The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals in their chosen disciplines working together, to review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks. The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Our methodology and framework synthesize current legal, regulatory, and operating mandates with PG&E's business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E's LOBs make informed decisions about where to invest their resources.
The Identity Access Management (IAM) Principal Engineer is responsible for installation, integration and deployment of IAM solutions within the PG&E Cybersecurity IAM team. The IAM Principal Engineer requires a strong understanding of Identity Access Management (IAM), and Identity Access Governance (IAG) products and implementation methodologies. The IAM Principal Engineer is expected to have strong technical and soft skills, must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, interface effectively with our internal Cybersecurity teams and LOB customers, vendor partners, and colleagues.
- BA/BS degree in Computer Science, Engineering, Business or related degree or equivalent experience
- 10 years of IT engineering design and/or technical project implementation, and leadership experience
- Experience with multi-tier enterprise technology environments
- MA/MS degree preferred
- Project Management IT experience
- Experience managing senior/expert level IT staff
- Expert level understanding, in one or more core business areas of a utility, of how technology plays a key enabler/support role
- Expert level understanding and implementation experience, in multiple core business areas of a utility, within process design, information modeling or system architecture
- Expert understanding of the operations engineering discipline, processes, concepts and best
- Web Access Management: Experience with Single-Sign-On tools similar to SecureAuth, Siiteminder, PingAccess, PingFederate, ForgeRock
- Integration experience with SAML, OpenID Connect, Oauth
- Expertise in developing integration APIs and web services (RESTful/SOAP)
- Integration experience with Multi Factor Authentication
- User directories: Understanding of LDAP, Virtual Directory Services, and Active Directory
- Privileged Access Management: Understanding of PAM tools
- Identity Access Governance: Tools such as Saviynt or Sailpoint, or OIM
- Monitoring: Tools such as Splunk, and SEIM platforms
- Scripting/automation experience using PowerShell, VBScript, python, or bash
- Web application server knowledge (e.g. IIS, WebLogic, or Tomcat)
- Understanding of secure software development practices - AppSec
- Agile development experience
- Understanding of authentication and authorization tools and technologies
- Exposure to DevOps, Continuous Integration and Continuous Delivery experience
- Design SSO integration patterns and then work with our partners and customers to implement these delivery patterns.
- Design, integrate, develop, configure, release, maintain, and support enterprise Identity & Access Management (IAM) solutions & capabilities.
- Provide software development & database skills in the delivery of sophisticated identity management solutions (both COTS and custom-built) that enable both employees and external clients to access systems and data while maintaining the principle of least privilege, using a combination of coding, scripting, integration, and platform customization – including system upgrades, installation, and performance tuning.
- Partner with Internal Audit and Compliance teams to develop and help to mature IAM security policies, metrics and reporting.
- Demonstrate exceptional analytical problem-solving skills including the ability to perform root cause analysis, troubleshooting, and system support.
- Provide timely, concise, and situationally appropriate status on deployment and app integration work.
- Work on automation and scripting to enable self-service environments and processes where practical.
- Author technical documentation, including: infrastructure topology, system design, workflows, data flows/mapping, implementation steps, and user/system support.
- Develop and deliver technical training designed to enable and educate the IAM team peers, Cyber consulting teams, support and application teams.