The Senior IAM Engineer helps architect, deploy and operate a secure application infrastructure that aligns with business needs.

The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within a cloud computing infrastructure. An advanced role, the Senior IAM Engineer helps deliver applications at scale and with resiliency to support business initiatives. The Senior IAM Engineer is also expected to possess administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The Senior IAM Engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.

Req.#695810759

Responsibilities

• In tandem with security leadership, the Sr. IAM Engineer will consistently assess the threat landscape and adapt quickly to protect the business from risk
• Design and implement security architectures and strategies to safeguard information system resources and assets
• Ensure integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives
• Identify opportunities for security process improvement
• Provide support for critical security infrastructure components to ensure system availability
• Mentor fellow team members and other associates in security best practices
• Maintain awareness of security technology direction, trends, and related issues
• Develop a long-term strategy for supported security systems

Requirements

• 7+ years of experience in IAM lifecycle management, access management (SSO, SAML, OIDC), identity governance, privileged access management, etc
• Single Sign-On (SSO) technology – skills deploying and supporting Single Sign-on (SSO) of applications within an organization. Must include support skills such as tracing, logging, and real-time troubleshooting
• Federated SSO - Security Assertion Markup Language (SAML) and/or OpenID Connect (OIDC) skills required to support both internal and vendor authentication. Must include support skills such as tracing, logging, and real-time troubleshooting
• Scripting/programming – Ability to design, write, update, and troubleshoot code to resolve issues, create efficiencies, and/or integrate systems. Current specific needs are in Python, Javascript, Bash, and Powershell (in most needed to least needed). Knowledge of other scripting/programming languages and willingness to learn new technologies is a plus
• Proficiency in HTTP debugging/troubleshooting, using debugging web proxies like Fiddler/SAML-Tracer (or others)
• General knowledge of Active Directory (AD) or other LDAP Directory Services, especially querying/updating through scripts/programs
• Develop identity and access management solutions in Okta and Auth0
• Experience with SecureAuth IdP
• Multi-factor authentication (MFA) technology – skills deploying and supporting MFA technology for internal and internet-facing application requirements
• General knowledge of Virtual Directory Services, Certificates/Public Key Infrastructure (PKI), Identity Management concepts, Cloud Technology, and device authentication

We offer

• Medical, Dental and Vision Insurance (Subsidized)
• Health Savings Account
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability (Company Provided)
• Life and AD&D Insurance (Company Provided)
• Employee Assistance Program
• Unlimited access to LinkedIn learning solutions
• Matched 401(k) Retirement Savings Plan
• Paid Time Off – the employee will be eligible to accrue 15-25 paid days, depending on specific level and tenure with EPAM (accrual eligibility may change over time)
• Paid Holidays - nine (9) total per year
• Legal Plan and Identity Theft Protection
• Accident Insurance
• Employee Discounts
• Pet Insurance
• Employee Stock Purchase Program
• If otherwise eligible, participation in the discretionary annual bonus program
• If otherwise eligible and hired into a qualifying level, participation in the discretionary Long-Term Incentive (LTI) Program

Applications will be accepted on a rolling basis.

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.

YouTube video player

This posting includes a good faith range of the salary EPAM would reasonably expect to pay the selected candidate. The range provided reflects base salary only. Individual compensation offers within the range are based on a variety of factors, including, but not limited to: geographic location, experience, credentials, education, training; the demand for the role; and overall business and labor market considerations. Most candidates are hired at a salary within the range disclosed. Salary range: $135K – $160K. In addition, the details highlighted in this job posting above are a general description of all other expected benefits and compensation for the position.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.