Security Identity Architect

Paul Hastings is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients' needs take us. As one of the world's leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.

We have an opening for a Security Identity Architect (Okta).

The Security Identity Architect will join the Information Security team and will be responsible for integrating Okta with other systems, applications, and services used within the Paul Hastings environment. As an Okta Security Identity Engineer, you will be responsible for designing, implementing, and maintaining an IAM solution using Okta's Identity Access Management platform. You will play a key role in ensuring the security, efficiency, and compliance of identity access management processes. This role requires a strong understanding of identity management principles, experience with Okta's products and services, and the ability to collaborate with cross-functional teams to achieve business objectives.

This role is responsible for supporting the overall architecture design for our Access Management and Identity Governance Administration (IGA) Solution delivering innovative and effective solutions supporting both internal and remote access.

In this capacity, the Security Identity Architect will:

1. Okta Platform: In-depth knowledge and experience with the Okta platform, including Okta Identity Cloud, Okta Workflows, Okta Adaptive Multi-Factor Authentication (MFA), and Okta API Access Management;
2. Identity and Access Management (IAM): Strong understanding of IAM concepts, including user provisioning, authentication, authorization, and federation;
3. Single Sign-On (SSO): Proficiency in implementing SSO solutions using Okta, integrating with various applications and identity providers;
4. Directory Services: Knowledge of directory services such as Active Directory (AD), LDAP, and cloud-based directories, and ability to integrate them with Okta;
5. Security and Compliance: Familiarity with security practices, protocols, and compliance standards (e.g., GDPR, HIPAA) relevant to IAM and Okta implementation;

1. Requirements Gathering: Ability to understand business and technical requirements, translate them into Okta solutions, and align them with organizational goals;
2. Solution Design: Expertise in designing scalable, secure, and high-performance Okta architectures, considering factors such as user load, geographical distribution, and integration requirements;
3. Multi-Cloud Integrations: Understanding of integrating Okta with various cloud services, such as AWS, Azure, and GCP, for identity and access management;
4. API Integrations: Proficiency in designing and implementing API integrations between Okta and other systems, applications, and identity providers;
5. Customization and Extensibility: Ability to customize and extend Okta functionality using Okta APIs, Okta Workflows, and integration tools to meet specific business requirements;

1. Okta Configuration: Hands-on experience in configuring Okta tenants, setting up user directories, managing application integrations, and defining access policies;
2. Federation and SSO: Knowledge of configuring federation and SSO using SAML, OAuth, OpenID Connect (OIDC), and other industry-standard protocols;
3. Identity Lifecycle Management: Proficiency in designing and implementing identity lifecycle management processes, including user onboarding, offboarding, and access reviews;
4. MFA Implementation: Ability to design and deploy adaptive MFA solutions using Okta to enhance authentication security, with integration for remote access solutions like GP VPN and Citrix;
5. User Provisioning and De-provisioning: Experience in automating user provisioning and de-provisioning processes through our existing IGA, including user synchronization with target systems.

In addition, the Security Identity Architect will be expected to have:

1. Strong understanding of identity management concepts, including authentication protocols (e.g., SAML, OAuth, OpenID Connect), directory services (e.g., LDAP, Active Directory), and multi-factor authentication (MFA);
2. Experience with Okta's products and services, including Okta Identity Cloud, Okta Universal Directory, Okta Single Sign-On (SSO), and Okta Adaptive Multi-Factor Authentication (MFA);
3. Understanding of integrating Okta with existing directories (e.g., Active Directory, LDAP) for user synchronization and authentication;
4. Implement MFA policies to add an extra layer of security for user authentication;
5. Configure Adaptive Authentication and define adaptive policies based on contextual factors such as location, device, and user behavior;
6. Ability to integrate Okta with cloud applications, on-premises applications, and custom-built applications for SSO;
7. Understanding of federation standards such as SAML, OAuth, and OpenID Connect for seamless authentication and SSO across applications;
8. Ability to configure and setup Okta workflows & APIs and to integrate with other systems, automate tasks, and customize functionality;
9. Detailed technical knowledge related to applications, servers, infrastructure and networking technologies;
10. Hands-on experience in identity and access management, policy assessments, application testing, etc.;
11. Strong track record of implementing Okta IGA solutions and ability to deliver results through partnering with vendors, Information Security, IT and the business departments;
12. Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management;
13. Experience with secure architecture principles, secure SDLC, security system integration and configurations, and troubleshooting.

1. 10 years of experience in information technology or IAM Engineering/Architecture;
2. BS degree in Computer Science or related field;
3. Relevant certifications such as Okta Certified Administrator (OCA) or Okta Certified Professional (OCP) are a plus;
4. Proven experience designing, implementing, and managing identity access management solutions using Okta's platform;
5. Strong communication skills with ability to articulate and translate security and IAM solution terminology in business terms;
6. Familiarity with project management methodologies;
7. Demonstrate integrity, accountability, respect and commitment to the Firm;
8. Demonstrate excellence in managing all functions of the job;
9. Apply the knowledge and skills required to perform at the highest level;
10. Demonstrate best practices in professional relationships;
11. Focus on job execution and achieving results.

Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.

Eligible employees can participate in the Firm's comprehensive benefits program, which include the following:

• Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short and Long Term Disability
• Flexible Spending Account and Health Savings Account
• Healthcare Concierge and Advocacy
• Voluntary 401k Plan and Profit Sharing
• 10 Paid Holidays per year and a generous PTO program
• Family Support including Pediatric Mental Health and Parental Support, Paid Parental Leave, Fertility Benefits, and Breast Milk Shipping
• Back-up Child Care, Elder Care, and Tutoring
• Wellness Programs (Employee Assistance Program, Mental Health, and Well-Being Events)
• Retirement Plan Consulting
• Anniversary Bonus Program
• Professional Development Programs
• Transportation Allowance and Commuter Benefits
• International Travel Insurance
• Auto/Home/Legal Insurance
• Pet Insurance
• Employee discounts
• And more

The Firm has a range of diversity initiatives including our Paul Hastings Affinity Networks (PHANs), Women's Initiative, and PH Balanced. These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive. Learn more about our Global Diversity, Inclusion and Wellness Initiatives here.

Paul Hastings LLP is an equal employment and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.