Senior Security Engineer, Identity

As Senior Security Engineer, Identity, youwill:

• Collaborate and partner with global teams, cross-functional teams and third parties to configure, test and deploy the IGA and PAM solutions, along with developing lifecycle events, connect HR systems and applications, identify and vault privileged accounts, and other engineering duties as assigned. 
• Assist implementor team with the build, test and deployment of SailPoint ISC to support hire to retire lifecycle events for provisioning/deprovisioning, birthright access, RBAC and access recertifications for connected systems, configure and maintain rules, workflows, certifications, roles, and provisioning policies. 
• Assist team with build, test and deployment of CyberArk, including design, configuration and enforcement of PAM policies and best practices to secure privileged credentials through vaulting, password rotation and session recording. 
• Work with application teams and stakeholders to integrate business critical systems with SailPoint, assisting data normalization and cleanup, document requirements and design flows for lifecycle events.
• Conduct inventory assessments and environment scans to identify Privileged accounts, engage with account owners to vault accounts, maintain compliance standards for rotating account passwords, troubleshoot connection issues and design solutions to expand PAM program through maturity.
• Support the day-to-day operations of SailPoint and CyberArk, including but not limited to:  monitoring system performance, troubleshooting issues, supporting patches and upgrades, building custom reports and dashboards, work with stakeholders to troubleshoot, refine and improve existing lifecycle events or gather requirements for new lifecycle events to support business outcomes, expand PAM account inventory.
• Continue to execute on the Identity roadmap to mature both programs, engaging with business customers to solicit feedback and architect solutions to promote process efficiency while closing risks associated with inappropriate or inconsistent access.

Typical Challenges:

IAM – Initial connectors to applications and associated data cleanup, troubleshooting and working with application SMEs to resolve failed tasks for provisioning or deprovisioning, care and cleaning of system to ensure aggregations are working as designed and lifecycle events are processing.

Gathering requirements for new systems to be connected and incorporating them with existing lifecycle events.  Change management to ensure application and requestors understand the role the IGA system plays in the hire-to-retire process as well as collaborating with HR to support their Success Factors roadmap.Working with Service Now team to design and update forms as needed to support request/approval/fulfillment processes. 

PAM – Initial application implementation and associated data cleanup; defining and identifying accounts and users, getting their accounts under CyberArk’s control with rotation and checkout processes.

Most Complex Problems:  

In the areas of IAM and PAM, initial complexities will be in the area of data cleanup and normalization to connect with systems on prem, cloud-based, legacy and end of life. 

Ongoing complexities will be supporting the continued performance tuning with SailPoint and CyberArk for the various applications as the technology footprint changes or new requirements are introduced to solve business problems.  

Additional complexities will come with maturing the programs with increased birthright access, lifecycle event automation and expansion for role-based access, as well as onboarding privileged accounts from additional platforms beyond AD. 

Qualifications: 

• Minimum 4 years of direct experience with SailPoint (preferably ISC), including LCE configurations as well as working with various application definition types, user access review campaign configuration, RBAC and birthright provisioning flows. Extensive knowledge of Identity best practices, familiarity with HCM systems (Success Factors/Workday) and Service Now. 
• 2+ years of experience with PAM solutions (preferably CyberArk), strong understanding of privileged account lifecycle and least-privilege enforcement.
• Experience with Powershell scripting.