Role: Identity and Access Management (Senior Systems Engineer)
• Working knowledge on Tools: OKTA, OIM, CyberArk, Active Directory, Workday, Mimecast, Fortigate firewall, Ivanti, OKTA MFA and Azure MFA, Fortinet VPN (RADIUS), Citrix (RADIUS), ForgeRock
• Extensive knowledge in areas:
o Global workforce identity management supporting bulk users.
o Privileged access management (domains, servers, databases, etc.)
o Global customer identity management
o Consent & preference management for Users
o 3rd party identity management for vendors
o PKI management / 3rd party SSL certificates
o Audit compliance (NIS, GDPR, ICFR)
o Digital password vaulting solutions
• Experience with Privileged Identity Access Management Solutions and related technologies
• Routine housekeeping of AD and systems under support purview
• Identity and Access Management architecture experience
• Knowledge on how to design, develop, deploy and support IDM solutions for the IDM Group
• One-time password, Risk-based access and other Multi-Factor Authentication features of IAM strategies.
• Knowledge on Oracle Internet Directory/Oracle Virtual Directory, Sun Directory, Active Directory, Tivoli Directory, Novell Directory Server & CA Directory
• Working knowledge of IAM integration using REST, JAVA etc.
• Knowledge in web services, XML, SOAP and JMS.
• Experience with Database (Oracle, MSSQL, MySQL etc), Directories (LDAP, Active Directory), Design document, Test case development.
• Experience with Application Servers (WebLogic / WebSphere / Tomcat / Apache).
• Experience in integration of JDBC, Active Directory, Exchange, SAP, ERP etc
• Knowledge of identity and access management solutions and models (SSO, SAML, WS-Fed, provisioning, recertification, SCIM, OAuth, Kerberos).
• Creating and managing application integrations for identify and access management.
• Experience with Design document, Test case development.
• Knowledge on testing the application Various methods and deploy the application into cloud.
• Experience in the following areas: single sign-on, enterprise directory architecture and design, directory schema, namespace, replication topology, resource provisioning, role-based access Control, user lifecycle.
• Providing/presenting migration statistics, issues/resolution, and deliverables to leadership, detailing user, group, and physical device success percentages, tracking milestones for what had been migrated or was still in need of migration.
• Knowledge in web services, XML, SOAP and JMS.
• Manual or automated account on-boarding (on-board secrets or create groups)
• Experience in Business Systems Analysis, Remote infrastructure management
• Ability to support APIs and other interfaces with tools owned by various organizations
• One-time password, Risk-based access and other Multi-Factor Authentication features of IAM strategies.
• Generate and publish routine reports as per client requirements.
• Ability to translate security standard and business logic into product policies, workflows, configuration, and custom code development.
• Day to day steady state support of the in-scope Identity Provisioning tools
• Create and Maintain support documentation.
• Client facing and presentation skills.
• Knowledge on the Support life cycle.
• Excellent written, oral communication skills, credibility, interpersonal skills and ability to work with global counterparts.
• Strong leadership skills
• Training and product demos
• Analyze server to application mapping
• Maintain asset inventory
• Conduct privileged account review
• Track privileged account clean up
• Collect and maintain requirements
• Accountable for Stakeholder analysis and maintenance
IAM experience identical to Azure AD, OKTA, Oracle (OIM) or CyberArk
• Should manage Microsoft Identity Management products (Active Directory, Active Directory Federation Services, and Azure, AD Connect, Office 365).
• Managing Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy, Azure AD Connect, Azure AD Pass Through Authentication
• Having Experience of Creating conditional Access policies Multifactor authentication (MFA), Resetting MFA and Resolving the MFA issues.
• Familiarity in the following areas: single sign-on, enterprise directory architecture and design, directory schema, namespace, replication topology, resource provisioning, role-based access Control, user lifecycle
• Successfully established and tested Azure AD Tenant for production. Provided technical direction to allow Active Directory on-Prem group to populate users.
• Experience in Syncing the Objects Users, Groups, Workstation from active directory to azure active directory.
• Active Directory Federation Services (ADFS), SAML, web Single Sign-on (SSO), OAuth and related authentication technologies.
• Assist in the scripting of AD user and contact object updates using PowerShell to facilitate synchronization to Azure AD.
• Experience in Various Powershell module (Azure ad, Active Directory and exchange online)
• Having Experience of troubleshooting of user account provisioning between legacy Client directories and CSC active directories and LDAP directories
• Experience Configuring and managing AzureAD Connect, AzureAD Connect health, Microsoft Azure Active Directory.
• Provide end to end support for the migration of all the Directory objects, from the source (Multiple Domains) to the target Single Domain.
• Monitoring the Licenses for Azure Ad issues, resolving the Licenses Issue for Azure AD Users. Assigning the licenses Group based.
• Resolve Azure AD issues relating to Office 365 (MMSSPP), Active Directory to AzureAD identity and user permissions.
• Configured and resolved Azure AD Connect sync issues, Various types of Data issues and Attribute issues.
• Having Experience of Creating and Managing the users and groups in Azure AD.
• Experience troubleshooting skills in a Windows 2012 environment - Event log analysis, installation and administration of Windows Server 2012 , including user setup and defining roles, performance tuning, backup and restore, security monitoring, registry for the Application Specific Servers.
• Experience with Database (Oracle, MSSQL, MySQL etc)
• Experience with Directories (LDAP, Active Directory)
• Experience with Design document, Test case development.
• Experience with Application Servers (WebLogic / WebSphere / Tomcat / Apache).
• Working knowledge of IAM integration using REST, JAVA etc.
• Work experience on ForgeRock, Okta or Any access Management
• Working Experience in Okta with exposure Identity and Access Management deployment and management preferably in Okta.
• Provide Okta API based development solutions.
• Governance related OKT in-terms compliances & Policies.
• CyberArk version 10 or above. (CyberArk components like Vault, CPM, PSM, PSMP, PVWA, AAM, PTA)
• 3- 5 years of work experience supporting CyberArk PIM Suite/ Infrastructure
• Performing compliance checks on CyberArk for IT security safes and to Provide alerts and reports appropriately - Investigate, Provide RCA and resolve Incidents.
• CyberArk Certified Sentry
• Integrating various platforms with CyberArk, such as different LDAP providers, Windows servers, UNIX servers, Database and networking Devices.
• Creating and Managing Safes, Platforms and Owners.
• Central Policy Manager (CPM) policies management or redistribution.
