Information Security Engineer

Overview

• The candidate is expected to work in the identity and access management vertical within information security and support internal and external audits
• The candidate is expected to understand and be able to analyze applications, user lists, permission models, and appropriateness of access in support of identity and access management tasks
• The candidate is expected to serve Information Security, Sec-Ops vertical for establishing and maintaining identities and entitlements within IAM solutions
• The candidate should have good communication and presentation skills, can work well independently and with other teams, and be available for travel on an as needed basis
• The candidate can support the continued use of automation wherever possible to improve efficiency and accuracy of the risk management program
• Ability and desire to work in a fast paced, test-drive, agile, collaborative and iterative programming environment
• Ability to think clearly and articulate your vision with the appropriate technical depth

Responsibilities

• Support IAM governance, policies and solutions across SSO, directory, certificate, MFA, privileged accounts, automation and behavior analytics systems.
• Assess and resolve IAM issues that occur across the employee base, as well as with external entities.
• Evaluate business impact and risk exposure based on the level of access granted and make recommendations where improvements should be made.
• Document access, policies and exceptions, and maintain integrity for audit reviews.
• Make recommendations for improvements in automation efficiencies, security practices and end-user experience.
• Work closely with security leadership, teammates and stakeholders to evaluate and implement access models that align with organizational risk posture
• Execute tactical requests and support the strategic vision for rigorous and scalable IAM controls.
• Conduct audits of internal systems and applications including user lists, access lists, and permission models. Report on findings of audits, including remedial steps required
• Assist with incident response program from management of the incident to remediation, reporting and tracking
• Assist in implementing new technologies in collaboration/ coordination with Group security and loc

Qualifications

• Bachelor’s degree
• Familiarity with administering directory services, Windows and Azure AD, SSO, MFA and role-based access control (RBAC).
• Experience administering IAM systems, access controls, security and risk management, and security governance fundamentals.
• Knowledge of internal audits, incident response process, risk management, vendor risk management
• Experience with and familiarity with Cyber Security & Privacy Frameworks such as GDPR, HIPAA, CCPA, NIST, ISO 27001, SOC2 Type2, etc.