HexaQuEST Global, Inc.
Authentication Engineer
HexaQuEST Global, Inc., Miami, Florida, us, 33222
Authentication engineer will join the IAM Authentication team to engineer solutions with a strong focus on Azure AD and modern authentication protocols to build secure authentication across the enterprise.
Job ResponsibilitiesArchitect and engineer identity and access management solutions leveraging Azure AD and modern Authentication protocols and frameworks (OAuth 2.0, OIDC and SAML) to move the strategic roadmap forwardResponsible for configuration, management, and support of all Azure AD functions with emphasis on security, reliability and operational excellenceConfigure, integrate and secure applications in Azure AD with Application registrations and fine tuning Conditional Access policesConfigure and manage Azure AD Connect for AD > AAD Sync with regular upgrades to the Azure AD Connect softwareProvide escalation support for Azure AD related L2 issues, efficiently troubleshoot/prioritize Azure AD issues and maintain the culture of root cause analysis for incident managementContribute to Azure AD documentation and workflowsAutomate and develop Azure AD capabilities with Microsoft Graph APIDefine security guidelines/standards for modern authentication and authorization security frameworksPartner with teams to assist in defining the modern authentication strategy and roadmapSupport multi-factor authentication and manage factor enrollment flows to secure modern application architecturesResearch, design, and advocate new AuthN technologies, standards, or methodologies that will strengthen our security posture, reduce our risk exposure and improve our overall user experienceReview and update authentication and authorization polices, standards and procedures to raise the maturity of the Authentication programActively participate in development and program efforts related to Identity & Access Management through hands-on collaboration and engagement
Required Azure AD and Directory Services expertise
In-depth knowledge of Azure Hybrid Identity, authentication methods (federation, passthrough auth, password hash sync)In-depth knowledge of Azure Application management, Azure AD Authentication and Authorization basics, App types, Authentication flowsUnderstanding of Azure AD device identity, device trust with Hybrid Azure AD join and how Primary Refresh Tokens workUnderstanding of Identity governance and Identity protection - identity and access lifecycle, configuring risk policiesUnderstanding of Azure Role Based access patterns - management groups, subscriptions, resource groupsUnderstanding of Azure Reporting and monitoring - analyzing Audit, Sign-in, Azure Monitor logsFundamental understanding of Active Directory Domain Services (ADDS), Windows Server 2016/2019 Domain Controllers and related services (DNS, DHCP, Group Policy)Fundamental understanding of legacy (Kerberos, LDAPs) and modern Authentication protocols and frameworks (SAML, OAuth 2.0, OIDC)
Required Modern Authentication expertise:
Strong understanding of SAML, OAuth/OIDC and other authentication methods Strong understanding and practical experience with one or more cloud multifactor technologiesIn-depth knowledge of JWT, understanding scope definitions and claims, differences between identity and access token
Nice to have:
Experience in deploying infrastructure-as-code using Terraform, DevOps & CI/CD best practicesIntermediate knowledge of AWS Managed Microsoft ADKnowledge of Okta Identity Engine, Passwordless solutions like Okta FastPass
Job ResponsibilitiesArchitect and engineer identity and access management solutions leveraging Azure AD and modern Authentication protocols and frameworks (OAuth 2.0, OIDC and SAML) to move the strategic roadmap forwardResponsible for configuration, management, and support of all Azure AD functions with emphasis on security, reliability and operational excellenceConfigure, integrate and secure applications in Azure AD with Application registrations and fine tuning Conditional Access policesConfigure and manage Azure AD Connect for AD > AAD Sync with regular upgrades to the Azure AD Connect softwareProvide escalation support for Azure AD related L2 issues, efficiently troubleshoot/prioritize Azure AD issues and maintain the culture of root cause analysis for incident managementContribute to Azure AD documentation and workflowsAutomate and develop Azure AD capabilities with Microsoft Graph APIDefine security guidelines/standards for modern authentication and authorization security frameworksPartner with teams to assist in defining the modern authentication strategy and roadmapSupport multi-factor authentication and manage factor enrollment flows to secure modern application architecturesResearch, design, and advocate new AuthN technologies, standards, or methodologies that will strengthen our security posture, reduce our risk exposure and improve our overall user experienceReview and update authentication and authorization polices, standards and procedures to raise the maturity of the Authentication programActively participate in development and program efforts related to Identity & Access Management through hands-on collaboration and engagement
Required Azure AD and Directory Services expertise
In-depth knowledge of Azure Hybrid Identity, authentication methods (federation, passthrough auth, password hash sync)In-depth knowledge of Azure Application management, Azure AD Authentication and Authorization basics, App types, Authentication flowsUnderstanding of Azure AD device identity, device trust with Hybrid Azure AD join and how Primary Refresh Tokens workUnderstanding of Identity governance and Identity protection - identity and access lifecycle, configuring risk policiesUnderstanding of Azure Role Based access patterns - management groups, subscriptions, resource groupsUnderstanding of Azure Reporting and monitoring - analyzing Audit, Sign-in, Azure Monitor logsFundamental understanding of Active Directory Domain Services (ADDS), Windows Server 2016/2019 Domain Controllers and related services (DNS, DHCP, Group Policy)Fundamental understanding of legacy (Kerberos, LDAPs) and modern Authentication protocols and frameworks (SAML, OAuth 2.0, OIDC)
Required Modern Authentication expertise:
Strong understanding of SAML, OAuth/OIDC and other authentication methods Strong understanding and practical experience with one or more cloud multifactor technologiesIn-depth knowledge of JWT, understanding scope definitions and claims, differences between identity and access token
Nice to have:
Experience in deploying infrastructure-as-code using Terraform, DevOps & CI/CD best practicesIntermediate knowledge of AWS Managed Microsoft ADKnowledge of Okta Identity Engine, Passwordless solutions like Okta FastPass