TC_CS_IAM_AM_Forgerock

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

The opportunity

We’re looking for Senior Consultant in the Technology Consulting team to work on various Identity and Access Management projects for our customers across the globe. Also, the professional shall need to report any identified risks within engagements and share any issues and updates with senior members of the team.
_x000d_ In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your key responsibilities

•    Engage and contribute to the Identity & Access Management projects 
_x000d_ •    Work effectively as a technical lead, sharing responsibility, providing support, coaching juniors in team, maintaining communication and updating stakeholders team members on progress
_x000d_ •    Assists customer organizations with planning and implementing complex architecture solutions
_x000d_ •    Execute the engagement requirements, along with review of work done by junior team members 
_x000d_ •    Able to create, plan, and execute advanced IAM trainings and independently drive proof of concepts involving emerging IAM technologies
_x000d_ •    Use case design, Solution Requirements Specification, and mapping business requirements to technical requirements (Traceability Matrix).
_x000d_ •    Architecture Design (optimising the resources made available – servers and load sharing etc.).
_x000d_ •    Involvement in a successful pursuit of a potential client by being part of the RFP response team.
_x000d_ •    Should be implementing IAM engagements, including requirements gathering, analysis, design, development, and end-end deployment.
_x000d_ •    Develop and maintain productive working relationships with client personnel
_x000d_ •    Build strong internal relationships within EY Consulting Services and with other services across the organization
_x000d_ •    Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members 
_x000d_ •    Contribute to people related initiatives including recruiting and retaining IAM professionals
_x000d_ •    Maintain an educational program to continually develop personal skills by learning various IAM tools and latest skills
_x000d_ •    Automate the manual process in the IAM domain
_x000d_ •    Understand and follow workplace policies and procedures
_x000d_ •    Building a quality culture at GTH 
_x000d_ •    Manage the performance management for the direct reportee’s, as per the organization policies
_x000d_ •    Foster teamwork and lead by example
_x000d_ •    Training and mentoring of project resources
_x000d_ •    Participating in the organization-wide people initiatives

Technical Skills

•    Hands-on experience in end-to-end implementation of Single Sign On and MFA for enterprise and customer Identity and Access Management using either of the following industry leading products – Ping suite of products (PingFederate, Ping Access, PingONE), Okta, Auth0, ISAM, ForgeRock suite of products (OpenAM, OpenIDM, OpenDJ, OpenDS and ForgeRock Identity cloud).
_x000d_ •    Completed at least 2-3 implementations leveraging either of the products listed above or combination of above.
_x000d_ •    Strong understanding of access management fundamentals like Authentication, Authorization, MFA, SSO, Federation, and Directory Services concepts.
_x000d_ •    Good hands-on experience on SAML 2.0, OAuth 2.0, OIDC, WS-Fed protocols. 
_x000d_ •    Involved in end-to-end design and implementation of SSO architecture and designed various authentication, authorization, MFA and SSO use cases
_x000d_ •    Experience in migration from one tool to another, upgradation of above technologies, application onboarding leveraging tools listed above
_x000d_ •    Understanding of agile process
_x000d_ •    Have hands-on experience on any of cloud providers – Azure or AWS or GCP
_x000d_ •    Experience in scripting language - python, powershell, and bash
_x000d_ •    Source control tool -Git or Bitbucket
_x000d_ •    Hands-on Core Java development and debugging experience.
_x000d_ •    Skilled in mapping business requirements and coordinating in developing and implementing solution in line with the business requirements.
_x000d_ •    Experienced in creating Solution Requirements Specification, Design documents like HLD and LLD and mapping business requirements to technical requirements (Traceability Matrix), use case design etc
_x000d_ •    Good knowledge of information security, standards, and regulatory compliances.
_x000d_ •    Should be flexible to work on new technologies in this domain. 
_x000d_ •    Good troubleshooting experience in past engagements.

Ping Suite:

PingFederate:
_x000d_ •    Expertise in designing and implementing highly available and scalable PingFederate architectures
_x000d_ •    Installing PingFederate on cloud providers or using installing using docker and Kubernetes
_x000d_ •    Proficiency in integrating PingFederate with external identity providers (IdPs) and service providers (SPs) using custom protocols and connectors
_x000d_ •    Ability to architect and implement complex federation scenarios involving multiple trust relationships and federation standards
_x000d_ •    Experience in developing and implementing custom authentication (adapter, PCV or selectors) and authorization plugins for PingFederate
_x000d_ •    Strong understanding of SAML (Security Assertion Markup Language) and OAuth protocols
_x000d_ •    Experience on design and development of OGNL expressions
_x000d_ •    Proficiency in configuring and managing high-performance identity bridges to integrate diverse identity systems.
_x000d_ •    Expertise in troubleshooting complex issues related to SSO, federation, and attribute mapping in PingFederate deployments.
_x000d_ •    Ability to perform performance tuning and optimization of PingFederate configurations for large-scale environments.
_x000d_ •    Familiarity with integrating PingFederate with identity governance and user lifecycle management solutions
_x000d_ •    Experience in integrating PingFederate with cloud-based applications and platforms, including SaaS and PaaS
_x000d_ •    Proficiency in scripting and automation using PingFederate APIs and command-line tools for configuration and administration
_x000d_ •    Strong understanding of planning and execution to upgrade PingFederate
_x000d_ •    Experience in managing Certificate & Key Management
_x000d_ •    Should have knowledge of API security

PingAccess:
_x000d_ •    In-depth knowledge of web access management (WAM) concepts and architectures.
_x000d_ •    Expertise in configuring and managing policy-based access control using PingAccess.
_x000d_ •    Ability to design and implement complex access control rules and policies in PingAccess
_x000d_ •    Proficiency in integrating PingAccess with external identity providers (IdPs) and directory services
_x000d_ •    Experience in implementing secure reverse proxy and API gateway functionality using PingAccess
_x000d_ •    Knowledge of advanced features in PingAccess, such as dynamic authorization, fine-grained access control, and attribute-based access control (ABAC)
_x000d_ •    Ability to troubleshoot and resolve access-related issues in PingAccess deployments
_x000d_ •    Familiarity with integrating PingAccess with web application firewalls (WAFs) and other security infrastructure components.
_x000d_ •    Experience in implementing single sign-on (SSO) and session management for web applications using PingAccess
_x000d_ •    Proficiency in configuring and managing high-availability and load-balanced PingAccess deployments.
_x000d_ •    Knowledge of scripting and automation using PingAccess APIs and command-line tools for configuration and administration.
_x000d_ •    Protected APIs in PingAccess using OAuth protocol

PingOne:
_x000d_ •    Understanding of cloud-based identity and access management (IAM) solutions.
_x000d_ •    Strong understanding of SAML (Security Assertion Markup Language) and OAuth protocols
_x000d_ •    Proficiency in configuring and managing user identities and access policies in PingOne.
_x000d_ •    Proficiency in integrating PingOne with on-premises identity sources, such as Active Directory, LDAP, or HR systems
_x000d_ •    Proficiency in configuring and managing user attribute mapping and synchronization in PingOne
_x000d_ •    Ability to configure and manage user provisioning and deprovisioning processes in PingOne.
_x000d_ •    Ability to configure and manage advanced authentication methods, such as biometric authentication or hardware tokens.
_x000d_ •    Knowledge of integrating PingOne with third-party identity providers and social login platforms
_x000d_ •    Familiarity with configuring and managing user self-registration and self-service capabilities in PingOne
_x000d_ •    Knowledge of auditing and reporting capabilities in PingOne for compliance and governance requirements.
_x000d_ •    Experience in integrating PingOne with various cloud services – PingOne Risk, PingOne Authorize, or PingOne DaVinci
_x000d_ •    Understanding of identity lifecycle management and user role-based access control in PingOne.
_x000d_ •    Proficiency in configuring and managing security settings and policies in PingOne.
_x000d_ •    Experience in troubleshooting and resolving issues related to user authentication and access in PingOne deployments

PingOne Advanced Services:
_x000d_ •    Strong understanding of PingFederate and PingOne
_x000d_ •    Experience in migrating PingFederate or PingAccess from existing solution to PingOne Advanced services
_x000d_ •    Experience in onboarding application, creating adapter, PCV, ATM, or mapping Okta
_x000d_ •    Hands-on experience on Directory level integration with Okta for AD, LDAP, Azure AD, Oracle AD.
_x000d_ •    Good Understanding on IWA, SWA and Okta Workflows.
_x000d_ •    Hands-on experience on Okta APIs and good understanding of XML, HTML, CSS
_x000d_ •    Should be knowledge on Okta Access Gateway, Okta Advance Server Access and SCIM.
_x000d_ •    Hands-on experience on developing custom UI pages, branding and email template as per business needs. 
_x000d_ •    Should be knowledge on Okta Access Gateway, Okta Advance Server Access and SCIM.
_x000d_ •    Hands-on experience on developing custom UI pages, branding and email template as per business needs
_x000d_ •    Experience and knowledge on Okta classic engine and Okta Identity engine
_x000d_ •    Experience over integration of on-prem and legacy applications with Okta
_x000d_ •    Working knowledge on multi-factor authentication, Security Rules, Policies and Provisioning.
_x000d_ •    Hands-on experience in troubleshooting the issues related with Okta and any other AM specific tools
_x000d_ •    Basic AD and LDAP Functionality authentication, authorization.
_x000d_ •    Experience in Directory Integration with Okta.
_x000d_ •    Experience in troubleshooting the access related issue reported by application team.

ForgeRock Suite:

ForgeRock Access Management or OpenAM:

•    Very good understanding of information security concepts with in-depth knowledge of IAM solutions and latest trends with ForgeRock OpenAM, OpenDS and OpenIDM.
_x000d_ •    Application Onboarding experience on ForgeRock OpenAM using protocols such as OIDC1.0, OAuth2.0 and SAML2.0.
_x000d_ •    Customization of Authentication Nodes/Modules using JavaScript & Groovy Script.
_x000d_ •    Implementation of ForgeRock OpenAM functionalities using Admin Console and Amster scripts.
_x000d_ •    Customization of Attributes and modification of LDAP files in ForgeRock OpenDS.
_x000d_ •    Automation of ForgeRock AM implementation using backend scripts, Json files & Github repository.
_x000d_ •    Experience in installation, configurations, version upgrades and migration
_x000d_ •    Hands-on experience with Authentication Trees.
_x000d_ •    Knowledge/working experience on ForgeRock Identity cloud

ForgeRock IDM or OpenIDM:
_x000d_ •    Hands-On experience with customization of ForgeRock IDM, connector development, writing scripts and building of ForgeRock workflows
_x000d_ •    Connection to authorized sources/connection through installation/configuration of connectors to destination targets 
_x000d_ •    Hands-On experience with roles & assignments in IDM
_x000d_ •    Good conceptual and working knowledge around Workflow, Approval process, Certification process, Password policies
_x000d_ •    Hands-on expertise with customization by developing custom code using Java
_x000d_ •    Basic Java, J2EE, groovy scripting, JavaScript hands on development
_x000d_ •    Concept of reconciliation, live sync, attribute mapping
_x000d_ •    Ability to Install, Troubleshoot Configure: Directory Services, Application Server, Identity Tool and connector development
_x000d_ •    Knowledge/working experience on ForgeRock Identity cloud

Auth0:
_x000d_ •    Knowledge of Auth0 dashboard along with administration knowledge e.g. configure and manage advanced security features in Auth0, including multi-factor authentication (MFA), password policies, and brute-force protection.
_x000d_ •    Experience in Universal login page and customizing the text prompts and error messages.
_x000d_ •    Hands on experience in Multi factor authentication like WebAuthn with FIDO2 Biometric, Custom Send phone message action, Push notification.
_x000d_ •    Thorough understanding of Auth0 functionalities along with knowledge of features
_x000d_ •    Designing and implementing custom user flows using rules and actions within Auth0.
_x000d_ •    Develop database scripts when using custom database in Auth0
_x000d_ •    Hands-on experience with the Auth0 management APIs and knowledge of related technologies such as JavaScript, JSON, and REST APIs.
_x000d_ •    Implementation of protocols such as SAML, OAuth, and OpenID Connect on Auth0.
_x000d_ •    Knowledge of building web applications using the Express NodeJS framework
_x000d_ •    Knowledge of JavaScript testing frameworks such as Mocha, Chai, and Jest for unit testing and integration testing of Express applications.
_x000d_ •    Experience with using tools such as Postman and Swagger for API testing and documentation.
_x000d_ •    Develop solution in user migration from external system/store to Auth0 store using bulk import or trickle migration.
_x000d_ •    Ability to view and analyse logs and metrics in the Dashboard, including user activity, authentication success rates, and error messages.
_x000d_ •    Experience with customizing the look and feel of the Auth0 login page and other UI components, including the use of custom HTML, CSS, and JavaScript.
_x000d_ •    Knowledge of Auth0 deploy CLI and webtask 
_x000d_ •    Experience with using DevOps and automation tools such as Git, Jenkins, and Ansible to automate configuration and deployment of Auth0.
_x000d_ •    Developing custom script/solution using Auth0 APIs and NodeJS.
_x000d_ •    Understanding of Adaptive MFA and its policies.
_x000d_ •    Experience in using Real-time webtask logs to check the logs for troubleshooting.

ISAM:
_x000d_ •    Hands-on experience on IBM Security Access Manager or IBM Security Verify Access end-to-end implementation involving requirement gathering, designing, implementation, customization and testing.
_x000d_ •    Completed at least 2-3 implementations on ISAM products
_x000d_ •    Understanding and experience in different technology of ISAM/ISVA, CIAM, EIAM.
_x000d_ •    Implementation experience in Web Module, Federation Module and Advance Access control module of IBAM/ISVA, LDAP/AD, Application Integrations for SSO and multi-factor authentication
_x000d_ •    Working experience in application integration with header-based, SAML2.0, OIDC, OAuth2.0, WS-Fed protocols
_x000d_ •    Onboarding and offboarding applications on ISAM/ISVA appliance
_x000d_ •    Experience in social login and 3rd party identity provider integration with ISAM/ISVA.
_x000d_ •    Implementing Federated Single Sign-On using various open standards, particularly Security Assertion Markup Language (SAML) and OpenID.
_x000d_ •    OAuth protocol.
_x000d_ •    One-time password, Risk-based access and other Multi-Factor Authentication features of ISAM.
_x000d_ •    Java development such as development of custom security token service (STS) modules for custom Extended Authentication Interface (EAI) for ISAM, etc.
_x000d_ •    Representational State Transfer (REST)interfaces. JavaScript and XSL (Extensible Stylesheet Language), Hands on experience with Automation using IBM Ansible roles skills are a plus.

Good to have:

•    Good understanding of IGA and PAM concepts and technologies like SailPoint, Saviynt, CyberArk etc covering broader IAM domain. 
_x000d_ •    Very good understanding of information security concepts with in-depth knowledge of IAM solutions and latest trends.
_x000d_ •    Knowledge and understanding of customer Identity and Access Management (CIAM) solution along with Fine-grained authorization, Password less authentication, Orchestration, Decentralized identities etc
_x000d_ •    Understanding of latest technology such as Zero trust framework
_x000d_ •    Hands-on knowledge of any programming language Java or Python with good understanding of PowerShell.
_x000d_ •    Should be familiar with application servers such as Tomcat and IIS.
_x000d_ •    Should have had direct client experience, including working with client teams in an on-site or offshore mode.
_x000d_ •    Involvement in a pre-sales activity and helped in responding to RFP’s.

To qualify for the role, you must have

•    B. Tech./ B.E. with sound technical skills 
_x000d_ •    Strong command on verbal and written English language.
_x000d_ •    Experience in HTML, CSS and JavaScript.
_x000d_ •    Experience in Core Java, Python and JavaScript/Groovy Script.
_x000d_ •    Strong communication, presentation and interpersonal skills.
_x000d_ •    4-6 years of relevant Work Experience on above technologies

Certification:
_x000d_ •    Desirable to have certifications in security domain, such as CISSP and CISA or any IAM product specific certifications
_x000d_ •    Desirable to have product professional certifications like – Ping certifications – Level 1 to 4, ForgeRock AM (AM-100, AM-400, AM-410 or AM-421) ForgeRock IDM and ForgeRock Identity cloud certifications, Okta certifications etc

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.
_x000d_ You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

•    Support, coaching and feedback from some of the most engaging colleagues around
_x000d_ •    Opportunities to develop new skills and progress your career
_x000d_ •    The freedom and flexibility to handle your role in a way that’s right for you

_x000d_  

EY | Building a better working world 

 
_x000d_ EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
_x000d_ Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
_x000d_ Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.