Senior Security Engineer – Cloud Identity – Remote Opportunity

n this role, you will have the opportunity to design and implement secure cloud/on-prem infrastructure and systems. Your experience with the cloud identity aspects of privilege access, secrets management and federated authentication will be used to create roadmaps and enhance the existing identity ecosystem for secure integration, utilization, and maintenance. You’ll collaborate with colleagues, stakeholders and external team members supporting architecture assessment, vulnerability assessment, and security operations. In addition, research, testing and advising of new technology security requirements and future capabilities will be pursued to drive objectives, goals, strategies and measurements of the Privileged Access Management tool suite.

Job Responsibilities:

• Experience with IT and cybersecurity architecture across the systems development lifecycle in cloud security engineering, requirements development, implementation, and maintenance.
• Experience with cloud computing platforms including IaaS, PaaS, and SaaS delivery models – key technologies include Google Cloud Platform (GCP)/AWS, container services.
• Experience with design, develop, enhance and operational maintenance HashiCorp and BeyondTrust/Cyberark for privilege access management.
• Understand and manage SSH key management along with creating platforms, policies and safes within HashiCorp Vault and Okta Advanced Server Access(ASA).
• Collaborate with governance, risk and external stakeholders to ensure secret standards and auto-rotation of keys/credentials are implemented and operating effectively.
• Experience with Identity and Access Management architectures and solutions, including Microsoft Active Directory management, role-based access control, SSO, MFA, and identity lifecycle management.
• Mentors, pairs and assists engineers and share/implement best practices.
• Experience with at least one scripting language among Powershell or Python.
• Knowledge of security best practices in hardening and protecting cloud/on-prem environments, networks, servers, endpoints, applications, and databases.
• Experience with proof of concepts (POC), feature exploration and incorporation of the assessed in the existing identity ecosystem.
• Leverages critical thinking, experimentation, data, and industry best practices to achieve desired business outcomes.
• Experience with monitoring/logging IAM services, including applications and systems, and resolve or escalation issues as and when required.
• Provide coverage and periodic on-call support for the IAM services.

QUALIFICATIONS

• A team player who brings innovative security knowledge, communication skills.
• Strong understanding of IAM and secrets/key integration technologies and process flows for user lifecycle management.
• Platform knowledge around GCP (preferred) or AWS, specifically around IAM roles, custom roles, service accounts, key management services (KMS), org policies.
• Ability to understand and work with passwordless authentication security and infrastructure.
• Strong understanding of authorization and authentication protocols/controls.
• Experience with migrations of identity solutions from on-prem to the cloud and cloud-native adoption.
• Knowledge of modern enterprise and identity architectures, common approaches to overcome their challenges, and it’s inherent security strengths and weaknesses.
• Experience in designing, assessing or implementing security controls, or reviewing security posture of the identity ecosystem.
• Experience with common automation tools such as Gitlab CI/CD, Terraform.
• Experience with logging, monitoring and alerting for key integrations by leveraging tools like Splunk, BigPanda etc.