Our Partners thrive The H-E-B Way. As an Identity and Access Management (IAM) Engineer, you would have a...
HEART FOR PEOPLE ... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS ... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS ... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
Identity and Access Management Engineers implement and test the architecture and design patterns for identity, authentication, and authorization of H-E-B. IAM Engineers are key to the resiliency and effectiveness of the ongoing IAM program of H-E-B and are instrumental in its execution and operations. IAM Engineers will perform analysis of existing identity, authentication and authorization configurations and propose new or enhanced security improvements. IAM Engineers also provide consultative services and work with internal engineering team members and external vendors to collect requirements, design specifications, and assist with implementation of documented technical solutions to IAM scenarios.
ROLE

• Works with H-E-B teams to implement the design and build of the IAM program and its controls, testing, and effectiveness using industry best practices and standards as references.
• Works with Information System Owners and Administrators to apply implementable designs consistent with H-E-B's security policies and reference architecture that meet the business, technical and control requirements.
• Works with H-E-B engineering teams to educate and assess the understanding of the IAM program's end-to-end controls and implementations, ensuring gaps, dependencies and defects are identified and addressed.
• Works with H-E-B teams and external IAM solution vendors to measure, configure and validate solutions to support IAM and related components.
• Researches and remains up to date with emerging threats and solutions relevant to IAM and its implementations. Maintains current knowledge of industry trends and standards in information security.
• Participates in team activities and team planning in regard to improving team skills, awareness and quality of work.
• Responsible for continued personal growth in the areas of technology, business knowledge, and H-E-B policies and platforms.
• Mentors team members.
• Develops and documents standards and best practices.
• Implements, develops, and documents IAM policy as code.

REQUIRED

• Minimum of five (5) years of operations and support experience with IAM solutions in medium to large enterprises.
• Working knowledge of the identity management lifecycle, privileged access, authorization, and authentication.
• Working understanding of cryptography, encryption and related data protection concepts and technologies.
• Working knowledge of common IAM/IDM patterns, such as Zero Trust, Identity-based Network Access Control, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Adaptive/Step-Up Authentication, Passwordless, biometrics and physical authenticators.
• Working knowledge of authentication protocols such as SAML, OAuth and OIDC, and management protocols such as SCIM and X.509.
• Working knowledge of the encryption certificate lifecycle and PKI solutions, and the use of their APIs, such as Venafi, DigiCert, Entrust, Vormetric and Hashicorp.
• Experience with Microsoft Windows, Linux, AWS, Azure, or GCP Identity and Access Management.
• Working knowledge of Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting.
• Experience working with hybrid cloud infrastructures.
• Able to handle highly confidential information in a strictly professional manner.
• Demonstrate a logical and structured approach to time management and task prioritization.
• Demonstrate a high level of communication skills, verbal and written.
• Familiarity with Agile and other project management methodologies.
• Ability to work well under pressure and have great organizational and interpersonal skills.

RECOMMENDED

• A Bachelor's degree in Computer Science or Software Engineering.
• One or more professional security certifications such as CISSP, CISA, GIAC; or relevant IAM or technology certifications.
• Experience with secrets management and/or cloud native certificate stores, such as Hashicorp Vault, AWS Certificate Manager, or Azure Key Vault.
• Working knowledge of multiple IAM/IDM and PAM solutions, such as ForgeRock, Okta, Ping, Sailpoint, CyberArk or BeyondTrust.

*** Position locations open to San Antonio, Dallas, and Austin, TX areas
ISSEC3232