Senior Engineer IDAM & AD

Tiffany & Co. is currently seeking a Senior Engineer - Identity and Access Management to nurture the growth and expansion of our Identity & Access Management program. Senior Engineer will partner closely with various engineers and architects to build identity integrations with business applications. The candidate will engineer solutions that enable growth of the Identity Suite and provide support for its various integrations. This role will provide strong leadership and project management skills as well as problem resolution and break fix support for the IAM tools portfolio.

Responsibilities:

• Lead IAM architecture design as well as security efforts associated with the integration and implementation of IAM projects. Define an Enterprise IAM development strategy with a roadmap of key achievements and deliver consistently
• Independently lead and perform engineering for large scale Active Directory and Identity Management projects
• Plan, support, implement and craft a directory synchronization system for Microsoft Active Directory and Windows-based systems across the enterprise, including directory and identity management solutions
• Research new technology in response to enterprise-scale business requirements, systems configurations, or technology innovations.
• Plan, build, test and promote to production new IAM solutions
• Serve as an authority to the business and IT collaborators while understanding their core processes and priorities which can be improved using IAM solutions.
• Ensure that operational and incident trends and observations are considered regarding the evolution of the company's enterprise security capabilities. Provide senior management with statistics, reports, and usage trends on various processes and workflows
• Work on achieving IAM architecture compliance including: SOX, PCI, corporate data privacy requirements as well as state and federal regulations by actively participating in both internal and external audit activities.

Qualifications:

• Strong firsthand experience with IAM technologies such as Core Access Suite (formerly Courion), various Directory Services, Microsoft Forefront Identity Manager (FIM/MIM), Service-Now
• 5-7 years of experience in deploying and supporting enterprise IAM solutions including troubleshooting/debugging and technical problem analysis
• Strong understanding of Okta, AD Attributes, LDAP Queries, PowerShell Scripting to Modify AD Attributes, Group Policy Analysis, GPO Configuration & Item-Level Targeting, Workstation Configurations, Browser Configuration Settings, familiarity with other Applications that integrate with Active Directory
• Solid understanding of permissions that are granted natively to various Microsoft Built-In Groups to perform Active Directory Administrative Functions, knowledge of native permissions granted when building AD objects, knowledge of permissions granted natively to Built-In Groups via GPOs and/or Local Policies
• Oracle & IBM LDAP directories experience is a plus
• Understanding of LDAP, Active Directory as it relates to integrating applications with Directory services
• Detailed functional understanding and ability to configure Active Directory Server Roles (CAs, IIS, File/Print, DNS)
• Proven understanding of relational database environments, specifically SQL. Experience with Oracle databases is a plus
• Experience with Azure Active Directory and Azure Active Directory Connect
• Knowledge of Office 365
• Experience with Hybrid AD with Managed AD services from Microsoft
• Ability to learn and apply new skills quickly
• Ability to conduct research and provide technical recommendations for further improving the IAM toolset

Preferred:

• Prior experience with JavaScript, VBScript, PowerShell, .Net, ASP, HTML is desired
• Excellent interpersonal and communication skills
• Self- motivated and operates with attention to detail
• Strong analytical, evaluative, and problem-solving capabilities
• Experience working in a team-oriented, collaborative environment

#LI-JG1