Federal Reserve Bank Technical Engineer - Identity & Access Management in Boston, Massachusetts

Job Summary:

The incumbent will be working in a mission critical security team at the Federal Reserve System (FRS). The Directory Services team is part of the Identity and Access Management (IAM) national IT organization supporting all Federal Reserve Banks, and provides secure, enterprise IAM services to the Federal Reserve. This position is responsible for developing and orchestrating highly secure authentication, authorization and identity management solutions that meet the business needs and support the mission of the Federal Reserve System. The IAM Technical Engineer is a forward-thinking technical expert who will lead transformational initiatives in a collaborative, dynamic, cross-functional team environment of security professionals to advance the modernization of IAM capabilities for the Federal Reserve.

Principal Accountabilities:

• Manage and drive the successful technical delivery of IAM projects and services by partnering with key business stakeholders, executives and technical project teams. This entails solutions architecture, process development, design and/or execution of directory services and IAM solutions, with a focus on technologies such as Active Directory and LDAP products, identity correlation and synchronization services, data access governance, single-sign on/Federation technologies and cloud identity services.

• Provide technical direction on major projects, initiatives or workgroups, with responsibility for developing and documenting detailed designs, requirements gathering, security hardening, risk management, testing, and/or process and policy development.

• Provide subject-matter expertise across the IAM service stack as it relates to both cloud and on-premises enterprise technology, and the relationship between the architectures.

• Conduct product evaluations and research to recommend service capabilities that meet business needs.

• Lead and contribute to architectural development as directory services/IAM subject matter expert; assist in developing standards, governance, and best practices for scalable IAM services.

• Deliver technical security configuration architecture and analysis expertise and drive the adoption of security industry best practices into FRS IAM services and solutions.

• Provide high level consultation to FRS business lines and technical peers in order to evaluate and recommend secure, robust solutions and process improvements in areas related to Identity and Access Management.

• Recognize new developments in information security and IAM technology or industry trends to anticipate and influence service modifications.

• Contribute to business strategy and roadmap planning and assist leadership in driving roadmap initiatives.

• Mentor and train others to grow expertise within the department to support new architecture, design or other changes to directory IAM services. This includes close partnership with operational teams to provide effective knowledge transfer and guidance.

• Provide complex problem solving expertise to projects or operational matters, as needed

• Occasional after hours and weekend work will be required in order to support tasks and maintenance that cannot be done during business hours.

Other Accountabilities:

• Perform other duties as assigned.


This position is not required to directly supervise others.

Minimum Qualifications:

• Knowledge and experience normally acquired through, or equivalent to, the completion of a Master's degree and a minimum of 8-10 years of job-related IAM experience.

• Demonstrated understanding of modern Identity and Access Management concepts and best practices required.

• Proven track record of successful IAM designs and implementations.

• Individual must be proficient in multiple directory services and IAM technologies such as IAM cloud services/IDaaS, Active Directory, LDAP, Meta-directory and Virtual Directory technologies, SSO/Federation/Security Token Services, Data Access Governance, PKI.

• Experience with Linux or Windows operating systems, networking (i.e. load balancing, DNS, firewalls, etc.) and relational databases (e.g. SQL, Oracle).

• Proficient in one or more scripting languages such as Perl, Java, JavaScript, XML, PowerShell, MS .NET Framework, Python.

• Working knowledge of authentication industry standards and protocols (SAML, OAuth, LDAP, Kerberos, Open ID Connect, etc.).

• Knowledge or experience integrating with, or migrating to IAM cloud-based services.

• Knowledge or experience with REST APIs and other web APIs.

• Strong understanding of cloud computing architecture, technical design and implementations, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) delivery models.

• Experience planning and implementing hardened security controls, standards and/or processes to mitigate risk to IAM systems

• Advanced critical thinking skills with a demonstrated ability to work across a broad range of technologies to deliver complex solutions.

• Must possess the ability to work as a team member with globally distributed and cross-functional teams.

• Proven ability to communicate clearly and drive consensus at all levels of the organization, vertically and horizontally across technical, security and business communities.

• Self-directed and self-motivated leader who can manage multiple assignments and priorities.

Preferred Qualifications:

• Experience architecting IAM solutions with major cloud providers such as Azure or AWS

• Working knowledge of Identity Management and Access Control suite products from leading vendors such as Microsoft, IBM, Oracle, Sailpoint, etc.

• Knowledge or experience in API security and API integration with IAM systems

• Knowledge and/or experience with access rights management and information protection technologies

• Knowledge or experience with compliance and risk management standards and frameworks (e.g. NIST, FEDRamp etc.)

• Cloud, Security and Information Technology Certifications (e.g.: MCSE/MCSA, CISSP/CCSP, AWS, Security )

Additional Information:

Occasional travel including overnight stays.

/The Federal Reserve Bank of Boston is committed to a diverse and inclusive workplace and to provide equal employment opportunities to all persons without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, or military service./

/All employees assigned to this position will be subject to FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years. All employees who are assigned to this position will be subject to credit, FBI fingerprint/ criminal background and Patriot Act/ Office of Foreign Assets Control (OFAC) watch list checks at least once every five years. Successful internal posting candidates will also be subject to credit re-screening before transferring. The above statements are intended to describe the general nature and level of work required of this position. They are not intended to be an exhaustive list of all duties, responsibilities or skills associated with this position or the personnel so classified. While this job description is intended to be an accurate reflection of this position, management reserves the right to revise this or any job description at its discretion at any time./

Organization: *Federal Reserve Bank of Boston

Title: Technical Engineer - Identity & Access Management

Location: MA-Boston

Requisition ID: 257134