Directory & Privileged Access Engineer at Sanlam Group

What will you do?

• The IAM Engineer will provide subject matter expertise and execution of the Organization's Directory & Privileged Access and Identity Management landscape, including SSO and MFA. Functions will include delivering and operating solutions towards authentication and access management as a service for both cloud and on-premises solutions.

What will make you successful in this role?

• Responsible for the implementation, configuration, administration, maintenance and operation of Directory and Privileged Access in accordance with the business's reliability and capacity requirements.
• Collaborate with stakeholders, including business leaders, project managers, developers and architects to understand requirements and constraints.
• Act as subject matter expert on Directory and Privileged Access -related matters such as user role-based access control (RBAC), privilege escalation, Privileged Access Management (PAM), LDAP etc.
• Active engagement with technology partners to deliver an integrated solution across platforms.
• Collaborate with Security Architecture as is applicable.
• Collaborate with IAM (Identity and Access Management) and Role Based Access platforms and services teams.
• Design and implement procedures and best practices in Directory and Privileged Access as applicable for cloud and on-premises solutions.
• Stay up to date with the latest industry trends, technology, emerging threats, and best practices in Directory
• Services, Privileged Access, Cloud Identity, RBAC and security.
• Ensure appropriate standards, patterns, best practices and operational maturity models are in place and monitored. 
• Provide guidance to internal and external stakeholders.
• Research and implement new technologies in the Directory and  Privileged Access technology space.
• Responsible for day-to-day operations and onboarding of accounts in the Directory and Privileged Access space.
• Receive and process requests for account provisioning, modification and deprovisioning.
• Participate in Directory and Logical Access Platforms and Services Product Development Lifecycle.    

Qualification

• Matric
• A relevant IT qualification
• Cloud certification or technologies prefarable.
• AWS Certified Solutions Architect or Microsoft Azure Solutions Architect Expert preferable.

Experience

• Minimum 4 years of experience in technology roles.
• Proven experience in designing and implementing Directory & Privileged Access solutions for large enterprises.
• Proven experience delivering and managing Active Directory, Azure AD/Microsoft Entra ID, Azure AD Domain Service/Microsoft Entra Domain Services, Azure AD Connect/Microsoft Entra Connect Sync, AWS Managed Microsoft AD and similar technologies.
• Real-world experience in IAM technologies or Directory & Privileged Access
• Working experience with Windows, scripting (e.g. Powershell), and Linux Scripting.
• Experience working in a hybrid- and multi-cloud environment (AWS preferred) and cloud technologies (AWS & Azure technologies preferred).
• Hands on experience of deploying and supporting IAM Federation capabilities like SSO, SAML, OAuth, OpendID and SCIM.
• Experience in cloud security concepts.
• Experience working in an Agile environment.
• Proven experience delivering long-term, repeatable IaC solutions into an overall CI/CD process and Terraform.
• Scripting skills in at least one interpreted language (Bash/PowerShell/Python)
• Expertise with PAM solutions (BeyondTrust preferred; StrongDM, Hashicorp Boundary in addition would be ideal)
• Working in a DevOps environment (including proven CI/CD experience with technologies such as GitLab or Github, Nexus and others).
• Understanding of Security Architecture concepts including encryption, authentication, database security, Identity
• Providers, Enterprise single sign-on (SSO), Federated SSO, multi-factor authentication, API security.
• Understanding of Cloud technologies and best practices, Networking in Public and Hybrid Cloud environments, Network protocols, network architecture and security.