Identity and Access Management Specialists
NC, Winston - Salem
Position: Identity and Access Management Specialist
· Manage and maintain IAM systems and documentation.
· Design, build, and maintain LDAP schemas using IBM Security Directory Services (ISDS) and associated administrative client software.
· Act as a lead IAM systems engineering resource for multiple parallel project efforts, helping to drive the technical components of the project to completion.
· Analyze and assess existing IAM/LDAP systems and identify gaps leading to potential improvements throughout the technology lifecycle.
· Provide technical leadership for support and resolution of production problems, always seeking to identify root cause and prevent future recurrence.
· Work closely with IT and business units to ensure identity and access solutions meet or exceed security policies and regulatory compliance requirements.
· Design, develop and implement identity and access management security across client's infrastructure supporting role-based access entitlements, schemes and definitions.
· Support the LDAP environment and work with other groups that rely on the LDAP service to resolve issues and/or integrate (configure) applications to best work with LDAP.
· Ensure quarterly access recertifications are performed accurately and completely, with auditable evidence of all activities.
· Facilitate business process design as it relates to managing identities and access privileges such as architecture, delegated administration models, workflow models and access control models.
· Create scripts, employ tools, develop automation techniques, and pursue ideas to increase the manageability, efficiency, capability, capacity, and security of IAM systems.
· Design and document efficient, repeatable and measurable human processes for deploying, maintaining, administering, and supporting IAM technologies.
· Create comprehensive engineering documentation including functional requirements, technical designs, network diagrams, workflow diagrams, application communications diagrams, configuration documents, support documentation, and procedural documentation.
· Work with risk management personnel to help identify and articulate issues creating risks to the business and/or technology environment, and then work to help remediate, remove, or mitigate those risks.
· Participate in audit and compliance activities, always seeking to ensure that technology systems and human processes produce accurate and reliable evidence of compliance with regulatory requirements and standards.
· Provide security consulting to client’s technology, operations, and business on an ongoing basis.
· Serve as the primary contact point for stakeholders regarding IAM services.
· Outstanding written and verbal communication skills, with a high degree of professionalism and strict attention to detail.
· 5+ years of Unix systems administration experience.
· 3+ years of experience with designing, installing, maintaining, and administering LDAP server software on Unix server platforms
· Demonstrated subject matter expertise with LDAP protocol and LDAP command line utilities.
· A track record of success with designing and implementing complex LDAP directory schemas to meet business application requirements.
· Experience with advanced LDAP operations such as schema extension, merging directory structures, advanced queries, and complex client configurations.
· Broad knowledge in authentication systems, risk analysis, threat mitigation, and other security domains.
· Ability to translate business requirements into technical specifications.
· Experience with LDAP administration using IBM Security Directory Services (ISDS) server software
· 3+ years of Unix systems administration experience on Red Hat Enterprise Linux (RHEL) and/or IBM AIX
· Bachelor's degree in engineering, computer science, or a related field with minimum of 5 years of technology-focused experience. An additional 4 years of relevant experience may be substituted in place of the degree requirement.
· CISSP and other industry certifications are strongly desired.
· Experience with large-scale enterprise directory solutions spanning multiple business functions and geographic locations.
· Experience integrating LDAP with custom-developed application solutions.
· Proficiency in Unix shell scripting and/or one or more of the following scripting languages: Perl, ksh, tcl, Expect
· Experience maintaining access control system to meet PCI-DSS compliance requirements
· Understanding of Public Key Infrastructure and related Public Key Cryptographic Standards.
· Strong analytical and problem solving skills.
· Ability to work with all levels within the organization.
Email resume to email@example.com