SR IAM Cloud Engineer The Identity and Access Management (IAM) Program supports end-to-end access management for all employees, contractors and the systems and applications to which access is granted. This position resides within the Security organization supporting the deployment, engineering and ongoing maintenance of the tools and the systems they utilize to keep the IAM program moving forward. This will be an individual contributor role reporting directly to the Sr. IAM Engineering Manager.
Activities within this role include:
Integrate cloud services into SailPoint and other IAM tools
Interface with teams for Ping, CyberArk and RSA integration
Develop role modeling for cloud services, including databases and applications
Build automation processes to eliminate manual repeatable processes
Apply least privileged principle to build appropriate policies in the cloud
Centralize and build access request flows using SailPoint
Build alerting and reporting mechanisms for workflow and general SailPoint errors
Document IAM runbook, playbooks, and administration tasks as appropriate
Interface with Application, IT, Infrastructure and Support teams for application integration and runtime issues to the IAM platform
Delegate IAM tasks and support to Tier-1 and Tier-2 as appropriate
Handles production change management per SVB policies
Provides primary Level 3 support on IAM cloud issues
The ideal candidate will have a background with engineering and administration of the technologies listed below; as well, we are looking for someone who is driven and can work under pressure to support quick turnarounds on deliverables.
Technology Skills:
2-3 years of experience with AWS, specifically AWS IAM
1-2 years of experience with Python or other automation languages
1 years supporting Azure administration, especially as it relates to IAM functions
1-2 years of experience with API integrations for IAM products
Fluent in AWS IAM policy language and be able to craft custom policies using JSON
Understand AWS IAM Condition statements and use them to restrict access
Terraform experience is a bonus; but not required if knowledgeable in Python
1-2 years of experience with SailPoint IdentityIQ administration
Ping Single Sign-On (SSO) administration
Active Directory/LDAP administration and support
ITIL familiarity or certification highly desired
Other IAM related or Security certifications (such as CISSP) a plus
Recent relevant experience with CyberArk a plus
Banking or other regulated business experience a plus
IT Security or IT Operations experience within a Financial Services industry highly preferred