JOB TITLE:

Sr. Security Engineer - IAM

JOB TYPE:

Full Time - Remote

TYPICAL/EXPECTED % OF OVERNIGHT TRAVEL:

0%

ABOUT YOU:

The Sr. Security Engineer – IAM role is responsible for designing, implementing, and maintaining robust security solutions that ensure the integrity, confidentiality, and availability of our organization's IAM and Directory Services infrastructure. This role serves as a technical subject matter expert in identity management and authentication technologies within a hybrid infrastructure.

This role will collaborate with cross-functional teams to assess security requirements, develop strategies, and architect solutions that align with industry best practices and regulatory compliance. The individual must be a motivated team player with a positive attitude, solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on, work under minimal supervision and can work in a fast-paced environment.

YOU HAVE:

• Technical skills. Comprehensive understanding of Active Directory, Azure Active Directory, Privileged Access Management (PAM), Password Vaulting Management, Single Sign-On (SSO), and Multifactor Authentication. Proficiency in API and connector standards, such as SCIM, SOAP, and REST. In-depth knowledge of authentication and authorization protocols like SAML, OIDC, and OAuth. Knowledge of Cloud Security services (AWS/Azure) and server virtualization technologies, preferably VMWare, Azure VM, and/or AWS EC2. Proficiency with DevOps, Agile, Service Management, and Project Management tools, such as JSM, JIRA. Familiarity with diverse IT/Security technologies, including DNS, DHCP, MS Exchange, Firewalls, VPN Gateways, IPS, Proxy, Endpoint Security, Vulnerability Management, SEIM, etc. Understanding of ITIL Service Management, Architecture Frameworks, and industry Security Frameworks related to IAM and Directory Services (ISO 27001, NIST, CIS), PCI, GDPR.

• Attention to detail. Strong analytical, problem-solving, and troubleshooting abilities. Proficient in conducting research into system issues and products as required.

• Great communication skills. Excellent customer service, collaboration, and presentation skills. Ability to influence and persuade. Effective project management skills and ability to work collaboratively in a team environment.

• Experience. 8+ years of experience in Security/Systems Engineering. 5+ years of hands-on experience in two or more of the following areas: Directory Services, Privileged Access Management, Public Key Infrastructure, Lifecycle Management, Federation, Identity Management protocols and standards, Customer Identity and Access Management, Cloud Services. Proven expertise in configuring Identity Governance & Administration (IGA) platforms. Experience with IAM systems such as Delinea, SailPoint, Okta, DUO. Familiarity with cloud-native IAM platform providers. Proven experience in product evaluations, solution planning, requirements gathering, testing, and implementation. Experience in diagnosing and troubleshooting system problems in complex, mixed systems environments.

• Education. Bachelor's degree in Computer Science, Information Systems, or a related field.

• Preferred. Industry certification such as CISSP, CIAM, CIMP, CAP, CCSP and experience working with cloud platforms (AWS, Azure).

  YOU WILL:

• Develop and implement IAM strategy. Articulate and execute the organization's IAM strategy, emphasizing user provisioning, robust access controls, and advanced authentication mechanisms. Design and deploy IAM frameworks that correlate with business requirements and adhere to regulatory compliance standards. Specify requisite controls and processes for efficient management of user identities, role assignments, and access privilege administration.

• Design and manage IAM model. Devise strategies such as Access Lifecycle Management, Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) to streamline user entitlements. Implement and perform ongoing management of privileged access management (PAM) solutions to control administrative access. Design, implement, and maintain IAM solutions like identity lifecycle management, single sign-on (SSO), and federation services. Govern identity repositories like directories and identity providers, ensuring seamless integration with diverse systems for efficient user authentication and authorization. Innovate innovative Identity Management solutions to address B2B and B2C IAM demands.

• Enforce IAM policy and procedure. Collaborate with stakeholders to establish and enforce IAM policies, standards, and procedures. Coordinate with product owners and engineering teams to execute identity provisioning features like access termination, access request and fulfillment. Regularly identify and propose enhancements to optimize IAM functions.

• Manage other general IAM responsibilities. Serve as a subject matter expert (SME) on PAM authentication platform configurations. Drive self-service and automation initiatives to transform PAM provisioning and lifecycle management for a superior user experience. Ensure PAM system architectures align with organizational standards, goals, and objectives. Lead and participate in vendor evaluations and selection for provisioning platforms and other IAM-related disciplines.

• Manage Active Directory/Directory Services (AD/DS). Design and implement enterprise-level designs for Active Directory in alignment with a “cloud-first” strategy. Secure and harden Active Directory Services, ensuring compliance with best practices and CIS security controls using Group Policies and other tools. Develop, test, deploy, and document security controls for the AD environment, serving as a technical point for AD security concerns. Evaluate existing AD Infrastructure and Security standards and contribute to defining future architecture. Manage and support Active Directory domain services and federation services for internal and DMZ domains. Govern AD rights management practicing the principles of least privilege. Provision, configure, operate, and maintain AD DS hardware, software, and related infrastructure. Manage integration of AD DS and Azure AD to support hybrid identity.

• Help with other general security tasks. Manage policies and application configurations in assigned technical security platforms (e.g., Mimecast, Okta, Azure, M365). Document and present technical architectures and designs, focusing on standards, growth, performance, reliability, scalability, and security. Conduct technical R&D for continuous innovation within security infrastructure. Ensure system hardware, operating systems, software systems, and procedures align with organizational policies and standards. Perform root cause analysis, debugging, support, and post-mortem evaluation for service interruptions, when necessary.

• Develop metrics and mitigation. Develop and regularly report on security metrics, proposing improvement actions when needed.

• Support team. Communicate and collaborate effectively with team members across various organizational levels. Participate in vendor evaluations and selections for provisioning platforms and related disciplines in Access Governance. Lead, coach, and mentor team members on technical matters, project management, task prioritization, and strategic planning.

• Typical/expected % of overnight travel: < 5% (less than 3 weeks/year)

  LOVE WHERE YOU WORK:

• We care about your health. We offer competitive healthcare (health, dental, vision, coverage) in addition to voluntary benefits including home and car insurance, pet insurance, flexible spending account, amongst many more.

• We invest in your future. Our 401K plan has immediate vesting, so you can start saving for retirement right away.

• We believe in flexibility. Work from home or come into the office - the choice is yours with our hybrid work options.

• We want you to unplug when needed. We believe in taking your time off without guilt and offer accrued paid time off and company paid holidays. *For Washington residents, during a full calendar year, you will receive 13 vacation days, 8 sick days, 8 company paid holidays, and family paid leave.

• We care about your development. We support tuition reimbursement after 6 months of service.

• We believe in pay transparency. The salary range is $120,000 - $130,000.

  APPLICATION DEADLINE:

• August 2, 2024

  ABOUT US:

  Celebrating over 125 years of business, Jostens has been a part of local communities, working with K-12 schools, colleges and universities, teams, and affiliation groups. Representatives from Jostens touch thousands of schools and groups every day, working to make a difference with products and services that recognize accomplishments and help people tell their stories. These products, along with resources for educators, yearbook curriculum and services to help motivate and inspire like Jostens Renaissance® and Commitment to Graduate (C2G) are all designed to contribute to a positive and rewarding school experience. As a household name and leading brand in our market, we are passionate about being the most trusted partner in celebrating moments that matter. We are a mid-size company with a small company feel, allowing us to move fast and explore innovative ideas.

  Click on video link for an exclusive look into the Jostens experience! https://f.io/HIAsH659

  ALL ABOUT TECHNOLOGY:

  Our Technology organization combines planning, analysis, and development in combination with both enterprise retail and manufacturing platforms as well as custom development using primarily Java, web services, and web application frameworks like ReactJS/NodeJS. The Technology organization manages priorities through a centralized quarterly planning in close collaborative with business decision-making and strategy, directly supporting leadership in Marketing, Sales, Digital & Operations. Delivery is managed through typically an agile, two-week scrum or Kanban methodology leveraging a suite of Atlassian products. The Technology teams are structured organizationally to focus on key platforms and the business units that they. Though the utilization of best-in-class technical software, such as AWS, Tableau, SAP BPC, Oracle EBS, Salesforce, & Microsoft 360, you will get to play a critical role in determining technology solutions that steer our business. Jostens allows for a hybrid work setting that focuses on creating professional and personal development. We can’t wait to show you what our Technology Team has to offer at Jostens!

  AMERICANS WITH DISABILITIES ACT (ADA):

  Jostens is committed to the full inclusion of all qualified individuals. If reasonable accommodation is required to fully participate in the job application or interview process, or to perform the essential functions of the position, please reach out to our HR team at recruiter@jostens.com or (952) 830-3399.

  Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply.

  California Privacy Policy: https://www.jostens.com/about/california-employee-privacy-policy