Identity and Access Management Engineer

Main Purpose: Identity and Access Management (IAM) Engineer is responsible for designing, implementing and managing identity and access management solutions that ensure secure and efficient authentication, authorization and auditing of users and systems. The IAM Engineer works to ensure that only authorised users have access to the right resources at the right time, using tools and processes to enforce security policies, compliance requirements and best practices across the organisation’s infrastructure and applications, for both on-premises and cloud systems. Knowledge Skills and Abilities, Key Responsibilities:

• Design, implement, and manage IAM systems and solutions, including Single Sign-On (SSO), Multi-Factor Authentication (MFA) and role-based access control (RBAC).

• Configure and maintain identity and access management tools.

• Work with IT and security teams to define and enforce security policies and user access controls.

• Assist in the management of user lifecycle processes such as onboarding, offboarding, role changes and access reviews.

• Integrate IAM systems with various internal and third-party applications and services.

• Manage the monitoring, auditing and reporting on IAM system performance, security incidents and access violations.

• Ensure compliance with regulatory requirements and internal security policies related to identity and access management.

• Troubleshoot and resolve IAM-related issues, including access problems and authentication failures.

• Implement and manage privileged access management (PAM) solutions to protect sensitive systems and accounts.

• Stay up to date with the latest IAM technologies, trends and security vulnerabilities.

• Develop and maintain documentation for IAM configurations, processes and procedures.

• Collaborate with security teams to identify and mitigate identity-related risks and vulnerabilities.

Qualifications:

• Bachelor’s degree in computer science; information technology or a related field.

• Minimum of 5 years of experience in identity and access management or a related field.

• Specialist Knowledge:

-Active Directory

-Single Sign On (SSO)

-Entra ID (Azure Active Directory)

-SAML

-AWS Identity and Access Management

-OAUTH2/OID

-Infrastructure as code

-SCIM Provisioning

-Authentication and Authorisation

-Kerberos

Competencies:

• Demonstrates exceptional problem-solving abilities, consistently identifying issues and developing effective solutions.

• Takes initiative in all professional settings, acting independently and proactively without requiring constant supervision.

• Possesses strong negotiation skills, successfully facilitating discussions to reach mutually beneficial agreements.

• Continuously improves business processes by analyzing workflows and implementing optimization strategies.

• Excels in strategic planning, developing comprehensive long-term objectives with clear implementation roadmaps.

Key Relationships and Department Overview:

• Windows Engineering Team

• Vendor management

• IT Security Team

• Outsourced IT management

Department Overview

Trafigura Group IT provides shared services across the Trafigura group of companies, offering services at scale where it makes economic sense.

Reporting Structure

The engineer will report to the Windows Server and End User Computing Architect and will join a team of eight other engineers who work in a collaborative team covering the Windows Server; Unified Comms; Citrix and End User Computing towers.

Equal Opportunity Employer

We are an Equal Opportunity Employer and take pride in a diverse workforce. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, colour, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or handicap, disability, or any other legally protected status.