Identity and Access Management Engineer

Job role: Identity and Access Management Engineer II

Location: Remote

need w2 consultant and must have 10+ years experience

Job Description:
Details on the primary technologies we need expertise in are the following:

• LDAP (Lightweight Directory Access Protocol), a standardized communication protocol that helps applications talk to a directory service. Responsibilities include:
• Designing and modifying the directory schema (the rules that define what attributes can exist in an entry) to accommodate new data requirements
• Configuring and monitoring replication between multiple LDAP servers to ensure High Availability, disaster recovery, and data consistency.
• Monitoring server resources (CPU, disk I/O) and ensuring the LDAP service is responding quickly. Tuning database and cache sizes for optimal performance.
• Applying OS security patches and upgrading the LDAP software/service pack versions to maintain security and incorporate new features.
• Maintaining the logical structure of the directory to reflect the organization's current reporting structure and administrative domains.
• Shibboleth SSO (Single Sign-On), which is an implementation of SAML (Security Assertion Markup Language) used for federated SSO. This is a system that acts as a secure intermediary, allowing a user authenticated at one institution to access resources (web applications) at another institution without re-entering credentials.
• Responsibilities include:
• Managing the Identity Provider (IdP) and Service Provider (SP) lifecycle within our organization and trusted federation partners.
• Installing, upgrading, and patching the Shibboleth IdP application.
• Maintaining the IdP connection to the primary user store (LDAP & Active Directory).
• Maintaining MFA flows via Duo
• Azure Entra ID - Microsoft's cloud-based Identity and Access Management (IAM) service.
• Monitoring the health and status of Microsoft Entra Connect (or cloud sync) to ensure users, groups, and password hashes are synchronizing successfully from on-premises AD to Entra ID.
• Investigating and fixing synchronization errors caused by duplicate proxy addresses, invalid characters, or conflicting attribute values
• Adjusting the scope of synchronization to include or exclude specific Organizational Units (OUs) or users/groups based on business needs.
• Monitoring and configuring automated responses to risk detections to enforce risk-based CA policies.
• Setting up and monitoring SCIM (System for Cross-domain Identity Management) connectors to automatically create, update, and deprovision users in third-party applications from Entra ID.
• Creating, managing, and auditing different types of groups and managing Dynamic Groups based on user attributes.