The CIAM Engineer is responsible for designing, implementing, and supporting customer identity and access management solutions using IBM Security Access Manager (ISAM). This role involves configuring secure authentication and authorization mechanisms, integrating SSO and federation standards, and collaborating with cross-functional teams to deliver secure, scalable identity services.
Roles and Responsibilities
- Configure and support ISAM components including Base, Advanced Access Control, and Federation modules.
- Implement SSO solutions using IBM Security Access Manager and integrate federated SSO using SAML 2.0 standards.
- Create and manage junctions and apply policy server configurations including ACL, POP, and group imports.
- Work with reverse proxy concepts, Authorization Server, Policy Server, and LDAP directories.
- Implement and support authentication mechanisms such as MFA, OAuth, OIDC, and other modern identity protocols.
- Ensure secure access and identity flows through proper configuration, testing, and documentation.
- Engage with stakeholders across development, security, and operations teams to support enhancements and production implementations.
- (Good to have) Utilize Ansible automation and DevOps tooling to streamline configurations and deployments.
Required Skills & Experience
- Strong hands-on experience with IBM Security Access Manager (ISAM) Base, Advanced Access Control, and Federation modules.
- Proficiency in SSO configuration, SAML 2.0, OAuth, and related identity standards.
- Experience with reverse proxy concepts, authorization server configuration, LDAP integration, policy management (ACL, POP).
- Knowledge of multi-factor authentication and modern authentication protocols (OAuth, OIDC).
- Ability to collaborate with multiple stakeholders and support production deployments.
- (Preferred) Familiarity with automation tools like Ansible and DevOps practices.