Vacancy expired!
Cloud Identity and Access Management (IAM) Engineer Job Description
Cloud Identity and Access Management (IAM) Engineer - CoStar Group - Washington, DC OVERVIEW CoStar delivers real-time, verified commercial real estate data that helps clients confidently spot great opportunities and make smart choices ahead of competitors. By combining the power of CoStar's independent research organization - the industry's largest - with global data delivery, software, and application solutions, clients can act on opportunities with confidence. Securely connect 5000 employees to all corporate resources, and more importantly connect 800 technology developers and engineers to resources across AWS, Azure, Google Cloud Platform, and an 8000 VMware IaaS infrastructure, all through a zero trust framework.Opportunity to work in an advanced security operation that is responsible for securing the data and products behind 35 websites serving 75M global visitors/mo, running on top of multiple private and public clouds. We are looking for passionate, technical IAM Engineers to architect, engineer, and operate all IAM activities across a large technical infrastructure and corporate environment. This position will work with Security, Systems, DevOps, Network, and Development teams to drive and shape the way our employees and engineers access our systems through a Zero Trust model. The candidate must have experience implementing and operating IAM tools.BASIC QUALIFICATIONS- Bachelor's Degree (preferably in a relevant field - Computer Science/Cyber Security)
- Minimum 5 years total experience in a technical role such as security, network, systems, or software engineer with at least 3 years focused on IAM.
- Minimum of 3 years of experience engineering IAM solutions in AWS, Azure, or a large scale IDP implementation (Okta, Ping, AzureAD, etc)
- AWS IAM - experience deploying and operating AWS IAM as code through cloudformation or terraform. Expertise in large scale AWS implementation of roles, policies, json, and security groups.
- Single Sign On (SSO) Identity Providers (IdP) - Okta, OneLogin, Ping Identity, AzureAD
- Programmatic password ault experience to rotate creds at scale - Hashicorp Vault, Thycotic Secret Server, AWS Secrets Manager
- Azure or Google Cloud Platform IAM implementations at scale
- Zero Trust modeling - BeyondCorp, ZScaler, Cyxtera, Palo Alto Prisma
- LDAP - Active Directory, Group Policy Administration, AD migrations & consolidations, AWS SimpleAD, Duo Multi-Factor Authentication (MFA)
- IAM Security Defense - Bloodhound, Mimikatz, Password Spray, Rainbow tables, and cryptography.
- Network based IA & VPN - Palo Alto User-ID, App-ID, CheckPoint IA, Junos Pulse VPN
- Security Proxies - (F5, NetScaler, Bluecoat, ZScaler, Akamai)
- Scripting/programming skills - Python, PowerShell, Perl, JavaScript, .NET, API Integration
- SANS/GIAC, CISSP, CISM, OSCP, OSWP, GPEN, CEH, Security+, CCNA, CCNP, CCIE, PCNSE, ACE, CCSA, CCSE, CCMSE JNCIE, VCP-NV, F5-CA, F5-CTS, F5-CSE, ACMA, ACMP, ACMX, ACDX, AWS CSA, MCSE, MCITP, MCSA, AWS-CSA
- Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
- Life, legal, and supplementary insurance
- Commuter and parking benefits
- 401(K) retirement plan with matching contributions
- Employee stock purchase plan
- Paid time off
- Tuition reimbursement
- On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day
- Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks
Vacancy expired!