Identity and Access Management Systems Engineer

Role Overview

This individual joins the Corporate Headquarters Information Security team, primarily responsible for testing, configuring, and setting standards and procedures for the Enterprise Directory (ISDS/TDI), Web Access Management System (ISAM), and Identity Management and Governance System (ISIM/IGI). The role involves providing guidance on integrating identity management authentication and authorization frameworks into new and existing applications, as well as engineering new security solutions and supporting established policies and standards.

Responsibilities

• Develop and implement the Web Access Management System, focusing on web applications, web application servers, and methods for accomplishing single sign-on (SSO).
• Manage the Enterprise Directory, including LDAP schemas, object classes, attributes, queries, dynamic groups, and nested groups.
• Develop directory integration solutions among various directory and database systems using SQL query design.
• Configure and support enterprise Identity Management systems for access provisioning, including the automation of role-based access (RBAC) and segregation of duties (SoD).
• Design background workflows for owner approvals and periodic access reviews.
• Provide input to assist with continual improvement of security frameworks and standards.

Requirements

• Minimum 5 years of extensive and applied experience with Enterprise Access and Identity Management, including design, configuration, and deployment of Active Directory, Group Policy Object (GPO) management, LDAP, Federations, and SSO.
• Minimum 2 years of experience supporting various authentication protocols such as Kerberos, SAML, OAUTH, and LDAP.
• Bachelor-level degree in engineering, information technology, computer science, or equivalent professional experience.
• Strong technical knowledge of web applications and servers (IIS, WebSphere, Domino, Weblogic).
• Basic web programming knowledge, including HTML, HTML forms, HTTP headers, and HTTP status codes.
• Experience with Windows Domain Administration and a basic understanding of Windows networking.
• Proficiency in JavaScript or another scripting language.
• Knowledge of Federated Identity and Web Services security concepts, including SAML, ADFS, WS-Federation, and WS-Security.
• Excellent troubleshooting skills, specifically regarding Active Directory technologies and network connectivity issues pertaining to authentication and authorization.
• Ability to troubleshoot non-standard or undocumented issues and determine solutions that fit within existing frameworks.

Preferred Qualifications

• Knowledge of Microsoft AD Integration with Microsoft O365 Cloud and Microsoft Azure Active Directory.