logo

JobNob

Your Career. Our Passion.

IAM Engineer


Finastra


Location

Bangalore | India


Job description

Responsibilities

What will you contribute

The Identity and Access Management (IAM) Engineer: SailPoint will help facilitate the tactical and strategic advancement of Finastra's IAM program, which includes Identity Governance & Administration (IGA) and Privileged Access Management (PAM) solutions. As part of the broader Information Security organization, this role will participate in a multidisciplinary information security team, applying fundamental systems security understanding, skills, expertise, and experience to maintain and operate complex information systems and security tools that satisfy organizational mission and/or business requirements, including stakeholder protection needs and security requirements. The role will also be responsible for researching, planning, coordinating, and implementing IAM solutions. The ideal candidate will be self-directed and work effectively in a diverse team environment.

Responsibilities & Deliverables:

  • Owns the configuration, administration, and maintenance of current solution technologies: SailPoint IdentityNow (IDN) and DUO MFA, including both the infrastructure as well as the application itself
  • Owns all the integrations to and from our IGA and MFA platforms
  • Works with the teams for other Enterprise Applications (HRIS, directories, ticketing) and the Helpdesk as needed to tackle failures of normal data flow
  • Engages with SailPoint Support when a product failure is suspected
  • Provides input to the IAM roadmap as it pertains to our current and future solution technologies and aligns priorities to support the roadmap's realization
  • Extends the functionality of the IdentityNow product through PowerShell scripts running against the IDN API using agile methodology and following appropriate change management procedures
  • Identifies opportunities for improvement in code and processes and comes up with detailed solutions
  • Addresses the L3 (engineering) ticket queue in a timely fashion and provides a backstop when Operations personnel cannot handle an issue
  • Oversees access control governance procedures, including periodic access reviews
  • Drives IAM initiatives to improve our broader security posture, provides hands-on support for them as needed, and demonstrates their progress by means of metrics
  • Owns the relevant documentation and training required for IAM initiatives and routines (e.g.: runbooks for the Ops team and Helpdesk, as well as end-user guides)
  • Effectively communicates with the larger cybersecurity organization, other teams and all levels of management using detailed analysis of data and summaries for both technical and non-technical audiences
  • Understands risk, thinks through the security impact of decisions, and communicates clearly and concisely to advocate for security throughout the organization
  • Stays current on security trends and industry best practices, providing input and recommendations based on research

Knowledge / Skills:

  • Extensive knowledge of IAM concepts, e.g.: authentication, authorization, account lifecycle (joiner, mover, leaver), password policies, MFA principles, RBAC/ABAC, least-privilege, zero-trust, etc.
  • In-depth experience and granular knowledge of the SailPoint object model, gained from either IdentityIQ or IdentityNow
  • Knowledge of basic data structures and understanding of algorithmic complexity a must
  • Version control (git) required
  • Ability to read and write complex scripts in PowerShell required
  • Automated deployment for PowerShell scripts and libraries a plus
  • Experience using other programming languages (Java, C#, Python, C++, etc.) a plus
  • Ability to autonomously find answers from documentation, the API, and the web
  • Familiarity with compliance organizations and standards (i.e., SOX, PCI, etc.)
  • Knowledge of LDAP/Active Directory, and relevant IT architecture
  • Knowledge of both Windows and Unix platforms (bash scripting a plus)
  • Knowledge and understanding of REST API concepts (authN/authZ, verbs, JSON representation of objects)
  • Knowledge of PKI architecture, SSL/TLS, MFA, OAuth principles, and the ability to apply that knowledge in troubleshooting
  • Knowledge of web technologies (XML, HTML, etc.), SaaS applications, network operations (networks, protocols and email [SMTP, POP3]) a plus
  • Microsoft Office knowledge (especially the ability to use Excel to quickly analyze CSV or other tabular data) a plus
  • Familiarity with DUO MFA administration a plus
  • Capable of working cooperatively with leadership, other teams, teammates, and non-technical end-users in a challenging, dynamic, and global environment
  • Ability to successfully handle multiple priorities simultaneously
  • Excellent written and verbal communication skills

Experience:

  • 2+ years of in-depth experience in IGA engineering using SailPoint products - prefer IdentityNow, but willing to accept IdentityIQ experience with clear demonstrated knowledge of the SailPoint Object Model and IGA principles
  • Experience configuring all parts of a SailPoint IGA solution, including but not limited to: lifecycle management, SOD policies, password policies, application onboarding, reporting, certifications, roles and entitlements
  • Experience extending the functionality of the IGA product by programming (Beanshell and Powershell)
  • Experience providing requested audit and attestation evidence
  • Experience managing DUO or another MFA solution a plus
  • Experience with password manager technologies (e.g., LastPass) and remote session governance (e.g., CyberArk) a plus
  • Experience in meeting goals in a fast-paced environment that can require reprioritizing and balancing needs

Education / Certifications:

  • Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.
  • SailPoint Certifications (Engineer or Architect) are a plus


Job tags



Salary

All rights reserved