IT Identity Engineer III

Responsibilities and Duties:

As a Senior InfoSec Identity Engineer, you will play a critical role in ensuring the security, stability, and scalability of our organization’s identity and access management systems. Your expertise will be essential in integrating and maintaining the following technologies:

1. AWS Identity and Azure Identity:

Leverage Microsoft Entra ID integrations with AWS Identity and Access Management (IAM) solutions and for secure cloud identity, role and permissions management.

Integrate IAM policies and roles with AWS services and Azure resources.

Manage identities, roles and permissions across multiple large and micro-sized AWS accounts.

Develop Identity monitoring processes, and ensure the SOC, Incident Response and Identity Operations teams have visibility and response capabilities within both infrastructure platforms.

2. Active Directory (AD), Azure Active Directory/Entra ID:

Analyze, design, implement, and support the hybrid on-premises and cloud Active Directory environment.

Collaborate with business and technical partners to integrate systems and applications with centralized authentication using AD.

Implement security baselines and recommended best practices for AD.

Develop and maintain integrations between Entra ID and Linux-based systems ensuring seamless authentication and authorization for Linux users.

Provide subject matter expertise on Azure AD and Entra ID.

Support and maintain Azure AD Federation Services (ADFS) environments and Entra ID Enterprise Applications.

Collaborate closely with global cross-functional teams to ensure stability and security.

Support synchronization and federation between on-premises AD, Azure AD, and Entra ID.

Troubleshoot and optimize synchronization processes to maintain consistency across environments.

3. Privileged Management (PIM, PAM, and Endpoint Privilege Management):

Implement time-based and approval-based role activation to mitigate risks associated with privileged accounts.

Administer PAM platforms, including Centrify, CyberArk, and Quest Active Roles Server.

Design and implement controls for managing privileged access on endpoints (Windows, macOS, Linux).

Collaborate with system administrators and security teams to enforce least privilege principles.

Implement and manage role-based access control (RBAC) for various systems and applications.

Define and enforce group-based access policies to elevate privileges when necessary.

4. Identity Governance and Administration (IGA):

Contribute during phases of design, configuration, deployments, and operations in the area of IAM.

Work on access management, identity governance, and identity management solutions.

5. Automation of User and Device Onboarding/Offboarding:

Develop and maintain scripts or workflows to automate user and device provisioning and deprovisioning.

Streamline the onboarding and offboarding processes to enhance efficiency and security.

6. Application Certification and Secret Lifecycle Management:

Collaborate with application owners to certify and manage access to critical applications.

Ensure secure handling of application secrets (API keys, passwords, etc.) throughout their lifecycle.

Qualifications:

• Proven experience as a Senior Active Directory/Entra ID Engineer or similar role with a minimum of 8 years of experience.
• · Advanced knowledge of Active Directory, Azure Active Directory/Entra ID, Lightweight Directory Access Protocol (LDAP), and Active Directory Federation Services (ADFS).
• · Familiarity with PIM, PAM, and IGA concepts.
• · Experience with endpoint privilege management, AWS IAM, Azure AD, and Linux integration.
• · Relevant Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Azure Security Engineer Associate, or other industry certifications (e.g., CISSP, CISM, CompTIA Security+).