Senior Infosec Identity Engineer

MIAMI, FL (Remote)

Applications have closed

World Fuel Services

At World Kinect, we ensure energy is there exactly when and where the world needs it today while investing in accelerating a more sustainable tomorrow. Keeping everything moving by solving complex challenges with a robust, scalable distribution...

View all jobs at World Fuel Services

At World Kinect, our employees are the key to our global success. We are industry leaders due to the innumerable talents of our approximately 5000 strong professional team. Our people thrive in an entrepreneurial and culturally-diverse environment, where innovative thinking, collaboration and efficient execution are highly valued. Our high-performance culture is what allows us to drive sustained growth. Stronger together, we promote an environment where individuals can thrive.


 

 

Essential Functions
  • Take a lead role in the delivery of BAU Identity and Access management operations.

  • Participate in the design, installation, maintenance, upgrades, and troubleshooting of applications and tools directly impacting the InfoSec Identity service deliverables.

  • Active Directory (AD), Azure Active Directory/Entra ID:

    • Analyze, design, implement, and support the hybrid on-premises and cloud Active Directory environment.

    • Collaborate with business and technical partners to integrate systems and applications with centralized authentication using AD.

    • Implement security baselines and recommended best practices for AD.

    • Provide subject matter expertise on Azure AD and Entra ID.

    • Support and maintain Entra ID Enterprise Applications and other integrated solutions

    • Collaborate closely with global cross-functional teams to ensure stability and security.

    • Support synchronization and federation between on-premises AD, Azure AD, and Entra ID.

    • Troubleshoot and optimize synchronization processes to maintain consistency across environments.

  • Privileged Management (PIM, PAM, and Endpoint Privilege Management):

    • Implement time-based and approval-based role activation to mitigate risks associated with privileged accounts.

    • Administer PAM platforms, CyberArk

    • Design and implement controls for managing privileged access on endpoints (Windows, macOS, Linux).

    • Collaborate with system administrators and security teams to enforce least privilege principles.

    • Implement and manage role-based access control (RBAC) for various systems and applications.

    • Define and enforce group-based access policies to elevate privileges when necessary.

  • Identity Governance and Administration (IGA):

    • Contribute during phases of design, configuration, deployments, and operations in the area of IAM.

    • Work on access management, identity governance, and identity management solutions.

  • AWS Identity and Azure Identity:

    • Leverage AWS Identity and Access Management (IAM) and Azure Active Directory for secure cloud identity management.

    • Integrate IAM policies and roles with AWS services and Azure resources.

    • Develop and maintain integrations between Entra ID and Linux-based systems.

    • Ensure seamless authentication and authorization for Linux users.

  • Automation of User and Device Onboarding/Offboarding:

    • Develop and maintain scripts or workflows to automate user and device provisioning and deprovisioning.

    • Streamline the onboarding and offboarding processes to enhance efficiency and security.

  • Application Certification and Secret Lifecycle Management:

    • Collaborate with application owners to certify and manage access to critical applications.

    • Ensure secure handling of application secrets (API keys, passwords, etc.) throughout their lifecycle.

  • Participate in on-call rotation, providing 24x7 escalation capabilities

  • Participation within incident response efforts as Incident Commander.

  • Other duties as assigned or directed.

Education, Experience, and Skills required
  • Proven experience as a Senior Active Directory/Entra ID Engineer or similar role with a 5 to 8 years of experience.

  • Advanced knowledge of Active Directory, Azure Active Directory/Entra ID, Lightweight Directory Access Protocol (LDAP).

  • Familiarity with PIM, PAM, and IGA concepts.

  • Experience with endpoint privilege management, AWS IAM, Azure AD, and Linux integration.

  • 1+ years of experience with cloud infrastructure, networking and security, preferably with AWS and Azure.  Platform certification are a plus.

  • Experience with orchestration and automation solutions utilizing a variety of API’s, scripting languages or commercial orchestration tools.

  • Experience with creating and reviewing workflow processes and technical documentation.

  • Comfortable with mentoring other team members, providing guidance and direction during incident response and engineering efforts.

  • Familiarity with regulations and frameworks such as NIST, PCI, SOC, HIPAA, SSAE 16/SOC 1, SOC 2, ISO 17799/27002

  • Preferred but not required:

    • Bachelor’s degree in CyberSecurity, computer science, Information Technology or related field or equivalent work experience

    • Relevant Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Azure Security Engineer Associate, or other industry certifications (e.g., CISSP, CISM, CompTIA Security+).

    • Certifications including but not limited to: CISSP – Certified Information
      Systems Security Professional, CISM – Certified Information Security
      Manager, ISSAP – Information Systems Security Architecture Professional,
      CEH – Certified Ethical Hacker, AWS Certified Solution Architect

World Kinect is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  3  2  0

Tags: Active Directory APIs Automation AWS Azure CEH CISM CISSP Cloud CompTIA Computer Science Cyberark Governance HIPAA IAM Incident response LDAP Linux MacOS NIST Scripting SOC SOC 1 SOC 2 Windows

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.