REMOTE PAM Architect

A large healthcare company is seeking a Privileged Access Management (PAM) Architect to join its Identity & Access Management (IAM) team to implement the next-generation Identity solution for enterprise users. This person should be able to understand the business requirements and convert them into technical artifacts. They will set remotely and must be able to work based on the US Eastern or Central time zone. The Identity & Access Management (IAM) PAM Architect will join the team of Identity & Access Management (IAM) Architecture that is responsible for designing & architecting any technology and solution in the Enterprise IAM space. The person is responsible for working with all different stakeholders and delivering the IAM PAM solution design as per business requirements and roadmap that includes Proof of Concept (POC) and documentation. They will gather use cases & requirements from different businesses and technology teams, create technical solution designs as per requirements, drive the IAM PAM roadmap and adoption of the technology, research & design the technical solution of new IAM capabilities with POC, and publish necessary documentation for businesses and other technology teams.

-Overall, 10+ years of hands-on working experience in IAM technology and products

-Overall, 7+ years of hands-on working experience in the Privileged Access Management (PAM) area at the enterprise level, having developed PAM solutions with industry standards for on-premise and cloud systems

Bachelor's degree

-Intimately familiar with authentication technology, including Multi-Factor Authentication (MFA) for user-based and application-based access controls

-Experience in Password vault and secret management technology

-Experience in enabling PAM solutions for servers, databases, Kubernetes, Cloud PaaS, Cloud IaaS, and other systems with a good understanding of PAM security controls

-Working knowledge of some IAM products: BeyondTrust, Delinea (Centrify), CyberARK, Cloud native PAM solution, etc.

-Expert knowledge of implementing SAML, OpenID Connect (OIDC), and OAuth 2.0

- Security knowledge about session management

-Experience in the authentication space including: password-less MFA, and security knowledge of various technologies & protocols - FIDO, PKI, Mobile MFA, OTP, FIDO key, Biometric authentication, behavior & risk-based authentication

-Implementation experience with web, device (laptop, etc.), infrastructure, and API authentication use cases.

-Mobile security knowledge

-Experience in Identity Federation & Single Sign-On (SSO)

- Identity gateway (proxy) and similar implementation knowledge

-Familiarity with Risk/Adaptive access control, including continuous access control

-Experience in Integration with cloud and on-premises systems, including Azure AD, GCP, Salesforce, etc.

-CISSP certification

-Development experience in any of the technologies, Java, Powershell, etc

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.