Identity and Access Management Consultant / Resident (Federal)

Please Note:1. If you are a first time user, please create your candidate login account before you apply for a job. (Click Sign In > Create Account)2. If you already have a Candidate Account, please Sign-In before you apply.Job Description:Identity and Access Management Consultant / Resident (Federal)Broadcom Software Group is a world-leading software company, that helps organizations, governments, and people secure their most important data wherever it lives.  Broadcom has an extensive security software portfolio including CA Identity Security and Symantec cyber security technologies. The Federal Professional Services / Customer Success team is a globally recognized leader in cyber security services across the US Federal defense, civilian, and intelligence agencies. We bring decades of experience in defending cyber interests globally and delivering advanced capabilities, honed from protecting some of the government's most valuable assets.  Our solutions and services ensure Federal government customers have an adaptive defense strategy, sustainable threat protection, and a mature security posture.   The Identity Security – Resident Consultant will support Federal / Public Sector customers on-site and/or remotely within the United States.  The consultant will assist in the hands-on implementation, operations, administration, and support of the Broadcom Symantec / CA Identity Security product portfolio.Job Responsibilities / Primary Functions:Deploying and configuring Broadcom Symantec SiteMinder, Symantec Directory and Symantec Identity Manager to meet customer needs for customized Portal development across enterpriseInstalling, configuring and deployment of Symantec SiteMinder Access Gateway, SiteMinder instrumentation, migration of code and data, integration with other systems for automation, data management. Setting up SAML federation services. Testing with Postman and applying bug fixesExperience with deployment of Symantec/CA Identity Manager, Symantec/CA Provisioning Server and/or Symantec/CA Identity Governance to establish an effective identity management foundation and build upon it to address the business initiatives and solution requirements of the enterprise.Experience in Architecting, Designing, Implementation and support of Symantec/CA Identity Manager and Symantec/CA Provisioning ServerExcellent knowledge and understanding of LDAP concepts and working experience with Symantec/CA DirectoryExperience in design and configuration of Symantec/CA IDM workflow, PxPolicy, tasks and forms.Experience in configuring Symantec/CA IDM connectors, deployment experience with dynamic connectors using connector expressExperience with REST based custom connectors/endpoints in Symantec/CA Provisioning Server.Provides SiteMinder support and advanced authentication.Assists and supports all testing for all product releases.Continually researching, studying and evaluating to optimize and improve infrastructure and performance.Creates documents and keeps current Standard Operating Procedures (SOPs) and Configuration Management (CM) procedures and guidance to provide consistency of application performance and functionality.Provides technical expertise supporting enterprise identity and Access Management solutions.Installs and configures new systems and researches additional solutions and makes recommendations.Handle system changes for signature updates, patches and upgrades.Required to periodically create, deliver and make presentations with necessary materials to support project with concise details and information geared to applicable audience.Experience with helping organizations maintain control of systems and data while improving operational efficiency by providing a scalable and configurable identity management and governance infrastructure.Experience with establishing an effective identity management foundation and build upon it to address the business initiatives and solution requirements of the enterprise.Technical Requirements:Implement and support of Symantec/CA Identity Manager and Symantec/CA Provisioning ServerCA Siteminder Web Access Manager R12.8 and Federated ServicesDeploying & Administer Single sign On (SSO) solutions using CA Siteminder.Siteminder Access Gateway R12.8.SiteMinder Policy Server R12.8 installation & configuration.Web server (Apache, Iplanet, IBM HTTP Server and IIS) agent installations & configuration, policy, Rules, Realms, Response and Auth Schemes setup.Configure User Directory and Directory Mapping for Authentication and Authorization.Develop Custom Central Authentication Page.Implement Federation using SAML 2.0.Implement IDP as well as SP initiated Federation SSO.Configure Encryption and Signing of SAML assertion.Develop Custom Assertion Generator Plugin using JAVA.Installation and configuration of ServletExec AS.Installation and configuration of Apache Web server.Must have expertise in the following areas with 3-5 years’ experience in each area:Java, J2EE and Spring, REST and SOAP services, Unix/Linux, Shell Scripting, MS Windows Operating Systems, SAML Based Federation, OpenID Connect, SSO, OAuth 2.0Webservers (i.e., Apache, IIS, Tomcat, LDAP stores, JBOSS/Wildfly).Proficiency and depth of knowledge of Service Oriented Architecture (SOA), XML, SOAP.Must be able to architect solutions based on best practices with proven results.Superior knowledge in monitoring and maintenance of client IDM environments: OAM, OAAM, OIM, OUD, ODSEE, BIP, Oracle DB, OIA, OIF, OEMServer or network administration.Mutual-SSL (Mutual Certification Authentication + TLS), Basic Authentication (over HTTPS), OAuth (two or three-legged)Configure TLS/SSL Certificates for Unified Access Gateway AppliancesGet the Federation Services working for SAML, OIDC setup.Get the Auth/Authz SOAP & Rest API's functional by zone.Should be able to implement Agent less SSO.Should have strong knowledge of Apache prefork and MPM mode along with their repercussions while dealing with Broadcom Symantec SiteMinder/Access Gateway products.Should have strong knowledge of Tomcat with AJP implementation.Should have in-depth knowledge of SAML2, OIDC (basic and implicit profiles) and Kerberos (KDC,TGT,GSSAPI etc.) both from standard and product implementation perspective.Non-technical Experience Needed:Able to clearly communicate verbally and in written form – articulating complex thoughts and ideas in small or large group settings.Able to work well in a collaborative team environment with various personalitiesShould keep the client and IdAM team informed activities and road-blocks.Excellent interpersonal communication skills including heavy telephone and email communications; ability to clearly and precisely provide scope of project status, additional needs and identify problem areas.Attention to detail and excellent organizational skills with an ability to prioritize multiple tasks and meet deadlines.The ability to work under light supervision, as a self-starter and show progress in the project and/or tasks as outlined is paramount to the success of this position.Education/Training/Additional Experience Needed:Associate Degree or Bachelors’ Degree in Information Technology, Computer Programming, Java Programming, Security Technology or other related coursework is strongly preferred and  + 8+ years of related experience.Experience in large-scale system integration projects is a must.Experience with Symantec/CA Identity Manager specifically being proficient with managing user accounts and giving users access to applications.Knowledge and significant experience in competing Identity Management products with Single Sign-On (SSO) architecture with products such as Oracle Access Manager, OKTA, SailPoint.Experience implementing message flows utilizing MQ and/or HTTP transports is a plus.Experience with Agile framework (preferably SAFe 4.5) with the ability transform an idea or a requirement into a tangible product for the end-users.Experience in various security fields including access control, authorization, identification and authentication and enterprise security architecture is required.Additional Requirements:Must be able to provide proof of identity and ability to legally work in the United States.Must be able to obtain a ‘DoD Secret’ clearance.This is a remote position however periodic travel may be needed.DoD 8570 Baseline certification as a requirement for this project.Additional Job Description:Compensation and BenefitsThe annual base salary range for this position is $91,200  - $152,000.This position is also eligible for a discretionary annual bonus in accordance with relevant plan documents, and equity in accordance with equity plan documents and equity award agreements. Broadcom offers a competitive and comprehensive benefits package: Medical, dental and vision plans, 401(K) participation including company matching, Employee Stock Purchase Program (ESPP), Employee Assistance Program (EAP), company paid holidays, paid sick leave and vacation time. The company follows all applicable laws for Paid Family Leave and other leaves of absence.Broadcom is proud to be an equal opportunity employer.  We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law.  We will also consider qualified applicants with arrest and conviction records consistent with local law.If you are located outside USA, please be sure to fill out a home address as this will be used for future correspondence.