Senior Identity and Access Management (IDAM) Security Engineer

at System One
Published May 3, 2022
Location CHEY Mountain Air Force Base, CO
Category Default  
Job Type Full-time  


ALTA IT Services is a wholly owned subsidiary of System One, a leading provider of specialized workforce solutions and integrated services. ALTA is an established leader in IT Staffing and Services, for both government and commercial enterprises across the United States, specializing in Program & Project Management, Application Development, Cybersecurity, Data & Advanced Analytics, and Agile Transformation Services.

Job Title: Senior Identity and Access Management (IDAM) Security Engineer
Locations: Wright-Patterson AFB, OH, or Scott AFB, IL, or Peterson AFB, CO, or Lackland AFB, TX

Clearance: DoD Secret
Certifications: DoD 8570 Certified – IAT Level II or IAM Level II

Primary Responsibility:
The Senior Security Engineer is responsible for role-mining, maintaining, administering, and supporting privileged access and identity governance solution for our AF client, as well as ensuring that the security controls function as designed and in accordance with industry standards.
The Security Engineer will install and configure CyberArk’s Privileged Access Security solution to monitor, detect, alert, and report privileged user activities and behaviors.
The candidate will support ongoing Identity and Access Management (IDAM) Projects and will actively participate in improving the overall security posture for our clients.
Candidates will work on a security team to prioritize and execute on tasks required for solution delivery.
Candidates will lead the analysis and refinement of client requirements, creation of technical documentation, product deployment and configuration, development of customized system enhancements and provide expert support.

Required Technical Competencies:
Apply expertise in the installation and configuration of the CyberArk platform, including conducting routine solution maintenance activities, monitoring the health of the platform, and conducting daily proactive monitoring of the CyberArk production environment. Monitor CyberArk to support any break fixes, upgrades, patches, and performance or integration related issues. Maintain responsibility for scheduling periodic reports and addressing audit findings. Support critical CyberArk functions, including maintenance, patch identification and publication, and upgrades of CyberArk and related modules. Maintain responsibility for privilege user incident management support, user acceptance testing of privilege accounts, load testing, performance testing, and validation testing of the CyberArk solution

Superb communications skills including active listening, clear and succinct writing, confident presentation, and considered advice
Excellent troubleshooting and problem-solving skills
Thorough understanding of computer networks and domains, particularly Microsoft technologies
Excellent teamwork skills
Ability to follow complicated software installation and configuration procedures
Ability and desire to learn and master a variety of security skills
Flexible, with the ability to work independently on various technical activities and be able manage one’s time between multiple products and activities (multitasking capabilities)

Serve as an experienced technical resource for the team and customers in deployment, maintenance, and break/fix resolution of various technologies including, but not limited to:

CyberArk Password Vault Web Access 11.x+
CyberArk Central Policy Manager 11.x+
CyberArk Privileged Session Manger 11.x+
CyberArk Digital Vault 11.x+
Microsoft Identity Manager 2016 SP2
Microsoft Active Directory
Public Key Infrastructure
Role-Base Access Control (RBAC)
Multifactor authentication – PIV, CAC, Digital Badge, and/or OATH tokens (soft/hard)
Bachelor's degree and 5-7 years of experience working in Identity and Access Management (IAM).
At least 3.0 years of working experience in deploying CyberArk Digital Vault, Password Vault Web Access, Central Policy Manager, and Privilege Session Manager to large enterprises
Practical experience with Windows Certificate Authority PKI solutions, including Secure Socket Layer (SSL)
3+ years’ experience implementing, administering, and supporting privileged access and identity governance technologies and related infrastructure
3+ years’ experience querying and binding objects in Lightweight Directory Access Protocol (LDAP)
3+ years’ experience administering Active Directory objects, architecture, and back-end infrastructure
Familiarity with Microsoft Red Forest / Bastion
Familiarity with network devices and architecture
CISSP/CEH-level understanding of security methodologies pertaining to user access, authentication, and authorization
Windows 2016 and 2019 Server OS installation, configuration, and deployment (MCSE certifications a plus)
Familiarity with diagnostic tools and analyzing data (Analyzing Error Logs)
3+ years’ proficiency with database querying languages and methods (SQL, MySQL, MongoDB, etc.)
Familiarity with Web 2.0 data parsing methods and protocols (REST, SOAP, OpenAPI, XML, JSON, etc.)
Demonstrable experience (at least two years working with enterprise production code) in applicable scripting languages (PowerShell, JavaScript, Python, etc.)
Must possess or be able to obtain CyberArk Certified Deliver Engineer (CDE)
DoD 8570 Certified – IAT Level II or IAM Level II.
Strong written and verbal communication skills
Relevant industry certifications highly desired (e.g., CISSP, CEH, CHFI, SSCP, CCSP, etc.)
Familiarity with ITIL , SDLC, and DevOps procedures and best practices (ITIL certifications a plus)

ALTA IT Services is an equal opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, or any other factor.

Drop files here browse files ...