Customer Identity and Access Management (CIAM) Okta Engineer
Cloud Security Services is seeking a security Customer Identity and Access Management (CIAM) Okta Engineer with background in global, complex, and diverse CIAM environments to design, develop, and deploy CIAM solutions focused on Identity Governance and Administration workflows. This is a 4-month remote project opportunity.
Key Responsibilities
Work as part of Client’s External Identity and Access Management team to implement Okta and Okta Identity Governance for applicable use cases across business lines
Develop Okta Workflows and LCM (Lifecycle Management) flows to provision and maintain users in Okta and downstream applications.
Interface with proprietary APIs to create and modify accounts in downstream applications. Where possible, abstract proprietary API's and create a simple interface that Okta can consume.
Install and experiment with Okta connectors such as "Anything as a Source" and SCIM Connector
Enable and use Okta Governance APIs (part of the new Okta Identity Governance tool). Configure access requests and certification campaigns.
Work effectively with IGA product owners, architects, and engineers. Document all decisions and gain consensus across the team.
Ensure that all implementations will function properly at customer scale (100,000 to millions of users). Highlight any issue/concerns and be prepared to raise concerns to vendor.
Required Skills
Senior and experienced Okta developer (4-7 years) in creating Okta capabilities from the customers design pattern diagrams.
5 years’ experience working in information security space in an engineering capacity.
3-5 years hands on experience with Okta Platform
Experience with integrating Okta into API gateways.
Experience with Okta Identity Governance (OIG)
Good understanding of CIAM
Intimately familiar with IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID and OAuth
Good understanding of MFA, PAM, and Risk Based Authentification
Deep technical understanding of IAM solutions across multiple vendors such as Okta
Experience with NIST SP800-63 Digital Authentication Standard
Experience creating custom authorization servers, defining scopes and claims, and creating policies and rules to secure APIs
Experience using Okta REST APIs and knowing how to pass the correct API parameters in requests.
Experience assigning and unassigning apps to users using Okta Users and Groups APIs
Knowledge of how to validate an authenticated user's session
Understanding of the design principles of Okta APIs, including how to use pagination and how to filter query parameters on attributes
Knowledge of how to identify and work with Okta API rate limits
Knowledge of where to find the most current documentation and resources on Okta APIs
Experience using Okta APIs to query logs and events
Experience creating, updating, and deleting users, groups, and apps using Okta APIs
Knowledge of when to use Okta REST APIs, Sign-in Widgets, and SDKs
Understanding of the various Okta supported OIDC and OAuth flows, and knowledge of when to use them
Understanding the differences between and Org authorization server and a custom authorization server in the context of OIDC and OAuth
Understanding of how Okta policy and the rules associated with that police affect API calls and responses
Knowledge of how to create sessions in Okta using Okta APIs and SDKs
Knowledge of how to configure trusted origins (CORS, Redirect), and understanding of the effects of the configuration of trusted origin when redirecting users
Excellent analytical skills
Collaborative team worker - both in person and virtually using MS Teams or similar
Excellent documtentation skills; demonstrated proficiency in Microsoft Office including Word, Excel, and Powerpoint
Ability to work as liaison between business and information security/information technology
Flexibility to accomodate working across different time zones
Excellent interpersonal communication skills with strong spoken and written English
Business outcome mindset
Solid balance of strategic thinking with detail orientation
Self-starter, ability to take initiative
Project management and organizationals skills with attention to detail
Required Education
Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience.
Preferred Education
Cybersecurity certifications such as CISSP, CISM, etc.