Sr. Security Engineer, Identity & Access Management (Remote - US)
DISQO is changing the way that the world’s largest brands, agencies and consumer intelligence companies get to know their consumers. We’ve built the first identity-based platform that combines consumer attitudes and behaviors together to power the most accurate and predictive insights solutions for our customers, and we do all of that with the willing participation of our consumers and without using outdated technologies like third-party cookies. We help our customers get a cross-platform view into consumer sentiment, measure advertising effectiveness, analyze consumer purchase journeys, and ultimately grow their brands.
Our mission at DISQO is to engage people to share their opinions and behaviors openly to help our customers make the right decisions. With over one million active members sharing their attitudes and behaviors, DISQO is looking to expand, improve and create world-class applications for people to openly share their data for research.
Check out the DISQO Developer Blog for the latest from our DISQOTECH team.
In this role, you will have the opportunity to design, implement and manage our global identity, access and secrets management architecture. Using your knowledge and experience in security engineering, authentication, authorization, cryptography, and application security you will create roadmaps and enhance the existing identity ecosystem for secure integration, utilization, and maintenance. You’ll collaborate with colleagues, stakeholders and external team members supporting architecture assessment, vulnerability assessment, and security operations. In addition, research, testing and advising of new technology security requirements and future capabilities will be pursued to drive objectives, strategies and measurements of the Identity, access and secrets management ecosystem.
What you will do:
- Work with technical and business leaders to document current identity access, secrets management, endpoint (MDM) security requirements and architecture, research best practices, conduct trend analysis, and identify gaps in developing future-state IAM designs and specs.
- Work with product teams to provide guidance and best practices for authN, authZ and secrets management for web applications, infrastructure, SaaS, and APIs.
- Develop technical standards and provide subject matter expert-level advisory services regarding accepted best practices for IAM and secrets management.
- Provide security architecture and consulting services for business units and IT organizations.
- Develop identity, access and secrets management controls for both on-premises and cloud including privilege access management (PAM), multi-factor auth (MFA), encryption key and certificate management.
- Maintain and update IAM policies and standards on a yearly basis
- Identify opportunities to integrate and automate tools and systems to create efficiencies and achieve scale.
- Design and deliver policies, standards and best practices for SSH key management, Certificate management, PKI, privileged identity management Collaborate with governance, risk and external stakeholders to ensure secret standards and auto-rotation of keys/credentials are implemented and operating effectively.
- Mentor and assist engineers and share/implement best practices.
- Develop training and awareness materials to facilitate knowledge sharing across the company.
- Develop RBAC & ABAC standards and review users and roles for adherence to the principle of least privilege, drive user access recertification process
- Review and approve access requests
- Provide coverage and periodic on-call support for the IAM services.
What you bring to the table:
- A team player who brings innovative security knowledge, communication skills.
- Leverages critical thinking, experimentation, data, and best practices to achieve desired business outcomes.
- Experience communicating with technical and non-technical stakeholders across multiple business units
- Excellent written and verbal communication skills.5+ years of Information security engineering experience
- 2+ years experience in cloud security
- 3+ years hands on design engineering and deployment experience using IAM technology systems
- 2+ hands on experience with AWS cloud services including Kubernetes, IAM, KMS, Cognito, Secrets manager, Certificate manager, HSM
- Demonstrable knowledge of current technologies in authentication, federation, and identity management space, such as TLS, U2F/UAF/FIDO2,, JWT, Kerberos, SSO, SAML, MFA, X.509, SSH keys, API keys, PKI, WS-Federation, SOAP,WS-Security, WS-Trust, LDAP, ADFS, Open-ID, and OAuth
- Knowledge of modern enterprise identity architectures such as ZTNA, SASE, and passwordless architecturesExperience in designing, assessing or implementing security controls, or reviewing security posture of the identity ecosystem.
- Experience with common automation tools such as Gitlab CI/CD, Terraform.
- Experience with threat molding techniques such as STRIDEExpert knowledge of encryption key lifecycle management, SSH keys, KMS, PKI and certificates
- Deep knowledge with services and tools related to identity and secrets management such as, Okta, Gsuite, 1Password, HashiCorp Vault
- Familiarity with privacy regulations and security frameworks such as; GDPR, CCPA, NIST 800-53, NIST CSF, OWASP top 10
- Knowledge of Blockchain technology
- Knowledge of endpoint security designs (Device AuthN, VPN, MDM, Yubikey and integrated endpoint security solutions with IAM tools)
- Security certification such as; Security+, CEH, CISA, CISSP, AWS Security Specialty or other similar professional designations is preferred.
- Experience with proof of concepts (POC), feature exploration and incorporation of the assessed in the existing identity ecosystem.
- Experience with monitoring/logging IAM services, including applications and systems, and resolve or escalation issues as and when required.
- Ability to write and review Python, knowledge of Go is a plus
- A foundational belief that security succeeds to the extent that it empowers -- that your mission instead saying “no, you cannot” is to say “yes, here is how”
#LI-Remote #LI-SG1
Perks & Benefits:
·100% covered Medical/Dental/Vision for employee, 80% for dependents
·Equity
·Generous PTO policy
·Flexible work hours
·Quarterly Offsites
·401K
·Life Insurance
·FSA
·Paid Maternity/Paternity leave
·Disability Insurance
·Travel Assistance Program
·24/7 Counseling Services offered to employees
DISQO is an equal opportunity employer. Discovery, innovation, and growth are possible when we open ourselves to new possibilities, perspectives, and approaches. That’s why, at DISQO, we welcome, support, and empower individuals from diverse backgrounds. Exceptional teams are rooted in extraordinary people, each with a unique story and a compelling set of skills. DISQO does not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
*Recruiting firms that submit resumes to DISQO without first entering into a written contract will not be entitled to any compensation on candidates referred by that firm.