IAM Authentication Engineer

Posted:
12/6/2024, 4:28:34 AM

Location(s):
Colorado, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Remote

If you are currently employed at Smithfield, please log into Workday and submit your application through the Jobs Hub.

A great job-and a great future-awaits you at Smithfield Foods. We are an American food company with a leading position in packaged meats and fresh pork products. We’re looking for motivated people who want to join our team and grow lasting and meaningful careers with us. Apply Now!

Your Opportunity

Our team members receive industry-competitive salaries and are eligible for great benefits packages:   

  • Competitive Pay  

  • Annual Bonus Earning Potential 

  • Comprehensive Health Insurance, Retirement Benefits and More 

  • Education benefit available to full and part time Smithfield team members on their first day of employment. 

In addition, we offer opportunities for career growth, professional development, and tuition assistance. 

The position summary states the general nature and purpose of the job.  Overall accountabilities are defined in this section.

The IAM Authentication (AuthN) Engineer performs as a highly motivated and experienced Authentication Engineer to support various programs and strategic initiatives within the company. This position will lead the effort to architect and implement modern authentication protocols and platforms for securing networks, IT assets, applications, cloud, and third-party services. 

Success in this role requires the ability to collaborate at multiple levels of the cybersecurity team, the ability to weigh risk against the impact to business operations, and proven technical cybersecurity and access management experience for a rapidly growing organization. 

Core Responsibilities

  • Serves as a key advisor to the Sr Director of Identity and Access Management (IAM) and regularly meets with the IAM Team to review and advise on best practices in directory, authentication, federation and single sign-on (SSO) requirements and work programs.

  • Works closely with application teams in implementing MFA, Federation and SSO solutions.

  • Works closely with business units, partners, IT infrastructure and application teams to gather and implement directory and authentication requirements to secure access to IT assets, applications, cloud services and third-party services.

  • Administers directory and authentication solutions, including but not limited to Active Directory (AD), Azure Active Directory (AAD), Okta, and Centrify.

  • Uses a threat-based, intelligence-led approach and collaboration inside and outside the security team to continuously assess existing capabilities and identify future requirements for directory and authentication services.

  • Collaborates with other cybersecurity engineers and analysts in the IT and OT organizations to manage security threats and response capabilities.

  • Coordinates with Human Resources (HR) in onboarding and offboarding workforce activities and establishing authoritative sources for identities.

  • Manages multiple AD domains and forests and engages with other Infrastructure groups as necessary to support the AD environment.

  • Develops, reviews, and maintains a backlog of strategic and tactical AD initiatives to reduce risk, increase usability and operational effectiveness.

  • Writes and reviews Active Directory policies, standards, and processes across the company to support business, strategic, security and regulatory needs.

  • Creates and enforces password and authentication policies.

  • Leads and provides guidance on authentication projects. Project management includes prioritization of activities, defining objectives, milestones, writing project status reports and ensuring overall successful on-time implementation and deployment.

  • Maintains technical expertise, relevant industry standards and best practices as assigned in authentication technologies such as:

    • Active Directory and Azure Active Directory, LDAP, Okta, Kerberos, RADIUS

    • Federation, SSO

    • SAML, OAuth, OIDC, PKI

    • REST, SOAP, SCIM

    • Multi-factor authentication (MFA), Frictionless authentication, Conditional/Adaptive authentication

    • Password vaulting and PAM

  • Participates in a rotating emergency on-call as well as respond to Critical Incident Response Team activations.

  • Manages vendor relationships.

  • Ensures that historic risks are managed, understood, and used in future decisions and maintain flexibility in team to adapt to evolving risk landscapes.

  • Responsible to meet KPIs and KRIs and adapt to changes in the authentication landscape.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. May perform other duties as assigned.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals to perform the essential functions

  • Bachelor’s degree from an accredited four-year college or university in IT, Cybersecurity, Computer Science or related field and 5+ years’ relevant experience; or equivalent combination of education and experience, required.

  • CISSP, CISM or equivalent security certification preferred.

  • 5+ years of Active Directory management and security preferred.

  • Deep understanding and experience in implementing MFA, Federation and SSO with Okta.

  • Experience in using PowerShell and Unix Shell Scripting

  • Experience with "defense-in-depth" and “defense-in-breadth” principles and technology.

  • Understanding of frameworks such as NIST CSF, NIST SP 800-53, ISO 27001.

  • Experience working in a multinational company with complex integrated environments in Information Technology (IT).

  • Experience in Operations Technology (OT) desired.

  • Broad and deep knowledge of business, technology/IT and cybersecurity technologies and approaches.

  • Ability to leverage industry best practices and previous experiences while remaining creative and innovative.

  • Proven ability to work effectively as both a self-driven, autonomous remote individual contributor and on a diverse team of engineers.

  • Advanced documentation, organization, prioritization, and analytical skills.

  • Ability to handle proprietary and sensitive information in a confidential manner.

  • Proven ability to execute multiple tasks efficiently and effectively using tools and/or processes.

  • Ability to be respectful, approachable and team oriented while building positive working relationships in matrixed environments.

Additional Desired Skills

  • Experience in MS Azure/AWS security and protection technologies.

  • Familiarity with Windows and Linux internals.

  • Experience with PKI, Certificate Management and VPN.

  • Familiarity with OWASP TOP 10 vulnerabilities, SANS 25, MITRE and CWEs.

  • Familiarity with relational databases and SQL.

Work Environment & Physical Demands

  • Occasionally required to work in wet or humid conditions (non-weather); work near moving mechanical parts; fumes or airborne particles.

  • Noise level in the work environment is usually moderate.

  • Although most of the work will be performed in an office environment, must be able to visit and work in a plant, warehouse, distribution center or other manufacturing facility.

EEO/AA Information

Smithfield is an equal opportunity employer committed to workplace diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, protected veterans status, status as a disabled individual or any other protected group status or non-job characteristic as directed by law.

If you are an individual with a disability and would like to request a reasonable accommodation for any part of the employment selection process, please call us at 757-357-1595.