IAM Cybersecurity Engineer

This position supports the Identity and Access Management (IAM) program within Xerox Cyber Security organization. The qualified candidate is responsible for building and deploying effective IAM: SSO/MFA/Enterprise Directory technologies, solutions, and processes across the enterprise in collaboration with business, IT and other Cyber Security professionals. 

Primary Responsibilities: 

• Design, implement, and manage Identity and Access Management solutions to ensure secure and efficient user access to systems and applications. 

• Set up and support Single Sign-On (SSO) and multi-factor authentication (MFA) across various applications and cloud services using Entra ID. 

• Integrate applications, cloud platforms (like Azure AD, AWS, GCP) with enterprise directory services (like Active Directory, Entra ID). 

• Set up identity federation for secure access to external applications and resources. 

• Develop and enforce IAM access policies, roles, and permissions across the organization to ensure least privilege across cloud and application services. 

• Collaborate with stakeholders to gather requirements and ensure IAM solutions meet business needs. 

• Participate in security audits and assessments to ensure compliance with industry regulations. 

• Collaborate with other IAM engineers and architects on major initiatives. 

• Be a strong individual contributor who improves IAM service offerings. 

• Create and maintain IAM technical documentation, runbooks, and procedures. 

• Provide guidance to SSO and Directory Services operations team and serve as escalation point for resolving operational incidents. 

• Operate as a technical subject matter expert and advise project teams regarding integration with SSO/MFA technologies. 

• Develop and enforce access policies for privileged users across the organization. 

• Monitor and analyse privileged access activities for signs of unauthorized or suspicious behaviour including back-door access (if any). 

• Conduct regular account reviews and audits to ensure compliance with security policies. 

• Resolve security incidents related to privileged access in a timely manner. 

Knowledge and Skills Required: 

• 3+ years of experience in IAM engineering specializing in SSO/MFA/Enterprise Directory Services for various projects. 

• Strong understanding of IAM concepts, principles, and best practices. 

• Hands-on experience with Microsoft Entra ID, Conditional Access Policy, Enterprise App Registrations, Azure App Proxy, and Azure B2C etc. 

• Familiarity with directory services (Active Directory, LDAP). 

• Experience with cloud platforms (AWS, Azure, GCP). 

• Knowledge of protocols like SAML, OAuth 2.0, OIDC, and SCIM. 

• Proficiency in one or more programming and scripting languages: Java, PowerShell, Perl, Python etc. 

• Understanding of Web technologies including HTTP/HTTPS, cookies and session management 

• Strong written and verbal communication skills 

• Experience working across multiple teams on projects. 

• Strong organizational and attention to detail skills 

• Uncompromising personal and professional integrity and ethics 

Education and Experience Required: 

• B.S in computer science, information systems, information security, engineering or related fields. 

• Minimum 3 years of experience in the field of IT services with experience in Single Sign-On (SSO), MFA, Identity Federation, and Conditional Access Policy etc. 

• Industry-standard security (such as CISSP) or vendor certifications such as Microsoft Certified Identity & Access Administrator Associate, Azure Security Engineer etc. is a plus.