The final salary or hourly wage, as applicable, paid to each candidate/applicant for this position is ultimately dependent on a variety of factors, including, but not limited to, the candidate’s/applicant’s qualifications, skills, and level of experience as well as the geographical location of the position.

Applicants must be legally authorized to work in the United States. Sponsorship not available.

Our client is seeking a Sr. IAM Engineer in Shelton, CT.

Role Description

Job Responsibilities:
The Sr. IAM Engineer will be responsible for the analysis, implementation, maintenance, and assist with design of all layers of IAM applications, which includes Authorization/Authentication/Accounting, Identity and Account Creation/Management/Provisioning. This role will also handle Role-based Access Control (RBAC) configuration and management, Single Sign On implementation, Process Improvement, Process Automation, IAM Break/Fix and IAM Enhancements. The IAM Engineer will work with other members of team, and manager, to ensure compliance with Franchise World HQ standards for security, privacy, and accessibility as defined by the Information Security Team. In addition, engineer will lead and direct the implementation of a new IDP tool in Subway’s environment, OKTA.

Essential Duties:

Project Work:
- This includes the setup of new configurations and baselines around IAM within the IDP. This includes conditional access policies, RBAC, new SCIM setup, new governance
- Initial set up and configuration of a new IDP solution (OKTA) with an ability to perform architecture diagraming that will be used as the benchmark for future efforts. Utilize best practice frameworks and maturity models to set the future growth of the program as a whole
- Manage technology projects and system activities
Operations:
- Aligns with Industry best practices and establishes Subway policies and procedures accordingly
- Design and implement sustainable solutions to be used for authentication, authorization, user life-cycle management, role-based access control, privileged account management (PAM), audit, and monitoring.
- Develop and oversee the implementation of Information Security Procedures and Policies relative to Identify
- Design and implement appropriate security controls to identify vulnerabilities and risks for access to systems and applications
- New SSO setup, IAM incident resolution and root cause analysis, complex onboarding/offboarding, upgrades/patching, change tickets, MFA management, group and access cleanup, audits, HR downstream changes, tool management, etc
- Conduct investigations and audits of identity gaps and vulnerabilities and evaluate the implications
- Collect business and functional requirements in Identity and Access Management area
- Establishes IDM and Directory related standards
- Reviewing service/application logs
- Partner closely with Information Security
- Experience with ticketing tools such as ServiceNow
- Participate in team on-call rotation for production support
Continuous Improvement:
- This involves modernization and optimization of the IAM program as a whole to a higher-level maturity. Improving upon SCIM, further automation of workflows, introducing new industry standard functions (such as passwordless authentication), improve identity lifecycle, conditional access policies, RBAC flows, etc.
- Manage and improve policies to improve our risk framework while performing vulnerability remediation to guide the improvement initiatives
- Assess the quality of controls and use performance indicators to create an action plan to fill gaps

Skills & Requirements

Skills & Experience

- Bachelor’s Degree Preferred – Computer Science, Information Technology, Information Security. Cyber Security - OR- Related Experience Preferred
- 8+ years’ experience in information security, infrastructure
- 5+ years’ experience in IAM, PAM, ZTNA and security governance
- 5+ years’ experience in PowerShell scripting
- 5+ years’ experience in Active Directory/Azure Active Directory
- 5+ years’ experience in Microsoft Exchange
- 3+ years’ experience as an OKTA Certified Administrator
- 3+ years’ experience in setting up and/or managing APIs
- Strong understanding of PKI, encryption, certificate management, tokenization
- Experience setting up/managing SCIM, RBAC, SSO, MFA to the IDP
- Experience in Azure Active Directory and Active Directory, OKTA or similar IDPs required (Saviynt, etc.)
- Database and API data parsing with PowerShell experience
- Experience with cloud computing services such as AWS and Azure for the purpose of SCIM and managing access a plus
- Querying languages such as SQL against tools such as Splunk or Dynatrace. Rapid7 desirable
- GPO creation best practices
- Authentication Server Software
- Experience with risk management data and analysis
- Strong problem-solving and communication skills

Benefits/Other Compensation

This position is a contract/temporary role where Hays offers you the opportunity to enroll in full medical benefits, dental benefits, vision benefits, 401K and Life Insurance ($20,000 benefit).

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there’s a position you really want, you’re fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is committed to building a thriving culture of diversity that embraces people with different backgrounds, perspectives, and experiences. We believe that the more inclusive we are, the better we serve our candidates, clients, and employees. We are an equal employment opportunity employer, and we comply with all applicable laws prohibiting discrimination based on race, color, creed, sex (including pregnancy, sexual orientation, or gender identity), age, national origin or ancestry, physical or mental disability, veteran status, marital status, genetic information, HIV-positive status, as well as any other characteristic protected by federal, state, or local law. One of Hays’ guiding principles is ‘do the right thing’.
We also believe that actions speak louder than words.
In that regard, we train our staff on ensuring inclusivity throughout the entire recruitment process and counsel our clients on these principles. If you have any questions about Hays or any of our processes, please contact us.

In accordance with applicable federal, state, and local law protecting qualified individuals with known disabilities, Hays will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570.

Drug testing may be required; please contact a recruiter for more information.

#LI-DNI