IAM Engineer

Job Description

Position Title :IAM Engineer

Job Location :NYC,NY(Hybrid)

Duration :6-12 months+

Interviews : Video

The Identity and Access Management (IAM) team seeks a highly motivated

Engineer with the following specifications to lead the ongoing modernization of our critical IAM/PAM

infrastructure. The IAM team is responsible for the design and implementation of various IAM

technologies including Microsoft Active Directory, Federation Services, Azure Active Directory, Identity

Governance and Administration (IGA) and Privileged Access Management. This individual will serve as

subject matter expert for IAM team to provide hands-on technical guidance and helping with

SCOPE OF SERVICES: This individual will serve as subject matter expert for IAM team to provide hands-

on technical guidance and helping with implementation of various IAM and IGA tools and processes. This

person will be a team player working closely with NYCERS Information Security team to expand the

integration of identity management solutions with internal and external applications, also support day-

to-day administration, reporting, troubleshooting, and operations of the Identity Management

environment. MANDATORY SKILLS/EXPERIENCE

• Provide strategy, direction and leadership in

incorporating all parts of IGA (access request, provisioning, de-provisioning, access review, and solving

complex IAM related issues New York City Employee System MWBE Professional IT Services Solicitation

MWBE – Professional Services Page 2 of 3 • Manage escalations from staff, assist in setting priorities and

risk mitigation strategies across the environment • Design, implement, manage and engineering support

for PAM/IAM backend infrastructure and IGA Platform based on best practices • Lead development and

implement procedures, runbooks, and documents to support the PAM/IAM services • Support and

onboard servers and users to PAM and IGA services • Have solid knowledge of SailPoint, Cisco ISE,

Delinea • Support in troubleshooting and resolving complex identity, authentication, authorization,

entitlement, permissions and integration problems • Administer Windows 2012/2016/2019 server-

Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy, Distribution lists, Windows folder

security, and IP filter • Administer a hybrid multi-tenant Microsoft Azure and Office 365, Amazon Web

Services Cloud Platform environments; • Advanced knowledge of modern authentications technologies

and concepts such as SAML, Federation, SSO, OPenID, OAuth, Privilege Access Management (PAM), and

Multi-Factor Authentication (MFA). • Working knowledge of SailPoint, Cisco ISE, Delinea Secret Server. •

CISSP, or other IAM tool specific security certifications • Candidate must have LinkedIn account

DESIRABLE SKILLS/EXPERIENCE: A baccalaureate degree from an accredited college and 7 years of

satisfactory full-time experience in IAM technologies working Hybrid Multi-cloud, Multi-tenant

environment including Active Directory, Azure Active Directory, GCP and AWS. • 5 Years’ experience

managing and administering Identity and Access Management (IAM) tools and processes, Role Based

Access Controls (RBAC), Privileged Access Management (PAM) and IGA platforms • Understanding of

cloud architecture Azure AD/Entra ID, AWS, Salesforce New York City Employee Retirement System

(NYCERS) MWBE Professional IT Services Solicitation MWBE – Professional Services Page 3 of 3 • Provide

oversight and assess security controls for IaaS, PaaS, and SaaS services, while collaborating with system

integrators and NYCERS teams to deliver reliable and scalable security capabilities. • Oversee and lead

the implementation of security solutions, develop technical, and reference architectures throughout the

project duration. • Responsible for assessing and reviewing end-to-end secure integrations including

web services and APIs. • Work closely with NYCERS security team and third party system integrators on

security engineering related issues and resolving the issues without affecting the overall project delivery

timelines. • Perform other duties as assigned as part of information security projects and initiatives

(3) references will be needed for the candidate