Engr

Engr- IAM Sr - Technology Infra Ops & Support

Shelton, CT 06484, USA
Req #1485

Tuesday, October 8, 2024

Region: Shelton, CT USA

Ready for a fresh, new career? Look no further because one of the world‘s most iconic brands can help you get there.

Why Join Us?

At Subway, ‘better‘ is baked into our DNA. We are a brand that believes in continued improvement ... in our lives, our businesses, and our planet. From the handshake that started our very first sandwich shop to earning our position as one of the world‘s leading restaurant brands, we‘ve always embraced change and the path ahead. And today, we‘re making better living way easier.

Our purpose is about more than the food we serve in our restaurants. It‘s centered on fueling healthy businesses and healthier lives. It is one of the most exciting times to join the Subway team and contribute to our transformational journey.

About the Role:

We have an exciting opportunity to support our Technology team as a Sr. IAM Engineer based in Shelton, CT. The Sr. IAM Engineer will be responsible for the analysis, implementation, maintenance, and assist with design of all layers of IAM applications, which includes Authorization/Authentication/Accounting, Identity and Account Creation/Management/Provisioning. This role will also handle Role-based Access Control (RBAC) configuration and management, Single Sign On implementation, Process Improvement, Process Automation, IAM Break/Fix and IAM Enhancements. The IAM Engineer will work with other members of team, and manager, to ensure compliance with Franchise World HQ standards for security, privacy, and accessibility as defined by the Information Security Team. In addition, engineer will lead and direct the implementation of a new IDP tool in Subway‘s environment, OKTA.

If you feel that this is the role for you, and you are successful with your application, be ready to be Bold, Empowered, Accountable, and ready to have Fun in a fast paced and agile working environment.

Responsibilities include but are not limited to:

• 
  
• 
  

  Project Work:

  
  
  • 
    
  • This includes the setup of new configurations and baselines around IAM within the IDP. This includes conditional access policies, RBAC, new SCIM setup, new governance
    
  • Initial set up and configuration of a new IDP solution (OKTA) with an ability to perform architecture diagraming that will be used as the benchmark for future efforts. Utilize best practice frameworks and maturity models to set the future growth of the program as a whole
    
  • Manage technology projects and system activities
    
  
  

  Operations:

  
  
  • 
    
  • Aligns with Industry best practices and establishes Subway policies and procedures accordingly
    
  • Design and implement sustainable solutions to be used for authentication, authorization, user life-cycle management, role-based access control, privileged account management (PAM), audit, and monitoring.
    
  • Develop and oversee the implementation of Information Security Procedures and Policies relative to Identify
    
  • Design and implement appropriate security controls to identify vulnerabilities and risks for access to systems and applications
    
  • New SSO setup, IAM incident resolution and root cause analysis, complex onboarding/offboarding, upgrades/patching, change tickets, MFA management, group and access cleanup, audits, HR downstream changes, tool management, etc
    
  • Conduct investigations and audits of identity gaps and vulnerabilities and evaluate the implications
    
  • Collect business and functional requirements in Identity and Access Management area
    
  • Establishes IDM and Directory related standards
    
  • Reviewing service/application logs
    
  • Partner closely with Information Security
    
  • Experience with ticketing tools such as ServiceNow
    
  • Participate in team on-call rotation for production support
    
  
  

  Continuous Improvement:

  
  
  • 
    
  • This involves modernization and optimization of the IAM program as a whole to a higher-level maturity. Improving upon SCIM, further automation of workflows, introducing new industry standard functions (such as passwordless authentication), improve identity lifecycle, conditional access policies, RBAC flows, etc.
    
  • Manage and improve policies to improve our risk framework while performing vulnerability remediation to guide the improvement initiatives
    
  • Assess the quality of controls and use performance indicators to create an action plan to fill gaps
    
  
  
  

Qualifications:

• 
  
• Bachelors Degree Preferred - Computer Science, Information Technology, Information Security. Cyber Security - OR- Related Experience Preferred
  
• 8+ years experience in information security, infrastructure
  
• 5+ years experience in IAM, PAM, ZTNA and security governance
  
• 5+ years experience in PowerShell scripting
  
• 5+ years experience in Active Directory/Azure Active Directory
  
• 5+ years experience in Microsoft Exchange
  
• 3+ years experience as an OKTA Certified Administrator
  
• 3+ years experience in setting up and/or managing APIs
  
• Strong understanding of PKI, encryption, certificate management, tokenization
  
• Experience setting up/managing SCIM, RBAC, SSO, MFA to the IDP
  
• Experience in Azure Active Directory and Active Directory, OKTA or similar IDPs required (Saviynt, etc.)
  
• Database and API data parsing with Powershell experience
  
• Experience with cloud computing services such as AWS and Azure for the purpose of SCIM and managing access a plus
  
• Querying languages such as SQL against tools such as Splunk or Dynatrace. Rapid7 desirable
  
• GPO creation best practices
  
• Authentication Server Software
  
• Experience with risk management data and analysis
  
• Strong problem-solving and communication skills
  

What do we Offer?

• 
  
• Insurance Plans (Medical/Life)
  
• Pension/401K/RSP (country specific)
  
• Competitive Bonus
  
• Mobility Allowance
  
• Tuition Reimbursement
  
• Company Holidays
  
• Employee Resource Groups
  
• Volunteering time
  
• And Many More.....
  

The Company is only considering applicants who are currently authorized to work in the country the position is based. AA/EOE/M/F/D/V

Actual pay is determined based on a number of job-related factors including skills, education, training, credentials, qualifications, scope and complexity of role responsibilities, geographic location, performance, and working conditions.

Other details

• 
  
  
• 
  Job Family
  Security Engineering
  
• 
  Pay Type
  Salary
  

Apply Now

initStaticMap(true);

{‘@context‘:‘‘,‘@type‘:‘JobPosting‘,‘title‘:‘Engr- IAM Sr - Technology Infra Ops & Support‘,‘datePosted‘:‘2024-10-08T00:00:00‘,‘validThrough‘:null,‘description‘:‘Region: Shelton, CT USA nReady for a fresh, new career? Look no further because one of the world‘s most iconic brands can help you get there. nWhy Join Us? nAt Subway, ‘better‘ is baked into our DNA.We are a brand that believes in continued improvement ... in our lives, our businesses, and our planet. From thehandshakethat started our very first sandwich shop to earning our position as one of the world‘s leading restaurant brands, we‘ve always embraced change and the path ahead. And today, we‘re making better living way easier. nOur purpose is about more than the food we serve in our restaurants. It‘s centered onfueling healthy businesses and healthier lives. It is one of the most exciting times to join the Subway team and contribute to our transformational journey. nAbout the Role: nWe have an exciting opportunity to support our Technology team as a Sr. IAM Engineerbased in Shelton, CT. TheSr. IAM Engineer will be responsible for the analysis, implementation, maintenance, and assist with design of all layers of IAM applications, which includes Authorization/Authentication/Accounting, Identity and Account Creation/Management/Provisioning. This role will also handle Role-based Access Control (RBAC) configuration and management, Single Sign On implementation, Process Improvement, Process Automation, IAM Break/Fix and IAM Enhancements. The IAM Engineer will work with other members of team, and manager, to ensure compliance with Franchise World HQ standards for security, privacy, and accessibility as defined by the Information Security Team. In addition, engineer will lead and direct the implementation of a new IDP tool in Subway‘s environment, OKTA. nIf you feel that this is the role for you, and you are successful with your application, be ready to be Bold, Empowered, Accountable, and ready to have Fun in a fast paced and agile working environment. n nResponsibilities include but are not limited to: n n nProject Work: n nThis includes the setup of new configurations and baselines around IAM within the IDP. This includes conditional access policies, RBAC, new SCIM setup, new governance nInitial set up and configuration of a new IDP solution (OKTA) with an ability to perform architecture diagraming that will be used as the benchmark for future efforts. Utilize best practice frameworks and maturity models to set the future growth of the program as a whole nManage technology projects and system activities n nOperations: n nAligns with Industry best practices and establishes Subway policies and procedures accordingly nDesign and implement sustainable solutions to be used for authentication, authorization, user life-cycle management, role-based access control, privileged account management (PAM), audit, and monitoring. nDevelop and oversee the implementation of Information Security Procedures and Policies relative to Identify nDesign and implement appropriate security controls to identify vulnerabilities and risks for access to systems and applications nNew SSO setup, IAM incident resolution and root cause analysis, complex onboarding/offboarding, upgrades/patching, change tickets, MFA management, group and access cleanup, audits, HR downstream changes, tool management, etc nConduct investigations and audits of identity gaps and vulnerabilities and evaluate the implications nCollect business and functional requirements in Identity and Access Management area nEstablishes IDM and Directory related standards nReviewing service/application logs nPartner closely with Information Security nExperience with ticketing tools such as ServiceNow nParticipate in team on-call rotation for production support n nContinuous Improvement: n nThis involves modernization and optimization of the IAM program as a whole to a higher-level maturity. Improving upon SCIM, further automation of workflows, introducing new industry standard functions (such as passwordless authentication), improve identity lifecycle, conditional access policies, RBAC flows, etc. nManage and improve policies to improve our risk framework while performing vulnerability remediation to guide the improvement initiatives nAssess the quality of controls and use performance indicators to create an action plan to fill gaps n n n n nQualifications: n nBachelors Degree Preferred - Computer Science, Information Technology, Information Security. Cyber Security - OR- Related Experience Preferred n8+ years experience in information security, infrastructure n5+ years experience in IAM, PAM, ZTNA and security governance n5+ years experience in PowerShell scripting n5+ years experience in Active Directory/Azure Active Directory n5+ years experience in Microsoft Exchange n3+ years experience as an OKTA Certified Administrator n3+ years experience in setting up and/or managing APIs nStrong understanding of PKI, encryption, certificate management, tokenization nExperience setting up/managing SCIM, RBAC, SSO, MFA to the IDP nExperience in Azure Active Directory and Active Directory, OKTA or similar IDPs required (Saviynt, etc.) nDatabase and API data parsing with Powershell experience nExperience with cloud computing services such as AWS and Azure for the purpose of SCIM and managing access a plus nQuerying languages such as SQL against tools such as Splunk or Dynatrace. Rapid7 desirable nGPO creation best practices nAuthentication Server Software nExperience with risk management data and analysis nStrong problem-solving and communication skills n n nWhat do we Offer? n n nInsurance Plans (Medical/Life) nPension/401K/RSP (country specific) nCompetitive Bonus nMobility Allowance nTuition Reimbursement nCompany Holidays nEmployee Resource Groups nVolunteering time nAnd Many More..... n n nThe Company is only considering applicants who are currently authorized to work in the country the position is based. AA/EOE/M/F/D/V n nActual pay is determined based on a number of job-related factors including skills, education, training, credentials, qualifications, scope and complexity of role responsibilities, geographic location, performance, and working conditions.‘,‘employmentType‘:‘FULL_TIME‘,‘hiringOrganization‘:{‘@type‘:‘Organization‘,‘name‘:‘The Subway HR Team‘,‘logo‘:‘CandidatePortal/en-US/subway/Go?item=fd3c1609-f477-4eea-b78f-2bddd9d70643‘},‘jobLocation‘:[{‘@type‘:‘Place‘,‘address‘:{‘@type‘:‘PostalAddress‘,‘streetAddress‘:‘‘,‘addressLocality‘:‘Shelton‘,‘addressRegion‘:‘Connecticut‘,‘postalCode‘:‘06484‘,‘addressCountry‘:‘US‘}}],‘jobLocationType‘:null,‘baseSalary‘:{‘@type‘:‘MonetaryAmount‘,‘value‘:{‘@type‘:‘QuantitativeValue‘,‘value‘:null,‘minValue‘:null,‘maxValue‘:null,‘unitText‘:‘YEAR‘}}}

• 
  
• Shelton, CT 06484, USA
  

Share this job:

---