Identity and Access Management Engineer
Description -
Identity & Access Management is an important security and infrastructure operations component of HP Inc. Team members of HP IAM work across the organization to deliver solutions that help the business by automating processes, performing data analysis, and representing good security practices.
The successful candidate will be responsible for creating and supporting federations with the PingFederate solution. Candidate will work with senior staff in supporting, troubleshooting, and sustaining the existing PingFederate Product suite. Candidate will work with HP Cybersecurity to ensure solutions meet security and compliance requirements. Candidates must be familiar with Identity and Access Management solutions, methodologies, and best practices. Candidates should have knowledge of code development, OGNL expression building, and automation solutions. Candidates must be ready and open to working in a collaborative environment, as they are expected to work closely with team members. Candidate must possess relationship-building skills to form close working relationships with business and application teams.
Primary Responsibilities:
- Maintain and support the PingFederate Product suite along with the senior staff.
- Work with HP Application teams to help troubleshoot SSO issues and bring solutions to cross-system issues.
- Attend meetings with application teams to help define SSO onboarding requirements for applications and then assist in implementing federations to meet those requirements.
- Ensure all current solutions and new developments are implemented securely and compliantly that meets HP Cybersecurity Policies.
- Extend knowledge across identity platforms to help support the larger HP IAM Team.
- Work with HP IT leadership to sustain identity and access management as a value-add service.
- Support HP IAM and application teams 24/7 during on-call duties.
Required Qualifications:
- A four-year computer science or related technical degree.
- 8+ years of experience in creating PingFederate connections(SAML/OAuth, OIDC/OpenToken/ReferenceID).
- Experience in configuring PingFederate Adapters(IdP & SP), Selectors, Datastores, PCVs, Certificates, etc.
- Experience in reading, creating, and modifying OGNL, composite adapters, authentication policies, and policy fragments in PingFederate.
- Knowledge of authentication and authorization protocols such as Kerberos, SAML, OAuth/OIDC, WS-Fed/WS-Trust, RADIUS, SCIM, etc.
- Experience in PingFederate Infrastructure Upgrades
- Knowledge of PingOne Gateways(LDAP & RADIUS)
- 3+ years of experience with PingID MFA.
- Knowledge of PingOne DaVinci and PingOne Risk Management.
- Experience in cross-application integration using PingFederate and PingID APIs.
- Experience in HTML and CSS coding.
- Experience with common web access management domain-related skills(e.g., understanding the concepts of cookies, sessions, header/cookie variables, HTTP traffic flow/analysis, etc.)
- Experience using ELK Stack/Splunk or other log collection/analysis tools to design and deploy dashboards, aggregated queries, and alerts.
- Contribute to the development of IAM Automation processes for support of daily operations and the gathering of metric and reporting information.
- Understanding of DNS, TCP/IP protocols, clustering, load balancing, and firewalls.
- Server Administration (Unix/RHEL/Windows) Experience.
- Knowledge of Amazon Web Services(AWS).
- Experience in writing technical and non-technical documentation.
- Ability to work on complex technical solutions and environments.
- Ability to troubleshoot, resolve and find the root cause of issues promptly, even under pressure.
- Ability to communicate effectively, manage multiple tasks, and follow through on commitments.
- Ability to accept constructive criticism and debate opposing viewpoints to arrive at the best solution for the platform.
- Demonstrate self-motivation, decisiveness, and a positive teamwork attitude.
- Willingness to learn new technologies and concepts.
Preferred Qualifications:
- Experience in writing shell scripts or Python scripts.
- Knowledge of PingAccess & other PingIdentity Product Suite.
- Knowledge of using Postman to run APIs
- Knowledge of modern authentication standards such as WebAuthn & FIDO2.
- Knowledge of Passwordless Authentication and Zero Trust.
- Knowledge of Active Directory, LDAP, and Azure AD.
- Knowledge of Java/J2EE and familiarity with WebServices(SOAP/REST APIs, JSON, WSDL)
- Knowledge of CICD and DevOps tools like Jenkins, Terraform, Kubernetes, Docker, and Github.
- Knowledge of PKI, MSP, PAM, and IGA solutions.
Job -
Information Technology
Schedule -
Full time
Shift -
No shift premium (India)
Travel -
Relocation -
Equal Opportunity Employer (EEO) -
HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).
Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.
If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement