Report this job

---

What is the problem? *

Incorrect company
Incorrect location
Job is expired
Job may be a scam
Other

Location: Tampa or Dallas, TX

Duration: Full time

JOB DESCRIPTION:

Drive the Identity & Access Management and secrets management architecture roadmap and share with AES stakeholders.
Participate in discovery workshops to understand Client's & Workforce IAM and security needs and provide best practice recommendations to meet IAM use cases. Develop design and architectural diagrams that clearly communicate the proposed solution and flows.
Actively participate in the cross-functional team meeting, developing project plans, implementation, testing, pre / post go-live activities, risk management and issue management.
Architect solutions utilizing Ping Identity Products, PlainID, Virtual Directory and similar IAM products for Mainframe hosted applications.
Design IAM solution with SSO / MFA for applications hosted on Distributed as well as Mainframe environments.
Assist Application migration effort (Mainframe to Distributed environment) from IAM perspective to provide unified user experience throughout migration journey.
Create IT security standards easily consumed by stakeholders. Evaluate the existing application security controls, (on-premises and cloud), identify improvements, and build plans into the application security capability roadmap for implementation.
Build access management security patterns (standardizing authentication/authorization flows, single-sign-on/MFA, provisioning, user behavior analytics, access governance system controls, privileged/secrets mgt) and designs as part of initiatives to modernize the DTCC access management security posture.
Mentor junior security engineers and architects to enhance their cybersecurity and architecture skills.
Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately.

8-10 years of related experience

Bachelor's degree preferred

Strong cybersecurity experience is required in designing and implementing solutions for API Gateway, IGA and Virtual Directory capabilities using Ping Identity, PlainID, SailPoint, Radiant Logic and Apigee etc.

Experience with standard IAM security protocols & technologies (Eg: SAML, OAuth, OIDC, RACF, LDAP, ID Federation, SSO, MFA, UEBA) is required.

Strong experience is required in designing integration of Ping Identity or other similar products with z/OS RACF, AD/AAD, LDAP and other IdPs for SSO with phishing-resistant MFA.

Strong experience on AuthN / AuthZ flow for CICS applications as well as Websphere hosted applications on Mainframe. Experience with System Authorization Facility (SAF) for z/OS.

Strong knowledge of Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K and NIST) & security architecture frameworks.

Experience with identity threat Analytics, Detection and Response.

Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred

Strong communication skills with the ability to present in front of large audience.