The Identity Engineer provides technical expertise and support for the company’s on-premises and cloud-based Identity and Access Management (IAM) solutions. Systems include Microsoft Active Directory, Azure Active Directory, SSO (Single Sign On), and Azure Multi-Factor Authentication (MFA), Identity Governance (SailPoint Identity Now), CyberArk PAM and Conjur key vault. The analyst will be a member of the Identity Management team that also manages DNS/DHCP, IP address management, Certificate Authority, Application Delivery controllers, Web Application Firewalls and various provisioning other automation and monitoring tools. This is a highly collaborative team that interfaces with all support teams across Enterprise. We are closely integrated with IT Security to implement security improvements and controls for the company.Key Accountabilities
- Support and manage day to day IAM systems, identity lifecycle, authentication support, system health checks.
- Develop and maintain identity security policies, scripts and tools.
- Collaborate, participate in incident response and investigations as needed to identify the root cause of security incidents and prevent their recurrence.
- Design, Deploy, and maintain identity controls across multiple cloud platforms.
- Configure Federated Services, Single Sign On (SSO), MFA, and cloud application registrations.
- SailPoint IdentityNow provisioning, Cloud Access Management integration and administration.
- Ensure compliance with information security policies, standards, and best practices.
- Implement authorization and access management solutions such as LDAP, Kerberos, SAML, OAuth, and Open ID Connect for various Business requirements.
- Develop Microsoft PowerShell scripts to perform reporting and automation functions.
Preferred Skills And Experience
- 3+ years of experience as Domain Administrator with AD and Azure (Entra ID)
- 3+ years of experience with Identity lifecycle processes (Movers, Leavers, Joiners)
- 3+years of experience PowerShell scripting
- Basic knowledge of Identity and Access Management.
- Being available to perform tasks outside normal business hours and on weekends as well as being on call
ConocoPhillips contract opportunities are for project-based or other short-term engagements that require specialized skills. Successful candidates for contract opportunities will not be considered employees of ConocoPhillips or any of its subsidiaries nor will candidates be eligible for employment benefits. Candidates looking for regular full-time employment opportunities should begin their search here: https://careers.conocophillips.com/
- Bachelor’s degree in computer science, MIS or other IT/IS related discipline
- Experience with SailPoint IdentityNow or other IGA tool.
- Experience with CyberArk PAM, PSM, Conjur
- Knowledge in federation, SAML, OpenID, OAuth and other industry standard authentication/ authorization solutions
- Professional certifications such as CISSP, CIAM, Security+ or similar industry certification
- Strong interpersonal and communication skills