Your potential. Your opportunity. Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.
As a Privilege Access Management (PAM) Engineer, you will:�
- Work with IT infrastructure teams to enhance the Enterprise PAM (ePAM) solutions to integrate with other IT enterprise systems and support regulatory requirements
- ePAM services consist of Digital Password Vault, Super-User Privilege Management and Active Directory Bridging services.
- Design and implement ePAM to extend support for AWS services and other platforms
- Provide support for application to application integration and configuration
- Support ePAM, and all of its related components of IAM services including but not limit to debug, fix and enhance codes for ePAM web services and PDI scripts
- Work with Vendors for support tickets as required
- Helps engineer solutions to ensure that ePAM solutions and services perform according to defined processes, meet defined policies and comply with information security requirements
- Integrates ePAM systems with third party solutions for provisioning, de-provisioning, identity authentication and systems resources authorization, access certification, and developing connectors between ePAM and IAM tools and systems resources
- Work with application developers and IT operations to develop, test, roll out and maintain enterprise-wide PAM solutions and services
- Support in troubleshooting and resolving complex authentication, authorization and integration problems
- Provide on-call rotation support for 24/7 production support
- Provide support for patching servers
- Coordinate and activate DR and failover of systems
- Document user guides and functional training materials based on vendor documentation and tailored to the company's needs
- Create, update and maintain documentation (including process documents and procedures)
- Provide scripting expertise to automate critical PAM maintenance processes
- Monitor, troubleshoot and problem resolution of PAM service and related incidents.
- Bachelor's degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications.� An advanced degree is also preferred.
- Certifications such as: CISSP, CISM, CRISC, or CISA certification a plus
- 5+ years plus experience in documenting, developing, or implementing IAM systems
- 5+ years plus with technical experience integrating identity management, access management and access governance software into clients' infrastructure and applications
- 5+ years plus experience with installation, integration and deployment of IAM technology products
- Must have strong technical architecture experience integrating multi-tiered applications, databases, LDAP and directory services, application servers, network infrastructure, and understanding security and dataflow within these components
- Strong and solid understanding of testing and implementation lifecycles for identity access technologies including root cause analysis
- Require experience in developing technical strategies, architectures, and roadmaps
- Must have experience in creating MS Visio diagrams and workflow specs
- Strong presentation skill and communication
- Identity Management familiarity in two or more of the following areas:
- Privileged Access Management
- Access Certification
- Provisioning/De- Provisioning
- Application On-boarding
- Single Sign On
- Identity Federation
- Multi-factor authentication
- Experience in any of the Privileged Access Management tools - CA PAM, Dell Quest TPAM, Thycotic Secret Server, or CyberArk
- Experience with Super-User Privilege Management solutions such as CA ControlMinder, BeyondTrust PowerBroker, Sudo, BoKS etc�
- Experience in implementing enhanced security for accounts in Active Directory
- Experience with CA IDP and RSA Aveksa
- At least 3 years of solid experience in Privileged Access Management Systems
- At least 3 years of solid experience in Identity Management Systems
- At least 2 years of solid experience with CA IDM suite(CA Identity Manager, CA Identity Portal)
- At least 2 years of experience with kettle script/PDI or other ETL tool
- At least 1 year of experience with RESTful API webservice
- At least 2 years of experience with MS-SQL
- At least 1 year of solid experience with Powershell
- At least 1 year of experience with LDAP/s
- At least 1 year of experience with Unix shell script�
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.