Senior Identity & Access Management Engineer

Job Description

The resource's function is essential in securing the City of New York's systems, and the mission critical services that rely on them requiring strong controls over the identities that manage these systems via privileged access.

• The deployment of a Privileged Access Management (PAM) solution across NYC information systems will ensure compliance with Citywide policies standards, procedures, and federally mandated regulations;
• reduce the security risks from password-only access, unauthorized access, and compromised credentials; decrease technical / administrative overhead for agencies by automating the creation, maintenance and removal of user identities;

create more reliable information systems and increasing resiliency, and more efficient provision of services to New Yorkers enabled by technology.

TASKS :

The Identity & Access Management Engineer will :

1. Deploy the PAM solution to Windows and Linux servers; install session monitoring software.

2. Integrate solutions with high assurance level for on-premises, commercial off-the-shelf, and cloud-based applications with multi-factor authentication.

3. End-to-end solution installation : work with Infrastructure Management teams to ensure the introduction of the solution does not impact production environments.

4. Collaborate with Cybersecurity, Identity Management, Windows and Linux teams to track deployment activities, and mitigate unauthorized activity.

5. Update Active Directory roles and Group Policy Objects for privileged accounts.

6. Assist architecture teams in performing asset inventory, validating agency assets.

7. Develop playbooks to assist agencies 'self-service' their security posture; document server installations and processes;

document gaps in access management processes and recommend controls to resolve gaps.

8. Host standardized training sessions on-site and virtually; develop content for customized training sessions; run workshops to assist agencies in configuring systems;

facilitate annual refresher training.

MANDATORY SKILLS / EXPERIENCE

• 1. Minimum Twelve (12) years of experience providing specialized knowledge of complex customer processes and requirements;
• applying technical expertise in defining, analyzing, validating, and documenting complex operation environments, states of technology and current engineering processes;

conducting complex technical investigations through advanced research techniques, analysis, or development phases of engineering projects.

2. Understanding privileged account lifecycle management.

3. Strong Active Directory skills including multi-factor, multi-domain, and multi-tenant environments; domain trust relationships, organizational units, rights inheritance, DNS and GPOs;

group assignments and role delegations.

4. Willingness to travel within NYC for key meetings.

DESIRABLE SKILLS / EXPERIENCE :

1. Experience deploying PAM solutions in a large, distributed environment or a service provider environment.

2. Experience working with PAM systems such as Delinea.

3. Experience working with MFA solutions such as Microsoft Azure AD MFA

4. Experience with MFA protocols and techniques with any of the major vendor products.

Constraints : Monday-Friday; 9-5, local to NY / NJ, CT, PA with willingness to travel to NYC to attend key client meetings .