This role is primarily focused on the support, administration, and operational ownership of the Imprivata OneSign platform. The Staff Security Operations Engineer serves as the day-to-day technical lead for Imprivata OneSign, ensuring its availability, reliability, and security across the organization. Supporting identity and access management technologies - multi-factor authentication (Duo MFA and Windows Hello for Business), mobile device management, and Active Directory / Entra ID - make up the secondary scope of the role.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Imprivata OneSign Support (Primary Focus):
- Serve as the primary administrator and operational owner of the Imprivata OneSign platform.
- Lead and support the implementation, configuration, and ongoing maintenance of Imprivata OneSign.
- Provide day-to-day operational support, including monitoring platform health, troubleshooting issues, and managing escalations related to authentication, single sign-on, and access workflows.
- Configure, enforce, and troubleshoot Imprivata OneSign policies across diverse applications, endpoints, and systems.
- Act as the technical escalation point for all Imprivata OneSign incidents, working with vendors and internal teams to identify root causes and implement durable solutions.
- Maintain documentation, runbooks, and operational procedures for the Imprivata OneSign environment.
- Multi-Factor Authentication (MFA) Management (Secondary Focus):
- Administer and manage the organization’s MFA platforms, including Duo MFA and Windows Hello for Business.
- Implement and enforce MFA policies across the organization, ensuring integration with various applications and systems.
- Monitor MFA performance, troubleshoot issues, and handle escalations related to authentication failures or policy violations.
- Mobile Device Management (MDM) (Secondary Focus):
- Support the administration of the Intune platform security, Conditional Access and Compliance, and RBAC/PIM/MAA Governance.
- Work with IT teams to ensure all mobile devices comply with organizational security policies and access controls.
- Active Directory (AD) and Azure AD (Entra ID) (Secondary Focus):
- Provide support for Active Directory, managing user accounts, group policies, and organizational units.
- Assist with synchronization between on-premises AD and Azure AD using Azure AD Connect, ensuring seamless hybrid identity integration.
- Troubleshoot and resolve issues related to AD/AAD authentication and access provisioning.
- IAM Process Optimization:
- Continuously evaluate and improve IAM processes related to Imprivata OneSign, MFA, and AD to enhance security and user experience.
- Automate routine identity management tasks and workflows to increase efficiency and reduce manual errors.
- Incident Response and Troubleshooting:
- Act as the technical escalation point for identity-related incidents involving Imprivata OneSign, Duo MFA, Windows Hello for Business, and other IAM systems.
- Investigate, troubleshoot, and resolve IAM issues, working closely with other teams to identify root causes and implement solutions.
- Compliance and Reporting:
- Ensure IAM solutions meet compliance requirements such as SOX, etc.
- Generate reports for auditing purposes and provide insights into the security posture of identity systems.
- Collaboration and Documentation:
- Collaborate with security, IT, and compliance teams to define and implement identity governance frameworks.
- Develop and maintain comprehensive documentation for all IAM solutions, policies, and procedures.
- Training and Knowledge Sharing:
- Provide training to end-users and technical staff on IAM best practices, focusing on Imprivata OneSign, MFA, and other key services.
- Stay up-to-date with industry trends and emerging technologies to continuously enhance the organization’s IAM capabilities.
Professional Attributes
- Leadership: Demonstrated ability to assist in leading cross-functional teams and manage technical resources, driving projects and solutions to successful completion.
- Problem-Solving: Strong analytical and troubleshooting skills with a proactive approach to identifying and resolving issues within complex identity and directory environments.
- Analytical Skills: Ability to analyze complex IAM issues and apply logical troubleshooting techniques to resolve identity-related problems.
- Attention to Detail: High accuracy and attention to detail in managing identity policies, systems configurations, and security protocols.
- Communication: Strong communication skills to collaborate with technical and non-technical stakeholders across the organization.
- Team Player: Ability to work effectively as part of a cross-functional team, with a focus on supporting the broader IAM strategy.
- Customer Focused: Demonstrated ability to deliver excellent service to internal and external stakeholders, focusing on user experience without compromising security.
- Adaptability: Ability to quickly learn and adapt to new tools, technologies, and security practices in a dynamic IT environment.
Required:
- Imprivata OneSign (Primary):
- Hands-on experience administering and managing Imprivata OneSign or a comparable enterprise single sign-on / authentication platform.
- Ability to configure, enforce, and troubleshoot Imprivata OneSign policies across diverse applications and systems.
- Experience providing operational support, incident response, and lifecycle management for an Imprivata OneSign environment.
- Multi-Factor Authentication (MFA):
- Experience administering and managing Duo MFA and Windows Hello for Business, or similar authentication platforms.
- Ability to configure, enforce, and troubleshoot MFA policies across diverse applications and systems.
- Mobile Device Management (MDM):
- Knowledge of MS Intune platforms and their integration with IAM systems for device security and policy enforcement.
- Experience managing mobile devices in an enterprise setting, focusing on compliance and access control.
- Active Directory (AD) and Azure AD (Entra ID):
- Experience managing user accounts, group policies, and organizational units in Active Directory.
- Familiarity with hybrid identity environments using Azure AD and Azure AD Connect for synchronization between on-prem and cloud identities.
- PowerShell Scripting:
- Basic PowerShell scripting skills to automate tasks related to identity management, such as user provisioning, reporting, and troubleshooting.
- SIEM and Auditing Tools:
- Familiarity with security information and event management (SIEM) tools for monitoring identity-related logs and events.
- Experience generating audit reports for compliance purposes.
Programming and Tools
- Scripting and Programming Languages:
- PowerShell: Proficiency in using PowerShell to automate identity tasks, generate reports, and troubleshoot issues.
- Python (optional): Familiarity with Python for advanced IAM automation and integration tasks.
- IAM and Directory Tools:
- Imprivata OneSign: Expertise in configuring, administering, and maintaining Imprivata OneSign for secure single sign-on and authentication.
- Duo MFA & Windows Hello for Business: Expertise in configuring and maintaining Duo MFA and Windows Hello for Business for secure multi-factor authentication.
- Azure AD Connect: Experience with synchronization between on-prem AD and Azure AD for seamless hybrid identity management.
- MDM Platforms:
- Experience with leading MDM tools such as Microsoft Intune, ArborXR, or equivalent for mobile device management and security.
- Monitoring and Logging:
- Familiarity with SIEM platforms (e.g., Devo) for monitoring and auditing identity events and security logs.
Preferred:
- Experience:
- 6+ years of experience in IT or Information Security, with a focus on identity and access management.
- 3+ years of direct, hands-on experience administering and supporting Imprivata OneSign.
- Experience working with Duo MFA, Windows Hello for Business, Microsoft Intune, Active Directory, and Azure AD (Entra ID).
- Education:
- BA or BS in Information Technology, Computer Science, Information Security, or a related field. Equivalent hands-on experience in IAM may be considered in lieu of a degree.
- Relevant certifications such as Imprivata certifications, Microsoft Certified: Identity and Access Administrator, Certified Information Systems Security Professional (CISSP), or DUO Security Administrator are desirable.
Language
- English proficiency in both speaking and writing.
Logistics
- Primary work in a general and/or home office environment.
- Willing to be 24 x 7 on call.
- Willing to perform work functions cross time zones to support Asia coverage needs.