Lead CIAM Engineer

Lead CIAM Engineer

The Lead CIAM Engineer will be responsible for consulting with various groups to plan, architect and implement standards-based solutions in the areas of general identity management, directory, and security. Provides administrative support for several infrastructures related to web applications, identity management and the components surrounding these technologies Specifically IBM Security Access Manager and Okta. These include areas such as SharePoint, WebSphere, IIS, Tomcat, Apache, EpiServer, Proxy Internet Access, Oracle Access Manager, CMS Systems, Federation Services, Monitoring and F5 Content Switches. Also has responsibilities for Internet security, integration of 3rd party applications, domain name / SSL certificate administration and documentation.

Responsibilities include:

• Direct responsibilities on the operational team for developing and maintaining integrated strategies and solutions, with a focus on Web Access Management services for the Global Aegon environment.
• Identify opportunities for using Web Access Management to leverage single sign on security with an emphasis on cost containment/reduction strategies.
• Provide effective project management and feasibility analysis on potential future projects.
• Support and provide guidance on Web Access Management Systems applications and Integrations.
• Provide documentation highlighting integration, design and SSO features of solutions.
• Provide technical leadership, guidance, and architectural planning for internal/external customer engagements. Assist in automation and building repeatable patterns for consumption.
• Perform day to day operations to maintain SLAs and business functions
• Runs small to large enterprise infrastructure projects from requirements gathering to post-implementation.
• Optimizes the performance and availability of the Web Services environment through monitoring, patching, software tools, and process improvements
• Complies with information security policies
• Solid knowledge of project management methodologies; able to manage project phases or less complex projects
• Provide documentation highlighting integration, design, and features of solutions

Qualifications include:

• Knowledge and experience in working with IBM Security Access Manager and Okta Auth0
• Experience at delivering technology solutions at an enterprise level.
• Excellent diagnostic and troubleshooting skills, and the ability to excel under pressure
• Developed written and verbal skills, assignment and priority flexibility, and time management skills
• Understanding of DNS, TCP/IP addressing and networking (Internet, routers, switches)
• Knowledge of Web Services, Web and Application Services, Java and.NET technologies, and cloud services.
• Background in scripting, code development such as PowerShell, Ansible, Java and Terraform.
• Ability to work in teams on small to large projects.
• Excellent understanding of cloud and on-prem based infrastructure solutions and their Access Management needs.
• Ability to quickly learn and apply new concepts.
• Ability to drive and achieve consensus/support from large diverse groups.
• Strong written and verbal communication skills enabling effective articulation of strategy.
• Able to understand how concepts apply to design or architectural efforts
• Enterprise network security technologies including firewalls, IDS, IPS, NAC, WAF, and Web Proxies
• Working knowledge of Certificate/CA/PKI infrastructure
• Possesses and applies broad knowledge of concepts and principles or exhibits technical expertise related to server infrastructure and web-based application support.
• A four-year computer science or related technical degree or minimum of 5 (five) years of solid related work experience.
• Breadth of knowledge across many technology disciplines; including various access management solutions
• 8+ years of progressive related IT experience.

Preferred Qualifications include:

• Heavy experience in federation using SAML 2.0, Open ID connect, REST, oAuth standards
• Firm understanding of SDS and experience with managing HA replicas
• Managing environments 500K-1MM external users
• Understanding of SAML and SSO federated identities
• Experience with installing, upgrading, and configuring ISAM/Security Access Manager/WebSEAL version 7.x, ISAM 9-10 and Okta Auth0
• Access Management: Web security, Authentication, Authorization, Kerberos, Session Management, Web Proxy, Risk-Based Access
• Understanding of microservices-based architecture, API based system integration and Amazon Web Services cloud Identity & Access
• Understanding of working in a hybrid cloud environment and working knowledge of AWS Cloud Principles.
• Knowledge in scripting, code development such as PowerShell, Ansible, Java,.NET, etc. and automating developments by code
• Ability to work in teams on small to Large projects.
• Excellent understanding of cloud and on-prem based infrastructure solutions and their Access Management needs.
• Understanding of microservices-based architecture, API based system integration and Amazon Web Services cloud Identity & Access
• A four-year computer science or related technical degree or equivalent experience
• Hands on experience mentoring small to medium teams
• Ability to convert complex information into simple, explainable solutions.
• Possesses a planning orientation with integrative and strategic thinking skills.
• Demonstrated project management and client relationship skills.
• Good understanding of a zero trust network environment.

Working Conditions include:

• Hybrid-Office Environment (Tuesdays, Wednesdays, Thursdays)
• International travel may be required
• On-call rotation for 24/7/365 coverage required.

Compensation for this position generally ranges between $118,000- $130,000 annually. Please note that the salary range is a good faith estimate for this position and actual starting pay is determined by several factors including qualifications, experience, geography, work location designation (in-office, hybrid, remote) and operational needs. Salary may vary above and below the stated amounts, as permitted by applicable law.

Additionally, this position is typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at the Company's discretion. Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

This is a hybrid position requiring three days in office per week in one of our hub locations (Philadelphia, PA; Cedar Rapids, IA; Denver, CO). Relocation assistance will not be provided for this position.

What We Offer:

For eligible employees, we offer a comprehensive benefits package designed to support both the personal and financial well-being of our employees.

Compensation Benefits:

• Competitive Pay
• Bonus for Eligible Employees

Benefits Package:

• Pension Plan
• 401k Match
• Employee Stock Purchase Plan
• Tuition Reimbursement
• Disability Insurance
• Medical Insurance
• Dental Insurance
• Vision Insurance
• Employee Discounts
• Career Training & Development Opportunities

Health and Work/Life Balance Benefits:

• Paid Time Off starting at 160 hours annually for employees in their first year of service.
• Ten (10) paid holidays per year (typically mirroring the New York Stock Exchange (NYSE) holidays).
• Be Well Company holistic wellness program, which includes Wellness Coaching and Reward Dollars
• Parental Leave – fifteen (15) days of paid parental leave per calendar year to eligible employees with at least one year of service at the time of birth, placement of an adopted child, or placement of a foster care child.
• Adoption Assistance
• Employee Assistance Program
• Back-Up Care Program
• PTO for Volunteer Hours
• Employee Matching Gifts Program
• Employee Resource Groups
• Inclusion and Diversity Programs
• Employee Recognition Program