OKTA SENIOR

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

The opportunity

Were looking for Senior Consultant in the Technology Consulting team to work on various Identity and Access Management projects for our customers across the globe. Also the professional shall need to report any identified risks within engagements and share any issues and updates with senior members of the team.
In line with EYs commitment to quality youll confirm that work is of the highest quality as per EYs quality standards and is reviewed by the nextlevel reviewer. As an influential member of the team youll help to create a positive learning culture coach and counsel junior team members and help them to develop.

Your key responsibilities

Engage and contribute to the Identity & Access Management projects
Work effectively as a technical lead sharing responsibility providing support coaching juniors in team maintaining communication and updating stakeholders team members on progress
Assists customer organizations with planning and implementing complex architecture solutions
Execute the engagement requirements along with review of work done by junior team members
Able to create plan and execute advanced IAM trainings and independently drive proof of concepts involving emerging IAM technologies
Use case design Solution Requirements Specification and mapping business requirements to technical requirements (Traceability Matrix).
Architecture Design (optimising the resources made available servers and load sharing etc.).
Involvement in a successful pursuit of a potential client by being part of the RFP response team.
Should be implementing IAM engagements including requirements gathering analysis design development and endend deployment.
Develop and maintain productive working relationships with client personnel
Build strong internal relationships within EY Consulting Services and with other services across the organization
Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
Contribute to people related initiatives including recruiting and retaining IAM professionals
Maintain an educational program to continually develop personal skills by learning various IAM tools and latest skills
Automate the manual process in the IAM domain
Understand and follow workplace policies and procedures
Building a quality culture at GTH
Manage the performance management for the direct reportees as per the organization policies
Foster teamwork and lead by example
Training and mentoring of project resources
Participating in the organizationwide people initiatives

Technical Skills

Handson experience in endtoend implementation of Single Sign On and MFA for enterprise and customer Identity and Access Management using either of the following industry leading products Ping suite of products (PingFederate Ping Access PingONE) Okta Auth0 ISAM ForgeRock suite of products (OpenAM OpenIDM OpenDJ OpenDS and ForgeRock Identity cloud).
Completed at least 23 implementations leveraging either of the products listed above or combination of above.
Strong understanding of access management fundamentals like Authentication Authorization MFA SSO Federation and Directory Services concepts.
Good handson experience on SAML 2.0 OAuth 2.0 OIDC WSFed protocols.
Involved in endtoend design and implementation of SSO architecture and designed various authentication authorization MFA and SSO use cases
Experience in migration from one tool to another upgradation of above technologies application onboarding leveraging tools listed above
Understanding of agile process
Have handson experience on any of cloud providers Azure or AWS or GCP
Experience in scripting language python powershell and bash
Source control tool Git or Bitbucket
Handson Core Java development and debugging experience.
Skilled in mapping business requirements and coordinating in developing and implementing solution in line with the business requirements.
Experienced in creating Solution Requirements Specification Design documents like HLD and LLD and mapping business requirements to technical requirements (Traceability Matrix) use case design etc
Good knowledge of information security standards and regulatory compliances.
Should be flexible to work on new technologies in this domain.
Good troubleshooting experience in past engagements.

Ping Suite:

PingFederate:
Expertise in designing and implementing highly available and scalable PingFederate architectures
Installing PingFederate on cloud providers or using installing using docker and Kubernetes
Proficiency in integrating PingFederate with external identity providers (IdPs) and service providers (SPs) using custom protocols and connectors
Ability to architect and implement complex federation scenarios involving multiple trust relationships and federation standards
Experience in developing and implementing custom authentication (adapter PCV or selectors) and authorization plugins for PingFederate
Strong understanding of SAML (Security Assertion Markup Language) and OAuth protocols
Experience on design and development of OGNL expressions
Proficiency in configuring and managing highperformance identity bridges to integrate diverse identity systems.
Expertise in troubleshooting complex issues related to SSO federation and attribute mapping in PingFederate deployments.
Ability to perform performance tuning and optimization of PingFederate configurations for largescale environments.
Familiarity with integrating PingFederate with identity governance and user lifecycle management solutions
Experience in integrating PingFederate with cloudbased applications and platforms including SaaS and PaaS
Proficiency in scripting and automation using PingFederate APIs and commandline tools for configuration and administration
Strong understanding of planning and execution to upgrade PingFederate
Experience in managing Certificate & Key Management
Should have knowledge of API security

PingAccess:
Indepth knowledge of web access management (WAM) concepts and architectures.
Expertise in configuring and managing policybased access control using PingAccess.
Ability to design and implement complex access control rules and policies in PingAccess
Proficiency in integrating PingAccess with external identity providers (IdPs) and directory services
Experience in implementing secure reverse proxy and API gateway functionality using PingAccess
Knowledge of advanced features in PingAccess such as dynamic authorization finegrained access control and attributebased access control (ABAC)
Ability to troubleshoot and resolve accessrelated issues in PingAccess deployments
Familiarity with integrating PingAccess with web application firewalls (WAFs) and other security infrastructure components.
Experience in implementing single signon (SSO) and session management for web applications using PingAccess
Proficiency in configuring and managing highavailability and loadbalanced PingAccess deployments.
Knowledge of scripting and automation using PingAccess APIs and commandline tools for configuration and administration.
Protected APIs in PingAccess using OAuth protocol

PingOne:
Understanding of cloudbased identity and access management (IAM) solutions.
Strong understanding of SAML (Security Assertion Markup Language) and OAuth protocols
Proficiency in configuring and managing user identities and access policies in PingOne.
Proficiency in integrating PingOne with onpremises identity sources such as Active Directory LDAP or HR systems
Proficiency in configuring and managing user attribute mapping and synchronization in PingOne
Ability to configure and manage user provisioning and deprovisioning processes in PingOne.
Ability to configure and manage advanced authentication methods such as biometric authentication or hardware tokens.
Knowledge of integrating PingOne with thirdparty identity providers and social login platforms
Familiarity with configuring and managing user selfregistration and selfservice capabilities in PingOne
Knowledge of auditing and reporting capabilities in PingOne for compliance and governance requirements.
Experience in integrating PingOne with various cloud services PingOne Risk PingOne Authorize or PingOne DaVinci
Understanding of identity lifecycle management and user rolebased access control in PingOne.
Proficiency in configuring and managing security settings and policies in PingOne.
Experience in troubleshooting and resolving issues related to user authentication and access in PingOne deployments

PingOne Advanced Services:
Strong understanding of PingFederate and PingOne
Experience in migrating PingFederate or PingAccess from existing solution to PingOne Advanced services
Experience in onboarding application creating adapter PCV ATM or mapping Okta
Handson experience on Directory level integration with Okta for AD LDAP Azure AD Oracle AD.
Good Understanding on IWA SWA and Okta Workflows.
Handson experience on Okta APIs and good understanding of XML HTML CSS
Should be knowledge on Okta Access Gateway Okta Advance Server Access and SCIM.
Handson experience on developing custom UI pages branding and email template as per business needs.
Should be knowledge on Okta Access Gateway Okta Advance Server Access and SCIM.
Handson experience on developing custom UI pages branding and email template as per business needs
Experience and knowledge on Okta classic engine and Okta Identity engine
Experience over integration of onprem and legacy applications with Okta
Working knowledge on multifactor authentication Security Rules Policies and Provisioning.
Handson experience in troubleshooting the issues related with Okta and any other AM specific tools
Basic AD and LDAP Functionality authentication authorization.
Experience in Directory Integration with Okta.
Experience in troubleshooting the access related issue reported by application team.

ForgeRock Suite:

ForgeRock Access Management or OpenAM:

Very good understanding of information security concepts with indepth knowledge of IAM solutions and latest trends with ForgeRock OpenAM OpenDS and OpenIDM.
Application Onboarding experience on ForgeRock OpenAM using protocols such as OIDC1.0 OAuth2.0 and SAML2.0.
Customization of Authentication Nodes/Modules using JavaScript & Groovy Script.
Implementation of ForgeRock OpenAM functionalities using Admin Console and Amster scripts.
Customization of Attributes and modification of LDAP files in ForgeRock OpenDS.
Automation of ForgeRock AM implementation using backend scripts Json files & Github repository.
Experience in installation configurations version upgrades and migration
Handson experience with Authentication Trees.
Knowledge/working experience on ForgeRock Identity cloud

ForgeRock IDM or OpenIDM:
HandsOn experience with customization of ForgeRock IDM connector development writing scripts and building of ForgeRock workflows
Connection to authorized sources/connection through installation/configuration of connectors to destination targets
HandsOn experience with roles & assignments in IDM
Good conceptual and working knowledge around Workflow Approval process Certification process Password policies
Handson expertise with customization by developing custom code using Java
Basic Java J2EE groovy scripting JavaScript hands on development
Concept of reconciliation live sync attribute mapping
Ability to Install Troubleshoot Configure: Directory Services Application Server Identity Tool and connector development
Knowledge/working experience on ForgeRock Identity cloud

Auth0:
Knowledge of Auth0 dashboard along with administration knowledge e.g. configure and manage advanced security features in Auth0 including multifactor authentication (MFA) password policies and bruteforce protection.
Experience in Universal login page and customizing the text prompts and error messages.
Hands on experience in Multi factor authentication like WebAuthn with FIDO2 Biometric Custom Send phone message action Push notification.
Thorough understanding of Auth0 functionalities along with knowledge of features
Designing and implementing custom user flows using rules and actions within Auth0.
Develop database scripts when using custom database in Auth0
Handson experience with the Auth0 management APIs and knowledge of related technologies such as JavaScript JSON and REST APIs.
Implementation of protocols such as SAML OAuth and OpenID Connect on Auth0.
Knowledge of building web applications using the Express NodeJS framework
Knowledge of JavaScript testing frameworks such as Mocha Chai and Jest for unit testing and integration testing of Express applications.
Experience with using tools such as Postman and Swagger for API testing and documentation.
Develop solution in user migration from external system/store to Auth0 store using bulk import or trickle migration.
Ability to view and analyse logs and metrics in the Dashboard including user activity authentication success rates and error messages.
Experience with customizing the look and feel of the Auth0 login page and other UI components including the use of custom HTML CSS and JavaScript.
Knowledge of Auth0 deploy CLI and webtask
Experience with using DevOps and automation tools such as Git Jenkins and Ansible to automate configuration and deployment of Auth0.
Developing custom script/solution using Auth0 APIs and NodeJS.
Understanding of Adaptive MFA and its policies.
Experience in using Realtime webtask logs to check the logs for troubleshooting.

ISAM:
Handson experience on IBM Security Access Manager or IBM Security Verify Access endtoend implementation involving requirement gathering designing implementation customization and testing.
Completed at least 23 implementations on ISAM products
Understanding and experience in different technology of ISAM/ISVA CIAM EIAM.
Implementation experience in Web Module Federation Module and Advance Access control module of IBAM/ISVA LDAP/AD Application Integrations for SSO and multifactor authentication
Working experience in application integration with headerbased SAML2.0 OIDC OAuth2.0 WSFed protocols
Onboarding and offboarding applications on ISAM/ISVA appliance
Experience in social login and 3rd party identity provider integration with ISAM/ISVA.
Implementing Federated Single SignOn using various open standards particularly Security Assertion Markup Language (SAML) and OpenID.
OAuth protocol.
Onetime password Riskbased access and other MultiFactor Authentication features of ISAM.
Java development such as development of custom security token service (STS) modules for custom Extended Authentication Interface (EAI) for ISAM etc.
Representational State Transfer (REST)interfaces. JavaScript and XSL (Extensible Stylesheet Language) Hands on experience with Automation using IBM Ansible roles skills are a plus.

Good to have:

Good understanding of IGA and PAM concepts and technologies like SailPoint Saviynt CyberArk etc covering broader IAM domain.
Very good understanding of information security concepts with indepth knowledge of IAM solutions and latest trends.
Knowledge and understanding of customer Identity and Access Management (CIAM) solution along with Finegrained authorization Password less authentication Orchestration Decentralized identities etc
Understanding of latest technology such as Zero trust framework
Handson knowledge of any programming language Java or Python with good understanding of PowerShell.
Should be familiar with application servers such as Tomcat and IIS.
Should have had direct client experience including working with client teams in an onsite or offshore mode.
Involvement in a presales activity and helped in responding to RFPs.

To qualify for the role you must have

B. Tech./ B.E. with sound technical skills
Strong command on verbal and written English language.
Experience in HTML CSS and JavaScript.
Experience in Core Java Python and JavaScript/Groovy Script.
Strong communication presentation and interpersonal skills.
46 years of relevant Work Experience on above technologies

Certification:
Desirable to have certifications in security domain such as CISSP and CISA or any IAM product specific certifications
Desirable to have product professional certifications like Ping certifications Level 1 to 4 ForgeRock AM (AM100 AM400 AM410 or AM421) ForgeRock IDM and ForgeRock Identity cloud certifications Okta certifications etc

What working at EY offers

At EY were dedicated to helping our clients from start ups to Fortune 500 companies and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus we offer:

Support coaching and feedback from some of the most engaging colleagues around
Opportunities to develop new skills and progress your career
The freedom and flexibility to handle your role in a way thats right for you

EY Building a better working world

EY exists to build a better working world helping to create longterm value for clients people and society and build trust in the capital markets.

Enabled by data and technology diverse EY teams in over 150 countries provide trust through assurance and help clients grow transform and operate.

Working across assurance consulting law strategy tax and transactions EY teams ask better questions to find new answers for the complex issues facing our world today.