Эта вакансия в архиве
Посмотреть похожие вакансии ↓5 минут назад
Staff Security Engineer (IAM)
Описание вакансии
Текст:
TL;DR
Staff Security Engineer (IAM): Designing and implementing risk-based security controls and authentication flows for cloud-based supply chain management solutions with an accent on IAM engineering and authentication standards. Focus on building secure authentication flows (OAuth 2.0/OIDC), evaluating modern standards like WebAuthn/FIDO2, and integrating security into DevSecOps pipelines.
Location: Hybrid; regular in-office presence required in Canada
Company
A leading provider of cloud-based supply chain management solutions serving a global retail network.
What you will do
- Devise and implement risk-based security controls to protect the organization and align with business objectives.
- Lead IAM Engineering best practices throughout the design, build, test, and implementation phases.
- Design and implement authentication flows (OAuth 2.0/OIDC) for internal applications, including session management and secure credential storage.
- Evaluate and deploy modern authentication standards such as passwordless, WebAuthn, FIDO2, and mTLS.
- Automate security-related processes by leveraging COTS and custom code.
- Collaborate with engineering and business operations to maintain security monitoring for IAM controls.
Requirements
- Bachelor's degree + 8 years of experience, or Master's + 6 years in security engineering/architecture.
- Must be based in Canada to support the hybrid work model.
- Deep knowledge of authentication/authorization protocols: OAuth 2.0, OpenID Connect, SAML 2.0, SCIM, and JWT.
- Experience with regulatory compliance requirements including SOX, HIPAA, and PCI-DSS.
- Proven ability to integrate security into DevOps and existing continuous delivery/improvement processes.
- Experience providing technical security guidance to both technical and non-technical audiences.
Nice to have
- Okta Certified Professional or Okta Certified Developer certification.
- Experience with Okta Identity Governance (OIG), Okta API Access Management, or Okta Workflows.
- Familiarity with industry standards: NIST CSF, OWASP, CIS, STIG, or MITRE ATT&CK.
- Industry certifications such as CISSP, CISM, CISA, CCSP, or CEH.
Culture & Benefits
- Comprehensive benefits package tailored to local laws and market practices.
- Eligibility for an annual incentive program based on individual and organizational performance.
- Collaborative and inclusive work environment that values innovation and continuous improvement.
- Modern professional workspace with open office areas and interactive communication tools.