Job Description

 

Authentication Platforms Infrastructure team is responsible for providing support services to all Citi businesses and technology teams globally. The Information Security role is part of a larger global team responsible for providing Infra support for multiple Platform based application solutions to all businesses across Citi.

The SSO Infrastructure Engineer (L3) role will be responsible for the support of multiple critical security infrastructures / applications including but not limited to Token technologies, End-to-end encryption Solutions, Identity and Access management tools and Automation infrastructures to name a few. 

Ideal candidate should be able to work in a well-defined team structure as well as independently with minimal supervision. Candidate should have a good command of English and possess strong oral and written business communication skills. Candidate should be a fast-learner and should be able to work well under pressure and competing priorities.

 

Key Responsibilities

Deploy and manage day-to-day operations of critical security infrastructure  Function as an Infrastructure Subject Matter Expert (SME) for the security infrastructure under your responsibility Ensure compliance of all the supported applications with Citi-published standards Perform post-deployment testing of solutions in individual environments Engage with strategic vendors, external to the organization, to investigate problems and understand product functionality, influence enhancements and roadmap as required to meet organizational goals Support internal and external customers in the adoption of the Authentication services Collaborate with L2 teams to assist in integration-related activities Troubleshooting incidents and problems in a timely resolution as defined in SLAs Document resolutions in Knowledge Base tools Capacity, Performance and Stability reporting and management Lead initiatives to develop/enhance tools for system monitoring and maintenance improvements
 

Regular weekend work and working on shifts is expected.

 

 

Experience and Skills

Must-have Skills
At least 12 years of IT industry experience with

5+ years working in a Linux-based environment (RHEL, Ubuntu) that includes being conversant in terminal commands, developing shell scripts and setting up schedulers (Cron, Autosys) 3+ years’ experience in deploying and managing Multi-factor Authentication such as RSA Access Manager, OneSpan, Yubikey etc., Experience with critical production server support, application upgrades and project lifecycle/ SDLC processes

Candidates with experience in leading technical teams of 3 – 5 members would be preferred.

Desired Skills Strong ability to utilize Unix and Linux systems like Red hat Enterprise Linux 8.x/7.x/ 6.x. Supporting complex, multi-tier, distributed systems - Webservers, App Servers, Network topologies (Demilitarized Zone, Firewall rules etc.) required to support applications utilizing the authentication infrastructure. Sound understanding of one or more of the following:  Encryption protocols used in Transport-Layer Encryption, Data Transmission and At-Rest Encryption and Key Exchange protocols. Production network infrastructure such as Firewalls, DNS, Software/Hardware Load balancers, Proxies Analytical/Monitoring tools such as Grafana, Sensu, Splunk, App Dynamics etc. Experience with one or more of Enterprise application servers such as IBM WebSphere/WebLogic, Apache Tomcat/HTTP Server Familiarity with IT Service Management processes based on the ITIL framework. Familiarity of Compliance and Risk-management frameworks and methodologies (ISO 27002, SDLC)

 

Education

Bachelor's Degree (Engineering, Mathematics, or IT related field) or equivalent work experience Security certifications such as CISSP and or CISM is desired but not mandatory. However, willingness to complete certification would be expected.