Cloud Security And IAM Engineer TCS
- TCS
- Office Location
- Full Time
Industry Type - IT - Software
Category: Devops
Experience: 5 - 10 years required
Pay:
Salary Information not included
Type: Full Time
Location: Chennai
Skills: Microsoft Azure, PaaS (Platform as a Service)
About TCS
Tata Consultancy Services is an Indian multinational information technology services and consulting company headquartered in Mumbai, Maharashtra, India with its largest campus located in Chennai, Tamil Nadu, India. As of February 2021, TCS is the largest IT services company in the world by market capitalisation.
Job Description
1. Role: Cloud Security / IAM Engineer
2. Required Technical Skill Set: (Broad Skills mentioned here not all of them are required)
- Experience with Azure AD, Azure MFA & SSPR, PIM, Identity Federation, Application Authentication with on-prem AD, ADFS and Azure AD with SSO, Azure AD connect, Microsoft Identity Manager, Windows Active Directory, Implement & manage Hybrid identity and Conditional Access Policy.
- AZURE Security Certifications such as AZ500, SC-300, AZ-104, AZ-305
3. Desired Experience Range: 5+ years
4. Language Requirement: Must have: English,
Desired Competencies (Technical/Behavioral Competency)
Must-Have
- Minimum 5 years of experience with planning and implementing IAM capabilities, including: Identity Governance & Administration, Access Management & Federation, Directory Services, Key Management, Azure MFA & SSPR, Conditional Access, SSO.
- Strong experience in implementing Azure Cloud Security (IaaS, PaaS Components) Azure AD, MFA, SSPR, Password less Authentication, PIM, Identity Protection, Identity sync-services, ADDS, Azure Security center, Sentinel, Policy management etc.
- Exposure to Azure Governance (Shared Responsibility Model, Cloud Security, Role Based Access Control, Built-in Roles, Resource Locks, Azure Blueprints)
- Implementation & Support experience of Windows Active directory (on-prem) and ADFS
- Implementation and Support experience of Application authentication and SSO with ADFS.
- Hands on experience on AD connect setup/Sync configuration (transformation/filtering etc), Microsoft Identity manager sync configuration
- Working experience in implementing the following IAM (Azure AD based) security controls/services
- Configuring Azure Active Directory.
- Creating new SAML setup in Azure Non-Prod and Prod environments.
- Configure Azure AD SSO using Modern auth protocols-SAML, OAUTH, OIDC
- Mapping an AD Groups to roles in Azure AD.
- Modifying the manifest files with updated roles as per the Client request.
- Providing conditional access – policies to new Applications.
- Experience in troubleshooting various issues related to application integrated with Azure.
- Troubleshooting ADFS SAML issues.
- Solid understanding of authentication protocols like SAML, OAuth, OIDC, LDAP, NTLM and Kerberos.
- Deploy, support, troubleshoot and monitor Test and Production environments.
- Ability to use sound judgment, decision-making skills effectively performs in a self-directed environment and enriched with the ability to learn new concepts & technology within a short span of time.
- Possess excellent communication and interpersonal traits with talent for problem solving through reasoned thought processes also proven skills in identifying, analyzing, and resolving defects in current process, documenting, tracking & communicating.
- Exposure in communicating with internal/ client-side stakeholders to determine specific requirements and expectations, managing client expectations as an indicator of quality.
- Interacting with client and presenting demos of the developed new functionalities with new approach.
Responsibility of / Expectations from the Role
- Work closely with product and platform teams to engineer and implement the following IAM (Microsoft Technology based) security controls/services
- Azure Active Directory.
- Active Directory Federation Services
- Azure MFA & SSPR
- Azure AD Connect
- PIM, Identity Protection
- On-prem Active directory installation/configuration
- Conditional access policy
- Configure and manage authentication protocols like SAML, OAuth, OIDC, LDAP, NTLM, Kerberos etc
- Application integration with Azure AD.
- Troubleshoot connectivity and sync issues with Azure AD Connect,
- Improve data quality by transformation/filtering mechanism in AD Connect.
- Implement MFA & SSPR, Migration of authentication from ADFS/MIM based to cloud authentication (AAD).
- Troubleshoot Application authentication issues post migration and support users.
- Interact with local IT contacts/applications owners to collect required technical information, educate them about the change, guide them though the implementation steps
- Cloud Security IAM engineer will fundamentally change the way Pearson access management is established for Azure environments
- Stay current on security industry trends