Senior Identity Management Engineer - Siteminder - (16004550)
Primary Location
: United States-Texas-Houston
Flexible Work Location Acceptable: No
:
Shift
: Day
Travel
: Yes, 10 % of the Time
Equal Opportunity Employer: Minority/Female/Disability/Veteran
Waste Management, Inc. is the leading provider of comprehensive waste and environmental services in North America. The company serves nearly 20 million municipal, commercial, industrial, and residential customers through a network of 367 collection operations, 355 transfer stations, 273 active landfill disposal sites, 16 waste-to-energy plants, 134 recycling plants, and 111 beneficial-use landfill gas projects.
To enable our business to expand our lead in a market increasingly enhanced by technology, Waste Management, Inc. is undertaking a substantial technology transformation. We are seeking an energetic Senior Security Analyst experienced with Identity Management and Single Sign-on technologies.
I. Job Summary
The Senior Security Analyst will provide expert evaluation of information security issues and make actionable recommendations for authentication infrastructure through policy, practices, risk management, engineering, and improving business operations.
In this role, you will:
- Provide Subject Matter Expertise for the design and support of the Single Sign-on implementation
- Contribute to the design and implementation of the overall Identity Management program
- Provide consultation to business and technology partners on security requirements and recommended authentication integration patterns
- Establish work flows and processes to effectively and efficiently manage the identity lifecycle for employees, contractors, business partners, and consumers
- Maintain the health and operational effectiveness of security systems and tools
- Provide mentorship and coaching to less-experienced members of the information security team
II. Duties and Responsibilities include the following. To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.
Fully support the deployment of Single Sign-on technology throughout the enterprise from systems design through operational turnover
- Consult with various application areas to integrate authentication processes with the enterprise standards
- Develop technologies, processes, workflows, and practices required for full identity lifecycle management (provisioning, de-provisioning, recertification, audit) across multiple platforms and applications
- Ensure full integration of technologies with enterprise processes (change management, incident management, problem management, monitoring, etc.)
- Serve as a Subject Matter Expert for CA Siteminder, RSA SecurID
- Support other identity management technologies such as SailPoint Identity IQ and Microsoft AD
- Define security requirements, establish baselines and measure compliance, based on applicable laws, regulations, and accepted practices
- Consult and collaborate with enterprise leadership and technical staff to develop the corporate information security strategy and architecture
- Respond to and recover from technical and process failures for identity management systems
- Increase corporate awareness of information security through training and communication
- Communicates technical and risk assessment results, evaluates engineering and integration initiatives and provides advanced technical support to assess security practices, standards and guidelines.
- Reviews and recommends the installation, modification or replacement of hardware or software components.
- Identifies and addresses any configuration change(s) that impact enterprise risk profile.
- Position may require on-call coverage for evenings, weekends, and holidays.
III. Supervisory Responsibilities May coach and mentor less-experienced analysts and act as team leader on projects.
IV. Qualifications
A. Education and Experience
Required: Bachelor's Degree in Computer Science, MIS, Business Administration or similar area of study. Five years of previous experience required. An additional four years of related experience may substitute for the Bachelor's degree.
Preferred: Masters Degree and seven years of experience in network, host, data and/or application security in multiple operating system environments.
B. Certificates, Licenses, Registrations or Other Requirements
Required: One of the following or will obtain one within the next 12 months: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM).
Preferred: Other professional certifications desired include: CWSP, GIAC.
Other vendor certifications desired include: CCNA, CCNP, CCSP, MSCE
C. Other Knowledge, Skills or Abilities Required
Advanced knowledge or skills in one or more of the following is required:
- Broad IT infrastructure knowledge across server platforms, networking, and application infrastructure
- Scripting and/or programming experience
- Knowledge of threat and vulnerability and/or risk management processes and technology.
- Broad security product knowledge
- Analytical and Problem Solving skills
- Strong project management skills; working knowledge of group infrastructure
- Experience in leading/motivating large, diverse workforce; must be able to build camaraderie/trust
D. Other Knowledge, Skills or Abilities that Contribute to Success
May require advanced skills or experience in one or more of the following:
- Fortune 500 experience.
- Technical skills across a broad range of computing platforms and network protocols.
- Experience in several of the following technologies: Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority and encryption.
- Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN/WAN planning and implementation.
- Familiarity with common security models and regulations such as ISO 2700X, SOX, HIPAA, GLBA, NERC, and PCI.
- Ability to support both internal and external audits.
- Experience in the areas of change control, problem management, incident management troubleshooting of security solutions.
- Ability to multi-task and work on multiple projects at one time.
- Ability to communicate both written and verbally.
V. Work Environment and Essential Functions
Listed below are key points regarding environmental demands and work environment of the job.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. [Note: the following is defaulted for office setting position]
- Required to use motor coordination with finger dexterity (such as keyboarding, machine operation, etc) most of the work day;
- Required to exert physical effort in handling objects less than 30 pounds rarely;
- Required to be exposed to physical occupational risks (such as cuts, burns, exposure to toxic chemicals, etc) rarely;
- Required to be exposed to physical environment which involves dirt, odors, noise, weather extremes or similar elements rarely;
- Normal setting for this job is: office setting.