Identity and Access Management Engineer

Company Description

At Brightspeed, we are reimagining how people live, work, play and connect by providing fast, reliable internet connections and an awesome customer experience in twenty states throughout the Midwest and South.

Backed by funds managed by Apollo Global Management, our vision is to accelerate the upgrade of copper to fiber optic technologies, bringing faster and more reliable internet service to many rural markets traditionally underserved by broadband providers, while delivering best-in-class customer experience.  

Be a part of the team that will make this vision a reality….designing and building a world class fiber network and creating a customer experience second to none.

Check us out on the web!  

Job Description

The Identity and Access Management (IAM) Engineer is a critical role responsible for developing, maintaining, and driving the adoption of policies and standards related to IAM/IGA. In this position, the candidate will design IAM solutions and work with IT to implement the solutions. The individual will be directly responsible for the Brightspeed IAM architecture for managing all identities across the enterprise, customers, and devices. This includes being responsible for the entire identity lifecycle from birth to separation. 

The engineer is directly responsible for architecting and working with IT on the implementation of identity protection systems. Working with the incident response team, the engineer will also assist with mitigating identity-based threats and remediation and investigating compromised identities. 

The IAM Team is ultimately responsible for all identity and access management systems with the support of IT. This includes authentication and authorization systems, identity protection, and identity management systems.  

Brightspeed is a critical infrastructure company, so this role is a vital function within the organization. Not only does this team ensure the security of the Brightspeed assets, but it is also pivotal in ensuring Brightspeed’s compliance with policy, standards, and regulations. In this role, the engineer will be directly responsible for implementing strategies to protect systems through a strong access management program.  

The role requires a strong background and understanding of all cyber security domains and works in the Protect area of the NIST CSF Framework. The engineer should make vital cyber security decisions using a business risk analysis approach. Brightspeed is a cloud-first (Azure, GCP, and SaaS) company with a significant data center presence. This hybrid model requires an individual that can consider security across a diverse portfolio of assets and networks.   

We are looking for an individual with a passion for cyber security to work alongside a talented team to build an entire IAM program from the ground up. This unique and challenging opportunity allows an excellent leader to create a world-class identity and access management team, tools, and processes. The leader chosen for this position should adapt quickly and manage constant change effectively.  

All Enterprise Cyber Security organization team members also perform any other duties assigned. In addition, all team members are responsible for performing threat hunting both within and outside of their respective areas of responsibility.  

As Identity and Access Management (IAM) Engineer, your duties and responsibilities will include: 

• Architect IAM/IGA technologies and strategies in the Cloud, Endpoints, Networks, and IT infrastructure 
• Develop, document, and drive adoption of IAM policies, procedures, processes, standards, and guidelines 
• IGA (Identity Governance and Administration) 
• Manage Access reviews 
• Identity audit initiatives 
• Design and drive RBAC initiatives 
• Work with IT and Network teams on application migration to Azure AD and SSO 
• Work with IT on the implementation of IAM (Identity and Access Management) solutions 
• Responsible for all Identity and Access Management functions across IT and Network 
• Identity governance and compliance 
• Managed Network Authentication/Authorization systems 
• Elevated Privilege Management 
• Identity protection systems 
• Mitigation of identity-based threats 
• Assisting in the remediation and investigation of compromised identities 
• Defines, promote, and advises on IAM solutions and best practices 
• Implementation of SOX identity controls 
• Implementation of Least Privilege controls 
• Access Request Workflow Development and Implementation 
• Implementation of Azure Conditional Access 
• Implementation of Zero Trust 
• MFA adoption 
• Implementation of TACACS/ISE and RADIUS 
• Drive application movement to modern authentication through use of SSO/SAML  
• Participates in organizational projects, as required 

Qualifications

WHAT IT TAKES TO CATCH OUR EYE:

• Bachelor’s degree in Computer Science, Engineering, Cyber Security, or a directly related field 
• Education requirements may be replaced with previous related work experience and cyber security certifications (CISSP, CISM, Security , CEH, Azure Security Engineer, etc.) 
• 5 years working in the Cyber Security field 
• 3 years of working experience in IAM 
• Experience in multiple domains of cyber security 
• Experience in network protection approaches and technologies 
• Identity governance experience is required. 
• Experience with security in GCP and Azure is a plus 
• Must have a technical cyber security background 
• Experience in multiple types of operating systems (Windows, Unix, Linux) is required 
• Working knowledge of Zero Trust architectures is a plus 
• Working knowledge of standard computer software, including MS Office and Teams 
• Ability to work in a fast-paced environment with competing for time-sensitive priorities 
• Strong attention to detail to ensure that policies and standard procedures are followed 
• Excellent verbal and written communication skills 
• Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry-recognized best practice/standards (e.g., NIST, ISO, PCI, SOC) 
• Hands-on technical experience Active Directory 
• Extensive experience managing Azure AD is required 
• Hands-on technical experience with MFA and SSO is required 
• Experience with Defender for Identities and Crowdstrike Identity Protection 
• Managing identity and authentication systems is a plus 
• Experience with elevated privilege management is required 
• Experience with BeyondTrust solutions is required 
• Experience with Privileged Access Management (PAM) 
• Experience with JIT (Just-In-Time) Access 
• Experience with Cloud Identities standards and best practices in GCP and Azure is required 
• Strong hands-on experience with industry-standard SSO technologies and protocols (SAML, OAuth2.0, OpenID Connect, WS-Fed, FIDO, SCIM, LDAP, Kerberos, NTLM)  
• Experience and knowledge of identity stores/directories (AD, LDAP, RADIUS, AD LDS, etc.) 
• Experience with Microsoft Azure Identity Governance is required 
• Experience with Microsoft Azure Entitlement Management is required 
• Ability to enable application movement to modern authentication in the multi-cloud environment through use of SSO and Federation 
• Experience with Azure AD Conditional Access  
• Work experience on Azure Active Directory Federation Services and related authentication/authorization technologies 
• Familiarity with IT security and risk management practices 
• Experience with TACACS/ISE and RADIUS a plus 

BONUS POINTS FOR: 

• Cyber Security Certification (CISSP, CISM, Security , CEH)  

#LI-SS1

Additional Information

WHY JOIN US?

We aspire to contemporary ways of working.

We are committed to being a leader in defining a new way to work because we recognize the changing mindset of today's workforce. We are opening a new, state-of-the-art corporate HQ in Charlotte, NC and our current priority is to make it a truly vibrant destination by hiring talent in the greater Charlotte area who are interested in a hybrid remote/office work arrangement. As always, however, we are also open to providing sensible remote options to talent outside of the Charlotte area. Why? Because our purpose is to reimagine how people work, learn, play and connect!

We offer competitive compensation and comprehensive benefits.

Our benefits and paid time off programs reflect our underlying belief in promoting overall wellness through physical, emotional and financial health. We are committed to building a team as diverse as the customers we serve.

Diversity, equity and inclusion are at the center of our grounding belief in Being Real. 

When we bring our authentic selves to work, everyone is better as a result. A diverse team helps us be fierce advocates for more accessible, inclusive and high-quality internet, because we believe doing so promotes equity in the communities we serve.

Brightspeed is an Equal Opportunity Employer