Identity Access Management Engineer (Barings)

Who We Are – MassMutual Romania

MassMutual Romania – in partnership with MassMutual in the United States – will help shape a culture of innovation and to create the digital products and technology solutions that help people secure their future and protect the ones they love. Positioning MassMutual for its next 20 million customers and remaining innovative in a digital-first world led to the creation of MassMutual Romania in 2020. With offices in Bucharest and Cluj, MassMutual Romania was established to build an in-house team with expertise in application development and support, quality assurance and data science. For 170 years, MassMutual has put its customers at the heart of what it does by providing holistic financial solutions, guidance, and education on their terms. Its long-term strategy helps ensure that policyowners and their loved ones can rely on them to be there when they need them most. If this vision excites you, come join us and become a MassMutual Romania team member. This is a great opportunity to be part of the transformational journey at MassMutual Romania. As we continue to grow our business and look for new ways to engage with customers, technology will be one of the most important enablers to our success and you can be a part of it.

The Opportunity

Do you want to be part of a team that encourages your growth, supports your ambitions, and makes it a priority for you to reach your goals? Is helping people part of who you are? At MassMutual Romania, we help millions of people find financial freedom, offer financial protection and plan for the future. We do this by building trust with our customers by being knowledgeable problem solvers and prioritize their needs above all else. We Live Mutual. If this sounds like a fit, come join our team.

We are seeking a highly motivated Identity Access Management (IAM) Engineer to provide engineering support around design and implementation for the Identity and Authentication, DevSecOps, and Cloud Infrastructure teams.

Support Barings SSO platform to enable a secure and enhanced authentication experience for internal and external user accounts.

 Knowledge and experience with information security and authorization and authentication systems.  Experience working on Identity and Access Management software and concepts.  Understand, participate, review, and influence long term capacity planning and technology investments within the Identity and Access Management technologies.

A strong customer service mindset is key to succeeding in this role.  This will include understanding and effectively communicating Barings security policies as it relates to users with varying levels of technical knowledge. 

This position will continue to evolve and over time in Romania within the Security Governance, Data Protection and Cyber Response and Monitoring areas opportunities.

Responsibilities:

Administration of security and logical access control processes.

• Assist with the implementation and maintenance of IAM processes and their lifecycle.
• Implementation and enhancements of Cloud Privileged Identity Management and JIT\JEA workflows.
• Implementation and enhancements to the overall authorization and authentication protocols within the Barings environment.
• Work with our IAM and Infrastructure teams to manage and reduce interruptions to authentication and authorization services, resolve underlying and recurring problems, and work with our IT suppliers to get the best service for Barings.
• Review, design and implement long term strategies related to authentication and authorization to increase user experience while reducing risk across the landscape.
• Streamlining and improving user experiences.
• Implementing and maintaining technologies to ensure audit and privacy compliance.
• Implement and support Azure role-based access control (RBAC) managing administrative access to Azure resources.
• Review recommended designs from Azure Cloud application and infrastructure teams.

Knowledge and skills:

• Experience within the industry standard SSO technologies and protocols (OAuth, FIDO, SCIM, LDAP, SAML).
• Experience around Identity and Authentication solutions such as Okta, Auth0, Active Directory or Azure AD.
• Knowledge of federated identity management capabilities.
• Holistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine).
• Ability to utilize various programming or scripting languages such as JavaScript, HTML and PowerShell.
• Advanced knowledge of directory services (e.g., Microsoft Active Directory).
• Experience with deployments and integration of IAM solutions within the cloud (Azure).
• Strong working knowledge of security best practices for Microsoft Azure and other cloud technologies.
• Experience with Azure Active Directory, Conditional Access Policies, and third-party single sign-on technologies.
• Experience with Azure Landing Pages, RBAC and PowerShell scripting.
• Understanding of Azure CSP identity & identity governance (IAM & IGM) models.
• Understanding of Azure CSP asset/resource IAM models (SQL, API etc).
• Effective communication skills and motivation/willingness to learn.
• Ability to transfer best-practice platform capabilities to operationally stable & effective solutions.
• Ability to manage projects & deliverables without material support from line management.

Continuous Process Improvement

• Develop and review current working practices, policies, procedures, and standards in light of customer demand, regulatory requirements.
• Demonstrate a commitment to lifelong learning.
• Fulfil additional, relevant, tasks appropriate to the role and business demands.

Education and experience

• Bachelor’s degree in information technology or related field.
• CISSP/Security+/SANS certifications.
• Minimum five years proven information security experience or related area.

#LI-SS1