Principal Identity Access Management Architect

Redwood City, CA

Posted: 05/06/2019 Employment Type: Direct Hire Industry: IT Job Number: JOS000008625

The Principal Identity and Access Management Architect is a senior level position that reports directly to the VP, CISO, and works closely with development teams, CorpIT (Information Technology) teams, human resources and other teams across the organization on all aspects of Identity Provisioning, Access Governance, Web Access Management, Privileged Access Management. The Principal Identity and Access Management Architect is a subject matter expert and technical leader, this role will protect enterprise information systems access, ensuring the validity of those who need legitimate access to their systems and data. 

Job Responsibilities 

  • Develop and execute upon a strategy for Identity and Access Management (“IAM”) and Privileged Access Management (“PAM”) to support a complex enterprise 
  • Be hands on; responsible for coding and configuration of the selected IAM and PAM technologies 
  • Respond to access control requests (on-boarding/new access, off-boarding/access removal, access changes, etc.) manually until IAM system is in place providing automated access provisioning, modification and deprovisioning 
  • Configure, implement and validate the vendor applications necessary to support the overall IAM program. The applications may include: password management, password policy enforcement, access entitlement provisioning and de-provisioning, access entitlement certification and single sign-on 
  • Ensure that the implemented process and tools for the program continue to meet the needs of the enterprise. Represent Information Security in the development and implementation of the overall global enterprise IAM and PAM programs 
  • Act as champion and educate the enterprise on all aspects of IAM. Institutionalize IAM practices through training and on-going knowledge transfer 
  • Work with IAM Product Vendors such as SailPoint, Oracle Identity Manager, CyberArk etc. for strategic and tactical requirements for agreements 
  • Assist in operationalizing the IAM program from both a technical and process perspective. This involves the selection and staging of applications required to adopt the IAM functions associated with the IAM program. This iterative transformation effort will increase in scope as the program progresses. 

Technical Skills Needed 

  • 3+ years of experience in Identity and Access Management (preferred), Information Security, Process Management, Application Development / Support 
  • REST API based integration between IAM platform and applications 
  • 5+ years designing, deploying and managing IAM and PAM architecture, tools and infrastructure 
  • Advanced understanding of Directory Service solutions, open standards and authentication methods such as AD, DNS, LDAP, OAuth, MFA, SAML, Federation and Certificates 
  • Working knowledge of IAM tools such as OneLogin, SambaAD, OpenLDAP, Duo MFA 
  • Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs 
  • Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments 

Soft Skills Needed 

  • Experience implementing Identity and Access Management processes 
  • Experience implementing role based access solutions 
  • The ability to communicate complicated technical issues and the risks they pose to diverse groups (i.e. network engineers, system administrators, and management) 
  • Excellent written and verbal communication skills, interpersonal and collaborative skills 
  • Must be a critical thinker, with strong problem-solving skills 
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity 
  • Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices. 

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.