Job Description :
IAM Engineer – O365/Azure
Location: Harrisburg, PA
Terms: 3-6 month plus OR possible to-hire (depending on candidate)
Process: Phone Screen - F2F (Skype potentially)
POSITION SUMMARY: The Information Security Operations Identity and Access Management (IAM) Engineer is responsible for driving client’s identity and access management vision in effort to protect the confidentiality, integrity, and availability of client’s information. The IAM Engineer understands identity and access management processes and controls, as well as has experience implementing access administration (Provisioning, de-provisioning), access enforcements (authentication and authorization) and access governance (certification, logging monitoring The individual will ensure the IAM environment utilizes the latest technology and is compliant with corporate policies and industry best practice. The position reports to the Information Security Operations Manager and works closely with other areas within the Information Technology Service (ITS) organization.
DUTIES AND ACCOUNTABILITIES - Essential for this position:
1. Work under the direct supervision of the Information Security Operations Manager.
2. Demonstrate an understanding of modern IAM concepts and best practices, including Single Sign On(SSO), cloud/third party application integration, and federated identity management.
3. Design, implement and maintain best practices for a LDAP compliant directory.
4. Recommend and coordinate the implementation and installation of identity and access management controls with a focus on industry best practice and best of breed technologies.
5. Develop and maintain the Identity and Access Management Architecture and standards;
6. Strive to cross-train across the Identify and Access Management domain, in order to backfill and backup peers as needed.
7. Create IAM systems providing administrators with the tools and technologies to change a user’s role, track user activities, create reports on those activities, and enforce policies on an ongoing basis. These systems are designed to provide a means of administering user access across an entire enterprise and to ensure compliance with corporate policies and government regulations.
8. Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements within the IAM ecosystem.
9. Understand, develop, maintain and mature a Role Based Access Control (RBAC) model. The onboarding of applications is based on metadata derived from authoritative source(s
10. Incorporate a strong network security model to include firewalls, IDS/IPS, signature analysis, web application firewall, API security, database monitoring when designing IAM solutions. Work in unison with an enterprise Managed Security Service Provider (MSSP
11. Collaborate between multiple ITS technological teams to develop and implement controls and configurations aligned with security policies and legal, regulatory, and audit requirements.
12. Develop a relationship with peripheral departments, including IT, to maintain and communicate situational awareness of PSECU''s security posture as it relates to Identity and Access Management.
13. Maintain familiarity with multiple systems and attacker tactics, techniques, and procedures in order to triage and perform rapid analysis of real-time data feeds, looking for indicators of compromise.
14. Independently follow procedures to contain, analyze, and eradicate malicious activity.
15. Document all activities during an incident and provide leadership with status updates during the life cycle of the incident. Work with the Information Security Operations Manager to create a final incident report detailing the events of the incident.
16. Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams
17. Support training and security awareness programs for employees, members, vendors, and other third parties.
18. Assist Internal Audit Services in coordinating all audit and regulatory examination activities for the ITS Department.
Minimum Experience:
Bachelor’s degree in Business, Computer Science, Information Management, or a related field, and three to five years’ experience in Information Security, Networking, and/or IT-related field, or any equivalent combination of experience and education.
Experience with Cloud Identity as a Service such as Microsoft Azure Active Directory, and Identity Federation protocols such as SAML2, WS-Federation, OAuth 2, OpenID Connect, etc.
MS Active Directory knowledge and experience in an enterprise environment is required.
Knowledge of Multi-factor authentication and Privileged user management systems.
Preferred Experience:
Certification in field of expertise is desired, i.e., Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate Security (CCNA Security)