell bash, JavaScript, Groovy, PowerShell

METHODEN/MODELLIERUNG
Scrum, OOA, OOD, OOP, UML, Domain Driven Design (DDD), Secure Development Lifecycle (SDL), Secure Test Driven Development (STDD), Test Driven Development (TDD), (Enterprise) Design Patterns

TOOLS
Eclipse, IntelliJ, Xcode, Confluence, JIRA, Visual Studio, Visual Studio Code, MS Office, MS Visio

DEVOPS
Git, Maven, Gradle, Artifactory, CI/CD, Jenkins, Docker, Kubernetes, Google Kubernetes Engine (GKE), GKE multi-cluster Services (MCS), Multi Cluster Ingress, Red Hat OpenShift, GitHub, Azure DevOps

CLOUD
Google Cloud Platform (GCP), Amazon Web Services (AWS), Microsoft Azure

PLATTFORMEN/SERVER
Microsoft Entra ID, Azure AD B2C, ForgeRock Identity Platform, Red Hat Single Sign-On (Keycloak), IdentityServer, Apache DS, IIS, Apache (mit ModSecurity), F5 BIG-IP, AD Federation Server (ADFS), MS-Certificate Authority, MS-Remote Desktop, Citrix XenDesktop und XenApp, VMware vSphere

DATENBANKEN
Oracle Database, MariaDB, SQL Server, Virtuoso, GraphDB

FRAMEWORKS
Jakarta EE (JEE), Red Hat JBoss Enterprise Application Platform (JBoss EAP), Quarkus, WildFly, Spring, .NET Core (cross-platform), ASP.NET Core, ASP.NET Core Middleware, ASP.NET Core MVC, Entity Framework (EF) Core, Angular, .NET Framework and ASP.NET, STL, MFC, ATL, Windows Platform SDK, Windows Driver Kit (WDK), Windows Identity Foundation (WIF), Windows Communication Foundation (WCF), Windows Presentation Foundation (WPF), VMware vSphere Management SDK, VMware Remote Console (VMRC) SDK, NHibernate, Autofac, ASP.NET Zero, ASP.NET Boilerplate, dotNetRDF, Identity Experience Framework (IEF)

TECHNOLOGIEN
Identity and Access Management (IAM), Identity and Access Governance (IAG), Privileged Access Management (PAM), Unified Identity, Identity Governance and Administration (IGA), System for Cross-domain Identity Management (SCIM 2), Role-Based Access Control (RBAC), Principle of Least Privilege (POLP), Zero Trust, Application and API Security, (Web) Single-Sign-On (SSO), Identity Federation (Brokering), Single- / Multi-factor authentication, Transaction Signing, Security Assertion Markup Language (SAML 2.0), OpenID Connect, OAuth 2.0, WS-Security (WS-Trust, WS-Federation), WebAuthn, Fast Identity Online (FIDO) 2.0, Windows Hello for Business, Authentication mechanisms (Password, HOTP, TOTP, Push, Certificates, Smartcards, …), Kerberos, Kerberos Protocol Transition, Kerberos Constrained Delegation, RADIUS, Claims-based Identity, Virtualization, Containerization, Serverless Application Development, Microservices, Service mash, Service Oriented Architecture (SOA), Client/Server Architecture, Single Page Application (SPA), Web Services (SOAP and REST), Penetration Test, Win32 Services, COM, Credential Providers und Filters, Apache Modules, Local Security Authority (LSA), Security Support Provider Interface (SSPI), Crypto Service Providers (CSP), (Contactless) Smartcards, MS-Certificate Authority Extensions, x509 Certificates, Cryptography (AES, RSA, …), RDP, RemoteFX, ICA, HDX, RDP and ICA virtual channels, Remote Desktop Services, Terminal Services, Virtual Machines, Virtual Desktop Infrastructure, VMware Remote Console (VMRC) Protocol, DMZ, SSL, (SSL-)VPN, Reverse Proxies, Web Application Firewall, Cloud Computing, LDAP, Active Directory, Azure AD, Public Key Infrastructures (PKI), Windows Deployment Services (WDS) Server API, Windows Filtering Platform (WFP), Messaging Application Programming Interface (MAPI), Keycloak Service Provider Interfaces (SPI), Resource Description Framework (RDF), SPARQL, TripleStore (Graph DB), Directed-Acyclic-Word-Graph (DAWG), Protocol Buffers

BETRIEBSYSTEME
Linux (RedHat, CentOS), Unix, Windows (Desktop, Server, Embedded)

Projekthistorie

10/2023 - bis jetzt
Architecture design of Erbe Unified Login
Akkodis, Telekom MMS GmbH (Internet und Informationstechnologie, 1000-5000 Mitarbeiter)

Architecture design of Erbe Unified Login for Workforce Users and Customers on Azure (based on Azure AD B2C). Design and implementation of the registration and authentication flows with multi-factor authentication (MFA). Implementation of identity brokering (federation) via Microsoft Entra ID.

06/2023 - 09/2023
PWSync 23.1.0.0
Landesbank Baden-Württemberg (Banken und Finanzdienstleistungen, >10.000 Mitarbeiter)

Design und Implementierung von PWSync 23.1.0.0. PWSync ist ein konfigurierbares Kennwortsynchronisations-System von Active Directory Kennwörter. Anhand einer XML-Konfiguration können die Kennwörter in verschiedene Benutzerverzeichnisse (LDAP basierte Directory Services, NT4, …) oder über Plug-Ins in Anwendungen synchronisiert werden.

12/2022 - 05/2023
BRAK Identity and Access Management (IAM)
Westernacher Solutions GmbH (Wirtschaftsprüfung, Steuern und Recht, 50-250 Mitarbeiter)

Architecture design of the new central Identity and Access Management service of the German Federal Bar (Bundesrechtsanwaltskammer, BRAK) according to the microservices architecture approach. Development concept for the 3 main components: Identity Manager (IdM), BRAK-IdP and Directory Service. Specification of the SCIM 2 based API of IdM. Design of the challenge-response based authentication API for the digital signature- based authentication mechanism.

02/2021 - 11/2022
Architecture design of Cloud IdP and leading the development of the Access Manager
Hays AG, Deutsche Bank (Banken und Finanzdienstleistungen, >10.000 Mitarbeiter)

Architecture design of Cloud IdP and leading the development of the Access Manager (based on ForgeRock AM). Cloud IdP is a multi-region cloud based identity provider hosted on the Google Cloud Platform (GCP). Design of the multi-cluster architecture on GCP. Design and implementation of the entire authentication flow with multi-factor authentication. Implementation of identity brokering (federation) and on-demand synchronization via Azure AD. Integration of applications via OIDC, OAuth2 and SAML. Integration of legacy services (e.g. mainframes) via RADIUS.

07/2020 - 11/2022
Maintenance, design and implementation of Red Hat SSO (Keycloak) extensions.
Hays AG, Deutsche Bank (Banken und Finanzdienstleistungen, >10.000 Mitarbeiter)

Maintenance, design and implementation of Red Hat SSO (Keycloak) extensions (via Service Provider
Interfaces (SPI)).

06/2020 - 06/2020
Maintenance, design and implementation of Keycloak extensions.
Eurostaff Group GmbH, NAS Smart Platforms GmbH (Internet und Informationstechnologie, 10-50 Mitarbeiter)

Maintenance, design and implementation of Keycloak extensions (via Keycloak Service Provider
Interfaces (SPI)). Customization of the Keycloak UI (FreeMarker templates). Configuration of user federation
(Identity Brokering) via ADFS.

10/2019 - 05/2020
Planning and implementation of the autosuggest index builder pipeline.
SOLCOM GmbH, Elsevier (Medien und Verlage, 5000-10.000 Mitarbeiter)

Planning and implementation of the autosuggest index builder pipeline. The components of the pipeline are implemented in executable artifacts and the execution of this artifacts is controlled by a Jenkins Pipeline. The executable artifacts are implemented as cross-platform (Windows, CentOS) .NET Core applications. The pipeline converts raw binary database files to RDF (Resource Description Framework) input files and loads this files into named graphs. The named graphs are stored depending on configuration either in remote (e.g. Virtuoso, GraphDB) or in local triple store (dotNetRDF). Data selection is according to configured selection rules (C# scripts with dynamic SPARQL queries). The selected data is converted into directed acyclic word graph (DAWG). The resulted DAWG is binary serialized (Protocol Buffers) and published to S3 buckets (AWS).

05/2019 - 09/2019
Enhancements for REX Tracker and REX Analyzer.
REX Analytics (Internet und Informationstechnologie, < 10 Mitarbeiter)

Enhancements for REX Tracker and REX Analyzer. REX Tracker is a REX Analytics module that triggers and
synchronizes activities across multiple nodes required for launching test workloads and collecting performance
data. REX Tracker can launch predefined workloads, start and stop screen recordings, and collect telemetry
data. REX Analyzer is a REX Analytics module that presents previously collected screen videos and performance
data in a way that is easy to understand and interpret.

04/2018 - 04/2019
Evaluation, concept and implementation of the group-wide single sign-on (SSO) with migration to the IAM solution Red Hat Single Sign-On (Keycloak).
SOLCOM GmbH, BS PAYONE GmbH (Banken und Finanzdienstleistungen, 500-1000 Mitarbeiter)

Evaluation, concept and implementation of the group-wide single sign-on (SSO) with migration to the IAM
solution Red Hat Single Sign-On (Keycloak). Design and implementation of custom providers for Keycloak (via
Keycloak Service Provider Interfaces (SPI)) and .NET REST based web services in the backend. Costumization of the
Keycloak-UI (using FreeMarker templates). Implementation of on-demand migration for legacy users and custom
registration for new ones. Integration (via OIDC or SAML 2.0) of the Sitefinity based service portal, F5 BIG-IP APM,
SAP BOE and .NET based web applications. Identity brokering with ADFS. Security concept for securely publishing
REST based API services.

01/2006 - 03/2018
Planning, implementation and maintenance of a high secure single sign-on (SSO) web application and web API access management system with an identity provider (IdP).
ASG Technologies (Internet und Informationstechnologie, 5000-10.000 Mitarbeiter)

Planning, implementation and maintenance of a high secure single sign-on (SSO) web application and web
API access management system with an identity provider (IdP). The high scalable distributed system supports
various authentication options (user name / password, certificate (smartcard), RADIUS, One Time Password, SMS,
SAML 2.0, OAuth 2.0), policy based authorization and different protocols (WS-Federation, SAML 2.0, OpenID
Connect, OAuth 2.0, …) and integrates via identity federation third party services (Salesforce, Google, Office 365,
...). The system is part of an enterprise-class cloud computing solution. It is used worldwide by several large
companies (in certain configurations for several 10,000 users) and has passed the penetration tests of specialized
companies.

Reisebereitschaft

Verfügbar in den Ländern Deutschland, Österreich und Schweiz
Ich arbeite überwiegend remote.

Bewertungen

Product Owner (Dave Schikora)
"Herr Gorzas hat uns über einen Zeitraum von ca. 9 Monaten bei der Konzeption, Umsetzung und Einführung eines Identity and Access Management Systems in der Rolle als Lead Architekt unterstützt. Seine Kenntnisse im Bereich Identity Management sind äußerst umfassend und er konnte uns wiederholt durch Best Practice Ansätze überzeugen. Sein Auftreten ist durchgängig professionell und souverän. Im Entwicklungsteam hat er sich voll integriert und ist ein geschätzter Kollege geworden."

exali IT-Haftpflicht-Siegel (Sondertarif für Freelancermap-Mitglieder)

Das original exali IT-Haftpflicht-Siegel bestätigt dem Auftraggeber, dass die betreffende Person oder Firma eine aktuell gültige branchenspezifische Berufs- bzw. Betriebshaftpflichtversicherung abgeschlossen hat. Diese Versicherung wurde zum Sondertarif für Freelancermap-Mitglieder abgeschlossen.

Versicherungsbeginn:
16.03.2018

Versicherungsende:
01.04.2024

Profilbild von Jozsef Gorzas Software-Architekt, Entwickler für Identitäts- und Zugriffsmanagement (IAM) aus FrankfurtamMain Software-Architekt, Entwickler für Identitäts- und Zugriffsmanagement (IAM)
Registrieren