EY IAM SA Federation Engineer in Argentina
IAM SA Federation Engineer
Core Business Services
Requisition # ARG001HW
Post Date May 17, 2018
The Web Access Productivity Engineer supports Information Technologies (IT) security and productivity pillars by securely enabling Single Sign On (SSO) technologies and access for both internal and external clients. The role provides complex design, development and implementation activities aligned to a number of technologies including but not limited to Ping Identity’s PingFederate / PingAccess, Microsoft Active Directory Federation Services (AD FS) and Microsoft Azure Active Directory B2C. The role provides activities for secure, authenticated web access for all EY users thru the use of PingAccess/PingFederate and ADFS. The position provides all technical activities in accordance with EY’s compliance standards for technology development and deployment policies. The role provides planning for all assigned engineered solutions as may come from Information Technology (IT) enterprise architecture, regulatory directives, Ping, Microsoft or other vendors, industry mandated changes or upon direction from such global operations partners as Identity & Access Management (IAM) within Information Security (IS). The role supports efforts to identify, remediate or prevent configuration “drift” or the misalignment of a current technical set up which does not support the intended IAM process or service. The role partners with peers and others across IS to identify and advance IAM lifecycle management. The role provides for the documentation of all actions and ensures that engineered solutions are made according to agree upon Operating Level Agreements (OLA) and Service Level Agreements (SLA) as part of the Identity and Access Management Services (IAMS). The position is managed by the Team Lead for Web Access Productivity in Secure Access Engineering in Identity & Access Management Services.
The role requires an analytical acumen and solution orientation to probe for understanding and to make role appropriate decisions to address the nuances of PingFederate / PingAccess, Microsoft ADFS, and Azure Active Directory B2C software services and other secure access technologies in current use across geographic regions and to drive current and next generation engineered solutions within the directives of the role’s responsibilities. The role requires consultative questioning, influence management and critical thinking skills to understand a current directive and identify and design viable engineering solutions that are both cost effective and support the value to the business. The role needs to drive the priority and time management of their own efforts and others (as applicable in group efforts) as well as communicate results and findings to affected individuals/business units and management.
The role is generally an individual contributor but can operate as a lead and manage specific engineering projects and activities. From time to time the role may be asked to mentor and guide across time zones and cultures and maintain effective and efficient oversight of all aligned activities. The role itself is generally managed by the Team Lead for Web Access Productivity in Secure Access Engineering within Identity & Access Management Services (IAMS).
What are you going to do?
· Provides the execution and management of all complex engineering activities which utilize Single Sign-On (SSO) technologies for web access to both internal and external EY accessed resources and support operational readiness for IAM services for all EY clients.
· Provides engineering project management activities such as design and prototyping for changes that are required in support of new vendor and or industry service improvements specifically for SSO and Federated Identity technologies or in response to infrastructure changes or compliance directives within Information Technology (IT) to provide individuals access to both internal and external web applications, portals and security domains based on proper account provisioning administered by Identity & Access Management (IAM) Operations to maintain and protect access to EY’s global infrastructure.
· Partner with peers in IAMS, as well as IAM and IS as application owners along with external vendors such as Microsoft to understand and plan the engineered directives for proper execution. Drive collaboration with IAMS Implementation & Configuration Team to ensure proper project management turnover and support for build and production implementation activities for all SSO and FIdM led engineering projects.
· Provides engineering support activities in response to Level 4 (L4) high priority issues that may be escalated to the Web Access Productivity team by IAM and others within Information Security (IS) in IT for SSO connectivity issues that require engineering support to restore operational readiness.
· Provides the creation or remediation of appropriate secure technical objects through the provisioning of specific code and other technical remediation in any connected data source through the use of such industry frameworks as Microsoft.net and others to expedite remediation in work flows.
· Supports the review of impacted applications, systems network and servers to determine remediation as well as to oversee adherence to the associated governance related to change, release, deployment and operational readiness directives for the Secure Access team.
· Partners with engineering teams within IAMS, Information Security and vendor resources as may be needed in the design and delivery of a viable solution or complex remediation. Drives the communication to and among all of the ongoing activities and accomplishments to business sponsors and stakeholders as part of knowledge sharing and reporting.
· Provides proper execution of assigned design and engineering activities from plan to execution directing the highest level of engineering performance and/or appropriate technical remediation at an advanced Level 4 (L4) degree of escalation. Ensures that the project deliverables or directives are within the specific EY compliance mandates and IT procedures to create and maintain secure web access within EY’s global perimeter and with secure external websites outside of EY’s firewalls.
· Adopts a proactive and consultative approach to learning about the current and refreshed SSO and federated identity technical elements including but not limited to Security Assertion Markup Language (SAML) industry standard for providing a cryptographically secure mechanism for communicating acts of authentication, entitlements and attributes between security domains, the protocol and the process to enact SSO across domains and strategy for implementing components of an overall federated identity strategy, SSO configuration and remediation to provide Security Token Services.
· Utilizes acquired knowledge to mentor on best practices in engineered solutions and to maintain secure access services within identity management directives.
· Adopts the appropriate formal communication of activities according to IS best practice standards. Adopts the use of ServiceNow to acknowledge and update the received engineering assignment as well as to capture solutions taken as part of service management directives. Adopts the proper use of Microsoft tools such as Systems Center Operations Manager to monitor the infrastructure including data center and cloud servers to predict performance and availability of vital applications and to maintain operational readiness during remediation, implementation through to close out.
· Maintains solid interpersonal skills to engage across multiple levels of the firm, in cross business discussions within a matrixed, geographically dispersed organization and to build a solid network of peers and others of influence. Adapts personal communication style to the style of others, develops rapport and stays calm under pressure or escalating issues using advanced oral and written English communication skills.
· Projects solid consultative skills to conduct effective questioning, hone in on key directives to formulate ideas and materials as well as present those ideas clearly and concisely to all levels of the organization.
· Maintains an advanced knowledge of services and applications with the assigned IAMS processes and operating environment to recognize and position improvement opportunities and next generation solutions achievable through engineering.
· Manifests analytical and problem solving ability to escalate and negotiate conflicting IAMS or IS engineering issues, handle multiple and shifting engineering priorities across a broad spectrum of operating environments and drive solutions that are both financially sound and operationally feasible.
· Develops an in depth and continuous knowledge of EY’s business and the way IAMS and specifically the Secure Access Engineering teams adds to the effectiveness of the IAM processes. Identifies and positions appropriate services and solutions as part of both knowledge sharing and engineering services positioning.
· Maintains engineering projects by operating within best practices or delegating work effectively utilizing the proper people, time and project management disciplines across a diverse culture and multiple time zones.
· Maintains a continuous and proactive knowledge of aligned applications such as PingAccess / PingFederate, Microsoft ADFS, Azure Active Directory B2C software
· Maintains knowledge and expertise in Federation languages such as Security Assertion Markup Language (SAML) 2.0, ADFS WS-Trust, WS-Federation, OAuth, OpenID Connect
· Maintains knowledge and expertise in Azure Active Directory, Function and Logic Apps, and Microsoft software, servers and networks aligned to the IT infrastructure including the Systems Center Operations Manager (SCOM) Administration, Windows 2008 and 2012 Administration and Infrastructure, Red Hat Linux administration and support, Splunk, perimeter networks (DMZ), Multi-Factor Authentication (MFA) configuration and remediation such as Microsoft’s Public Key Infrastructure (PKI), RSA SecurID (RSA) and Venafi TrustNet software and Lightweight Directory Access Protocol (LDAP).
· Understands and guides the team in the current and forward vision of appropriate features and functions as well as in the use of Microsoft.net Framework tools to support engineering development activities as well as the tools to support efforts such as ServiceNow and Systems Center Operations Manager.
· Maintains a knowledge of the ancillary technologies to be engineered such as Lightweight Directory Services (LDS) for windows programming, Records Management Systems (RMS) as part of the IAM services, and Microsoft Active Directory (AD) as well as the tools to support efforts such as ServiceNow and Systems Center Operations Manager.
· Supports the IAMS leadership to resolve team conflicts through an ability to implement and communicate difficult decisions as well as provide individual or peer mentoring as appropriate.
What do we need from you?
· The role may also require the periodic allocation of additional time on the job to support multiple demands and escalating issues or to accommodate teams or staff in other time zones.
· College degree in related technology field (Computer, Engineering, Science, etc.) or comparable job experiences aligned to Secure Web Access Authentication and Federated Identity or IAM engineering directive.
· Approximately 2 to 5 years of experience in an engineering role. Able to exhibit a progression of increasingly complex job responsibilities during the period inclusive of project management skills and engineering remediation techniques and planning.
· Certification Requirements:
· Preferred Certification as a Microsoft Certified Systems Administrator (MCSA)
· Preferred Certification as a Microsoft Certified IT Professional (MCITP)
Shift : Monday to Friday 9-6PM
EY, an equal employment opportunity employer, values the diversity of our workforce and the knowledge of our people.