From Home Venafi Jobs (NOW HIRING)

Role Summary

The Senior Infrastructure Operational Analyst within the Identity Access Management (IAM) team is responsible for safeguarding digital identities throughout the organization. This role involves designing, implementing, and managing access policies, user lifecycle processes (onboarding/offboarding), and authentication systems. Leveraging deep expertise in identity management and related security disciplines, the analyst leads critical initiatives, applies comprehensive analysis to deliver innovative solutions, and establishes identity management standards across the enterprise. As an individual contributor, this position collaborates closely with cross-functional partners to influence technical direction and support the implementation of IAM solutions.

Responsibilities

• Define and manage user access roles, permissions, and entitlements in line with the principle of least privilege (Access Governance).
• Automate user provisioning, de-provisioning, and role modifications (Identity Lifecycle Management).
• Administer IAM platforms such as Entra ID, Azure AD, CyberArk, and directory services (System Administration).
• Conduct access reviews, audit logs for unauthorized access, and ensure compliance with regulatory mandates such as PCI and GDPR (Security & Compliance).
• Implement and support authentication protocols including Single Sign-On (SSO), Multi-Factor Authentication (MFA), SAML, and OAuth (Authentication Protocols).
• Provide technical support for identity-related issues and assist incident response teams (Technical Support).
• Configure, administer, operate, and support identity management technologies, integrating with networks, hardware, software, applications, and databases.
• Deliver end-to-end identity management services across all technology domains, including backup, recovery, and disaster recovery strategies.
• Support identity management technologies in complex environments, including data centers, cloud providers, hosted vendor solutions, and co-location facilities globally.

Day-to-Day Activities:

• Identify, plan, and execute identity-driven projects.
• Fulfill IAM-related service requests via ServiceNow.
• Monitor the health of IAM systems and enhance observability across supported services.
• Manage incidents and problems as they arise.
• Implement system changes, supporting modernization and mitigating vulnerabilities (often during off-hours).
• Collaborate with Enterprise Security to address and remediate findings from penetration tests and vulnerability scans.
• Automate manual processes to improve service efficiency.
• Plan and execute migrations of on-premises workloads to AWS as part of the Data Center Exit strategy.

Qualifications

Required:

• Bachelor's degree (or equivalent combination of education and relevant experience)
• 5+ years of relevant work experience.
• Comprehensive understanding of authentication protocols (SAML, Kerberos, OAuth, OpenID).
• In-depth knowledge of AWS, cloud computing, and identity management integrations.
• Expertise with F5 Access Policy Manager (APM).
• Experience with IBM Security Access Manager (iSAM) and IBM LDAP Server
• Advanced skills in managing Active Directory, Entra ID, DNS, and DHCP.
• Intermediate proficiency in Windows and Linux operating systems, including integration with Active Directory domains.
• Experience with MS Defender for environment security.
• Proficiency in scripting languages such as PowerShell and/or Python.
• Strong verbal and written communication skills.
• Proven ability to work independently and collaboratively, with project management skills.
• Exceptional attention to detail, accuracy, and timeliness.
• Self-motivated and eager to contribute in a creative, highly collaborative corporate environment.
• Ability to participate in off-hours work, including scheduled on-call rotations.

Preferred:

• Knowledge of certificate management.
• Experience with Centrify, Netbackup, Quest Active Roles, CyberArk, and Venafi.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.