Lead Security Engineer - IAM - Full-time / Part-time

POSITION PURPOSE -
The Lead Security Engineer utilizes solid business knowledge and expert technical experience of security to provide a secure information environment for the business. Assists in the investigations of high level, complex violations of Information Security Policies by analyzing forensic data from Sr. Analyst. Develop recommendations and take appropriate action. Develop and drive the Identity and Access Management (IAM) strategy. The purpose of the position is to provide effective Information Security services that: Continuously protect our critical information assets and brand name. Assure compliance with corporate and regulatory policies/standards & industry best practices. Simplify, enhance and enable business initiatives. Operates as a team lead providing technical direction to team members. May perform the function to automate access provisioning across supported systems and applications with documentation. May direct, define and provide audit reporting.

MAJOR TASKS, RESPONSIBILITIES AND KEY ACCOUNTABILITIES -
Lead investigation of high level complex violations of Information Security Policies and direct activity to analyze forensic data from Sr. Analysts. Develop recommendations and take appropriate action.

Present to Information Technology management development/implementation plan for secure solutions.

Present findings to manager on compliance reporting for Information Securities Policies.

Drive the Disaster Recovery and Business Continuity strategy.

Provide technical direction to analysts, associates and contractors.

Develop Information Security Policies, Standards and Guidelines.

Automate access provisioning across supported systems and applications with documentation. Direct, define and provide audit reporting.

NATURE AND SCOPE -
Typically reports to Manager, Information Technology

No associates report to this role on a permanent basis, but requires the leadership of a work group: assign and review work, train and contribute to performance appraisal (but not hiring, firing or disciplinary action).

ENVIRONMENTAL JOB REQUIREMENTS -
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.

Typically requires overnight travel less than 10% of the time.MINIMUM QUALIFICATIONS -
Must be eighteen years of age or older.
Must pass the Drug Test.
Must successfully complete any required training or orientation courses.


EDUCATION REQUIRED -
The knowledge, skills and abilities typically acquired through the completion of a high school diplomas and/or GED.

YEARS OF RELEVANT WORK EXPERIENCE - 5


PHYSICAL JOB REQUIREMENTS -
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

ADDITIONAL QUALIFICATIONS -
Direct hands-on experience with one or more of the following InfoSec solutions: Anti-Virus, intrusion detection, firewalls, content filtering, rick assessment.

PREFERRED QUALIFICATIONS -
Industry certifications - CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCSP, CBCP, ABCP, MBCP.

• Strong communication skills
• Strong analytical and problem solving skills
• Ability to work in production ops support with on-call rotation
• Experience in designing and implementing for large scale topologies
• Experience with schema design
• Experience integrating directories for access management and SSO
• Experience in troubleshooting of complex enterprise-architected systems on multiple platforms
• Ability to deploy Highly Available and Robust infrastructure
• Knowledge of evaluating performance and tuning LDAP environments
• Experience utilizing security best-practices to tighten access to LDAP resources and Identity and Access Management Solutions
Strong Windows system administration and deep understanding of Windows security
Information Security experience particularly with Identity and Access Management
Extensive knowledge of Active Directory and LDAP protocol
Prefer knowledge of Single Sign On Federation products using SAML 2.0 and Oauth technology. Products such as (PING Federate, Microsoft ADFS, etc.)
Knowledge of Dell/Quest toolset (ARS, RMAD, etc.)
Working knowledge of Identity and Access Management technologies – SSO, Web Access Management, Entitlement/Certification Management, Federation, Directory Services, Password Management, Provisioning and Job Role Management
Experience with RSA secureID for 2 factor authentication.
Working knowledge of Identity and Access Management package solutions - Oracle, IBM, CyberArk

1+ years experience in network, system or application architecture design, implementation or support.

1+ years application security knowledge in an application used at THD.

7-10 years of related experience.

BS Computer Science or related field, MS a plus.

KNOWLEDGE, SKILLS, ABILITIES AND COMPETENCIES -
Assessment tools, technologies and methods.

Designing secure network, systems and application architectures.

Disaster recovery, computer forensic tools, technologies and methods.

Planning, researching and developing security policies, standards and procedures.

System administration role with experience in supporting multiple platforms/applications.