IAM Architect - The Fountain Group
Dallas, TX
About the Job
Hybrid Role. seeking candidates willing to be onsite in Tampa or Dallas, TX 2-3X per week. Must be willing to be local to one of those areas from Day 1 of employment.
Responsibilities
- Drive the Identity & Access Management and secrets management architecture roadmap and share with AES stakeholders.
- Participate in discovery workshops to understand Client’s & Workforce IAM and security needs and provide best practice recommendations to meet IAM use cases. Develop design and architectural diagrams that clearly communicate the proposed solution and flows.
- Actively participate in the cross-functional team meeting, developing project plans, implementation, testing, pre / post go-live activities, risk management and issue management.
- Architect solutions utilizing Ping Identity Products, PlainID and similar IAM products, such as IGA tools, Virtual Directory, PAM and Secret Management solutions.
- Create IT security standards easily consumed by stakeholders. Evaluate the existing application security controls, (on-premises and cloud), identify improvements, and build plans into the application security capability roadmap for implementation.
- Build access management security patterns (standardizing authentication/authorization flows, single-sign-on/MFA, provisioning, user behavior analytics, access governance system controls, privileged/secrets mgt) and designs as part of initiatives to modernize the DTCC access management security posture.
- Mentor junior security engineers and architects to enhance their cybersecurity and architecture skills.
- Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
- Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately.
Qualifications
- 8-10 years of related experience
- Bachelor’s degree preferred
- Strong cybersecurity experience is required in designing and implementing solutions for API Gateway, IGA and Virtual Directory capabilities using PingIdentity, PlainID, SailPoint, RadiantLogic and Apigee etc.
- Experience with standard IAM security protocols & technologies (E.g.: SAML, OAuth, OIDC, RACF, LDAP, ID Federation, SSO, MFA, UEBA) is required.
- Strong experience is required in designing integration of Ping Identity or other similar products with z/OS RACF, AD/AAD, LDAP and other IdPs for SSO with phishing-resistant MFA.
- Experience with designing / deployment of fine-grained Policy Based Access Control & Dynamic Authorization using products like PlainID, PingAuthorize and/or Axiomatics.
- Strong knowledge of Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K and NIST) & security architecture frameworks.
- Experience with identity threat Analytics, Detection and Response.
- Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred
- Strong communication skills with the ability to present in front of large audience.
Source : The Fountain Group