Senior AD/IAM Engineer_

Description:Team Info:• Two engineers in total, including this role (AD focused)• Five Operations Analysts (strictly IAM focused)• This role will report into the IAM Manager• This team sits in the Information Technology - Information Security TeamSummary overall of Team Function:The Engineers for the Identity & Access Management (IAM) function are responsible for identifying, delivering and supporting the technology used to deliver the client's overall Identity & Access Management program, which is designed to ensure the Firm’s user identities, accounts, credentials and system access are fully and completely managed for all system users. The Engineers are responsible for the current technology in place (Okta Verify/SSO, Microsoft/Azure AD, CyberArk, etc) and ensuring successful operations, interoperability and general well-being. S/he works proactively with IAM Manager, IAM senior technical staff and various IT and business departments to implement services that meet the clients current and future IAM needs.The IAM Engineer is a proven technologist and a hands on problem solver, as well as, an effective internal consultant, who will regularly advise others on access and security/risk related issues. S/he must possess domain competencies in a number of related disciplines, including security, risk, access control, overseeing Active Directory (on premises and Cloud based) authentication, multi factor authentication and entitlements reviews.This specific opening’s Description:-It will be expected that this candidate mentor other Analysts and Engineers on the team, but not officially lead them.-This person will not be handed any checklists, tickets or to do's, as their role is to maintain, manage run times, handle automation, optimization etc.Duties and Responsibilities of Team overall:• Work with the IAM Manager to build out and oversee the IAM function’s technical controls and its related activities including planning, testing, reporting and delivering IAM services.• Oversee the implementation of all current solutions to ensure they are configured appropriately and are delivering maximum value for the Firm. Review current documentation such as Procedures, run books, and Knowledge Base Articles used by the Service Desk. Review and/or establish Best Practices where applicable• Engage and interact with other IT Departmental Engineers to ensure future efforts (ours and their’s) result in continued uninterrupted delivery of all IAM services.• Demonstrate extensive understanding of IAM concepts such as directory services, SSO, federation, MFA, provisioning, access certification, roles and SOD.• The analysis, design, implementation, and maintenance of all layers of IAM applications, including Authorization / Authentication and Account Creation / Management / Provisioning / Retirement in data repositories. Including; strategy, organizational design, process re-engineering and technology implementation.• Drive technology discussion and strategy in line with business needs to develop technology roadmap, including presentation of complex technical materials in simplified terms for non-technical audience.• Functional areas and work experience should include; fine-grained access control, policy driven security, Identity Governance, Access Management, and Privileged access management, user provisioning/de-provisioning, and federation.• Provide support with respect to requirements gathering, project management and delivery of one or more Identity platforms, such as SailPoint (Identity IQ), Okta, and Saviynt.• Serve as the central point of contact for information security and IAM policy and process related issues.• Address Vulnerabilities, Pentest findings and audit issues in a timely manner.• Support Governance, Risk & Compliance (GRC) and Disaster Recovery (DR) efforts and initiatives.• Participate in a 24x7x365 on-call rotation• Stay abreast of industry trends, solution landscape and market conditions and update peers and management accordingly.• Other duties, as assigned.Required (must have):1. -It is more important this person have AD experience than IAM experience, we can train on IAM, not AD. -Very little training will be provided, as this candidate should come in with Senior level AD Engineering knowledge.-- This hire will serve as the subject matter expert of all things AD (Azure). And GPO management, AD Domain Controller Monitoring on Windows Desktop and Server environments. --The most important task that this person is expected to do on a daily basis is - Ensure AD health, that all domain controllers are up, patched, and that everything is running smoothly. Tasks that many employees must do are dependent and built off of the AD environment, and with errors come attorneys unable to make the firm revenue.* If your candidate cannot speak to their experience doing the following, please refrain from submitting.-AD Migration of Domain Controllers to 2019-AD Security Audit Items Remediation-AD & Azure AD Administration-AD /Azure AD Integrations with 3rd party products-Resolve Azure AD Sync issues-AD Monitoring via 3rd party tools (Tenable / Crowdstrike)-AD/SSO Troubleshooting-AD / ARS Integration troubleshooting / planning-AD Password Policy Modifications-AD Domain Controller Replication monitoring-Windows Time Service monitoring-Windows DNS Server administration-AD related Group Policy Configuration-AD Domain Controller database ADRM tool backup monitoring-AD Support for account related issues (lockouts)-Public Key Infrastructure for on prem Sub CA’s-Experience with Linux/Unix, Windows, SQL, LDAP, and web services-Mid level to Expert level with scripting (PowerShell is a must), -It is not expected that this hire develop, rather build out an environment, based off of an already developed system, thus why PowerShell scripting is important.-Bachelor's degree or equivalent combination of education and/or experience.Ideally, but not a deal breaker:-Minimum of 5 years of experience in Technical IAM related roles, ranging from technical tool selection, implementation and operations. Cloud based and cloud adoption a must.-Hands-on technical experience in systems integration or software engineering of identity and access management (IAM) solutions (such as BeyondTrust, Delinea, Okta, SailPoint, Saviynt, Active Role Server etc.)SOFT SKILLS:- Candidate must be great with autonomy and independent work- This person must have a pro-active work style, and be a "go-getter”- This team depends heavily on this resource to communicate issues and important AD matters to the rest of the IAM team, thus they must be a strong communicator.- This role should require very little oversight.- Strong organizational skills- Strong attention to detail- Good judgment- Strong analytical and problem solving skills- Able to work harmoniously and effectively with others- Able to preserve confidentiality and exercise discretion- Able to work under pressure- Able to manage multiple projects with competing deadlines and prioritiesPluses:• Multiple years of Legal Industry or Financial Services experience• Experience with one or more programming languages such as Java, C#, C/C++, Python, or JavaScript• Experience initiating new technologies and delivery high level services• Experience interacting with senior /executive members and presenting material in a simple straight forward manner• Industry specific training or certificationSkills:Active directory, Azure, Windows, Linux, SQL, LDAP, Web Services, PowerShell, cloud, Iam, Beyondtrust, delinea, okta, sailpoint, saviynt, Active Role Server, Java, C#, C/C++, Python, JavaScriptTop Skills Details:Active directory,Azure,Windows,Linux,SQL,LDAP,Web Services,PowerShell,cloudAbout TEKsystems:We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.