Engineer III, Cloud Platform - IAM

Opportunity.OpportunityDetail.JobDetails

Opportunity.OpportunityDetail.Description

Position Title: Engineer III, Cloud Platform - IAM (P3) 

Company Summary

For more than three decades, Crown Castle has led the way in shared communications infrastructure, delivering profitable solutions by connecting communities, businesses, and people, and enabling each to thrive with reliable access to voice and data in more places, faster than ever before. When you join Crown Castle, you become part of a dynamic and diverse team of passionate and collaborative professionals engaging in complex challenges and contributing to projects that shape the future of life and work. 

Role:  

The Engineer III, IAM Cloud will be hands-on in engineering and automating the Identity and Access management system, building and automating primarily in Python. You will set-up governance controls, SSO, MFA and Entra IAM. You will advise and implement process improvement as well as introduce and enforce standardization, modernization, and automation. You will build and maintain our IAM tool set, and services that users can leverage. 

Responsibilities  

• Develop, implement, and maintain identity and access management (IAM) solutions and systems.  
• Evangelize, research, and build proof of concepts to introduce new features and capabilities in the IAM and PAM. space. 
• Collaborate with cross-functional teams like security and IT to develop the processes and tools to deploy, scale, monitor and manage the IAM systems on prem and cloud. 
• Troubleshoot, identify, and resolve technical identity and access management related issues. 
• Improve identity and access management solutions and systems for protection against evolving threats and introduce efficiency. 
• Be a peer mentor to other members of the organization on the best practices that should be followed for IAM. 
• Research current IAM threats and suggest solutions. 
• Enable operations teams and the development teams through the development and application of reliability and resiliency patterns and best practices. 
• Collaborate with software teams to identify sources of instability and drive operational excellence. 
• Participate in system design consulting, platform management, and capacity planning. 
• Partner with stakeholders from technology teams and business stakeholders to ensure that current and planned solutions are equipped to meet the growth and transformation needs of our organization. 

Expectations  

• Self-motivated individual who can handle ambiguous/undefined problems and think abstractly to deliver results. 
• Demonstrate a strong sense of ownership, urgency, and drive as well as the ability to work well with diverse teams. 
• Ability to effectively articulate and document technical challenges and solutions to business users and other technical teams. 
• Seeks to develop compelling insights and logical arguments to persuade others. 
• Demonstrate curiosity and flexibility to diverse styles and perspectives that would drive business outcomes. 
• Mentor team members and conduct periodic learning sessions. 

Education/Certifications    

• Bachelor’s degree or higher or equivalent in Computer Science, Engineering, Information Systems, or related discipline 
• AWS Certified Security Specialty preferred  

Experience/Minimum Requirements    

• 5+ years' experience designing and implementing IAM solutions including IGA solutions (Saviyent, Sailpoint, etc) within a cloud environment  
• 3+ years' experience implementing Privileged Access products 
• 3+ years' experience implementing Single sign on products (Okta, OneLogin, etc) 
• Identity and access management best practices, procedures, and software solutions such as Microsoft Entra, CyberArk, Saviynt, Okta, Ping Identity, etc. 
• Comprehensive knowledge of IAM, SSO, PAM functions, implementation principles, and role within a zero-trust security architecture 
• Understanding of Identity Governance and Administration (IGA) and its intersection with PAM 
• Experience writing python and PowerShell scripts / building automated around the existing process. 
• Comprehensive knowledge and experience with authentication standards and technologies such as multi factor authentication, JSON Web Token (JWT), etc. 
• Knowledge of identity and access management best practices, procedures, and software solutions such as Microsoft Entra, CyberArk, Saviynt, Okta, Ping Identity, etc. 
• Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, etc. 
• Experience with Windows, Lunix / Unix, scripting (Bash or Powershell), LDAP, SQL, and web services.
• ServiceNow experience a plus. 
• Write and maintain software code from front-end interfaces to back-end logic for applications, systems, or tools that access or retain all or some data related to customers, financial information, or personally identifiable information (PII). Subject to local and state eligibility, a pre-employment background check will be conducted for criminal convictions, including misdemeanors and felonies related to fraud or violence. A credit check may also be conducted.  

Working Conditions: This is a remote role with the expectation of on-site/in-person collaboration with teammates and stakeholders and may require up to 10% travel.  

Additional Information: The salary range offered for this position is $113,900 - $156,600 per year. A candidate’s offer is determined by various factors including but not limited to, depth of experience, role-related knowledge and skills, relevant education or training, internal alignment, and work location.  Depending on the position offered, the compensation package may also include incentive compensation opportunities in the form of a discretionary annual cash bonus or commissions, and equity incentives. Employees (and their families) are eligible for medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan. Employees will also receive a minimum of 18 days of paid time off each year and 12 paid holidays throughout the calendar year.  

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. 

Pursuant to the Los Angeles County and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Opportunity.OpportunityDetail.Qualifications

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)