Systems Architect

Systems Architect 5 or 4 – Directory Services Security Architect


Job Description
Information Security Technology (IST) has an opportunity for a Security Architect 4 or 5 to join the Security Architecture and Development team to help develop and implement enterprise information security architectures and solutions. Position description: Serve as a security expert in helping new projects and projects-in-progress using directory and identity data services to comply with corporate security policies, industry regulations, and best practices. Research, design, and advocate new technologies, architectures, and security products that will support directory and identity data services requirements for client and its customers, business partners, and vendors. Work closely with technical staff and engineers supporting solutions for directory & identity data services, and collaborate with Infrastructure Architecture, Enterprise Architecture and Lines-of-Business Architects to evaluate and develop secure business solutions based on existing approved security architectures. Candidate will be a principal contributor for providing directory & identity data services architecture and strategy. Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks to customer data and enterprise assets at each phase of business processes. Ensure adequate security solutions are in place to mitigate identified risks sufficiently to meet business objectives and regulatory requirements.



Minimum Qualification
Candidate must have 7-10 years working experience in designing, developing, and deploying directory based solutions, schemas, DIT, ACIs, policy, indexing, replication topologies, secure LDAP, connectors, and services using a risk-management-based approach. They must also demonstrate a strong understanding for how directory services enable identity data services, and how a large scale heterogeneous enterprise must integrate technology to enable enterprise level services for directories and identity management solutions. Must have experience with more than one at of the following LDAPs; Active Directory, SunOne, IBM Directory Server, ACE. Must have experience with more than one of the following directory data integration products; MIIS, ITDI, ADSI, or any Virtual directory. Experience with the following products is desirable; ADFS, AzMAN, NetIQ Security Manager, Siteminder, ITIM, Websphere, DB2.



The candidate must also demonstrate familiarity with information security architectures and its supporting infrastructures. Understanding of vulnerabilities, exposures, and risks associated with network and application protocols and platforms, including TCP, HTTP, XML, SAML, SOAP. Experience leveraging defense-in-depth solutions to manage risk including physical, network, platform and application controls. Platform (Windows/VISTA, Unix), networking, application and/or database security experience a plus. The candidate must be a self starter who can work independently without close supervision. Is able to set priorities and manage collaborative efforts to complete deliverables in time. The candidate is a strong team player with excellent analytical, consultative, writing, verbal, and presentation skills.



Preferred Skills

The candidate is proficient with programming in Microsoft Visual Studio, LDIF queries, SQL queries, Java, and scripting languages such as Javascript, VB Script. Has an in-depth understanding of X.500 series standards. The candidate is also experienced with writing and reviewing security policies. Has knowledge of regulatory requirements for the financial industry sector, and information security risk management. Education: Bachelor's degree in Computer Science, or Software Engineering. Certifications: CISSP, GIAC, MCSE 2003.



Position can be located in Minneapolis, MN, Chandler, AZ, or San Francisco, CA.
REQUIREMENTS
Candidate must have 7-10 years working experience in designing, developing, and deploying directory based solutions, schemas, DIT, ACIs, policy, indexing, replication topologies, secure LDAP, connectors, and services using a risk-management-based approach.
Must have experience with more than one at of the following LDAPs; Active Directory, SunOne, IBM Directory Server, ACE. Must have experience with more than one of the following directory data integration products; MIIS, ITDI, ADSI, or any Virtual directory