Identity Management Specialist - Contract
*Preference is for those in the Los Angeles area who can work onsite. Secondary preference to those on the West Coast of Canada or the US who can travel to the client site regularly.
*NO FULL REMOTE OPTION*
Role and Level
Senior Consultant
Role Start Date
ASAP
Role Duration
1 year + extensions
No. Hrs/Days/Week?
40/week
Rate - Market Rate
Job Summary:
We seek a highly skilled and experienced Identity Management professional to join the team for our prestigious client in Los Angeles. The ideal candidate will possess a unique combination of architectural, engineering, and development skills in Identity and Access Management (IAM) and Customer Identity and Access Management (CIAM) solutions. This role will focus on developing and maintaining a comprehensive IAM solution, which includes capabilities like identity lifecycle management, self-registration and single-sign-on that integrates critical client applications and the Identities of various Stakeholders, Partners, and the Organizing Committee Workforce.
Key Responsibilities:
· Design and architect a robust, scalable Identity Management solution for the client, ensuring secure and efficient user authentication, authorization, access control, user provisioning, self-registration, and self-service.
· Oversee and support the implementation of the Identity Management solution from inception to completion, ensuring timely delivery and quality. This includes the implementation and configuration of one or more of the following products Okta, Auth0, Ping Identity, Gigya, Saviynt EIC, Saviynt CPAM, Cyber Ark, Microsoft Entra ID (B2B and B2C), Cloud Native Solutions e.g. AWS Cognito, Google Cloud Identity and possibly other IAM products and services to improve user experience and reduce risk
· Ensure the Identity Management solution provides a unified login experience to critical applications for the workforce and external stakeholders through Identity Federation and Single Sign-On. Collaborate with third parties as needed to facilitate integration.
· Ensure Identity Management solution complies with security policies, standards, and regulations relevant to the client platform.
· Design and develop a secure, user-friendly self-registration and self-service solution that validates and enables external stakeholders to onboard and access client Systems.
· Coordinate with cross-functional teams, including IT, security, and business units, to gather functional and non-functional requirements for the design of the IAM solution.
· Develop and maintain Identity Management solution architecture blueprints, standards, governance and best practices.
· Serve as the Product Owner and Subject Matter Expert for the IAM solution, ensuring its operational support and maintenance. Troubleshoot and resolve issues and identify necessary optimizations.
· Manage project timelines, resources, and budgets effectively.
· Work with the Cyber Security team to conduct security assessments of the Identity Management solution to identify and resolve weaknesses.
Candidate Required Skills:
· Greater than 5 years of enterprise experience in architecting, engineering, and developing enterprise identity and access management IAM and CIAM solutions.
· Experience managing IAM and CIAM projects from inception to completion, including developing and executing project plans, timelines, and budgets.
· Experience integrating IAM solutions with other NAC or AAA solutions such as RADIUS or Cisco ISE.
· Solid understanding of access management concepts: Authentication, Authorization (FGAC, RBAC, ABAC), and PAM.
· Experience resolving Identity-based threats such as Password Cracking, Brute Force Authentication, Credential Stuffing, Account Take Over, and Password Spraying.
· Experience in deploying and managing MFA systems for enhanced security.
· Proficiency in implementing SSO solutions to streamline user authentication across multiple applications.
· Experience in designing and implementing secure authentication mechanisms for single-page applications (SPAs).
Required Technical Skills:
· Hands-on experience implementing multiple IAM and CIAM products such as Saviynt EIC, Microsoft Entra, Google Cloud Identity, AWS Cognito, Okta, Gigya, and Ping Identity - which includes configuration of joiner, mover, leaver, application integration using AD, Okta Directory, LDAP, Entra ID, SQL/REST/SOAP connectors, approval workflows, access reviews/certification, reports, custom jar development.
· Hands-on experience with directory technologies like Microsoft Entra ID, AD, LDAP, Okta Directory and concepts of Virtual directories.
· Experience working with various federation protocols, including SAML, WS-Federation, OAuth 2.0, and OIDC to facilitate secure and seamless single sign-on (SSO) experiences across different applications and services.
· Understanding of protocols: HTTP, TCP/IP, Kerberos, REST, LDAP, SQL, SOAP, and gRPC.
· Proficient in OAuth 2.0 (including Authorization Code Flow with PKCE) and OpenID Connect (OIDC) for user authentication, with experience in managing access tokens, refreshing tokens, and handling token revocation.
· Skilled in identifying insecure web-based user authentication and session management, with a strong understanding of security best practices to prevent unauthorized access and protect user data.
· Proficient in SCIM for automating user identity information exchange.
· Understanding of TCP/IP and TLS for basic and secure internet communication.
· Understanding of JSON Web Token (JWT) for representing claims between parties.
· Programming experience with Java, JavaScript, Python, Shell, PowerShell, or Perl.
· Familiarity with Swagger/OpenAPI for defining and managing APIs.
Additional Skills:
· Work effectively as a team member, sharing responsibilities, and maintaining communication.
· 5-7 years of work experience, including hands-on Java, Python, and JavaScript development and debugging experience.
· Excellent problem-solving skills and the ability to troubleshoot complex issues.
· Strong project management skills and the ability to lead cross-functional teams.
· Excellent communication and interpersonal skills.
· Good soft skills i.e., verbal & written communication, technical document writing, etc.
· Exposure to Global and US security standards e.g., PCI, SOX, GDPR, NIST SP 800-63 guidelines, HIPAA, OFAC, etc.
· Prior experience working in remote teams on a global scale.
Certifications and Education:
· Bachelor's or Master's degree in computer science, Information Technology, or a related field.
· Relevant certifications in IAM and CIAM solutions (e.g., Okta Certified Professional, Ping Identity Certified Professional, ForgeRock Certified OpenAM Specialist, Saviynt L100, L200 Certification) are highly desirable.
· Security certifications like CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are a plus.
Other Factors:
· The role may involve working outside regular business hours to address critical issues or support project timelines.
· Based in Los Angeles, USA.
· Willing and able to travel periodically within the USA and potentially internationally.
· Strong proficiency in English is required.
· If located outside of Los Angeles, travel expenses will be covered by the client.