Identity and Access Engineer - NFI Industries

As an Identity and Access Engineer, you'll drive critical information security initiatives focused on identity, access, and associated flows. In this position you’ll secure NFI's resources while providing a great user experience to internal and external users.

As an IAM engineer you’ll work with architects and leadership to ensure NFI’s identity mesh and the IAM infrastructure is robust, versatile, and highly available.

• Using identity-first security principles you'll ensure proper access is granted from the time of account creation, through lifecycle events, and through removal at termination.
• In this role you'll collaborate with other Information Security professionals and members of other departments to secure assets while granting permissions as needed.
• You'll integrate applications into NFI's IAM system for single sign on (SSO) and user provisioning
• You'll lead projects related to directory services
• You'll automate repeatable IAM flows and processes using a no-code/low-code platform
• Handle incoming service requests escalated from the ServiceDesk
• Collaborate with the rest of the IAM team to ensure efforts are aligned to the long-term roadmap and inline with NFI's policies and business requirements

• Extensive previous experience with Okta: Lifecycle Management, Okta Workflows, Single Sign On, Multi-Factor Authentication

• High degree of understanding of Identity and Access Management principles and processes (e.g. Least Privilege, Building Role-based Access Control matrices, etc.) as well as the ability to execute these effectively in a complex environment

• Strong understanding of technologies and methods across IT systems and information security tools as it applies to identity management and access control

• Experience with Identity and Access Management related compliance controls and frameworks (e.g. NIST 800-63)

• Strong verbal and written communication skills

• Experience communicating and presenting with confidence and clarity to different audiences, adjusting language and jargon appropriately

• Experience writing documentation (technical, policies, procedures, etc.) to be consumed by a wide range of audiences (technical, leadership, end users, customers, auditors, etc.) with high quality

• Ability to articulate complex application architecture, configuration, and operation to others in both technical and non-technical terms

• Must be able to work well with others and promote a highly collaborative work environment

• Must conduct oneself with the utmost integrity and practice a high degree of ethical judgment

• Strong understanding of risk management concepts and terminology

• Experience with methodologies designed to drive continuous improvement efforts

• Experience in management of security projects and complicated security issues

• Self-motivated and able to work independently with little oversight to complete tasks and deliverables on time

• Must be able to multi-task and juggle multiple priorities while ensuring successful completion of all objectives in a timely fashion

• Ability to demonstrate troubleshooting skills, analytical thinking, and the ability to work with a wide range of technologies relating to mature Identity and Access Management

• Active in the cybersecurity industry, equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies, and technologies

• BA/BS degree strongly preferred, will consider comparable work experience

• 4-6 years of relevant experience is preferred.

• Rarely makes the same mistake twice; learns from failure.

• Begins to focus on attaining expertise in one or more areas of their role.

• Learns quickly and makes steady progress without the need for constant significant feedback from more senior team members.

Minimum Requirements

• 4 years of experience managing Identity and Access systems such as Okta, Entra, Ping Identity, SailPoint

• Knowledge of identity standards such as SAML, OIDC, Oauth, SCIM, etc.

• 2 years of experience with no-code/low-code platforms such as Workato, Zapier, Okta Workflows

• 2 years of experience with Active Directory (on-prem) and Entra (Azure AD)

• Okta Professional Certificatio

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

LA County Applicants: The Company will consider qualified applicants, including those with criminal histories, in a manner consistent with applicable state and local laws.