Cybersecurity Engineer - IAM
Job Description
Job Description
Summary
This is a hands-on security position working within the Information Security group and with the internal IT department at large. We are looking for candidates who have a passion for cyber security, identity management, and threat response. You will provide domain expertise to design and develop the capabilities of the identity and access management platform and the automation of application deployment pipelines to the platform.
The Role
In this role, you will be an essential partner and technical specialist for identity and access platform development and provide thought leadership on overall security and authentication across various workflows. You will be a key part of our efforts to enable the business needs in a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.
Responsibilities
Provide design, evaluation, analysis, testing, debugging and implementation of identity and access management programs to support the company’s strategy
Maintain configuration, updates, and overall administration of the identity access management platform
Have a deep understanding of user lifecycle management; including provisioning/de-provisioning, access requests, user entitlements and audit & validations
Maintain standards for access management across the company and department
Collaborate with HRIS, IT service owners, and service desk to troubleshoot and fulfill identity related workflows
Knowledge of identity governance workflows with the concepts of attestation and auditing.
Integrate new applications into the identity access management platform through RESTful APIs, JDBC, flat file, or built-in connectors and configure aggregation, provisioning, and entitlements
Automate identity workflows and processes for lifecycle management, auditing, reporting, governance and self-service
Provide and maintain a RESTful identity API to downstream services
Play an active role in CAA’s security incident response efforts, working to identify and mitigate information security threats
Required Capabilities
A minimum of 4 years in Information Technology, ideally with a focus on information security
A minimum of 2 years’ experience in identity and access management or CyberSecurity
A Bachelor’s or Master’s Degree in a relevant field of work
Experience scripting in at least one of the following languages: PowerShell, Python, JavaScript
Experience with the deployment and support of Zero Trust Identity architecture and infastructure
A strong understanding of the fundamental operations of servers, operating systems, networks, firewalls, cloud applications, and infrastructure
Experience in automation and integration with SaaS applications
Understanding of OAuth, SAML and OpenID frameworks
Experience in lifecycle management and provisioning and de-provisioning
Knowledge of different MFA and compensating controls for identity
Knowledge of privilege identity management, privileged access management, and concepts of just in time provisioning, just enough access, and principal of least privilege
Desired Capabilities
Set up and integrated Single Sign-On with various SaaS vendors
Account set-up and access management
Using and coding against REST APIs
Knowledge and experience of SCIM provisioning and integration
Worked closely with human resources and help desk support staff
Experience supporting and following identity framework or IDaaS
An understanding of the NIST framework and using a continuous improvement loop
Desired Skills
Azure AD, Active Directory, AD Connect, Azure Automation, Power Automate, SAML, OpenID, WS-Fed, SSO, SCIM, OAuth, Programming (java, python), PowerShell, RESTful APIs, MSSQL, OGNL, GraphQL, Workday, SailPoint, Okta, Ping Federate, PingID, Splunk, RBAC
Environment
CAA has a service oriented collaborative environment where we help our colleagues then focus on our own work.