The Senior IAM Engineer helps architect, deploy and operate a secure application infrastructure that aligns with business needs.The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within a cloud computing infrastructure. An advanced role, the Senior IAM Engineer helps deliver applications at scale and with resiliency to support business initiatives. The Senior IAM Engineer is also expected to possess administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The Senior IAM Engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.Req.#695810759#LI-DNIResponsibilities
In tandem with security leadership, the Sr. IAM Engineer will consistently assess the threat landscape and adapt quickly to protect the business from risk
Design and implement security architectures and strategies to safeguard information system resources and assets
Ensure integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives
Identify opportunities for security process improvement
Provide support for critical security infrastructure components to ensure system availability
Mentor fellow team members and other associates in security best practices
Maintain awareness of security technology direction, trends, and related issues
Develop a long-term strategy for supported security systems
Requirements
7+ years of experience in IAM lifecycle management, access management (SSO, SAML, OIDC), identity governance, privileged access management, etc
Single Sign-On (SSO) technology – skills deploying and supporting Single Sign-on (SSO) of applications within an organization. Must include support skills such as tracing, logging, and real-time troubleshooting
Federated SSO - Security Assertion Markup Language (SAML) and/or OpenID Connect (OIDC) skills required to support both internal and vendor authentication. Must include support skills such as tracing, logging, and real-time troubleshooting
Scripting/programming – Ability to design, write, update, and troubleshoot code to resolve issues, create efficiencies, and/or integrate systems. Current specific needs are in Python, Javascript, Bash, and Powershell (in most needed to least needed). Knowledge of other scripting/programming languages and willingness to learn new technologies is a plus
Proficiency in HTTP debugging/troubleshooting, using debugging web proxies like Fiddler/SAML-Tracer (or others)
General knowledge of Active Directory (AD) or other LDAP Directory Services, especially querying/updating through scripts/programs
Develop identity and access management solutions in Okta and Auth0
Experience with SecureAuth IdP
Multi-factor authentication (MFA) technology – skills deploying and supporting MFA technology for internal and internet-facing application requirements
General knowledge of Virtual Directory Services, Certificates/Public Key Infrastructure (PKI), Identity Management concepts, Cloud Technology, and device authentication
We offer
Medical, Dental and Vision Insurance (Subsidized)
Health Savings Account
Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
Short-Term and Long-Term Disability (Company Provided)
Life and AD&D Insurance (Company Provided)
Employee Assistance Program
Unlimited access to LinkedIn learning solutions
Matched 401(k) Retirement Savings Plan
Paid Time Off – the employee will be eligible to accrue 15-25 paid days, depending on specific level and tenure with EPAM (accrual eligibility may change over time)
Paid Holidays - nine (9) total per year
Legal Plan and Identity Theft Protection
Accident Insurance
Employee Discounts
Pet Insurance
Employee Stock Purchase Program
If otherwise eligible, participation in the discretionary annual bonus program
If otherwise eligible and hired into a qualifying level, participation in the discretionary Long-Term Incentive (LTI) Program
Applications will be accepted on a rolling basis.EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.YouTube video player (https://www.youtube.com/embed/NUmnNITn2o?si=IiCxyQ4sr1YJWxDG)This posting includes a good faith range of the salary EPAM would reasonably expect to pay the selected candidate. The range provided reflects base salary only. Individual compensation offers within the range are based on a variety of factors, including, but not limited to: geographic location, experience, credentials, education, training; the demand for the role; and overall business and labor market considerations. Most candidates are hired at a salary within the range disclosed. Salary range: $135K – $160K. In addition, the details highlighted in this job posting above are a general description of all other expected benefits and compensation for the position.It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.EPAM Systems, Inc. is an equal opportunity employer. We recognize the value of diversity and inclusion in creating success for our customers, business partners, shareholders, employees and communities. We are committed to recruiting, hiring, developing and promoting employees without discrimination. As a global employer, this commitment includes complying with all laws in the countries in which we operate. Nevertheless, we believe equal employment practices should not be limited to what the law requires. Equal opportunity and inclusion are essential to motivate, empower and recognize the best in everyone.At EPAM, employment actions are based on individual qualifications, without regard to race, color, religion, creed, gender, pregnancy status, sexual orientation, gender identity, gender expression, marital or familial status, national origin, ancestry, genetics, age, disability status, veteran status, citizenship status when otherwise legally able to work, or any other characteristic protected by law.