BCTG’s direct retail client is looking for a Full Time Remote IAM (Identity Access Management) Engineer
This position will manage and maintain BDF’s Role Based Security Model and continue its security roadmap by contributing to Identity and Access Management infrastructure improvements. The right candidate will have had hands-on experience with integrating Active Directory, Access Management solutions, Identity Providers (OKTA and/or Azure AD SSO), and more. Candidate with engineering and system administration experience preferred, but strong IAM architecture and design skills are a core requirement.
- Own end to Identity and Access Management processes and evolution.
- Manage all enterprise RBAC.
- Work with business to define new roles, and then internally in IT to execute.
- Document all roles and access and maintain up to date documentation
- Full automation of user provisioning with Powershell and SQL
- Communicate with senior executives, both verbally and in writing.
- Self-motivated, enthusiastic, detail oriented, multi-tasking, and adaptable
- Work in a team environment across multiple time zones.
- At least 6+ years of IAM/Active Directory experience within complex corporate IT environments
- Experience in implementation of Identity and Access Management solution, such as OKTA and Azure AD SSO
- Strong Powershell scripting experience a must.
- Working knowledge of REST APIs
- Extensive Experience with file level security within a RBAC environment
- Deep understanding and engineering hands on building solutions with Cloud based Identity solutions like Okta and Azure AD
- Expert Knowledge of Identity and Access Management methodologies, specifically as it relates to Role-Based Access (RBAC) and Policy Based Access (PBAC) control.
- Experience with Authorization Framework/Specifications such as OAuth2, OIDC, SAML, Single Sign-On solutions
- Knowledge of information security concepts. Deep working knowledge of at least one IAM tool/operating system.
- Experience with relational database management systems such Oracle, SQL Server etc.
- Active Directory Federation Services (ADFS), SAML, web Single Sign-on (SSO), OAuth and related
- Assessment, design, upgrades and pilots - implementations of enterprise directory services technologies
- Group Policies (GPO)
- One or more certifications such as CISSP or IAM Tool Specific Preferred
- Microsoft Migration Tools and authentication technologies
- Microsoft ADFS, Public Key Infrastructures Federated identity systems
- Multi factor authentication (MFA) both token and cloud.