IAM Architect - The Fountain Group

Hybrid Role. seeking candidates willing to be onsite in Tampa or Dallas, TX 2-3X per week.  Must be willing to be local to one of those areas from Day 1 of employment. 

Responsibilities

• Drive the Identity & Access Management and secrets management architecture roadmap and share with AES stakeholders.
• Participate in discovery workshops to understand Client’s & Workforce IAM and security needs and provide best practice recommendations to meet IAM use cases. Develop design and architectural diagrams that clearly communicate the proposed solution and flows.
• Actively participate in the cross-functional team meeting, developing project plans, implementation, testing, pre / post go-live activities, risk management and issue management.
• Architect solutions utilizing Ping Identity Products, PlainID and similar IAM products, such as IGA tools, Virtual Directory, PAM and Secret Management solutions.
• Create IT security standards easily consumed by stakeholders. Evaluate the existing application security controls, (on-premises and cloud), identify improvements, and build plans into the application security capability roadmap for implementation.
• Build access management security patterns (standardizing authentication/authorization flows, single-sign-on/MFA, provisioning, user behavior analytics, access governance system controls, privileged/secrets mgt) and designs as part of initiatives to modernize the DTCC access management security posture.
• Mentor junior security engineers and architects to enhance their cybersecurity and architecture skills.
• Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
• Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately.

Qualifications

• 8-10 years of related experience
• Bachelor’s degree preferred
• Strong cybersecurity experience is required in designing and implementing solutions for API Gateway, IGA and Virtual Directory capabilities using PingIdentity, PlainID, SailPoint, RadiantLogic and Apigee etc.
• Experience with standard IAM security protocols & technologies (E.g.: SAML, OAuth, OIDC, RACF, LDAP, ID Federation, SSO, MFA, UEBA) is required.
• Strong experience is required in designing integration of Ping Identity or other similar products with z/OS RACF, AD/AAD, LDAP and other IdPs for SSO with phishing-resistant MFA.
• Experience with designing / deployment of fine-grained Policy Based Access Control & Dynamic Authorization using products like PlainID, PingAuthorize and/or Axiomatics.
• Strong knowledge of Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K and NIST) & security architecture frameworks.
• Experience with identity threat Analytics, Detection and Response.
• Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred
• Strong communication skills with the ability to present in front of large audience.