L3 SSO IDM Production Engineer

The “Production Security” Domain is part of the Corporate & Institutional Banking Information Technology & Operations (CIB ITO) of our client, it manages all the security solutions. The SSO team provide identity and access management tooling as a middleware delivery team, supporting authentication and authorisation for both internal and external customers. Using several standardised frameworks, the team maintains and governs access policies and works to deliver technologies to ensure that the right entities have the appropriate access to technology resources.

The jobholder will be part of multi-geographical (presence in 3 regions and 6 locations) and multi-disciplined team, providing support and project delivery for the SSO and Identity Management platforms in the following topics:

• Architecture
• Project Delivery
• Platform Support and Maintenance
• Incident and Problem Management
• Change Management
• General

The candidate will also be well versed with cryptographic notions such as RSA, symmetric and asymmetric encryption, certificates and digital signatures etc.

RESPONSIBILITIES

ARCHITECTURE

• To provide architectural expertise thereby driving change and improvement in technology and process.
• To contribute to the development of the SSO and LDAP technology roadmaps.
• To liaise with CIB architecture teams in undertaking architectural reviews.
• To stay abreast of emerging technologies and technology trends.
• To automatize the process to accelerate the delivery time

PROJECT DELIVERY

• To take responsibility for the delivery of key projects around SSO and LDAP which are aligned to drive significant change within the platform.
• To work with the Application Production Support project managers in defining, designing, documenting and implanting new functionality for existing and new applications.
• To liaise with the Application Developers in low-level diagnosis of on-going issues.
• To provide subject matter expertise on SSO and IDM technologies to all business application teams.
• To act as technology evangelists for the improvement of process and technology in use for the Authentication services within the bank.

PLATFORM SUPPORT AND MAINTENANCE

• Pro-actively monitor, manage and improve availability and performance of the production environments (from presentation and application layers to Infrastructure layers)
• Pro-actively manage the capacity of production applications

INCIDENT AND PROBLEM MANAGEMENT

• To work with partner teams to conduct analysis of major and critical incidents.
• To identify tactical or strategic improvements that can be introduced to help reduce the number of on-going incidents within the SSO and LDAP area.

CHANGE MANAGEMENT

• To work within the change management framework adopted by BNP Paribas to ensure that all changes to the production environment are planned and executed in a controlled manner.
• To take responsibility for the quality of changes within the SSO and IDM environments, ensuring that changes raised are of sufficient standard in terms of technical and planning detail.
• Attending and sharing knowledge / updates in the Weekly Change Control Board Meetings and the Weekly Problem Management Meetings.

GENERAL

• Perform pre-assigned tasks to accomplish the function responsible for. The nature of these tasks are Change The Bank or Run The Bank
• Work cooperatively with the other members of the team
• Ensure adherence to processes and procedures
• Request improvement of knowledge (training) when needed
• Apply own initiative, within the levels of acceptable risk
• Whenever in doubt, escalate and seek advice and guidance
• If the nature of the position is user-facing, then all the guidelines and principles of user service mentality and behaviour should be applied
• Escalate risks / issues to the manager of the team
• Minimise operational failure, including but not exclusively, the risk of fraud, by helping to devise, and by implementing, sufficient regular controls.
• Ensure appropriate escalation to management and/or Permanent Control (or Compliance as appropriate) as soon as an issue is identified.
• Provide a direct contribution to the BNPP operational permanent control framework.

As this is a production support role, focusing across a range of different and mostly innovative technologies, candidates must possess the aptitude and desire to learn. In addition, ability to be on call and provide support out of hours is essential.

ESSENTIAL:

• Technical Skills essential for the role include, but not limited to:
• CA Siteminder Web SSO
• SOA security - SAML / WS-Security
• Autoprovisioning tools such as BMC ControlSA, Sailpoint, or Forgerock
• LDAP
• Kerberos / SSL/TLS / PKI / GSS-API / SPNEGO
• oAuth2, OpenIDConnect
• IIS/WCF/WIF, WAS security models
• Infrastructure standards for network load balancers, servers, networks and storage
• Automation mind-set with experience in using tools like Ansible
• Scripting skills using Python/JS or shell
• Application Server: Good exposure in configuring and supporting web technologies such as Tomcat, Apache, nginx, IIS
• Proven logical and methodical problem analysis and troubleshooting skills
• Working with an industry recognised service desk and project management toolset
• Clear communicator in both written and oral forms

DESIRABLE:

• Technical Skills desirable for the role include:
• Axway Security gateway
• SQL, Database schema
• Authentication services for APIs
• Exposure to Apigee API gateway
• Knowledge of Process & Quality management, ITIL v2/v3
• Microsoft Project, Advanced Excel, PowerPoint and Word
• Knowledge of Atlasian Jira Task Management toolset
• Previously used ServiceNow as a Service Desk Management product

QUALIFICATIONS

• Bachelor’s in Computer Science or equivalent
• ITIL Foundation certificate will be desirable
• Desired experience: 5-7 years (not more)

Job Type: Contract
Contract length: 12 months

Pay: $6,500.00 - $9,000.00 per month

Work Location: In person