Job: Security Engineer

Location: Bethesda, MD/Remote

Duration: Long Term

This is Remote position, but candidate has to go onsite time to time.

Only looking for local candidate.

Only Open for W2

JOB DESCRIPTION

Supports the Identity & Access Management (IAM) function in Global Information Security organization. Ideal candidate will bring subject matter expertise (L3) on Web Access Management (WAM) and SSO technologies and support the WAM/SSO service offerings, daily operations, and continuous improvements. Analyzes and implements changes to the Web Access Management infrastructure including configurations and customizations to address application, security, and performance requirements. Works with stakeholders to integrate additional consumers and helps troubleshoot integrations with existing applications and systems . Responsible for directing L2/L1 technical staff to address application security issues in a timely fashion This position will act as an WAM/SSO support point of contact for IT system administrators, Service Desk, service providers and application owners. Will routinely collaborate with different security team members including, but not limited to architecture, infrastructure, network, compliance, and incident response.

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelors degree in Computer Sciences or related field or equivalent experience / certification
• 7+ years Information Technology experience with at least 5 years in related security function
• 3+ years of information technology leadership experience
• 5+ years of experience in WAM/SSO solutions such as PingAccess, PingFederate, ForgeRock, Okta and/or IBM Security Access Manager
• 3+ Deep hands-on experience with Ping Access and Ping Federate architecture, design, and implementation

a. Policy design and implementation

b. Ping Fed custom adapter development

c. Integration of custom applications

• 5+ experience of Federation/SSO services, protocols, and technologies

a. OAuth/OIDC, SAML, WS-FED

b. LDAP

c. Browsers, MDM/MAM, X509 cert-based authentication (user & device)

• 3+ year of experience in Development

a. JAVA, JSON/JavaScript, Python

b. UI HTML/JavaScript

c. Scripting (Ansible, Shell, Perl, Expect)

e. Automated testing tools - selenium

• 3+ year of experience in designing & implementing API services and data transformation layers
• 3+ years of experience on containerized deployment environments

Preferred:

• Current information security certification, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified SCADA Security Architect (CSSA) or Certified Secure Software Lifecycle Professional (CSSLP)
• Technical knowledge of industry best practices pertaining to WAM/SSO/MFA services
• Experience with defining & fulfilling Key Performance Indicators for WAM infrastructure
• Experience in the IAM domain with user lifecycle management, authentication, authorization, federation, and privileged access management
• Experience with cloud providers such as AWS and Azure
• Experience with cloud/SaaS IAM/WAM services
• Experience with Zero-Trust Framework
• Experience in implementing the following capabilities

1. Password less
2. Adaptive Authentication
3. Dynamic Authorization

• Experience with CASB and WAF technologies
• Experience in researching emerging technologies and trends, standards, and products
• Experience doing business analysis and requirements gathering for complex business systems

Core Work Activities

• Manage the WAM/SSO services including requirements gathering, design, building, testing, deployment, and operationalization.
• Work with group of stakeholders to support implementation of new applications and services.
• Define and document WAM/SSO policies and procedures
• Create test cases to ensure cross platform interoperability.
• Implement and validate security controls for the WAM/SSO solution.
• Design security solutions to adequately address risks throughout the *** SDLC process and confirm that the level of risk is acceptable in accordance with ***s policies.
• Provide guidance and oversight for L2/L1 troubleshooting of operational issues with respect to identity vaulting.
• Support the identification and remediation of security events