We're looking for a dynamic and highly motivated Senior IAM Engineer that is seeking a position with the global leader in commercial real estate services. This candidate has the experience necessary to help build out our existing IAM infrastructure and troubleshoot problems as they arise. The ideal candidate for this position can prioritize mission critical tasks and coordinate the construction and expansion of our IAM systems so updates and other maintenance tasks don't get in the way of daily operations. We're interested in automating as many of our processes as possible to reduce the potential for human error.
The candidate must have experience with global Identity Access Management (IAM) tools and technologies including SailPoint Identity IQ, token-based authentication technologies (e.g. Kerberos, SAML 2.0, WS-Federation, OAuth, OpenID Connect) and Azure Active Directory or equivalent. The candidate must have a high level of proficiency with coding and scripting languages.
The Senior IAM Engineer is responsible for installation, configuration, testing and maintenance of the Identity Access Management (IAM) products and services provided by the IAM Program for global Enterprise consumption.
Design, develop, test, and implement information system security throughout the Identity Access Management (IAM) life cycle.
Develop, create, maintain, and write/code new (or modify existing) applications, software, or specialized programs.
Provide technical support for Identity Access Management (IAM) and/or Security related products and services as needed.
Design, implement and support both legacy and modern enterprise token-based authentication technologies (e.g. Kerberos, SAML 2.0, WS-Federation, OAuth, OpenID Connect).
Design, implement and support single-factor and multi-factor authentication platforms.
Design, implement and support Enterprise role mining processes and procedures.
Work across teams to deliver IAM services and best practices for Enterprise on-premise and cloud-based solutions globally.
Execute delivery of security solutions against product and project roadmaps.
Stay current on new technologies and act as driver of innovation for the Enterprise.
Partner closely with horizontal teams to ensure alignment between security control frameworks, deployed technologies, and desired vs achieved outcomes.
Actively participate in strategic discussions with Information Security leaders.
Partner with Governance teams for continual review, enhancement, and execution of compliance requirements.
QUALIFICATIONS & EDUCATION
Must have a Bachelor of Science in Computer Science or related field of study or equivalent work experience. Requires technical and business knowledge in multiple disciplines/processes. Typically has 7 - 10 years of relevant work experience.
Preferred - Master of Science in Computer Science or related field of study
4+ years Enterprise experience in 4 or more of the following scripting and/or programing technologies: C/C++; Java; SQL; HTML; HTML5; Perl; J2EE; JSP; Servlets; Java Script; PHP; .NET Framework (VB.Net,C#,ASP.Net); JSF; JAX-WS; XML; XPath; JSF; Java Script; CSS3; and Single Page Applications (SPA)
4+ years Enterprise experience with Test Management Tool Set Technologies (e.g. JUnit4, Selenium)
Detailed subject matter expertise with legacy and modern enterprise token-based authentication technologies (e.g. Kerberos, SAML 2.0, WS-Federation, OAuth, OpenID Connect).
4+ years Enterprise experience with the configuration of Identity Provider (IdP) initiated and Service Provider (SP) initiated SAML profiles with different binding types (e.g. Redirectd, POST and Artifact).
4+ years Enterprise experience in implementing SAML and Oauth based SSO using multiple authentication products (e.g. ADFS, AzureAD, Okta or Ping Identity).
4+ years Enterprise experience in IAM requirement analysis, implementation of Access Gateways and SAML, Oauth, WSFed and OpenID based integrations using various IAM solutions.
4+ years Enterprise experience with the deployment and support of all SailPoint IdentityIQ connector types (e.g. Delimited File, JDBC, LDAP, AD, DB2, Service Now, Oracle, RBAC, Workday, SAP and ServiceNow.)
4+ years Enterprise experience with three or more of the following data repositories / IAM directory platforms: CA Identity Manager r12.5 SP8 CR1; CA SSO/SiteMinder r12.52 SP2 CR1; CA
Directory server; Sun ONE Directory Server (LDAP) 5.x/6.0/7.0; iplanet Directory Server on Sun Solaris; Oracle 9ig/10g Directory Server; IBM-Tivoli Directory Server; Ping Identity; Okta; Active
Directory Federation Services (ADFS); Active Directory (AD); Azure AD Connect; Azure Active
Directory (AAD); and Microsoft Identity Management (MIM).
4+ years Enterprise experience in general maintenance of Public Key Infrastructure (PKI) and use of X.509 certificate-based authentication.
4+ years Enterprise experience integrating SaaS applications with Azure AD for SSO
4+ years Enterprise experience in the implementing and support of multifactor authentication services using Microsoft Authenticator, Duo, and/or RSA SecureID.
General proficiency with the following LINUX, UNIX, and WINDOWS operating systems and components: IIS, Sun One, Apache, Windows Server 2016/2012 R2/2008/2003, UNIX, Sun Solaris, IBM-AIX, HP-UX. and Linux [Ubuntu, CentOS].
Internal Number: 19018742
With broader and deeper capabilities than any other company, CBRE is the leading full-service real estate services and investment organization in the world.
CBRE Group, Inc. is the world’s largest commercial real estate services and investment firm, with 2017 revenues of $14.2 billion and more than 80,000 employees (excluding affiliate offices). CBRE has been included in the Fortune 500 since 2008, ranking #214 in 2017. It also has been voted the industry’s top brand by the Lipsey Company for 17 consecutive years, and has been named one of Fortune’s “Most Admired Companies” in the real estate sector for six years in a row. Its shares trade on the New York Stock Exchange under the symbol “CBRE.”
CBRE offers a broad range of integrated services, including facilities, transaction and project management; property management; investment management; appraisal and valuation; property leasing; strategic consulting; property sales; mortgage services and development services.