This role will report to the Identity and Access Management Programs organization within the Information Security function.
Role Summary/Purpose:
Client's IAM ( "Identity and Access Management") team is leading an initiative to implement enhanced logging and monitoring of access changes across high-risk applications, leveraging technologies such as Splunk and Cortex. The IAM Security Engineer will be responsible for Highly Privileged Access (HPA) Logging and Monitoring. This role partners closely with client's technology teams to onboard applications to the Monitoring Framework which includes determining the applications logging capabilities through the discovery process and onboarding the applications to Splunk.
In addition, the IAM team is leading an initiative to enhance the implementation of a system that identified secret keys across our environment and reports on secrets that are approaching or beyond the required secret key rotation date, based on requirements in our standards. The IAM Security Engineer will be responsible for understanding test cases, executing testing of functionality, and identifying/reporting defects throughout development.
Scope of Services:
Company is requesting Contractor to provide support for the HPA Logging and Monitoring Discovery and Onboarding phases, and testing of functionality for secrets rotation tool. Based on negotiations between the parties, the scope of services to be provided by Contractor shall be limited to those activities described in this Section. Contractor shall provide assistance to Company to accelerate onboarding of Apps to Splunk, and testing of functionality for secrets rotation tool.
The services shall consist of the following:
Facilitate discovery and engagement with application owners.
Conduct interviews, working sessions, and document onboarding.
Document and escalate risk mitigation plan for apps that cannot onboard.
Coordinate troubleshooting efforts when preparing apps for onboarding.
Report ongoing status and raise required escalations.
Analyze log data to identify relevant log events to map to Splunk data models.
Develop Splunk technology add-ons to properly parse, event type, and tag application security data.
Test and quality assure Splunk configurations (e.g., confirm appropriate events are in logs and properly mapped to Common Information Model, confirm Splunk standards are followed).
Release apps to production Splunk team.
Develop and execute test plans and cases for new application functionality
Collaborate with developers to reproduce and troubleshoot issues
Maintain detailed test documentation
Required Skills/ Knowledge:
A total of 3 years working experience, with a minimum of 1 years engineering and/or architecture experience in IAM or adjacent InfoSec domains, such as Data Protection or Security Engineering and in lieu of a degree 5+ years of working experience.
A minimum of 1-year hands-on experience with IAM technologies
Deep understanding of Splunk Cloud and Splunk Processing Language (SPL)
Experience working in a cloud (PaaS) environment
Knowledge of foundational IAM concepts - Authentication, Authorization, RBAC, etc
Exceptional written and verbal communication skills
Ability to prioritize work efforts based on risk and project timelines
Experience working in Agile methodology, leveraging Jira and Jira Align
