Share this Opportunity
Location: New york, New York
Salary/Pay Range: $135 - $145
An Authentication Engineer job is available with our client, an American multinational private equity, alternative asset management, and financial services firm based in New York City. This is a hybrid, contract role.
You will join the IAM Authentication team to engineer solutions with a strong focus on Azure AD and modern authentication protocols to build secure authentication across the enterprise.
- Architect and engineer identity and access management solutions leveraging Azure AD and modern Authentication protocols and frameworks (OAuth 2.0, OIDC and SAML) to move the strategic roadmap forward.
- Responsible for configuration, management, and support of all Azure AD functions with emphasis on security, reliability and operational excellence.
- Configure, integrate and secure applications in Azure AD with Application registrations and fine-tuning Conditional Access polices.
- Configure and manage Azure AD Connect for AD > AAD Sync with regular upgrades to the Azure AD Connect software.
- Provide escalation support for Azure AD related L2 issues, efficiently troubleshoot/prioritize Azure AD issues and maintain the culture of root cause analysis for incident management.
- Contribute to Azure AD documentation and workflows.
- Automate and develop Azure AD capabilities with Microsoft Graph API.
- Define security guidelines/standards for modern authentication and authorization security frameworks.
- Partner with teams to assist in defining the modern authentication strategy and roadmap.
- Support multi-factor authentication and manage factor enrollment flows to secure modern application architectures.
- Research, design, and advocate new AuthN technologies, standards, or methodologies that will strengthen our security posture, reduce our risk exposure and improve our overall user experience.
- Review and update authentication and authorization polices, standards and procedures to raise the maturity of the Authentication program.
- Actively participate in development and program efforts related to Identity and Access Management through hands-on collaboration and engagement.
THE SKILLS YOU NEED TO GET THE ROLE:
- In-depth knowledge of Azure Hybrid Identity, authentication methods (federation, passthrough auth, password hash sync).
- In-depth knowledge of Azure Application management, Azure AD Authentication and Authorization basics, App types, Authentication flows.
- Understanding of Azure AD device identity, device trust with Hybrid Azure AD join and how Primary Refresh Tokens work.
- Understanding of Identity governance and Identity protection - identity and access lifecycle, configuring risk policies.
- Understanding of Azure Role Based access patterns - management groups, subscriptions, resource groups.
- Understanding of Azure Reporting and monitoring - analyzing Audit, Sign-in, Azure Monitor logs.
- Fundamental understanding of Active Directory Domain Services (ADDS), Windows Server 2016/2019 Domain Controllers and related services (DNS, DHCP, Group Policy).
- Fundamental understanding of legacy (Kerberos, LDAPs) and modern Authentication protocols and frameworks (SAML, OAuth 2.0, OIDC).
- Strong understanding of SAML, OAuth/OIDC and other authentication methods.
- Strong understanding and practical experience with one or more cloud multifactor technologies.
- In-depth knowledge of JWT, understanding scope definitions and claims, differences between identity and access token.
Nice to have:
- Experience in deploying Infrastructure-as-code using Terraform, DevOps and CI/CD best practices.
- Intermediate knowledge of AWS Managed Microsoft AD.
- Knowledge of Okta Identity Engine, Passwordless solutions like Okta FastPass.