local to NY/NJ
C2C
KEY RESPONSIBILITIES
**Application Onboarding & Integration**
* Partner with application owners to onboard and certify applications within the IGA platform (e.g., SailPoint, Saviynt, or Oracle).
* Define and enforce access models, entitlements, and approval workflows for new and existing applications.
* Establish least-privilege and segregation-of-duties (SoD) controls within IGA.
**Identity Security Posture & Technical Debt Reduction**
* Identify and remediate identity risks such as orphaned accounts, excessive entitlements, and privileged access sprawl.
* Contribute to ongoing cleanup initiatives for AD, Entra ID, and connected systems to align with modern identity hygiene standards.
* Support implementation of risk-based access policies and automated lifecycle management processes.
**Authentication Modernization**
* Support the adoption of phishing-resistant authentication methods, including FIDO2 security keys and passwordless sign-ins.
* Collaborate with MFA and SSO platform teams to migrate legacy authentication flows to modern protocols (e.g., WebAuthn, OIDC, SAML).
* Evaluate user experience, security impact, and deployment readiness across diverse user populations (corporate, frontline, OT).
**Federation & Access Management**
* Configure and manage federated SSO integrations via Entra ID and other IdPs.
* Apply conditional access and adaptive authentication policies based on user risk, device health, and context.
* Coordinate with PAM teams to align privileged session management with federated access controls.
**Cross-Domain Collaboration**
* Partner with security architecture, IAM engineering, and compliance teams to ensure IGA controls meet enterprise and regulatory standards.
* Document and report on metrics related to access certifications, compliance posture, and identity lifecycle performance.
* Provide operational support for IGA platform maintenance, upgrades, and new integrations.
QUALIFICATIONS
* Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
* 3–5 years of hands-on experience in Identity Governance & Administration (IGA).
* Strong knowledge of Active Directory, Entra ID, and federated authentication protocols (SAML, OIDC, OAuth2).
* Familiarity with one or more of the following platforms:
IGA: SailPoint, Saviynt, Oracle IDCS
PAM: BeyondTrust, CyberArk, ManageEngine PAM360
MFA/SSO: Microsoft Entra ID, Duo, Okta, Ping Identity
Working knowledge of Zero Trust, FIDO2, passwordless, and phishing-resistant MFA concepts.
Experience applying IGA controls for diverse user types (corporate, frontline, OT).
Strong analytical, documentation, and communication skills; ability to collaborate across technical and business teams.
::
Additional Skills and Information: Experience with identity lifecycle automation and role-based access control (RBAC) modeling.
Understanding of privilege escalation risks, identity threat detection, and compliance frameworks (NIST 800-63B, CIS, TSA, etc.).
Scripting knowledge (PowerShell, Python, or SQL) for data analysis or automation.
Familiarity with cloud identity models (Azure, AWS, GCP).
