Information Security Engineer – Identity & Access Management

Responsibilities:

Synopsys is seeking a Senior Information Security Engineer, to join our team and is responsible for the Identity Access Management and Data classification programs. This security engineer role is integrated into all aspects of security focused, corporate identity process designs, implementation, and documentation. The Synopsys Information Enterprise Security Engineering team helps the organization transform and securely build what’s next for the business.

Key areas will include Security design, engineering, automation, security research & development, and operationalization of security solutions.

This role guides and defines overarching technical security engineering and knows enterprise security best practices and requirements, to ensure Synopsys solutions are designed and implemented to the highest security standards and are differentiated in the marketplace.

Responsible for delivery of the security framework to help inform the security organization on new industry trends and security solutions that solve complex problems and align with the enterprise security strategy, technologies, and platform options.

Job Requirements:

• Responsible to install, integrate and deploy IAM solutions.
• Work with the Identity Access Management team to continue making enhancement to the Identity Access Management program.
• Work closely with development teams to perform User management, group management and Password management requests.
• Create and maintain Identify Access Management metrics.
• Assist project teams with Active Directory integration patterns using AD and Azure AD, Azure MFA, ADFS & Azure Federation and SSO patterns.
• Plan and implement updates to maintain, monitor, and support enterprise IAM tools.
• Help build the roadmap on how to mature the IAM platform through the big picture approach and integration with other teams and identifying dependencies.
• Design, develop, install, integrate of the chosen IAM solutions on the workstations and in the network.
• Excellent interpersonal skills, written and verbal communication skills, analytical ability, and leadership skills.
• Ability to influence others to achieve results.
• Ability to prioritize projects and/or deliverables.
• Ability to drive accurate and timely decisions.
• Ability to analyze information and draw accurate conclusions.
• Passion and drive to be a star player in an amazing Information Security Engineering team.
• Knowledge of privileged and non-privileged access, Authentication types, Authentication Protocols
• Provide domain expertise and consultation to BUs around corporate security and enterprise technology.
• Participate in security strategy plans and roadmaps based on sound enterprise security engineering practices.
• Review security technologies, tools, and IAM services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics.
• Participate in security requirements and technical design discussions to influence requirements and designs and to mentor other engineers.
• Identify organization priorities, technical objections, and design strategies encompassing the entire Synopsys ecosystem to deliver business value and resolve blockers.

Qualifications:

• Equivalent bachelor’s or master’s degree or equivalent in computer science, information systems, cybersecurity or a related field from an accredited institution, or equivalent practical experience.
• 5+ years of experience. Alternatively, candidate may possess an equivalent combination of relevant professional experience and education.
• Experience implementing intercept based SSO technologies (e.g. Okta, Ping, RSA Access Manager, etc).
• Understanding of Azure IAM, Active Directory environment, and Microsoft Azure Access Controls.
• Basic understanding of Microsoft Security services (e.g., Microsoft Defender for Identity, Azure Information Protection.
• Equivalent certifications such as CIMP, CIAM, CIST, CAMS, CIGE, CDP, CISSP, CISA, CISM, CRISC preferred.
• Comprehensive knowledge and experience with authentication standards and technologies such as multi factor authentication, JSON Web Token (JWT), etc.
• Extensive hands-on knowledge and experience of identity and access management best practices, procedures, and software solutions such as CyberArk, ForgeRock, Okta, Ping Identity, etc.
• Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, Federation etc.
• Experience in Design Data Classification and engineering comprehensive data security practices.
• Direct, hands-on experience or strong working knowledge of managing security in IT /connected devices, infrastructure applications, security operations.
• Experience with Windows, Linux / Unix, scripting (Bash, PowerShell), LDAP, SQL, and web services.
• Experience with Databases (Oracle, Sybase, MSSQL, MySQL).
• Familiarity with RBAC.
• Experience in infrastructure security, storage security, platforms security and data security.
• Experience building, designing, and implementing distributed global systems in infrastructure, security, data, or application development.
• Ability to learn/work with emerging technologies, methodologies, and solutions in the IT//Infosec technology space.
• Familiarity with the following industry frameworks & regulatory standards: Payment Card Industry Data Security Standard (PCI-DSS), HIPAA-HITECH, Sarbanes-Oxley, General Data Protection Regulation (GDPR), Privacy Practices, ISO 27001/2, NIST Cybersecurity Framework (CSF/800.53), FedRamp, StteRamp, IEC 62443
• Experience with working on Routing, Switching, Transit GW, PAN, Checkpoint firewall configurations and deployment.
• Has deep knowledge on Perimeter defense tools such as Akamai, DDoS .
• Has prior experience working on Zscaler and Proxy architecture on routing from Data Center for inspections, DPI (Deep Packet inspections).
• Relevant certifications such as CISSP, CISA, CISM, CRISC preferred.

Travel: May include up to 10% domestic/international

Must be legally authorized to work in the country of employment.