IAM Authentication Engineer
Remote, CO
Smithfield Foods
Smithfield Foods has built a trusted name with customers and consumers for over 85 years with a mission to provide “Good food. Responsibly.®”If you are currently employed at Smithfield, please log into Workday and submit your application through the Jobs Hub.
A great job-and a great future-awaits you at Smithfield Foods. We are an American food company with a leading position in packaged meats and fresh pork products. We’re looking for motivated people who want to join our team and grow lasting and meaningful careers with us. Apply Now!
Your Opportunity
Our team members receive industry-competitive salaries and are eligible for great benefits packages:
Competitive Pay
Annual Bonus Earning Potential
Comprehensive Health Insurance, Retirement Benefits and More
Education benefit available to full and part time Smithfield team members on their first day of employment.
In addition, we offer opportunities for career growth, professional development, and tuition assistance.
The position summary states the general nature and purpose of the job. Overall accountabilities are defined in this section.
The IAM Authentication (AuthN) Engineer performs as a highly motivated and experienced Authentication Engineer to support various programs and strategic initiatives within the company. This position will lead the effort to architect and implement modern authentication protocols and platforms for securing networks, IT assets, applications, cloud, and third-party services.
Success in this role requires the ability to collaborate at multiple levels of the cybersecurity team, the ability to weigh risk against the impact to business operations, and proven technical cybersecurity and access management experience for a rapidly growing organization.
Core Responsibilities
Serves as a key advisor to the Sr Director of Identity and Access Management (IAM) and regularly meets with the IAM Team to review and advise on best practices in directory, authentication, federation and single sign-on (SSO) requirements and work programs.
Works closely with application teams in implementing MFA, Federation and SSO solutions.
Works closely with business units, partners, IT infrastructure and application teams to gather and implement directory and authentication requirements to secure access to IT assets, applications, cloud services and third-party services.
Administers directory and authentication solutions, including but not limited to Active Directory (AD), Azure Active Directory (AAD), Okta, and Centrify.
Uses a threat-based, intelligence-led approach and collaboration inside and outside the security team to continuously assess existing capabilities and identify future requirements for directory and authentication services.
Collaborates with other cybersecurity engineers and analysts in the IT and OT organizations to manage security threats and response capabilities.
Coordinates with Human Resources (HR) in onboarding and offboarding workforce activities and establishing authoritative sources for identities.
Manages multiple AD domains and forests and engages with other Infrastructure groups as necessary to support the AD environment.
Develops, reviews, and maintains a backlog of strategic and tactical AD initiatives to reduce risk, increase usability and operational effectiveness.
Writes and reviews Active Directory policies, standards, and processes across the company to support business, strategic, security and regulatory needs.
Creates and enforces password and authentication policies.
Leads and provides guidance on authentication projects. Project management includes prioritization of activities, defining objectives, milestones, writing project status reports and ensuring overall successful on-time implementation and deployment.
Maintains technical expertise, relevant industry standards and best practices as assigned in authentication technologies such as:
Active Directory and Azure Active Directory, LDAP, Okta, Kerberos, RADIUS
Federation, SSO
SAML, OAuth, OIDC, PKI
REST, SOAP, SCIM
Multi-factor authentication (MFA), Frictionless authentication, Conditional/Adaptive authentication
Password vaulting and PAM
Participates in a rotating emergency on-call as well as respond to Critical Incident Response Team activations.
Manages vendor relationships.
Ensures that historic risks are managed, understood, and used in future decisions and maintain flexibility in team to adapt to evolving risk landscapes.
Responsible to meet KPIs and KRIs and adapt to changes in the authentication landscape.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. May perform other duties as assigned.
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals to perform the essential functions.
Bachelor’s degree from an accredited four-year college or university in IT, Cybersecurity, Computer Science or related field and 5+ years’ relevant experience; or equivalent combination of education and experience, required.
CISSP, CISM or equivalent security certification preferred.
5+ years of Active Directory management and security preferred.
Deep understanding and experience in implementing MFA, Federation and SSO with Okta.
Experience in using PowerShell and Unix Shell Scripting
Experience with "defense-in-depth" and “defense-in-breadth” principles and technology.
Understanding of frameworks such as NIST CSF, NIST SP 800-53, ISO 27001.
Experience working in a multinational company with complex integrated environments in Information Technology (IT).
Experience in Operations Technology (OT) desired.
Broad and deep knowledge of business, technology/IT and cybersecurity technologies and approaches.
Ability to leverage industry best practices and previous experiences while remaining creative and innovative.
Proven ability to work effectively as both a self-driven, autonomous remote individual contributor and on a diverse team of engineers.
Advanced documentation, organization, prioritization, and analytical skills.
Ability to handle proprietary and sensitive information in a confidential manner.
Proven ability to execute multiple tasks efficiently and effectively using tools and/or processes.
Ability to be respectful, approachable and team oriented while building positive working relationships in matrixed environments.
Additional Desired Skills
Experience in MS Azure/AWS security and protection technologies.
Familiarity with Windows and Linux internals.
Experience with PKI, Certificate Management and VPN.
Familiarity with OWASP TOP 10 vulnerabilities, SANS 25, MITRE and CWEs.
Familiarity with relational databases and SQL.
Work Environment & Physical Demands
Occasionally required to work in wet or humid conditions (non-weather); work near moving mechanical parts; fumes or airborne particles.
Noise level in the work environment is usually moderate.
Although most of the work will be performed in an office environment, must be able to visit and work in a plant, warehouse, distribution center or other manufacturing facility.
EEO/AA Information
Smithfield is an equal opportunity employer committed to workplace diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, protected veterans status, status as a disabled individual or any other protected group status or non-job characteristic as directed by law.
If you are an individual with a disability and would like to request a reasonable accommodation for any part of the employment selection process, please call us at 757-357-1595.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory AWS Azure Certificate management CISM CISSP Cloud Computer Science IAM Incident response ISO 27001 IT infrastructure Kerberos KPIs LDAP Linux NIST NIST 800-53 Okta OWASP PKI PowerShell RDBMS SAML SANS Scripting SQL SSO UNIX VPN Vulnerabilities Windows
Perks/benefits: Career development Competitive pay Health care Insurance Salary bonus Signing bonus Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.