Job Information
Federal Reserve Bank Principal ICAM Engineer (Sr. Security Analyst)- IT Division in Washington, District Of Columbia
Principal ICAM Engineer (Sr. Security Analyst)- IT Division - R024292 Primary Location : DC-Washington : Employee Status : Regular Overtime Status : Exempt Job Type : Standard : : : Relocation Provided: : Yes Compensation Grade Low: : FR PAY GRADE 27 Compensation Grade High: : FR PAY GRADE 28 Minimum Salary: : $134,900.00 Maximum Salary: : $266,500.00 Posting Date : Mar 12, 2024
Position Description
Minimum Education Bachelor's degree or equivalent experience Minimum Experience 6 Summary The Senior Security Analyst independently provides technical and analytical support for the Board's computer security systems. Monitors current security systems to control access to systems and detects and reports violations. Develops new security measures as needed. Duties and Responsibilities
Position Requirements
Summary: We are seeking a talented Principal Identity, Credential, and Access Management (ICAM) Engineer with 7 years of experience implementing access control modules and policies across multiple systems, applications, data stores and environments. These systems and applications will be deployed in the cloud and on-prem. This may constitute Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), Rule-Based Access Control (RBAC or RB-RBAC), and/or Policy-Based Access Control (PBAC), with an emphasis on RBAC/PBAC. The ICAM Engineer will be responsible for: RBAC and PBAC Implementation: Develop, deploy, and maintain RBAC and PBAC modules for access control, ensuring that users and entities have the appropriate permissions and privileges. Access Control Policies: Collaborate with stakeholders to define and enforce access control policies based on RBAC and PBAC principles. Identity Management: Design and manage the identity lifecycle, including provisioning, de-provisioning, and authentication processes. Access Governance: Monitor and audit access permissions to ensure compliance with security policies, industry standards, and regulatory requirements. Single Sign-On (SSO) Solutions: Integrate with existing and/or implement and maintain SSO solutions for streamlined user authentication and access management, if permitted. Integration: integrate ICAM solutions with various systems, applications, and services, ensuring seamless functionality. Troubleshooting and Incident Response: Investigate and resolve access-related issues and participate in incident response activities as needed. Documentation: Maintain detailed documentation of ICAM configurations, policies, and procedures. Security Awareness: Stay current with emerging ICAM and best practices in access management and security. Collaboration: Work closely with cross-functional teams, including IT, security, compliance, and application development teams, and others to implement and maintain ICAM solutions effectively. User Training: Provide training and support to end-users and administrators on ICAM tools and procedures. The Senior Security Analyst (Principal ICAM Engineer) is a security engineer expert for identity, credential, and access management that will provide technical direction and leadership to collaboratively prototype, integrate, develop, and test with product teams to identify optimal ICAM enterprise solutions that meet the present and future needs of Board customers. The Senior Security Analyst (Principal ICAM Engineer) directs the coordination of a wide range of major technical, operational, and policy initiatives associated with Federal Identity, Credential, and Access Management (FICAM), cybersecurity, and related IT security policy objectives for the Federal government. Position Requirements FR-27 Minimal Qualifications Requires excellent analytical ability and oral and written communication skills typically acquired by completion of a bachelor's degree in computer science or related discipline. Requires a minimum of 7 year's experience working with computer security systems. Possesses expertise in emerging technologies. FR-28 Minimal Qualifications Requires excellent analytical ability and oral and written communication skills typically acquired by completion of a bachelor's degree in computer science or related discipline. Requires 8 years-experience in working with computer security systems. Requires a mastery of technical knowledge of the functions and interrelationships of the major components of automation systems and technologies, including telecommunications, operating systems, and data base management systems. Possesses expertise in emerging technologies. Remarks:
Previous large-scale engineering experience with increasing responsibilities over your career. Extensive experience as a systems engineer, architect, or consultant in a government environment. Hands on experience with identity and access management technologies from leading vendors including Microsoft, Saviynt, SailPoint, CyberArk, Entra ID, Azure AD, and Okta. Experience in the decomposition of requirements, use cases, and needs into a technical design, applying user-centric and test-driven design approaches. Strong attention to detail; highly organized. Deep understanding of both cloud and on-premises infrastructure concepts, including compute resources, networking, security, load balancing, operating systems (Linux and others), web and application servers, databases, and storage. Understanding of how to architect a system for high availability and fault tolerance. Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences. Job involves independent research, implementations, and daily operational assignments. Understanding of credentials, authentication and authorization principles and design alternatives. Experience implementing Windows for Hello for Business, FIDO2 authenticators, and YubiKeys for Multifactor authentication. Diverse technical experience with Active Directory, LDAP, NLTM, Kerberos, federation assurance, Azure Active Directory, identity management, privileged accounts, application development methods, cloud security, Microsoft Office 365, and security operations. Knowledge of Domains, Forests, and organizational units (OUs) along with secure object store, users, computers, and groups in a hybrid cloud environment. Experience with integrating ICAM solutions such as IGA with data access governance tools (DAG) and data catalog solutions. Highly Desirable: · 7 years of work experience as an ICAM engineer with a focus on identity as a perimeter or related ICAM leadership role, best practice Identity Governance Administration (IGA), Identity Credentialing Access Management (ICAM) or similar experience that is directly transferable. · Security enterprise architecture mindset with business acumen · Certification and/or experience with identity governance & administration (IGA) and identity provider technologies (IdP) with Saviynt, SailPoint, Azure AD, Okta, and Entra ID, etc. · Certifications and/or Experience with Privileged Access Management (PAM) technologies including Saviynt, CyberArk, Thycotic, Symantec, etc. · Experience with FIDO2 and phishing-resistant authenticator methods such as YubiKey, windows for hello for business, etc. · Cloud Solutions Engineer certifications preferred - including Azure, AWS, etc. · Certifications in CIAM, CSEIP, CISSP, or general identity management specific · Deep understanding of standards based and service-oriented architectures for Identity and Access Management (IAM) · Deep understanding of cloud capabilities for each area: Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service · Deep understanding of Zero Trust Reference Architecture This position is hybrid, requiring a combination of telework and in-office presence in Washington, DC.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or application, membership, or service in the uniformed services. | Req ID: R024292 Current Search Criteria |