Senior Systems Engineer
Position Description
Role: Identity and Access Management (Senior Systems Engineer)
Experience: 9-11 Years
Skillset: L3
• Working knowledge on Tools: OKTA, OIM, CyberArk, Active Directory, Workday,
Mimecast, Fortigate firewall, Ivanti, OKTA MFA and Azure MFA, Fortinet VPN (RADIUS), Citrix (RADIUS), ForgeRock
• Extensive knowledge in areas:
o NIST CSF Framework
o Global workforce identity management supporting bulk users.
o Privileged access management (domains, servers, databases, etc.)
o Global customer identity management
o Consent & preference management for Users
o 3rd party identity management for vendors
o PKI management / 3rd party SSL certificates
o Audit compliance (NIS, GDPR, ICFR)
o Digital password vaulting solutions
• Experience with Privileged Identity Access Management Solutions and related technologies
• Routine housekeeping of AD and systems under support purview
• Identity and Access Management architecture experience
• Knowledge on how to design, develop, deploy and support IDM solutions for the IDM Group
• One-time password, Risk-based access and other Multi-Factor
Authentication features of IAM strategies.
• Knowledge on Oracle Internet Directory/Oracle Virtual Directory,
Sun Directory, Active Directory, Tivoli Directory, Novell Directory Server & CA Directory
• Working knowledge of IAM integration using REST, JAVA etc.
• Knowledge in web services, XML, SOAP and JMS.
• Experience with Database (Oracle, MSSQL, MySQL etc),
Directories (LDAP, Active Directory), Design document, Test case development.
• Experience with Application Servers (WebLogic / WebSphere / Tomcat / Apache).
• Experience in integration of JDBC, Active Directory, Exchange, SAP, ERP etc
• Knowledge of identity and access management solutions and
models (SSO, SAML, WS-Fed, provisioning, recertification, SCIM, OAuth, Kerberos).
• Creating and managing application integrations for identify and access management.
• Experience with Design document, Test case development.
• Knowledge on testing the application Various methods and deploy the application into cloud.
• Experience in the following areas: single sign-on, enterprise directory architecture and design,
directory schema, namespace, replication topology, resource provisioning,
role-based access Control, user lifecycle.
• Providing/presenting migration statistics, issues/resolution, and
deliverables to leadership, detailing user, group, and physical device success percentages,
tracking milestones for what had been migrated or was still in need of migration.
• Knowledge in web services, XML, SOAP and JMS.
• Manual or automated account on-boarding (on-board secrets or create groups)
• Experience in Business Systems Analysis, Remote infrastructure management
• Ability to support APIs and other interfaces with tools owned by various organizations
• One-time password, Risk-based access and other Multi-Factor Authentication features of IAM strategies.
• Generate and publish routine reports as per client requirements.
• Ability to translate security standard and business logic into product policies,
workflows, configuration, and custom code development.
• Day to day steady state support of the in-scope Identity Provisioning tools
• Create and Maintain support documentation.
• Client facing and presentation skills.
• Knowledge on the Support life cycle.
• Excellent written, oral communication skills, credibility, interpersonal skills and ability to work with global counterparts.
• Strong leadership skills
• Training and product demos
• Analyze server to application mapping
• Maintain asset inventory
• Conduct privileged account review
• Track privileged account clean up
• Collect and maintain requirements
• Accountable for Stakeholder analysis and maintenance
• Develop Use Cases
IAM experience identical to Azure AD, OKTA, Oracle (OIM) or CyberArk
Azure AD:
• Should manage Microsoft Identity Management products (Active Directory,
Active Directory Federation Services, and Azure, AD Connect, Office 365).
• Managing Identity Access management of Azure Subscriptions, Azure AD,
Azure AD Application Proxy, Azure AD Connect, Azure AD Pass Through Authentication
• Having Experience of Creating conditional Access policies Multifactor authentication (MFA),
Resetting MFA and Resolving the MFA issues.
• Familiarity in the following areas: single sign-on, enterprise directory architecture and design,
directory schema, namespace, replication topology, resource provisioning,
role-based access Control, user lifecycle
• Successfully established and tested Azure AD Tenant for production.
Provided technical direction to allow Active Directory on-Prem group to populate users.
• Experience in Syncing the Objects Users, Groups,
Workstation from active directory to azure active directory.
• Active Directory Federation Services (ADFS), SAML,
web Single Sign-on (SSO), OAuth and related authentication technologies.
• Assist in the scripting of AD user and contact object updates
using PowerShell to facilitate synchronization to Azure AD.
• Experience in Various Powershell module (Azure ad, Active Directory and exchange online)
• Having Experience of troubleshooting of user account provisioning
between legacy Client directories and CSC active directories and LDAP directories
• Experience Configuring and managing AzureAD Connect,
AzureAD Connect health, Microsoft Azure Active Directory.
• Provide end to end support for the migration of all the Directory objects,
from the source (Multiple Domains) to the target Single Domain.
• Monitoring the Licenses for Azure Ad issues, resolving the Licenses
Issue for Azure AD Users. Assigning the licenses Group based.
• Resolve Azure AD issues relating to Office 365 (MMSSPP), Active Directory to AzureAD identity and user permissions.
• Configured and resolved Azure AD Connect sync issues, Various types of Data issues and Attribute issues.
• Having Experience of Creating and Managing the users and groups in Azure AD.
• Experience troubleshooting skills in a Windows 2012 environment - Event log analysis,
installation and administration of Windows Server 2012 , including user setup and defining roles,
performance tuning, backup and restore, security monitoring, registry for the Application Specific Servers.
Okta:
• Experience with Database (Oracle, MSSQL, MySQL etc)
• Experience with Directories (LDAP, Active Directory)
• Experience with Design document, Test case development.
• Experience with Application Servers (WebLogic / WebSphere / Tomcat / Apache).
• Working knowledge of IAM integration using REST, JAVA etc.
• Work experience on ForgeRock, Okta or Any access Management
• Working Experience in Okta with exposure Identity and Access
Management deployment and management preferably in Okta.
• Provide Okta API based development solutions.
• Governance related OKT in-terms compliances & Policies.
CyberArk:
• CyberArk version 10 or above. (CyberArk components like Vault, CPM, PSM, PSMP, PVWA, AAM, PTA)
• 3- 5 years of work experience supporting CyberArk PIM Suite/ Infrastructure
• Performing compliance checks on CyberArk for IT security safes and to Provide
alerts and reports appropriately - Investigate, Provide RCA and resolve Incidents.
• CyberArk Certified Sentry
• Integrating various platforms with CyberArk, such as different LDAP providers,
Windows servers, UNIX servers, Database and networking Devices.
• Creating and Managing Safes, Platforms and Owners.
• Central Policy Manager (CPM) policies management or redistribution.
Skills:
- Active Directory
- Azure Active Directory
- Identity and Access Mgt (IAM)
- Oracle Identity Manager
- Exchange Server
