Job Description :
Title: LDAP Specialist
Location: Winston Salem, NC
Duration: 6 month contract with potential to extend
Interview: Phone
Experience in the design and implementation of LDAP solutions, in addition to administrative tasks.
Situations involving design and implementation of complex LDAP DITs with multiple functions and automation integration points supported
Situations involving detailed analysis of existing solutions, and formulation of new solutions for complex, scalable, replicated LDAP server configurations on Unix platforms
Situations calling for integration and migration of multiple LDAP DITs into single DIT forms
Tasks involving the creation of automation for LDAP administration tasks
Projects where candidate provided LDAP design services and/or engineering-level leadership for complex LDAP integration efforts
Responsibilities Include:
Manage and maintain IAM systems and documentation.
Design, build, and maintain LDAP schemas using IBM Security Directory Services (ISDS) and associated administrative client software.
Act as a lead IAM systems engineering resource for multiple parallel project efforts, helping to drive the technical components of the project to completion.
Analyze and assess existing IAM/LDAP systems and identify gaps leading to potential improvements throughout the technology lifecycle.
Provide technical leadership for support and resolution of production problems, always seeking to identify root cause and prevent future recurrence.
Work closely with IT and business units to ensure identity and access solutions meet or exceed security policies and regulatory compliance requirements.
Design, develop and implement identity and access management security across TCH''s infrastructure supporting role-based access entitlements, schemes and definitions.
Support the LDAP environment and work with other groups that rely on the LDAP service to resolve issues and/or integrate (configure) applications to best work with LDAP.
Ensure quarterly access recertifications are performed accurately and completely, with auditable evidence of all activities.
Facilitate business process design as it relates to managing identities and access privileges such as architecture, delegated administration models, workflow models and access control models.
Create scripts, employ tools, develop automation techniques, and pursue ideas to increase the manageability, efficiency, capability, capacity, and security of IAM systems.
Design and document efficient, repeatable and measurable human processes for deploying, maintaining, administering, and supporting IAM technologies.
Create comprehensive engineering documentation including functional requirements, technical designs, network diagrams, workflow diagrams, application communications diagrams, configuration documents, support documentation, and procedural documentation.
Work with risk management personnel to help identify and articulate issues creating risks to the business and/or technology environment, and then work to help remediate, remove, or mitigate those risks.
Participate in audit and compliance activities, always seeking to ensure that technology systems and human processes produce accurate and reliable evidence of compliance with regulatory requirements and standards.
Provide security consulting to TCH’s technology, operations, and business on an ongoing basis.
Serve as the primary contact point for stakeholders regarding IAM services.
Minimum Skills & Qualifications:
Outstanding written and verbal communication skills, with a high degree of professionalism and strict attention to detail.
5+ years of Unix systems administration experience.
3+ years of experience with designing, installing, maintaining, and administering LDAP server software on Unix server platforms
Demonstrated subject matter expertise with LDAP protocol and LDAP command line utilities.
A track record of success with designing and implementing complex LDAP directory schemas to meet business application requirements.
Experience with advanced LDAP operations such as schema extension, merging directory structures, advanced queries, and complex client configurations.
Broad knowledge in authentication systems, risk analysis, threat mitigation, and other security domains.
Ability to translate business requirements into technical specifications.
Preferred Skills & Qualifications:
Experience with LDAP administration using IBM Security Directory Services (ISDS) server software
3+ years of Unix systems administration experience on Red Hat Enterprise Linux (RHEL) and/or IBM AIX
Bachelor''s degree in engineering, computer science, or a related field with minimum of 5 years of technology-focused experience. An additional 4 years of relevant experience may be substituted in place of the degree requirement.
CISSP and other industry certifications are strongly desired.
Experience with large-scale enterprise directory solutions spanning multiple business functions and geographic locations.
Experience integrating LDAP with custom-developed application solutions.
Proficiency in Unix shell scripting and/or one or more of the following scripting languages: Perl, ksh, tcl, Expect
Experience maintaining access control system to meet PCI-DSS compliance requirements
Understanding of Public Key Infrastructure and related Public Key Cryptographic Standards.
Strong analytical and problem solving skills.
Ability to work with all levels within the organization.
Other Desirable Skills:
Customer-focused and attentive to end-user needs, with the ability to manage competing priorities.
Strict adherence to established internal procedures and guidelines.
Motivated to practice self-development and continuous learning to increase knowledge, skills and abilities in technical and non-technical areas.
Basic understanding of regulations and governmental initiatives impacting the TCH technology environment and systems
Ability to communicate with appropriate teams to ensure proper understanding of potential gaps, and propose strategic but practical response policies, plans, and projects.
Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.
Experience with financial regulatory requirements such as PCI DSS and FFIEC and governmental initiatives such as NIST Cyber Security framework, CIS and DISA
Experience using control frameworks (ISO, CoBit, COSO, NIST, etc)