Job Description :


The responsibilities will include the ability to develop and maintain the Enterprise-wide Identity Access Management (IAM) program. This position requires a highly skilled technical individual that will perform activities related to securing and expanding the foundation to support the IAM operation for all MTA agencies Operational and Information Technology Networks.


·         Project management expertise with implementations in a large-scale enterprise Operational Technology and Informational Technology environments.

·         This position will also heavily require experience in implementing IAM technologies in mission critical networks which require the highest levels of security (life safety, transportation systems, etc.).

·         Strong understanding of Active Directory Architecture in highly secure environments (Red Forest).

·         Hardening of directory, secure structure, auditing of the directory and implementation of controls into the directory.

·         Strong knowledge of Auditing Tools.

·         Ability to identify and manage risk in the IAM space.

·         Privilege Access Management for Operational and Information Technology Networks.

·         Strong understanding of PKI and smartcard deployments (password less environments for on-premise and cloud environments).

·         Strong understanding of REST API and integration of tools.

·         Experience in network user account security, compliance and access best practices.

·         Experience with web services security solutions and application integration concepts.

·         Familiarity with Governance and Compliance issues and solutions as it relates to Identity Management,

·         Understanding and designing IAM solutions for heterogeneous environments and systems.

·         Working knowledge of a broad range of current security appliances, tools, and applications and security methodologies.

·         Excellent verbal and written communication skills.

·         Ability to clearly present and explain technical information.

·         Strong analytical and organizational skills.

·         Demonstrated competency in resolving diverse and complex business problems.

·         Must be able to work outside of normal working hours as needed to support and resolve security needs


·         Architect, Recommend Solutions, Support, maintain and develop the security infrastructure to support all MTA Agencies under a centralized Identity Access Management (IAM) System

·         Administration and support of Privileged Access Management (e.g., BeyondTrust Password Safe)

·         Administration and support of Two-factor authentication (e.g., Duo Security, Azure)

·         Administration and support of Smartcard for MFA (e.g., Yubikeys, Certificate etc.) technologies

·         Strong understanding of SAML 2.0, WsFed, Kerberos, and Active Directory and LDAP

·         Provide administrative support for the MTA Enterprise-wide IAM and the associated systems

·         Test and recommend patches and upgrades related to the Directory infrastructure, test and implement advanced authentication methods and coordinate maintenance on all associated IAM servers

·         Establish and maintain the approval workflows required for each connecting application

·         Manage the web interfaces used for user logins and user password self-service systems

·         Assist with coordinating the build-out of IAM connectors to requested applications or systems

·         Investigate and report back to management all issues and problems with published work flows

·         Support and maintain the user password self-service systems

·         Research and implement the upcoming technologies related to user authentication

·         Assist with the managing the login and access control lists (ACL), such as but not limited to: Application Client, Single Sign-On and Client Trust services

·         Maintain production application(s) in a running state on a 24 hour, 7 days a week basis.

·         Assist with the timely and appropriate conduct of all mandated Security related access certifications and audits

·         Participate in all disaster recovery drills.

·         Familiar with BeyondTrust Privileged Remote Access (PRA). This solution empowers security professionals to control, monitor, and manage privileged users' access to critical systems.


·         6+ years of experience in Information Security

·         3+ years of experience in Infrastructure

·         5+ years of experience in IT Security Administration

·         5+ years of experience in Microsoft Active Directory

·         5+ years of experience in Project Management

·         6+ years of experience in Security

·         5+ years of experience in Coaching or Mentoring Co-Workers.

Additional Skills and Information: 

·         Teamwork and Leadership



Similar Jobs you may be interested in ..