Staples Consultant Security Engineer in Broomfield, Colorado


We are looking for an Identity and Access Management professional to help migrate from our current CA SSO/IDM implementations for at and at to a cloud-based IDaaS solution, and work on various new ongoing development/enhancements and application onboarding projects. Reporting to the Senior Manager – IAM Security Engineering, this individual will help ensure that we drive the right IAM solution for Staples’ applications in the ecommerce space.

Position Description:

· Design, implementation and administration of new cloud-based and existing on-premises SSO and Federation capabilities

· Design, implementation and administration of new cloud-based and existing on-premises Identity management, password, and user-lifecycle capabilities

· Design, implementation and administration of new cloud-based and existing on-premises LDAP Directory and Virtual Directory capabilities

· Develop and configure cloud-based integration methodologies and practices for complex use cases with extensive customization

· Provide SSO/Federation/IDM/LDAP SME (subject matter expert) level support to operations teams for both development and production environment. This will include occasional after-hours for escalated production issues.

· Design and develop provisioning and de-provisioning processes / workflows for accounts across various internal and external systems

· Develop and expose web services using either SOAP or RESTful APIs for backend integrations.

· Configure and use Splunk dashboards and reporting capabilities for forensic analysis and SIEM integration.

· Manage existing IAM infrastructure and provide Level 2/3 support.

· Work with help desk and other teams to troubleshoot and resolve/fix issues and bugs.

· Work with Security and Compliance teams to provide auditing and reporting facilities and processes.

· Work with Operations team to deploy and integrate new technologies into current environments.

· Work with Enterprise Architecture and Business teams to identify new areas where IAM can be utilized and enhance IAM capabilities to address new business needs.


Minimum Requirements:

· Requires a Bachelor's degree (or foreign equivalent) in Computer Science, Computer Applications, or a directly related field plus five (5) years of experience establishing and implementing Identity Management functionalities. Experience must include:

o Five (5) years of demonstrated experience with the administration, installation, and troubleshooting in an enterprise IAM environment

o Five (5) years of LDAP experience, including experience in LDAP schema

o Two (2) years of experience with object-oriented programming concepts and languages including Java and J2EE

o Three (3) years of Linux scripting experience

o Three (3) years of experience integrating legacy systems with IAM

Preferred Qualifications :

· High level of expertise in multiple system environments. In depth knowledge of more specific platforms and the technology to support them.

· Hands-on experience in 5 or more of the following: CA IdentityMinder, ForgeRock Identity Manager, Sun Identity Manager (Oracle Waveset 8.x) or similar tools (Oracle IDM, IBM TIM, SailPoint) and/or CA SiteMinder or similar solutions (Sun openSSO, ForgeRock OpenAM, Oracle Access Manager, IBM TAM). LDAP, SAML 2.0, Federation technologies, Kerberos, Active Directory, Exchange, J2EE, JAVA, JMS, JCA, XML, SOAP, OAUTH, JWT, Oracle DB and WebSphere technology stack

· Hands-on experience with at least one Directory Server/LDAP technology such as ODSEE, OpenDJ, IBM TDS, OpenLDAP, OID, CA Directory Server, OUD, OpenDS.

· Scripting and programming skills, shell/Perl, interfacing to LDAP using APIs.

· Experienced in deploying SSO integration with Identity Management products for password management utilities, and SaaS/Federated integrations

· Experience in Developing and Implementing Access Request forms/workflows and provisioning / de-provisioning of user access. Customization of product functionality to meet business requirements. CA IdentityMinder, ForgeRock Identity Manager preferred.

· Knowledge of web technologies like WebSphere, JBoss, Tomcat, IHS, IIS. Strong skills in J2EE and JaaS

· Experience with Oracle, SQL Server and/or other relational database

· Experience managing complex directory service environments on a global scale. Ability to work with globally distributed and cross-functional teams.

· Unix/Linux experience on physical or virtual systems

· Experience working in PCI/SOX controlled environments

· Use of ITIL methodologies for path-to-production

· Ability to troubleshoot and resolve issues quickly, identifying the best option in an emergency situation

· Project leadership ability including mapping out technical and business dependencies, milestones and timelines. QA/test experience is a plus.

· Ability to work with geographically disparate teams and interact with technical and business personnel across the global enterprise

· Demonstrated experience with all phases of the system development lifecycle at an enterprise level