Role Summary: The Identity Access Management (IAM) Security Engineer is responsible for the design, development, implementation, integration, automation and improvement of access management solutions including, but not limited to, Single Sign On & Federation, Directory Services, Multifactor Authentication, and Web Access Management. The Identity and Access Management program at Advance Auto Parts Inc. under the supervision of the Sr.Director, Identity Access Management within the Information Security Organization includes the day to day operations of Active Directory, Privileged Access Management (PAM) toolset, and the authentication and SSO platform (Okta) and Workday (HR Data Source). These tools work in concert to provide identity management services, and access control across the enterprise.
Responsibilities:
Implement, integrate and support Okta's cloud technologies into AAP’s IAM environment.
Transition, support and knowledge of new application integrations and environment upgrades to SSO operations, while collaborating with multiple teams (Infrastructure, Engineering, Architecture, Information Security etc.).
Assist with the transition of new and existing applications into Okta SSO and federation services, while enhancing web access management, and directory service environments.
Perform development and configuration for integrating applications with Okta for SSO and federation services.
Ensure the uptime, and proper maintenance of the SSO platform, with the support of the engineers and developers.
Support technical integration needs (design and development) that facilitate connectivity between SSO, directory, and provisioning tools.
Follow proper change management and problem management procedures.
Test and evaluate changes and perform deployments during change windows.
Document architecture and processes.
Requirements:
Strong/expert working knowledge of Okta platform with at least 5 years’ experience with administrative duties.
Hands on experience supporting multi-layer secure authentication infrastructure comprised of the following skills: Security Assertion Markup Language (SAML), Single Sign On (SSO), Federation, Multifactor Authentication (MFA) technologies (e.g., Okta experience a must)
Hands on experience integrating applications with Okta SSO, MFA, API Management is must.
Hands on experience migrating legacy applications to modern authentication standards such as SAML, OIDC, OAuth.
Working experience with Azure for securing identify mgmt. conditional access and integrating business applications for SSO, MFA, etc.
Knowledge base of Identity and Access Management (IAM) services, including Authoritative Source, Identity Management, Provisioning, Authentication, Authorization, Monitoring & Certifications, Auditing & Reporting.
Some experience with traditional IAM solutions is plus, i.e. Sail Point IIQ, ForgeRock CyberArk and/or Thycotic is a plus but not a must
Experience working with Active Directory is highly desirable.
Experience with scripting and software development for automating tasks is desirable
Understanding of IT Service Management processes and concepts Incident Management, Change Management, Problem Management, and ability to quickly adapt to adhere to those processes.
Strong/expert level understanding of authentication mechanisms and protocols including LDAP and SAML, and key related security concepts such as MFA, and the ability to trouble shoot issues in this realm.
Intimately familiar with IAM related protocols such as SAML, SCIM, OpenID and OAuth.
Bachelor's degree in Computer Science, Computer Engineering or related field, with a minimum of 5 years of relevant experience in Information Security.
Okta Certification is a plus, along with other certifications such as CISSP, CISM, CISA and vendor specific training/certification.
California Residents click below for Privacy Notice:
http://www.worldpaccareers.com/uploads/2/4/0/4/24047148/advance_auto_parts_--_california_candidate_privacy_notice.pdf