Location
Bangalore | India
Job description
Responsibilities
What will you contribute The Identity and Access Management (IAM) Engineer: SailPoint will help facilitate the tactical and strategic advancement of Finastra's IAM program, which includes Identity Governance & Administration (IGA) and Privileged Access Management (PAM) solutions. As part of the broader Information Security organization, this role will participate in a multidisciplinary information security team, applying fundamental systems security understanding, skills, expertise, and experience to maintain and operate complex information systems and security tools that satisfy organizational mission and/or business requirements, including stakeholder protection needs and security requirements. The role will also be responsible for researching, planning, coordinating, and implementing IAM solutions. The ideal candidate will be self-directed and work effectively in a diverse team environment.
Responsibilities & Deliverables: - Owns the configuration, administration, and maintenance of current solution technologies: SailPoint IdentityNow (IDN) and DUO MFA, including both the infrastructure as well as the application itself
- Owns all the integrations to and from our IGA and MFA platforms
- Works with the teams for other Enterprise Applications (HRIS, directories, ticketing) and the Helpdesk as needed to tackle failures of normal data flow
- Engages with SailPoint Support when a product failure is suspected
- Provides input to the IAM roadmap as it pertains to our current and future solution technologies and aligns priorities to support the roadmap's realization
- Extends the functionality of the IdentityNow product through PowerShell scripts running against the IDN API using agile methodology and following appropriate change management procedures
- Identifies opportunities for improvement in code and processes and comes up with detailed solutions
- Addresses the L3 (engineering) ticket queue in a timely fashion and provides a backstop when Operations personnel cannot handle an issue
- Oversees access control governance procedures, including periodic access reviews
- Drives IAM initiatives to improve our broader security posture, provides hands-on support for them as needed, and demonstrates their progress by means of metrics
- Owns the relevant documentation and training required for IAM initiatives and routines (e.g.: runbooks for the Ops team and Helpdesk, as well as end-user guides)
- Effectively communicates with the larger cybersecurity organization, other teams and all levels of management using detailed analysis of data and summaries for both technical and non-technical audiences
- Understands risk, thinks through the security impact of decisions, and communicates clearly and concisely to advocate for security throughout the organization
- Stays current on security trends and industry best practices, providing input and recommendations based on research
Knowledge / Skills: - Extensive knowledge of IAM concepts, e.g.: authentication, authorization, account lifecycle (joiner, mover, leaver), password policies, MFA principles, RBAC/ABAC, least-privilege, zero-trust, etc.
- In-depth experience and granular knowledge of the SailPoint object model, gained from either IdentityIQ or IdentityNow
- Knowledge of basic data structures and understanding of algorithmic complexity a must
- Version control (git) required
- Ability to read and write complex scripts in PowerShell required
- Automated deployment for PowerShell scripts and libraries a plus
- Experience using other programming languages (Java, C#, Python, C++, etc.) a plus
- Ability to autonomously find answers from documentation, the API, and the web
- Familiarity with compliance organizations and standards (i.e., SOX, PCI, etc.)
- Knowledge of LDAP/Active Directory, and relevant IT architecture
- Knowledge of both Windows and Unix platforms (bash scripting a plus)
- Knowledge and understanding of REST API concepts (authN/authZ, verbs, JSON representation of objects)
- Knowledge of PKI architecture, SSL/TLS, MFA, OAuth principles, and the ability to apply that knowledge in troubleshooting
- Knowledge of web technologies (XML, HTML, etc.), SaaS applications, network operations (networks, protocols and email [SMTP, POP3]) a plus
- Microsoft Office knowledge (especially the ability to use Excel to quickly analyze CSV or other tabular data) a plus
- Familiarity with DUO MFA administration a plus
- Capable of working cooperatively with leadership, other teams, teammates, and non-technical end-users in a challenging, dynamic, and global environment
- Ability to successfully handle multiple priorities simultaneously
- Excellent written and verbal communication skills
Experience: - 2+ years of in-depth experience in IGA engineering using SailPoint products - prefer IdentityNow, but willing to accept IdentityIQ experience with clear demonstrated knowledge of the SailPoint Object Model and IGA principles
- Experience configuring all parts of a SailPoint IGA solution, including but not limited to: lifecycle management, SOD policies, password policies, application onboarding, reporting, certifications, roles and entitlements
- Experience extending the functionality of the IGA product by programming (Beanshell and Powershell)
- Experience providing requested audit and attestation evidence
- Experience managing DUO or another MFA solution a plus
- Experience with password manager technologies (e.g., LastPass) and remote session governance (e.g., CyberArk) a plus
- Experience in meeting goals in a fast-paced environment that can require reprioritizing and balancing needs
Education / Certifications: - Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.
- SailPoint Certifications (Engineer or Architect) are a plus
Job tags
Salary