The Identity and Access Management Engineer is responsible for planning, designing, configuring, testing, and troubleshooting of system processes and procedural methodologies intended to be used for the creation, deployment and maintenance of the cloud SSO and on premise IAM systems. This position will coordinate the IAM infrastructure by enhancing, maintaining, analyzing and help with deploying cloud authentication for internal and cloud applications and ensure the integrity and reliability of the IAM enterprise environment. The Identity and Access Management Engineer operates as the IAM Subject Matter Expert (SME), and provides 3rd level production support. Performs related work. Qualifications
- Experience required in following areas: Web Single Sign-on, Federated Identity, Multifactor Authentication, Identity & Access Management.
- Overall experience 5-7 years with minimum of 3-5 years experience in supporting IAM technologies of a medium to large enterprise including one of the following product suites. Okta, ISIM, or CA Site Minder experience is desirable.
- IBM Tivoli Identity/Access Management and Okta for SSO
- Good understanding of LDAP or AD directories.
- Conceptual understanding of network infrastructure background including firewalls, proxies
- Ability to handle competing priorities and meet tight deadlines.
· Provides in depth technical expertise in IAM technologies with a primary focus on ISIM, TDI, TDS, Okta, Active Directory, Federation, Azure AD, AAD Sync, MS Cert services, Okta SSO, and multi factor authentication.
· Supports the Okta based access management solution for external Single Sign on.
· Works directly with business owners on reviewing the design and integration requirements for IAM infrastructure, which includes the user lifecycle applications.
· Works with business owners on integrating and supporting the SAML based identity provider.
· Develops, tests, implements and supports all system enhancements and IT services used by the IAM platform.
· Recommends and participates in developing, testing, implementation and support of all enhancements to the systems and services and technologies used by the IAM platform.
· Develops and maintains system configurations, and processes design documentation and operating procedures.
· Maintains and assesses operational requirements and service issues for improvement opportunities.
· Maintains and upgrades the Identity Management system infrastructure, which includes ensuring the continued operation of the production servers, staging servers, ITIM servers, database servers and Okta service. Monitors all server replications for functional continuity. Checks log, and troubleshoot errors.
· Performs health checks of IAM platforms, to ensure that service is operating at optimum levels. Creates and maintains monthly reports that gauge the IAM service against key performance indicators.
· Configures and maintains end-to-end Tivoli Identity Manager Environment (TIM, WAS, TDS, DB2) on a Windows platform.
· Leads, coordinates, troubleshoots and oversees the Auto Provisioning and Manual Provisioning accounts creation to ensure that all new user account requests are recorded and the user’s record has been created in ITIM and pushed into target platforms (Active Directory, Okta, and LDAP). This includes ensuring that proper access has been granted to all new users.
- Tracks and communicates the status of business initiative projects to management.
· Defines system requirements, proposes potential solutions and coordinates the implementation or modification of technology and/or process automation solutions.
· Provides leadership and management to internal and external teams through direction, setting of priorities, developing project plans and coordinating resources to accomplish organizational and departmental goals and initiatives.
· Coordinates and defines strategic technical solutions to business processes and owns the integrity of the solution through customer acceptance and final disposition.
· Participates in the planning, development and deployment of new and updated identity and access management services into production.
· Develops identity management strategies, architectures and implementation plans.
· Provides technical input in development of Authentication and Authorization standards and processes.
· Recommends and implements best practices for operational monitoring and capacity planning for IAM products.
· Communicates (written/verbal) with department manager, management, key users, and external vendors.
· Acts as a resource for direction, training, and guidance.
· Ensures that system improvements are successfully implemented and monitored to increase
· Key Relationships: Works collaboratively within the areas of Information Technology (IT), Enterprise Risk and Compliance, internal business units, Human Resources, Financial Operations and other external entities. Required Skills
· Provides in depth technical expertise in IAM technologies with a primary focus on Active Directory, Federation, Azure AD, AAD Sync, MS Cert services, SSO, multi factor authentication, along with a working knowledge of competitive technologies.
· Able to support and enhance components that require custom java code (ISIM workflows)
· Minimum 3 years of experience with MS PKI.
· Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP, and Single Sign On (SSO) solutions.
Other Key skills
- Experience with LDAP installation, configuration and troubleshooting
- Hands-on experience with Active Directory in a large-scale mission-critical environment
- Experience in architecting directory solutions and designing enterprise LDAP implementations
- Knowledge of SolarWinds enterprise management tools
- Strong troubleshooting and conflict resolution skills
- Knowledge of proper IT security procedures, positive customer interface skills; strong troubleshooting and conflict resolution skills
- Experience working in a team-oriented collaborative environment
- Knowledge and skill in using Mainframe (RACF), IBM Tivoli Identity Manager, Tivoli Websphere, TDI 7, TDS 6.2.
- Good Understanding of ADFS,SAML and AD in the Cloud (Azure, Okta)
- Securing cloud based platforms, including Sky Fence, Amazon AWS, etc.
- Experience with identity management solution architecture design
- Hands on experience of performance tuning and troubleshooting for ITIM V6
- Knowledge of LDAP and hands on experience of IBM Tivoli Directory (TDS) Server installation and administration.
- Knowledge of identity governance concepts (role management, separation of duties)
- Knowledge of designing and developing customized ITIM workflows.
- Knowledge of designing and developing roles, provisioning policies, ACI and adoption rules in ITIM.
- Experience with IT Security processes, policies and procedures.
- Knowledge and skill in network administration, including skill with Microsoft Active Directory.
- Knowledge and skill with identity management systems, including user provisioning, RBAC, & segregation of duties solutions.
- Ability to research, investigate, and analyze findings.
Aaron KotikalaApTask email@example.com
379 Thornall Street, 6th Floor | Edison, NJ 08837