Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Overview: We are seeking a highly skilled and experienced Senior Security Engineer to join our team. As a Senior Security Engineer, you will be responsible for designing, implementing, and maintaining security solutions to protect Qualys systems, networks, and data. You will work closely with cross-functional teams to ensure the effectiveness of security measures and help establish and enforce security policies and procedures.Responsibilities:Design and Implement IAM Infrastructure:
- Architect and build IAM infrastructure components, including identity management systems, directory services, authentication mechanisms, and access control mechanisms.
- Architect, design, and implement cloud-based IAM solutions, considering the unique challenges and opportunities presented by cloud environments.
- Develop secure IAM frameworks and workflows, ensuring scalability, reliability, and high availability of IAM infrastructure.
- Collaborate with system architects and network engineers to integrate IAM solutions into existing infrastructure.
User Provisioning and Access Control:
- Develop and manage user provisioning processes, including account creation, modification, and deprovisioning, ensuring compliance with access policies and procedures.
- Implement role-based access control (RBAC) frameworks and access control models to grant appropriate access privileges to users based on their roles and responsibilities.
- Implement automated identity provisioning and deprovisioning processes, ensuring efficient onboarding and offboarding of users in cloud environments.
- Monitor and audit user access rights, regularly reviewing and revoking unnecessary or excessive privileges.
Identity Federation and Single Sign-On (SSO):
- Design and implement identity federation solutions, enabling secure and seamless authentication and authorization across systems and applications.
- Develop and configure Single Sign-On (SSO) solutions using industry-standard protocols such as SAML, OAuth, and OpenID Connect.
- Integrate identity federation and SSO with external service providers and cloud-based applications.
Security Policies and Procedures:
- Assist in the development and enforcement of IAM security policies, standards, and procedures.
- Develop and enforce cloud identity governance processes, including user lifecycle management, access certifications, and access review workflows.
- Conduct regular assessments and audits of cloud IAM infrastructure to identify and address security vulnerabilities, gaps in compliance, and deviations from established policies.
- Stay up-to-date with industry trends, emerging threats, and best practices related to IAM infrastructure security.
- Collaborate with stakeholders to ensure that IAM infrastructure aligns with compliance requirements and industry regulations.
IAM Infrastructure Maintenance:
- Monitor the performance, availability, and security of IAM infrastructure components, proactively identifying and resolving any issues or vulnerabilities.
- Conduct regular maintenance activities, including software updates, patches, and system upgrades, to ensure the integrity and reliability of IAM infrastructure.
- Implement backup and disaster recovery mechanisms for IAM infrastructure components.
Access Control and Authorization:
- Develop and maintain access control models, including RBAC, ABAC (Attribute-Based Access Control), and dynamic authorization frameworks, to ensure granular and appropriate access privileges across systems and applications.
- Implement fine-grained access controls based on user roles, job responsibilities, and data sensitivity, balancing security requirements with operational efficiency.
- Monitor and enforce access control policies, regularly reviewing access permissions to identify and remediate any unauthorized access or potential security risks.
Multi-Factor Authentication (MFA) and Adaptive Authentication:
- Design and deploy multi-factor authentication (MFA) solutions to enhance the security of user authentication processes.
- Implement adaptive authentication mechanisms that dynamically adjust authentication requirements based on user behavior, risk levels, and contextual factors.
- Evaluate and select appropriate MFA methods (such as SMS, email, tokens, biometrics) based on the organization's risk profile and user experience considerations.
Identity Lifecycle Management:
- Develop and maintain identity lifecycle management processes, including user provisioning, user attribute management, password management, and account termination procedures.
- Collaborate with HR, IT, and other relevant departments to ensure efficient and secure onboarding, role changes, and offboarding of employees, contractors, and external partners.
- Implement self-service capabilities for users to manage their identities, passwords, and access requests, reducing administrative overhead and improving user satisfaction.
- Collaborate with DevOps teams to integrate IAM processes into CI/CD pipelines, ensuring secure and efficient deployment of cloud infrastructure.
Monitoring:
- Capture and analyze user activity logs to detect suspicious behavior, such as unauthorized access attempts or privilege escalations.
- Monitor and log access control decisions, privilege changes, and administrative activities for auditing and compliance purposes.
- Enable logging and monitoring of cloud IAM services to track changes, detect security incidents, and support forensic investigations.
- Correlate IAM logs with other security logs to identify anomalies, detect insider threats, and investigate security incidents.
Vendor Management:
- Engage with IAM solution vendors, assess their products and services, and participate in the selection and procurement process.
- Collaborate with vendors on solution implementations, upgrades, and issue resolution, ensuring alignment with business requirements and security standards.
- Manage vendor relationships, including contract negotiations, service level agreements (SLAs), and ongoing vendor performance evaluation.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CISA, or IAM-specific certifications (e.g., CIAM, CIPP) are highly desirable.
- Proven track record of designing and implementing complex IAM solutions, preferably in a senior or lead role.
- In-depth knowledge of IAM concepts, frameworks, and best practices, including user provisioning, access management, authentication mechanisms, and identity federation.
- Familiarity with IAM tools and technologies, such as identity management systems, directory services, multi-factor authentication (MFA) solutions, and identity governance and administration (IGA) platforms.
- Understanding of cloud-based IAM solutions and integration with cloud platforms (e.g., Azure AD, AWS IAM).
- Experience with IAM governance processes, access certification, access review workflows, and risk-based authentication.
- Strong problem-solving and analytical skills, with the ability to assess complex IAM requirements, identify gaps, and propose effective solutions.
- Excellent communication and collaboration skills to work effectively with cross-functional teams, stakeholders, and external vendors.
- Strong project management skills to drive IAM initiatives, manage timelines, and deliver successful outcomes.
