Identity and Access Management Lead
This is an exciting time for Shutterfly. In this position you will be an integral part of a developing enterprise Identity and Access Management Program. The Identity and Access Management Lead is a vital role that helps to provide assurance for Shutterfly’s critical assets and securely enables business functions. This role supports the business as an Identity and Access Management (IAM) subject matter expert in a variety of ongoing projects, coordinates and performs application administration changes, and liaises between subject matter experts for each applicable technology and internal clients. This position will help design, implement, and support IAM solutions in our diverse on-premises and cloud computing environments. The IAM Lead will partner with internal groups and vendors to deliver IAM services that balance security and business needs.
Your primary duties and responsibilities will include:
- Design, develop, implement, and support identity and access management solutions
- Migration and consolidation work from multiple, diverse identity stores into a simplified and centralized identity schema
- Technical development and administration in the following areas:
- Multi-factor authentication including tokens, apps, and certificates
- Federated identity management including support for single sign-on (SSO), SAML, SCIM, and OAuth
- Privileged access management (PAM) including account discovery and vaulting, least privilege, session management and recording, and endpoint privilege management
- Centralized identity and access governance supporting security and regulatory compliance
- Develop scripts to automate account management activities such as provisioning, de-provisioning, security alerts, logging, access certification onboarding, and bulk account attribute configuration
- Develop and support ongoing access certification and attestation campaigns for critical enterprise services
- Leverage functionality provided by enterprise directory services including Active Directory, Azure AD, and LDAP
- Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
- Review and analyze existing processes and suggest improvements for increased security and efficiency
- Bachelor’s degree with a concentration in computer science, technology, information security, information systems, or engineering or the equivalent combination of education, training, and experience
- 6-8 years working within Information Technology and 1-3 years specifically in Information Security
- Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
- Must have understanding of various systems technologies, architecture fundamentals, next-generation technology and very strong security understanding
- Demonstrated oral/written communications, and client-facing skills.
- Experience in deploying and maintaining controls within various public cloud environments (AWS, Azure, Google)
- Expert level experience with Active Directory, LDAP, and other authentication repositories
- Knowledge of at least 1 scripting language (Python, PowerShell, Perl, etc.)
- Experience performing internal architecture and engineering related assessments/reviews
- Understanding of various architectural frameworks and controls (CIS 20, NIST, etc.)
- Understand information security concepts, protocols, "industry best practices"
- Experience with administering various system types including Windows, Mac, and Linux
- IT service management experience with ITIL certification desirable
- Relevant security certifications (SANS/GIAC, CISSP, etc.) are highly desirable
- Practical experience in deployment and management of applied IT security technologies and tools
- Proven risk assessment and mitigation skills
- Knowledge of security regulations and compliance including PCI, SOC2, and HIPAA
- Experience with information security standards and frameworks such as Critical Security Controls, NIST Cybersecurity Framework, and ISO 27001/27002