Purpose of Position
Working with Cybersecurity management, the Identity & Access Management (IAM) Engineer, Lead defines, establishes, maintains, and manages identities across the organization.
They rigorously manage access to systems and applications, adhering to security, engineering, and governance principles.
This role will be leading a team of IAM engineers and collaborating closely with IT, cybersecurity, business units, and third parties, managing provisioning, governance, SSO, directory services, technical integrations, and behavioral analytics.
Tasks and Responsibilities Implement and configure global identity solutions and capabilities: Manage Single Sign-On (SSO), Multi-Factor Authentication (MFA), privileged account management, automation, and behavior analytics systems.
Recommend and implement automation and provisioning improvements: Enhance end-user experience by optimizing automation, onboarding, and provisioning configurations based on recommendations.
Document access workflows, policies, and exceptions: Maintain comprehensive documentation of implemented identity solutions for audit reviews, ensuring integrity and compliance.
Collaborate with security leadership and stakeholders: Work closely with security leadership, teammates, and stakeholders to evaluate and implement access models aligned with organizational risk posture.
Lead team of IAM engineers.
Resolve IAM issues across employee base and external entities: Assess and address IAM issues impacting employees and external entities, ensuring timely resolution and minimal disruption.
Evaluate business impact and risk exposure: Assess the business impact and risk exposure associated with access levels granted, providing recommendations for improvements.
Support incident response efforts: Collaborate with incident responders during potential incidents, escalating to management as necessary for swift resolution.
Perform other duties as assigned: Flexibly undertake additional responsibilities as assigned to meet evolving organizational needs.
Education
Bachelor's in Information Technology
Certifications and Licenses Years of Experience
8-10 years of experience
Core Competencies
Service-Oriented
Curiosity
Collaboration
Adaptability
Strives For Positive Results
Knowledge, Skills, Abilities and Other (KSAOs) Identity and Access Management (IAM): Understanding of IAM, application integration, life cycle management (LCM), Single-sign-on (SSO).
Application & Infrastructure Security Concepts: Understanding of network security principles, password management best practices, and access control mechanisms.
Active Directory (AD), AD Lightweight Directory Services (AD LDS), Azure Active Directory (Azure AD), Group Policy, DHCP, DNS: Experience in managing and configuring these technologies.
Public Key Infrastructure (PKI): Familiarity with PKI concepts Microsoft Products: Intermediate to advanced skills with Microsoft products, including Windows Server, Active Directory, and related services.
Privilege Access Management (PAM): Knowledge of PAM principles and technologies for managing and securing privileged accounts and access.
Skills: Proficiency in administering directory services, Windows and Azure AD, Okta directory, SSO, MFA, and role-based access control (RBAC).
Experience in administering IAM systems, access controls, security and risk management, and security governance fundamentals.
Automation: Experience in automating tasks using PowerShell or other scripting languages to improve efficiency and streamline processes.
Programming: Proficiency in at least one programming language (e.g., Python, Java) for scripting and automation tasks.
Monitoring and Performance Management: Experience with monitoring tools such as DataDog to track system performance and troubleshoot issues.
Identity Protection: Experience with CrowdStrike identity protection is a plus.
Problem-Solving: Excellent problem-solving skills to identify and resolve issues related to identity and access management systems.
Verbal & Written Communication: Effective communication skills to effectively communicate with technical and non-technical stakeholders.