Ernst & Young Advisory Services Sdn Bhd
GPS - IAM Engineer - Supervising Associate
Ernst & Young Advisory Services Sdn Bhd, Dallas, Texas, United States, 75215
At EY, we’re all in to shape your future with confidence.
We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.
From strategy to execution, the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans and citizens; delivering essential public services; and helping those in need.
The opportunity You’ll have responsibilities within the Identity and Access Management (IAM) team that supports various applications across the Government and Public Sector (GPS) business unit. You’ll support the end-to-end aspects of services including but not limited to service engineering, break/fix support, service roadmaps and standards, vendor management. You’ll also have responsibilities to ensure stability for application platforms and/or services under your responsibility, including resolution of incidents and problems, maintenance and support, application platform change control, and automation of processes and procedures. Working closely with other teams within EY, you’ll drive technology standards and consistency across IT Services.
Your key responsibilities
Maintaining ongoing knowledge and support of Azure infrastructure and aligned applications such as:
Azure Cloud hosted services, Bastion, Keyvault, Recovery Services Vault, Storage accounts
Azure Role Based Access Control (RBAC)
Power Automate, App Service Plan, Function Apps, Application Insights
Azure networking; Vnets, network security groups (NSG), private and public endpoints, Azure Private DNS
Microsoft Entra Domain Services (MEDS)
Access reviews, reporting and Audit compliance
Deploying MEDS on Azure VMs and install replica Domain Controllers or Forests in an Azure virtual network
Maintaining ongoing knowledge and support of servers and networks aligned to the Active Directory environments including but not limited to:
Single Sign-On (SSO) configuration and remediation
Native Microsoft tools including but not limited to ADSI, ADUC, DNS, Domains and Trusts
DISA STIG remediation with Group Policy Objects (GPO)
Public Key Infrastructure (PKI)
Creating and configuring Microsoft Entra Domain Services (IAAS & PAAS) for authenticating applications in Azure Cloud
Application Registrations; OAuth/OpenID, API Permissions, Client ID/Secrets, JWT Tokens/Claims, JSON, App Roles
API Gateways, Enterprise Databases, SSO and Access Management systems, identity federation protocols (SAML), OIDC, OAuth2 and LDAP/LDAPS
Enterprise Applications; SAML, SCIM Provisioning
Managing data stored in Entra ID via Graph and PowerShell
Multi Factor Authentication (MFA) such as Entra ID MFA integration into the authentication, authorization, and single-sign-on process for applications and systems
Account, Group, and entitlement management with SailPoint Identity Security Cloud (ISC) or IdentityIQ (IIQ)
Integrating SailPoint ISC or IIQ and other Identity Infrastructure with Entra ID
Design and configuration of Entra Conditional Access using Zero Trust principles
The role may also require the periodic allocation of additional time on the job to support multiple demands and escalating issues or to accommodate teams or staff in other time zones
Skills and attributes for success
Core understanding of Entra ID Tenant deployment and Active Directory management
Understanding of aligning Microsoft Entra / Azure services with security governance frameworks and guidelines such as CMMC, FedRAMP, and NIST SP 800.53, 800.63, and 800.171
Understanding of application registration and Key Management using the Entra ID Admin portal
Understanding of Entra ID Privileged Roles, Units and emergency accounts to enable policies at a granular level for access administration
Strong organizational skills, self-motivated and able to work to tight deadlines
Strong analytical and problem-solving skills
Effective teaming and knowledge sharing skills
Advanced skills in planning, designing and troubleshooting complex cloud environments
Solid understanding of cloud environment and security best practices
Good understanding of ITIL
Exceptional ability to document processes, procedures and security designs clearly and accurately for distribution to internal teams and customers
Understanding of other technologies required to run a secure enterprise level infrastructure
Demonstrated experience in dealing with external vendors and suppliers in the security industry
Cloud Infrastructure Security enthusiast
Self-motivated with an aptitude to learn quickly
Ability to deal with ambiguity
Have a global mind-set for working with different cultures and backgrounds
To qualify for the role you must have
Bachelor’s degree in Computer Science or a related discipline, or equivalent work experience
5-8+ years of cloud infrastructure experience
3 or more years of hands-on experience in designing and implementing Cloud services like Azure AD, Entra ID, Azure MFA, Entra Conditional Access, Azure B2B and Azure PIM
Demonstrated deep expertise in cloud infrastructure
Experience with writing custom, scripting tools (Python, PowerShell, etc.), interacting with APIs and shell scripting
Excellent interpersonal, communication and presentation skills
Strong English language skills are required – written and verbal
Good judgment, tact, and decision-making ability
Ability to work in a diverse, multi-cultural environment
Ability to obtain and maintain Top Secret security clearance
Ideally, you’ll also have
Azure certification for implementing Microsoft Azure Infrastructure Solutions
Involved in large scale IT deployments or cloud infrastructure
At least one technical certification in Azure platform
What we look for Individuals with strong business and technical acumen who demonstrate drive, vision, teaming and purpose and are passionate about helping our clients achieve their goals.
What we offer you At EY, we’ll develop you with future-focused skills and equip you with world-class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.
Compensation and benefits package based on performance and location (base salary range $91,100 to $170,400 in the US). Additional details available upon request.
Hybrid model: most people in client-serving roles work together in person 40-60% of the time.
Flexible vacation policy with paid holidays and additional leaves of absence as needed.
Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an on-going basis.
EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3 and follow the prompts to contact EY’s Talent Shared Services Team.
#J-18808-Ljbffr
We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.
From strategy to execution, the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans and citizens; delivering essential public services; and helping those in need.
The opportunity You’ll have responsibilities within the Identity and Access Management (IAM) team that supports various applications across the Government and Public Sector (GPS) business unit. You’ll support the end-to-end aspects of services including but not limited to service engineering, break/fix support, service roadmaps and standards, vendor management. You’ll also have responsibilities to ensure stability for application platforms and/or services under your responsibility, including resolution of incidents and problems, maintenance and support, application platform change control, and automation of processes and procedures. Working closely with other teams within EY, you’ll drive technology standards and consistency across IT Services.
Your key responsibilities
Maintaining ongoing knowledge and support of Azure infrastructure and aligned applications such as:
Azure Cloud hosted services, Bastion, Keyvault, Recovery Services Vault, Storage accounts
Azure Role Based Access Control (RBAC)
Power Automate, App Service Plan, Function Apps, Application Insights
Azure networking; Vnets, network security groups (NSG), private and public endpoints, Azure Private DNS
Microsoft Entra Domain Services (MEDS)
Access reviews, reporting and Audit compliance
Deploying MEDS on Azure VMs and install replica Domain Controllers or Forests in an Azure virtual network
Maintaining ongoing knowledge and support of servers and networks aligned to the Active Directory environments including but not limited to:
Single Sign-On (SSO) configuration and remediation
Native Microsoft tools including but not limited to ADSI, ADUC, DNS, Domains and Trusts
DISA STIG remediation with Group Policy Objects (GPO)
Public Key Infrastructure (PKI)
Creating and configuring Microsoft Entra Domain Services (IAAS & PAAS) for authenticating applications in Azure Cloud
Application Registrations; OAuth/OpenID, API Permissions, Client ID/Secrets, JWT Tokens/Claims, JSON, App Roles
API Gateways, Enterprise Databases, SSO and Access Management systems, identity federation protocols (SAML), OIDC, OAuth2 and LDAP/LDAPS
Enterprise Applications; SAML, SCIM Provisioning
Managing data stored in Entra ID via Graph and PowerShell
Multi Factor Authentication (MFA) such as Entra ID MFA integration into the authentication, authorization, and single-sign-on process for applications and systems
Account, Group, and entitlement management with SailPoint Identity Security Cloud (ISC) or IdentityIQ (IIQ)
Integrating SailPoint ISC or IIQ and other Identity Infrastructure with Entra ID
Design and configuration of Entra Conditional Access using Zero Trust principles
The role may also require the periodic allocation of additional time on the job to support multiple demands and escalating issues or to accommodate teams or staff in other time zones
Skills and attributes for success
Core understanding of Entra ID Tenant deployment and Active Directory management
Understanding of aligning Microsoft Entra / Azure services with security governance frameworks and guidelines such as CMMC, FedRAMP, and NIST SP 800.53, 800.63, and 800.171
Understanding of application registration and Key Management using the Entra ID Admin portal
Understanding of Entra ID Privileged Roles, Units and emergency accounts to enable policies at a granular level for access administration
Strong organizational skills, self-motivated and able to work to tight deadlines
Strong analytical and problem-solving skills
Effective teaming and knowledge sharing skills
Advanced skills in planning, designing and troubleshooting complex cloud environments
Solid understanding of cloud environment and security best practices
Good understanding of ITIL
Exceptional ability to document processes, procedures and security designs clearly and accurately for distribution to internal teams and customers
Understanding of other technologies required to run a secure enterprise level infrastructure
Demonstrated experience in dealing with external vendors and suppliers in the security industry
Cloud Infrastructure Security enthusiast
Self-motivated with an aptitude to learn quickly
Ability to deal with ambiguity
Have a global mind-set for working with different cultures and backgrounds
To qualify for the role you must have
Bachelor’s degree in Computer Science or a related discipline, or equivalent work experience
5-8+ years of cloud infrastructure experience
3 or more years of hands-on experience in designing and implementing Cloud services like Azure AD, Entra ID, Azure MFA, Entra Conditional Access, Azure B2B and Azure PIM
Demonstrated deep expertise in cloud infrastructure
Experience with writing custom, scripting tools (Python, PowerShell, etc.), interacting with APIs and shell scripting
Excellent interpersonal, communication and presentation skills
Strong English language skills are required – written and verbal
Good judgment, tact, and decision-making ability
Ability to work in a diverse, multi-cultural environment
Ability to obtain and maintain Top Secret security clearance
Ideally, you’ll also have
Azure certification for implementing Microsoft Azure Infrastructure Solutions
Involved in large scale IT deployments or cloud infrastructure
At least one technical certification in Azure platform
What we look for Individuals with strong business and technical acumen who demonstrate drive, vision, teaming and purpose and are passionate about helping our clients achieve their goals.
What we offer you At EY, we’ll develop you with future-focused skills and equip you with world-class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.
Compensation and benefits package based on performance and location (base salary range $91,100 to $170,400 in the US). Additional details available upon request.
Hybrid model: most people in client-serving roles work together in person 40-60% of the time.
Flexible vacation policy with paid holidays and additional leaves of absence as needed.
Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an on-going basis.
EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3 and follow the prompts to contact EY’s Talent Shared Services Team.
#J-18808-Ljbffr