Sr Info Security Engineer
HERE
CZ
před 2 dny

What's the role?

You as our Sr Security Engineer in IAM are a highly experienced technical professional who functions as a leader within a technical team at HERE.

You will both design and implement facets of the team’s strategic plans, employing Agile-DevSecOps engineering practices to deploy continuous improvements, and help HERE leaders fill in details about strategic plans to put HERE on a path to meet future challenges as they arise.

A successful Lead Security Engineer performs independently, takes initiative to lead new efforts within the team, and coaches inexperienced members of the team in the performance of related tasks.

About the Team

You will join HERE’s Trust Foundation Identity and Access Management (IAM) team who are transforming HERE’s identity, authentication, and authorization capabilities.

We are maturing Single Sign-on (SSO) and multifactor authentication (MFA) capabilities with step-up and step-down decision automation.

We are maturing a privileged access management program and looking for creative ways to reduce the need for interactive access to production systems.

As HERE expands its industry-leading advantage in Location Services, we simultaneously present an ever-brighter target for those who would abuse our capabilities and resources.

Join a highly agile team at the nexus of HERE’s defenses and help keep the Internet a safe place to live and work. Teams with a diversity of brains, backgrounds, and personalities build more resilient solutions, so we prefer diverse teams at HERE, and strongly encourage non-traditional candidates to apply.

PRIMARY RESPONSIBILITIES

Apply agile development practices to rapidly deliver incremental improvements to IAM platforms

  • Triage and correct client problems with SAML configuration, browser authentication sessions, and access lifecycle automation failures
  • Reduce access friction in high-security, low-risk environments, and creatively add friction to mitigate high-risk access conditions
  • Advise others in authentication / authorization better practices, patterns, and service optimizations
  • The role can be done in Czech Republic and Poland both from our offices or Home Office

    Who are you?

    To be succesfull in the role you have

  • multiple years of experience managing access to computer systems in a medium-to-large enterprise
  • deep understanding of SAML web-based authentication / authorization
  • demonstrable experience tracing and troubleshooting malfunctioning SAML authentication sessions
  • direct experience troubleshooting and correcting processes for user lifecycle management : onboarding new employees, managing inter-department transfers, removing access upon termination
  • the ability to communicate effectively, both verbally and in writing, with people of varying technical ability
  • demonstrated ability to define and execute a repeatable technical process and teach it to junior members
  • Preferred Qualities (one or more of these would accelerate performance)

  • Fluency with Okta’s expression language for custom SAML endpoint definition
  • Experience configuring OIDC and OAuth 2.0 AuthN / AuthZ
  • Knowledge of common techniques, tactics and procedures to defeat IAM controls
  • Experience building automation workflows using Okta Access Lifecycle Management platform
  • Functional knowledge of Cloud access management frameworks, especially AWS IAM
  • Experience with access management patterns in container orchestration environments, especially Kubernetes
  • Cultivated sensitivity that helps improve collaboration with internationally distributed, multi-cultural teams
  • HERE is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, age, gender identity, sexual orientation, marital status, parental status, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.

    Nahlásit tuto nabídku
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Požádat
    Můj e-mail
    Kliknutím na "Pokračovat", souhlasíte s tím, že neuvoo sbírá a zpracovává vaše osobní údaje, které jste poskytli v tomto formuláři, aby vytvořili neuvoo účet a přihlásili vás k odběru emailových upozornění v souladu s naší Ochranou Osobních Údajů . Váš souhlas můžete vzít kdekoliv zpět, následováním těchto kroků .
    Pokračovat
    Žádost