Senior IAM Security Engineer - EPAM Systems

The Senior IAM Engineer helps architect, deploy and operate a secure application infrastructure that aligns with business needs.

The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within a cloud computing infrastructure. An advanced role, the Senior IAM Engineer helps deliver applications at scale and with resiliency to support business initiatives. The Senior IAM Engineer is also expected to possess administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The Senior IAM Engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.

Responsibilities

• In tandem with security leadership, the Sr. IAM Engineer will consistently assess the threat landscape and adapt quickly to protect the business from risk

• Design and implement security architectures and strategies to safeguard information system resources and assets

• Ensure integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives

• Identify opportunities for security process improvement

• Provide support for critical security infrastructure components to ensure system availability

• Mentor fellow team members and other associates in security best practices

• Maintain awareness of security technology direction, trends, and related issues

• Develop a long-term strategy for supported security systems

Requirements

• 7+ years of experience in IAM lifecycle management, access management (SSO, SAML, OIDC), identity governance, privileged access management, etc

• Single Sign-On (SSO) technology – skills deploying and supporting Single Sign-on (SSO) of applications within an organization. Must include support skills such as tracing, logging, and real-time troubleshooting

• Federated SSO - Security Assertion Markup Language (SAML) and/or OpenID Connect (OIDC) skills required to support both internal and vendor authentication. Must include support skills such as tracing, logging, and real-time troubleshooting

• Scripting/programming – Ability to design, write, update, and troubleshoot code to resolve issues, create efficiencies, and/or integrate systems. Current specific needs are in Python, Javascript, Bash, and Powershell (in most needed to least needed). Knowledge of other scripting/programming languages and willingness to learn new technologies is a plus

• Proficiency in HTTP debugging/troubleshooting, using debugging web proxies like Fiddler/SAML-Tracer (or others)

• General knowledge of Active Directory (AD) or other LDAP Directory Services, especially querying/updating through scripts/programs

• Develop identity and access management solutions in Okta and Auth0

• Experience with SecureAuth IdP

• Multi-factor authentication (MFA) technology – skills deploying and supporting MFA technology for internal and internet-facing application requirements

• General knowledge of Virtual Directory Services, Certificates/Public Key Infrastructure (PKI), Identity Management concepts, Cloud Technology, and device authentication

We offer

• Medical, Dental and Vision Insurance (Subsidized)

• Health Savings Account

• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)

• Short-Term and Long-Term Disability (Company Provided)

• Life and AD&D Insurance (Company Provided)

• Employee Assistance Program

• Unlimited access to LinkedIn learning solutions

• Matched 401(k) Retirement Savings Plan

• Paid Time Off – the employee will be eligible to accrue 15-25 paid days, depending on specific level and tenure with EPAM (accrual eligibility may change over time)

• Paid Holidays - nine (9) total per year

• Legal Plan and Identity Theft Protection

• Accident Insurance

• Employee Discounts

• Pet Insurance

• Employee Stock Purchase Program

• If otherwise eligible, participation in the discretionary annual bonus program

• If otherwise eligible and hired into a qualifying level, participation in the discretionary Long-Term Incentive (LTI) Program