Senior Security Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Overview: We are seeking a highly skilled and experienced Senior Security Engineer to join our team. As a Senior Security Engineer, you will be responsible for designing, implementing, and maintaining security solutions to protect Qualys systems, networks, and data. You will work closely with cross-functional teams to ensure the effectiveness of security measures and help establish and enforce security policies and procedures.

Responsibilities:

Design and Implement IAM Infrastructure:

• Architect and build IAM infrastructure components, including identity management systems, directory services, authentication mechanisms, and access control mechanisms.
• Architect, design, and implement cloud-based IAM solutions, considering the unique challenges and opportunities presented by cloud environments.
• Develop secure IAM frameworks and workflows, ensuring scalability, reliability, and high availability of IAM infrastructure.
• Collaborate with system architects and network engineers to integrate IAM solutions into existing infrastructure.

User Provisioning and Access Control:

• Develop and manage user provisioning processes, including account creation, modification, and deprovisioning, ensuring compliance with access policies and procedures.
• Implement role-based access control (RBAC) frameworks and access control models to grant appropriate access privileges to users based on their roles and responsibilities.
• Implement automated identity provisioning and deprovisioning processes, ensuring efficient onboarding and offboarding of users in cloud environments.
• Monitor and audit user access rights, regularly reviewing and revoking unnecessary or excessive privileges.

Identity Federation and Single Sign-On (SSO):

• Design and implement identity federation solutions, enabling secure and seamless authentication and authorization across systems and applications.
• Develop and configure Single Sign-On (SSO) solutions using industry-standard protocols such as SAML, OAuth, and OpenID Connect.
• Integrate identity federation and SSO with external service providers and cloud-based applications.

Security Policies and Procedures:

• Assist in the development and enforcement of IAM security policies, standards, and procedures.
• Develop and enforce cloud identity governance processes, including user lifecycle management, access certifications, and access review workflows.
• Conduct regular assessments and audits of cloud IAM infrastructure to identify and address security vulnerabilities, gaps in compliance, and deviations from established policies.
• Stay up-to-date with industry trends, emerging threats, and best practices related to IAM infrastructure security.
• Collaborate with stakeholders to ensure that IAM infrastructure aligns with compliance requirements and industry regulations.

IAM Infrastructure Maintenance:

• Monitor the performance, availability, and security of IAM infrastructure components, proactively identifying and resolving any issues or vulnerabilities.
• Conduct regular maintenance activities, including software updates, patches, and system upgrades, to ensure the integrity and reliability of IAM infrastructure.
• Implement backup and disaster recovery mechanisms for IAM infrastructure components.

Access Control and Authorization:

• Develop and maintain access control models, including RBAC, ABAC (Attribute-Based Access Control), and dynamic authorization frameworks, to ensure granular and appropriate access privileges across systems and applications.
• Implement fine-grained access controls based on user roles, job responsibilities, and data sensitivity, balancing security requirements with operational efficiency.
• Monitor and enforce access control policies, regularly reviewing access permissions to identify and remediate any unauthorized access or potential security risks.

Multi-Factor Authentication (MFA) and Adaptive Authentication:

• Design and deploy multi-factor authentication (MFA) solutions to enhance the security of user authentication processes.
• Implement adaptive authentication mechanisms that dynamically adjust authentication requirements based on user behavior, risk levels, and contextual factors.
• Evaluate and select appropriate MFA methods (such as SMS, email, tokens, biometrics) based on the organization's risk profile and user experience considerations.

Identity Lifecycle Management:

• Develop and maintain identity lifecycle management processes, including user provisioning, user attribute management, password management, and account termination procedures.
• Collaborate with HR, IT, and other relevant departments to ensure efficient and secure onboarding, role changes, and offboarding of employees, contractors, and external partners.
• Implement self-service capabilities for users to manage their identities, passwords, and access requests, reducing administrative overhead and improving user satisfaction.
• Collaborate with DevOps teams to integrate IAM processes into CI/CD pipelines, ensuring secure and efficient deployment of cloud infrastructure.

Monitoring:

• Capture and analyze user activity logs to detect suspicious behavior, such as unauthorized access attempts or privilege escalations.
• Monitor and log access control decisions, privilege changes, and administrative activities for auditing and compliance purposes.
• Enable logging and monitoring of cloud IAM services to track changes, detect security incidents, and support forensic investigations.
• Correlate IAM logs with other security logs to identify anomalies, detect insider threats, and investigate security incidents.

Vendor Management:

• Engage with IAM solution vendors, assess their products and services, and participate in the selection and procurement process.
• Collaborate with vendors on solution implementations, upgrades, and issue resolution, ensuring alignment with business requirements and security standards.
• Manage vendor relationships, including contract negotiations, service level agreements (SLAs), and ongoing vendor performance evaluation.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CISA, or IAM-specific certifications (e.g., CIAM, CIPP) are highly desirable.
• Proven track record of designing and implementing complex IAM solutions, preferably in a senior or lead role.
• In-depth knowledge of IAM concepts, frameworks, and best practices, including user provisioning, access management, authentication mechanisms, and identity federation.
• Familiarity with IAM tools and technologies, such as identity management systems, directory services, multi-factor authentication (MFA) solutions, and identity governance and administration (IGA) platforms.
• Understanding of cloud-based IAM solutions and integration with cloud platforms (e.g., Azure AD, AWS IAM).
• Experience with IAM governance processes, access certification, access review workflows, and risk-based authentication.
• Strong problem-solving and analytical skills, with the ability to assess complex IAM requirements, identify gaps, and propose effective solutions.
• Excellent communication and collaboration skills to work effectively with cross-functional teams, stakeholders, and external vendors.
• Strong project management skills to drive IAM initiatives, manage timelines, and deliver successful outcomes.