Varyence

Employment Type: Full-time/Part-time (Remote, Office, or Hybrid)
Short-term: up to 100 hours

Our goal is to engage an experienced RDP & SSO Solution Architect-Consultant who can provide a fresh perspective, identify potential improvements, and offer expert guidance in resolving complex challenges within our product. We are looking for someone who can analyze existing solutions, propose innovative approaches, and contribute to enhancing the overall architecture and efficiency of our system.

Project overview (USA): This is a system, developed to provide stable remote access for company’s employees to the workstations (PCs or VMs) located in the corporate network without breaking any security. Our system simplifies Access and Device Security for organizations.

Team Size: 16 team members (Ukraine).

Interview Stages:
1) HR Interview — up to 30 minutes;
2) Technical pre screen interview — up to1 hours;
3) Client interview- up to 30 minutes.

 

If you possess the following experience and skills, you would be an excellent fit for our team:
 

• Windows Authentication & Security:
  1) Deep knowledge of Kerberos, NTLM, Kerberos Constrained Delegation, S4U2Self / S4U2Proxy.
  2) Familiarity with smart card and certificate-based authentication mechanisms.
• RDP Protocol Expertise:
  1) Understanding of the internal workings of MSTSC, RDP Gateway, NLA (CredSSP).
  2) Experience with FreeRDP or other RDP libraries is a strong plus Azure AD & Hybrid Identity.
• Proficiency in OAuth2/OpenID Connect flows, MSAL, Azure AD Connect (UPN mapping, identity sync).
• Experience configuring Azure AD (Entra ID) pre-auth for RDP/RD Gateway, Azure AD App Proxy.
• Windows Server & Active Directory Administration:
  1) Ability to set up RD Gateway, RD Web, AD Certificate Services, and domain policies.
• Network & Security Architecture:
  1) Experience with Layer-4 pass-through / TCP proxy design.
  2) Knowledge of TLS certificate management and name resolution (SNI, DNS overrides).
• Solution Architecture:
  1) Ability to produce clear and thorough documentation.
  2) Strong analytical skills to articulate design trade-offs (complexity, performance, user experience).
• Experience working with large enterprise networks and security solutions.
• Proficient in spoken and written English at an Upper Intermediate level.

Your responsibilities will include the following tasks within your workflow: 

• Design & Document a solution (or multiple solutions) that enables seamless RDP SSO in our product’s architecture.
• Reduce or eliminate additional credential prompts for end-users.
• Deliver a proven, tested specification that can be handed off to our engineering team for implementation.
• Described detailed technical plan how to achieve SSO with:
  1) Configuration steps (e.g., Kerberos Constrained Delegation, certificate-based auth, or RD Gateway setup).
  2) Architecture & workflow diagrams outlining authentication flows from the client (Connector) to the on-prem target.
  3) Security & performance considerations (including identity mapping for on-prem AD vs. Azure AD — Entra ID).
• Feasibility analysis of each proposed approach, listing pros/cons and trade-offs.
• Testing procedures to validate SSO functionality in diverse environments:
  1) Domain-joined vs. non—domain-joined endpoints.
  2) Hybrid identity vs. purely on-prem or purely Azure AD.
  3) Potential high-latency or multi-hop scenarios.