Senior Security Engineer, Identity

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home.

As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways.

Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission.

It's a colorful world - make your mark by joining the BIC team today.

As Senior Security Engineer, Identity, you will:

• Collaborate and partner with global teams, cross-functional teams and third parties to configure, test and deploy the IGA and PAM solutions, along with developing lifecycle events, connect HR systems and applications, identify and vault privileged accounts, and other engineering duties as assigned. 

• Assist implementor team with the build, test and deployment of SailPoint ISC to support hire to retire lifecycle events for provisioning/deprovisioning, birthright access, RBAC and access recertifications for connected systems, configure and maintain rules, workflows, certifications, roles, and provisioning policies. 

• Assist team with build, test and deployment of CyberArk, including design, configuration and enforcement of PAM policies and best practices to secure privileged credentials through vaulting, password rotation and session recording. 
• Work with application teams and stakeholders to integrate business critical systems with SailPoint, assisting data normalization and cleanup, document requirements and design flows for lifecycle events.
• Conduct inventory assessments and environment scans to identify Privileged accounts, engage with account owners to vault accounts, maintain compliance standards for rotating account passwords, troubleshoot connection issues and design solutions to expand PAM program through maturity.
• Support the day-to-day operations of SailPoint and CyberArk, including but not limited to:  monitoring system performance, troubleshooting issues, supporting patches and upgrades, building custom reports and dashboards, work with stakeholders to troubleshoot, refine and improve existing lifecycle events or gather requirements for new lifecycle events to support business outcomes, expand PAM account inventory.
• Continue to execute on the Identity roadmap to mature both programs, engaging with business customers to solicit feedback and architect solutions to promote process efficiency while closing risks associated with inappropriate or inconsistent access.

Typical Challenges:

IAM – Initial connectors to applications and associated data cleanup, troubleshooting and working with application SMEs to resolve failed tasks for provisioning or deprovisioning, care and cleaning of system to ensure aggregations are working as designed and lifecycle events are processing.

Gathering requirements for new systems to be connected and incorporating them with existing lifecycle events.  Change management to ensure application and requestors understand the role the IGA system plays in the hire-to-retire process as well as collaborating with HR to support their Success Factors roadmap.Working with Service Now team to design and update forms as needed to support request/approval/fulfillment processes. 

PAM – Initial application implementation and associated data cleanup; defining and identifying accounts and users, getting their accounts under CyberArk’s control with rotation and checkout processes.

Most Complex Problems:  

In the areas of IAM and PAM, initial complexities will be in the area of data cleanup and normalization to connect with systems on prem, cloud-based, legacy and end of life. 

Ongoing complexities will be supporting the continued performance tuning with SailPoint and CyberArk for the various applications as the technology footprint changes or new requirements are introduced to solve business problems.  

Additional complexities will come with maturing the programs with increased birthright access, lifecycle event automation and expansion for role-based access, as well as onboarding privileged accounts from additional platforms beyond AD. 

Qualifications: 

• Minimum 4 years of direct experience with SailPoint (preferably ISC), including LCE configurations as well as working with various application definition types, user access review campaign configuration, RBAC and birthright provisioning flows. Extensive knowledge of Identity best practices, familiarity with HCM systems (Success Factors/Workday) and Service Now. 

• 2+ years of experience with PAM solutions (preferably CyberArk), strong understanding of privileged account lifecycle and least-privilege enforcement.
• Experience with Powershell scripting.

BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need.

BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.