Customer Identity and Access Management (CIAM) Okta Engineer

Cloud Security Services is seeking a security Customer Identity and Access Management (CIAM) Okta  Engineer with background in global, complex, and diverse CIAM environments to design, develop, and deploy CIAM solutions focused on Identity Governance and Administration workflows. This is a 4-month remote project opportunity.
Key Responsibilities

Work as part of Client’s External Identity and Access Management team to implement Okta and Okta Identity Governance for applicable use cases across business lines

Develop Okta Workflows and LCM (Lifecycle Management) flows to provision and maintain users in Okta and downstream applications.

Interface with proprietary APIs to create and modify accounts in downstream applications. Where possible, abstract proprietary API's and create a simple interface that Okta can consume.

Install and experiment with Okta connectors such as "Anything as a Source" and SCIM Connector

Enable and use Okta Governance APIs (part of the new Okta Identity Governance tool). Configure access requests and certification campaigns.

Work effectively with IGA product owners, architects, and engineers. Document all decisions and gain consensus across the team.

Ensure that all implementations will function properly at customer scale (100,000 to millions of users). Highlight any issue/concerns and be prepared to raise concerns to vendor.

Required Skills

Senior and experienced Okta developer (4-7 years) in creating Okta capabilities from the customers design pattern diagrams.

5 years’ experience working in information security space in an engineering capacity.

3-5 years hands on experience with Okta Platform

Experience with integrating Okta into API gateways.

Experience with Okta Identity Governance (OIG)

Good understanding of CIAM

Intimately familiar with IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID and OAuth

Good understanding of MFA, PAM, and Risk Based Authentification

Deep technical understanding of IAM solutions across multiple vendors such as Okta

Experience with NIST SP800-63 Digital Authentication Standard

Experience creating custom authorization servers, defining scopes and claims, and creating policies and rules to secure APIs

Experience using Okta REST APIs and knowing how to pass the correct API parameters in requests.

Experience assigning and unassigning apps to users using Okta Users and Groups APIs

Knowledge of how to validate an authenticated user's session

Understanding of the design principles of Okta APIs, including how to use pagination and how to filter query parameters on attributes

Knowledge of how to identify and work with Okta API rate limits

Knowledge of where to find the most current documentation and resources on Okta APIs

Experience using Okta APIs to query logs and events

Experience creating, updating, and deleting users, groups, and apps using Okta APIs

Knowledge  of when to use Okta REST APIs, Sign-in Widgets, and SDKs

Understanding of the various Okta supported OIDC and OAuth flows, and knowledge of when to use them

Understanding the differences between and Org authorization server and a custom authorization server in the context of OIDC and OAuth

Understanding of how Okta policy and the rules associated with that police affect API calls and responses

Knowledge of how to create sessions in Okta using Okta APIs and SDKs

Knowledge of how to configure trusted origins (CORS, Redirect), and understanding of the effects of the configuration of trusted origin when redirecting users

Excellent analytical skills

Collaborative team worker - both in person and virtually using MS Teams or similar

Excellent documtentation skills; demonstrated proficiency in Microsoft Office including Word, Excel, and Powerpoint

Ability to work as liaison between business and information security/information technology

Flexibility to accomodate working across different time zones

Excellent interpersonal communication skills with strong spoken and written English

Business outcome mindset

Solid balance of strategic thinking with detail orientation

Self-starter, ability to take initiative

Project management and organizationals skills with attention to detail

Required Education

Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience.

Preferred Education

Cybersecurity certifications such as CISSP, CISM, etc.