Previous Job
IAM Security Engineer Consultant - 28873
Ref No.: 18-07383
Location: Toronto, Ontario
Job Title: IAM Security Engineer Consultant
Duration: 6 Months
Extension possible: Yes
Location: Downtown, Toronto


Position: IAM Security Engineer Consultant – Active Directory, Public Cloud (Azure/AWS)

Department Overview:
Security Services, a part of ITS Engineering, has an enterprise wide focus on managing security technologies, enhancing security awareness and practices, acting as subject matter experts for specific security, Access Management, Endpoint Protection and cryptographic technologies, and for ensuring secure environments and services are designed, executed, and maintained to further enhance and protect the TD brand.
The Security Services Access Management team is responsible for end-to-end technology engineering functions; from new technology introduction through first-time build and maintenance for tools and platforms pertaining to Directories, Identity Management, Authentication/Authorization, Privileged ID management and Access Rights Delegation.

Specifically, the role will encompass the following areas of focus:
(1) Public Cloud (Azure/AWS) initiative
• Working with cloud project team and stakeholders to identify overall IAM requirements
• Work with individual technical teams to develop their understanding of IAM in the context of their platforms (Secrets management, encryption, etc)
• Assist in defining IAM roles and permissions based on industry best practices and Bank's Requirements
• Work with Privileged Identity Management to define IAM requirements and solutions for Privileged IDs, Platform-specific IDs, and non-people IDs
• Implement and document Public cloud IAM designs into non-production environments
• Work with operations team to stage and deploy Public Cloud IAM designs into production
• Evaluate and document recommendations around existing IAM Cloud platforms/components (ADFS/AADC/PingFed, etc)

(2)AD Domain Consolidation initiative
• Work with infrastructure and Line-of-business application teams to determine migration path and remediation steps
• Build out and document migration infrastructure components (ADMT, RadiantLogic VDS), as well as required infrastructure changes in non-production environments
• Support stakeholders/LOB Application in testing activities; consult on validity/completeness of the test plans
• Work with operations team to stage and deploy migration infrastructure components and infrastructure changes into PROD
• Identify and document users and communities of users that can be migrated, and at what point in time
• Provide consultation to Workspace team

(3)AD Domain uplift project
• Enhancing existing AD DC base image with heightened security monitoring, intrusion detection and server hardening
• Evaluate GPO structure and settings; document recommendations for enhanced security
• Document AD DC Base image build, and automate where possible
• Assist Operations team with staged PROD deployment of domain controllers (via RDP/iDRAC)

(4) "Workspace of the Future” project (Migration to Windows 10/Office 365)
• Provide consultation/direction on IAM, PIDM and Multi-Factor authentication direction, platform and best practices
• Design and implement changes to Azure Services owned by Security Engineering (CA Policies, ADFS, AADC, MFA, App Registrations) as required
• Guide Workspace Platform Engineers (Citrix, Sharepoint, Exchange, Win10, SCCM, etc) on IAM best practices
• Work with Security Engineering leads and with Information Security team to ensure that Workspace team is aware of Security platform/standards direction, and abides by them

The successful candidate must have demonstrated ability to engineer, design, document and maintain security technology solutions pertaining to IAM platforms, and in working closely with other teams, business partners, Technology Risk Management, CISO and other relevant Infrastructure teams.

Job Responsibilities:
• Review & Validation of innovation requests pertaining to security technology systems
• Industry research on emerging trends and technologies around Identity/Access management, Privileged ID Management, Directory systems, etc.
• Documentation of organizational capability requirements and use cases for IAM platforms/technologies
• Evaluating technologies against capability requirements and use cases and creating proposals for adoption for technologies/practices that satisfy capability gaps
• First-time builds of new/updated IAM technologies
• Consulting with SE Strategy/Architecture team to assist with shaping technology strategy in the IAM space.
• Proactive engagement to promote technology ideas that can add value or reduce costs to each of Bank's core businesses
• Working with Operations teams to test and deploy updates/patches to IAM platforms in non-PROD

• Working experience engineering, designing and implementing IAM security platforms – 10+ years
• Experience with engineering Active Directory, AD Federation Services, Federated Identity Manager, etc. – 10+ years
• Expert knowledge of the capabilities, requirements and interactions of various security technologies/disciplines, particularly around Identity and Access Management – 10+ years
• Experience in developing high-level adoption proposals for introduction of new technologies and/or practices – 5+ years
• Proof-of-Concept initiatives – objectives, comparative performance against other similar technologies – 5+ years
• AZURE/AWS Cloud engineering experience – 3+ years
• Experience with engineering existing IAM Cloud platforms/components (ADFS/AADC/PingFed, etc) – 5+ years

• Object Oriented Programming/Scripting experience
• Microsoft Certification with AD or Azure
• Previous Banking Experience
• Banking/Financial Industry experience