The Cyber security delivery team that owns the managed security services for this client, has an opening for an MFA & SSO Engineer specialized in MFA : RSA,2FA/ MFA & Microsoft MFA, SSO: Ping Federate, CA SiteMinder, Passport & Optimum
Technical Skills:
· Experience with Enterprise SSO solutions like Ping, Azure and SiteMinder
· Familiarity with ADFS, Kerberos, NTLM, OAuth, SAML, and other authentication methods
· Strong hands-on Java/JEE experience
· Familiarity with SNOW workflows
· Experience with web application servers (Tomcat, WebSphere, WebLogic, JBOSS, etc.)
· Knowledge of enterprise directories (LDAP, Active Directory SQL)
· Knowledge of enterprise systems (Workday, ServiceNow)
· Experience with the following web technologies (XML, SPML/SOAP, Web Services, etc.)is a plus
· Experience on RSA MFA
· Manage user access on AD/Windows
· Good to have hands-on experience to integrate with Risk-Based Authentication methods
· Familiarity with ADFS, Kerberos, NTLM, OAuth, SAML, and other authentication methods
· Operational experience in Active Directory & Authentication processes
· Perform advanced provisioning functionalities on Authentication services like RADIUS and RSA
· Knowledge of Audit support
· Knowledge of UNIX
· Troubleshoot and resolve authentication, authorization and integration problems
· Good understanding of various regulatory-related practices (SOX, HIPAA, GDPR, FDA, PCI, etc.) preferred
Process Skills:
· Daily check the health status of all the RSA components and backup process in Production
· Maintaining an exception list database for users who can import tokens on desktop. Verifying and approving ARP requests for desktop tokens based on the exception list
· Upload licenses and token files to the RSA console
· Upload new HDAP, SSP and AMIS certificates in prime servers when old certificates got expired.
· Managing all RSA servers certificate inventory.
· Apply approved patches and new software versions in a lower life cycle and assist the Quality Assurance team in regression tests
· Participate with THD Engineer in applying approved patches and new SW versions in production
· Handle and manage the token expiration campaign and token renewals
· Formulate mail communication specific to the token profile used by the user and send the initial mail through IT Technology communication as part of the token expiration campaign
· Open tickets with RSA and work with RSA directly to resolve issues providing all the requested information and logging
· Check and disable if RSA tokens are installed on unauthorized desktops.
· Manage the ITSM user and system tickets related to RSA Level 1 / 2 scope
· Manage RSA Token Administrator mailbox for requests pertaining to RSA system issues
· Create and implement change requests for the Production Support changes assigned to VENDOR
· Manage hard token inventory
· Remove tokens from user profiles that have been unused for more than 90 days
· Clean up disk space as per threshold s in Production and non-Production servers in scope
· Remove the expiring and expired tokens from the system in the lower life cycle and Production
· Participate in the integration of new applications with RSA in Lower life cycle and Production
· Remove duplicate/inactive tokens from user profiles that use up the licenses
· Troubleshoot user issues
· Support the Engineering team in creating and maintaining dashboard and ing configurations in the THD SIEM solution
· Review dashboards and s in order to detect anomalies and/or issues
· Create and maintain RSA SecurID guides and contribute to the creation of the MFA section of the Cybersecurity service catalogue.
· Ensure that the RSA SecurID section in the Workbench portal is always up-to-date and accurate
· Support THD Help Desk L1 in improving Knowledgebase articles and inform them about new features or changes in the existing process.
· Update and maintain the RSA SecurID Operation Guide
· Prepare weekly and monthly reports
· Participate with THD Engineer to design, develop and test new features, processes and technologies related to MFA