Mastek is delivering a major project that requires an additional Identity and Access Management Solution (IDAM) Architect to join the team.
Experience and skills
- Architecture of identity and access management solutions for large enterprises
- Able to capture and prioritise customer requirements
- Design of IDAM solution components, such as identity integration, provisioning, workflow
- Working with one of more Identity Management platforms (e.g. NetIQ, Forgerock, Oracle IDM/IAM, Sailpoint, etc.)
- IDAM in the context of security policies and controls
- High quality documentation of designs
- Able to guide a development team to build solution according to the design
- Customer-centric attitude to capturing, refining and meeting requirements
Areas of architecture and design experience (the candidate should have some not necessarily all of the following):
- Identity lifecycle processes and workflows
- Identity integration by mapping/transforming from source systems via database or flat file connectors
- Directory configuration and tools (e.g. Active Directory, eDirectory, LDAP)
- Identity provisioning
- User management and administration tools
- User interface customisation
- Workflow design and configuration (e.g. approval workflows)
- Access governance, access reviews and reporting
- Log management, analysis and reporting
- Federated access methods, such as SAML, OAuth and OpenID Connect
- Multi-factor authentication
- Experience in large scale integration projects involving identity and access management, web-services and distributed systems
- Experience of designing solutions to operate on Cloud infrastructure such as AWS
- Agile development methods – Scrum, Kanban, TDD, BDD, etc.
Experience with a specific IDAM product suite is less important than broad architecture and design experience. Ideally the architect will have experience of NetIQ Identity Manager and NetIQ Access Manager. However, experience in similar IDAM toolsets such as Oracle Identity Manager, Oracle Access Manager, Sailpoint, ForgeRock, Okta, Ping Identity and IBM Tivoli AM is of equal interest.
Must be already holding active SC.