Identity Access Management (IAM) Security Architect

Job Title: Identity Access Management (IAM) Security Architect

Location: Tampa, FL or Dallas, TX - Hybrid

Visa: USC,GC

Duration: 6-12 + Months

Rate: $80-85/Hr. on W2 Max.

Client: DTCC

Experience required: 10 Years

Key Skills: API Gateway, IGA and Virtual Directory capabilities using Ping Identity, PlainID, SailPoint, Radiant Logic and Apigee etc., IAM security protocols & technologies, AuthN / AuthZ flow for CICS applications

Business Unit Description

Mission - Drive efficient and effective security capabilities through innovative thought leadership with a security first mindset which advances DTCC's mission to protect & shape the financial markets.

Vision - A strong adaptive cybersecurity environment that continuously secures & protects DTCC and its services to the financial industry.

Purpose - Cybersecurity Architecture is a core pillar of Architecture and Enterprise Services within the Information Technology (IT) business unit. The team is responsible for designing architecture solutions for information security functions and publish reusable security patterns.

Position Summary

The primary focus areas for this position are the following:• Produce security architecture deliverables as part of customer identity and access management (CIAM) initiative.• Partner with IT teams to design, test and deliver architectures to enable ID Federation/SSO.• Proactively identify security gaps, propose solutions, and work with implementation team to deploy solutions.• Innovate and solve complex issues, build reusable security patterns for IAM domain.

Your Responsibilities• Participate in discovery workshops to understand Customer Identity & Access Management needs and provide best practice recommendations to meet various CIAM use cases. Develop design and architectural diagrams that clearly communicate the proposed solution and flows• Actively participate in the cross-functional team meetings, developing project plans, implementation, testing, pre / post go-live activities, risk management and issue management.• Architect solutions utilizing Ping Identity Products and similar IAM products, such as IGA tools, Virtual Directory, PAM and Secret Management solutions.• Evaluate current IAM related security controls (on-premises and cloud), identify improvements, and build plans into the application security capability roadmap for implementation• Build authentication & access management security patterns (standardizing authentication/authorization flows, single-sign-on/MFA, provisioning, user behavior analytics, access governance system controls, privileged/secrets mgt) and designs as part of initiatives to modernize the DTCC access management security posture.• Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks• Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately

Leadership Competencies for this level include• Feedback: Seeks feedback from others, provides feedback to others in support of their development, and is open and honest while dealing constructively with criticism.• Delegating: Effectively manages tasks and people, taking a practical approach to determine the most effective method of execution while respecting others' expertise and considering others' feelings and working styles.• Inclusive Leadership: Values individuals and embraces diversity by integrating differences and promoting diversity and inclusion across teams and functions.• Coaching: Understands and anticipates people's needs, skills, and abilities, in order to coach, motivate and empower them for success.

MUST HAVE

3-5 years of related experience

Bachelor's degree preferred

Strong cybersecurity experience is required in designing and implementing IAM solutions using products like PingIdentity, PlainID, SailPoint, RadiantLogic and Apigee etc.

Experience and in-dept understanding of IAM security protocols & technologies (Eg: SAML, OAuth, OIDC, RACF, LDAP, ID Federation, SSO, MFA, UEBA) is required.

Integration experience of Ping Identity or similar products with z/OS RACF, AD/AAD, LDAP and other IdPs for SSO with phishing-resistant MFA is required.

Strong understanding with some experience is required in designing / implementing fine-grained Policy Based Access Control & Dynamic Authorization using products like PlainID, PingAuthorize and/or Axiomatics.

Strong knowledge of Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K and NIST) & security architecture frameworks is required.

Knowledge of identity threat Analytics, Detection and Response is required.

Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred

Strong communication skills with the ability to present in front of large audience