Senior Security Engineer - Identity Access Management

Position: Senior Security Engineer - Identity Access Management

Overview: The Identity Security Engineer will be a key member of the Ecolab Information Security team, responsible for managing identity directory services, user access provisioning and de-provisioning, implementing and maintaining IAM technology and related infrastructure, Application Development Life Cycle (SDLC) security, auditing, identifying, and handling exceptions.

Minimum Qualifications:

Bachelor’s degree in computer science, information technology, or related discipline.

6-8 years of experience working in Identity and Access Management (IAM) solutions.

Key Responsibilities:

• Support & Maintenance of IAM Infrastructure:
• Security & Auditing:
• Collaboration & Communication:
• Oversee the implementation and ongoing maintenance of Identity and Access Management (IAM) technologies and related infrastructure like EntraID, AD (Active Directory), PAM (Privileged Account Management).
• Ensure compliance with SDLC security requirements and related best practices.
• Conduct regular audits and manage exceptions within IAM processes.
• Collaborate with technical staff, business teams, and senior management.
• Effectively communicate complex concepts to both technical and non-technical stakeholders.
• Proficient in working in a fast-paced, complex, dynamic, multicultural business environment

Key Technical Skills And Experience:

Must Have

• Active Directory (AD):
• Privileged Access Management (PAM):
• Group Policy Objects (GPOs):
• Cloud and Security:
• Public Key Infrastructure (PKI):
• Microsoft Entra Connect
• Responsible for setting up, configuring, and managing AD, as well as handling domain controllers and replication between AD sites to ensure high availability.
• Responsible for designing, implementing, and maintaining robust PAM solutions to protect privileged accounts within our environment.
• Knowledge of Windows server systems.
• Knowledge of Linux-based systems.
• Knowledge of SQL Server from an account perspective.
• Knowledge of managing GPOs to enforce security settings, user configurations, and system policies across the organization.
• Basic knowledge of the Administration and management of Entra ID. This includes user provisioning, access control, and integration with cloud applications, as well as managing authentication, authorization, and security within Microsoft's cloud-based services.
• Such as:
• Single Sign-On (SSO) technologies: SAML, OAuth2, OIDC
• Cloud only / federated/synced accounts
• Managing internal and external certificates, particularly those from Entrust and ADCS Systems. Our responsibilities include issuing, renewing, and revoking digital certificates, as well as authentication and signing.
• Basic knowledge of the tools and processes of Entra Connect in a managed environment

Nice To Have:

• Data & Automation:
• Service Desk & Incident Management:
• Proficient in PowerShell scripting or Python (automation)
• Ability to understand and write RegEx
• Ability to execute queries using SQL and Elastic Kibana
• ServiceNow knowledge, particularly around ticket management.

Certifications:

• Industry-specific certifications in Azure, including one or more of the following Microsoft exams:
• SC-300 / AZ-104 / AZ-500 / Password safe admin