Identity and Access Management (IAM) Engineer

Job Description
The Opportunity
The Enterprise Technology Experience organization seeks an experienced and detail-oriented Identity and Access Engineer who can assist with designing and developing the Identity and Access Management environment (IAM). This is an opportunity for you to work in a fast paced, innovative, and collaborative environment on exciting technology directives, directly impacting the way security is integrated into daily business processes. Ideally, you will have a deep understanding of identity lifecycle management, directory services, authentication protocols, and modern IAM platforms.
The Team
This role is a part of the IAM Engineering Team, which is a strategic arm of our Security Platform Engineering organization, and is crucial for maintaining strong security, compliance to security controls, and assisting with operatonal efficiency. This group is responsible for building and maintaining the core identity platforms for MassMutual, as well as designing and deploying strategic solutions that will enable access controls to be embedded into strategic business processes.
The Impact
As an IAM Engineer, you will be responsible for leading project delivery work, partnering with enterprise and solution architects to design and deploy secure solutions, assisting IAM operational support teams as needed for troubleshooting. You will partner with vendors to solve strategic challenges that align with enterprise roadmaps and will have an opportunity to utilize your experience and expertise to improve existing processes, patterns, and infrastructure.
This position can be located in our Springfield, MA, Boston, MA, or NYC office.
The Minimum Qualifications

• 8+ years experience in the following areas
  • web infrastructure and web infrastructure design concepts
  • working with Federation services and Certificate management
  • working with protocols such as SAML and OIDC
  • working with Linux and Windows operating systems
  • supporting Directory Services (such as Ping, AD, Okta, Entra, etc.)
  • with documentation and demonstrated ability in operational hand off
  • working on Security and Operation Incident objectives
  • in audit remediation and mitigations
  • supporting complex environments
  • designing, implementing, deploying, and maintaining IGA solutions such as SailPoint, Saviynt, Okta
  • with Identity Lifecycle Management, Access Reviews, Intelligence (Analytics), Roles and Rules management, and Segregation of Duties
• Must be authorized to work in the United States without sponsorship both now and in the future

The Ideal Qualifications

• Bachelor of Science in Computer Science or Information Management
• 7-10 years of experience in a complex web infrastructure environment
• Understanding of web security concepts and security in-depth
• Ability to collaborate across lines of business to consult and guide projects as needed
• Ability to grasp large scale, enterprise class deployments
• Software system integration
• Troubleshooting and triage of complex production issues, with technical support to operations and supporting teams
• Understanding of the Atlassian productivity suite (JIRA, Confluence, Bitbucket, etc)
• Excellent Organizational Skills
• Excellent written and verbal communication skills. Will be communicating technical information to non-technical end users
• Experience maintaining various web proxies using Security Access Manager
• Ability to look at the big picture and recommend designs based on industry best practice
• Deep understanding SSO solutions using Okta, SAM Federations and Auth0 technologies Experience integrating third party applications with on-prem/AWS deployed solutions
• Experience with many of the following: Akamai, NGINX, AWS, F5, IHS/Apache, Python, NodeJS, netmon/wireshark, Auth0, Okta, LDAP, Active Directory, IBM ISAM, F5
• Understanding of MFA including RSA adaptive authentication and SecureID
• Identity tokenization and underlying standards (SAML, OAuth, Kerberos, etc)
• Familiarity with IAM concepts like privileged access, zero trust, and access governance
• Familiarity with PKI
• Familiarity with security frameworks and regulations (e.g., NIST, GDPR, HIPAA) that impact identity and access management
• Comfortable challenging status quo
• Ability to support and maintain various LDAP repositories using Security Directory Server and associated utilities
• Ability to think critically under pressure and deliver on time
• Ability to work independently with minimal supervision

#LI-SC1
MassMutual is an equal employment opportunity employer. We welcome all persons to apply.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Salary Range: $134,400.00-$176,400.00