Identity Access Management Engineer

The IAM Engineer will provide technical assistance and expertise in designing, developing, and delivering IAM tools and process as prescribed by the internal IT frameworks and standards to deliver innovative, value-added technology and optimization of internal processes across Orbia’s environment globally.

This role will work closely with Orbia’s Infrastructure Teams, Application Teams to develop, design of the Active Directory environment, planning, implementing, managing, monitoring, and upgrading it for the protection of the organization’s data, systems, and networks. This role plays a pivotal role in performing gap analysis of the current AD environment security postures against relevant industry benchmark’s and enabling the execution of a roadmap for strengthening controls in line with the organization risk appetite.

This role will work side by side with infrastructure, application teams and other cyber security teams to handle complex design and development activities and escalations working with external vendor, as deemed necessary.

This role will work with Managed Service Providers to improve and secure the AD environment and also to bring operational improvements for the tool.

This role has deep hands-on expertise with Identity Access Management solutions like AD, EntraID and demonstrable knowledge of current technologies in authentication, federation, and identity management space, such as Kerberos, AD Replication, OAuth 2.0, OpenID Connect, SAML, SCIM etc..

KEY RESPONSIBILITIES :

Configuration management in Active Directory.

Implementing security baseline configuration (provided by Orbia) in Active Directory

Deploying new security policies in place or disabling legacy protocols or configuration

Standardize the AD delegation (ACLs) & OU structure

Partnering with App or Infra teams to make the configuration changes in AD

Assist with complex technical issues in AD

Act as SME for AD in IT projects

Understanding the needs of stakeholders and proposing solutions

Ensuring that systems are safe and secure against cybersecurity threats.

Evaluates and reviews MSP performance and metrics periodically performing L3 support and oversight of complex issues / changes.

Assist with technical problems and developing fixes and performing root cause analysis

Ongoing integration, feature expansion, reporting, validation, and monitoring of Active Directory environment

Plans and drives scoping, requirements definition and prioritization activities for medium to large IAM or IT projects

Assist developing target architecture patterns related to Identity and Access Management

Obtains input from and formal agreement to requirements from a diverse range of stakeholders

EDUCATION & EXPERIENCE

Academic Level : Four-year college diploma or university degree in computer science or computer engineering or relevant experience

4+ years managing AD in support, engineering role.

Experience with supporting and managing Active Directory (Delegations, Policies, Replications etc)

Ability to understand business impact and requirements and translate into system security architecture and engineering design.

Experience with Identity Assurance concepts, Federation / SSO (SAML, OAuth, OIDC etc..) technologies and Directory Services (AD, LDAP etc..).

Experience with Cloud IAM (Azure, AWS, GCP, Oracle etc..).

Competency with one or more scripting / programming languages (PowerShell, Python).

Experience with Privileged Account Management tools and concepts such as centralized credential management (e.g. CyberArk).

Experience with CI / CD pipelines and Infrastructure as Code tools like Terraform, Ansible etc.. is a plus

Knowledge of Agile DevOps (e.g. SCRUM)

Understanding of API design concepts, RESTful Services, and modern application interaction patterns.

Understanding ITIL processes (i.e., Change, Capacity, Event, and Incident Management)