At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
EY-Cyber Security-IAM–Consulting- Risk
As part of our EY-cyber security team, you shall Engage in Identity & Access Management projects in the capacity of execution of deliverables. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GTH within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team
The opportunity
We’re looking for Security Analyst / Consultant in the Risk Consulting team to work on various Identity and Access Management projects for our customers across the globe. Also, the professional shall need to report any identified risks within engagements and share any issues and updates with senior members of the team.
In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop.
Your key responsibilities
Engage and contribute to the Identity & Access Management projects
Work effectively as a team member/lead, sharing responsibility, providing support, maintaining communication and updating stakeholders team members on progress
Assists customer organizations with planning and implementing complex architecture solutions
Execute the engagement requirements, along with review of work done by junior team members
Able to create, plan, and execute advanced IAM trainings and independently drive proof of concepts involving emerging IAM technologies
Use case design, Solution Requirements Specification and mapping business requirements to technical requirements (Traceability Matrix).
Architecture Design (optimising the resources made available – servers and load sharing etc.).
Involvement in a successful pursuit of a potential client by being part of the RFP response team.
Should be implementing IAM engagements, including requirements gathering, analysis, design, development, and end-end deployment.
Develop and maintain productive working relationships with client personnel
Build strong internal relationships within EY Consulting Services and with other services across the organization
Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
Contribute to people related initiatives including recruiting and retaining IAM professionals
Maintain an educational program to continually develop personal skills by learning various IAM tools and latest skills
Automate the manual process in the IAM domain
Understand and follow workplace policies and procedures
Building a quality culture at GTH
Manage the performance management for the direct reportees, as per the organization policies
Foster teamwork and lead by example
Training and mentoring of project resources
Participating in the organization-wide people initiatives
Skills and attributes for success
Hands-on experience on end-to-end implementation of Identity and Access Management using either of the products – Ping suite of products (PingFederate, Ping Access, PingONE), Okta, Azure AD, ForgeRock suite of products (OpenAM, OpenIDM, OpenDJ, OpenDS).
Completed at least 2-6 implementations leveraging either of the products listed above or combination of above.
Strong understanding of access management fundamentals like Authentication, Authorization, MFA, SSO, Federation, and Directory Services concepts.
Good hands-on experience on OAuth 2.0, OIDC, WS-Fed protocols.
Involved in end-to-end design and implementation of SSO architecture and designed various authentication, authorization, MFA and SSO use cases
Ping Suite:
Strong competency in PingFederate, PingAccess installation, upgrade
Designing & implementing custom authentication and authorization flows using PingFederate authentication policies
Implemented any migration projects from one IAM tool to other
Strong knowledge of PingFederate administrative configuration with understanding of federation protocols – SAML, OAuth/OpenID with PKCE
Hands-on experience on developing custom adapters, PCV, selectors etc using Java
Hands-on experience of HTML, CSS, and JavaScript
Experience in managing Certificate & Key Management
Experience on design and development of monitoring scripts, and OGNL expression
Should have knowledge of API security
Design Multi-Factor Authentication (MFA) solutions using PingID or 3rd party products
Have hands-on experience on cloud provider – Azure or AWS or GCP
Experience in scripting language – python, powershell, and bash
Knowledge of other IAM products – Azure AD, Auth0, ForgeRock, OKTA
Okta
Hands-on experience on Directory level integration with Okta for AD, LDAP, Azure AD, Oracle AD.
Good Understanding on IWA, SWA and Okta Workflows.
Hands-on experience on Okta APIs and good understanding of XML, HTML, CSS
Should be knowledge on Okta Access Gateway, Okta Advance Server Access and SCIM.
Hands-on experience on developing custom UI pages, branding and email template as per business needs.
Should be knowledge on Okta Access Gateway, Okta Advance Server Access and SCIM.
Hands-on experience on developing custom UI pages, branding and email template as per business needs
Experience and knowledge on Okta classic engine and Okta Identity engine
Experience over integration of on-prem and legacy applications with Okta
Working knowledge on multi-factor authentication, Security Rules, Policies and Provisioning.
Hands-on experience in troubleshooting the issues related with Okta and any other AM specific tools
Basic AD and LDAP Functionality authentication, authorization.
Experience in Directory Integration with Okta.
Experience in troubleshooting the access related issue reported by application team.
Azure AD
Hands-on experience on Azure Active Directory end-to-end implementation involving designing, implementation and customization
Understanding and experience in different technology of Azure Active Directory, B2E, B2B and B2C
Implementation experience in ADFS, Azure AD Connect, Azure AD Application Proxy, Conditional Access Policy, LDAP, Active Directory, Application Integrations for SSO and multi-factor authentication
Working experience in application integration with header-based, SAML2.0, OIDC, OAuth2.0, WS-Fed protocols
Experienced in managing external identities and consumers in Azure AD B2B and B2C tenants
Onboarding and offboarding applications on AAD B2B and B2C platforms
Implementing custom policy using Identity Experience Framework for AAD B2C
Experience in social login and 3rd party identity provider integration with AAD B2C
Should have experience in assisting application team to use Microsoft libraries like MSAL
Experience in integrating mobile application with AAD B2C
Experience in integrating Azure AD with API management solution
Should have knowledge on different component of Azure being used for Azure AD solution such as tenant creation, subscription, resource group.
Should have knowledge in Identity management and Privileged Identity Management concepts
Experienced in renew, update and troubleshoot certificate related issues
Should have knowledge of different integration and architecture in customer’s IAM environment such as WAF, Load Balancer, network components
Experience and exposure of using/exposing REST APIs including Azure AD graph APIs.
ForgeRock
Good understanding of Forgerock OpenAM, OpenDS and OpenIDM.
Good to have knowledge on Forgerock OpenIG.
Hands-on Core Java development and debugging experience.
Knowledge on JavaScript/Groovy Script to work on custom scripts for OpenAM.
Should be capable of dissecting large problems and designing modular, scalable solutions.
Should be familiar with application servers such as Tomcat and WebLogic.
Hands-on experience in setting up Forgerock OpenAM, OpenDS and OpenIDM environment in standalone and cluster environment.
Hands-on experience on configuring Single Sign-on with Forgerock as per the requirements.
Strong understanding of access management fundamentals like authentication and authorization.
Capability of understanding the business requirements and converting that into design.
Good knowledge of information security, standards and regulations.
Should be flexible to work on new technologies in IAM domain.
Worked in client facing role for Single Sign-On implementation with Forgerock.
Need to be thorough in Forgerock OpenAM, OpenDS and OpenIDM with hands-on experience involving configuration, implementation & customization.
Deployment of web application & basic troubleshooting of web application issues
Good to have:
Very good understanding of information security concepts with in-depth knowledge of IAM solutions and latest trends.
Should be able to understand business requirement and translate them in technical requirement and implement the same.
Understanding of latest technology such as Zero trust framework, Fine-grained authorization, Password less authentication, customer Identity and Access Management (CIAM)
Hands-on knowledge of any programming language Java or Python with good understanding of PowerShell.
Should be familiar with application servers such as Tomcat and IIS.
Ability to develop documentation such as business requirement document, high and low level design document, training and user procedures document.
Should be flexible to work on new technologies in IAM domain.
Should have had direct client experience, including working with client teams in an on-site or offshore mode.
Need to liaise with Business stakeholders and seek requirement clarification. Should be able to map business requirements to technical specifications.
Use case design, Solution Requirements Specification and mapping business requirements to technical requirements (Traceability Matrix).
Involvement in a successful pursuit of a potential client by being part of the RFP response team.
Architecture Design for overall IAM solution in customer environment (optimising the resources made available – servers and load sharing etc.).
To qualify for the role, you must have
B. Tech./ B.E. with sound technical skills
Strong command on verbal and written English language.
Experience in HTML, CSS and JavaScript.
Strong interpersonal and presentation skills.
8-10 Years’ Work Experience.
Certification:
Desirable to have certifications in security domain, such as CISSP and CISA or any IAM product specific certifications
Desirable to have product specific certifications like – Forgerock AM such as AM-100, AM-400, AM-410 or AM-421, Microsoft Azure certifications (SC-200, SC-300, AZ-500 etc), Okta certifications.
What we look for
Who has hands on experience in setting up the Identity and Access Management environment in standalone and cluster environment.
Who has hands-on Development experience on Provisioning Workflows, triggers, Rules and customizing the tool as per the requirements.
What working at EY offers
At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:
Support, coaching and feedback from some of the most engaging colleagues around
Opportunities to develop new skills and progress your career
The freedom and flexibility to handle your role in a way that’s right for you
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.