Sr. IAM Engineer - Azure Security

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Job Description

We are seeking a highly skilled Tech Lead with deeper expertise in various security products, authentication, authorization, access management, and governance. As a key member of the Workforce Authentication and Authorization team, you will lead a team to play a vital role in ensuring the secure implementation of various solutions (Hybrid and Cloud).

Requirements/Responsibilities:

• Lead Identity-centric Workforce Security solutions team to develop authentication and access management solutions.
• Drive the development of identity solutions, access patterns, and modern security protocols, practicing Zero Trust, least privilege, and defense-in-depth principles.
• Review and provide feedback on Identity and access management related security solutions proposed by stakeholders and provide consultation to partners and IT Management.
• In-depth knowledge and experience with Entra ID, EPM, Sentinel, Azure, and AWS Security.
• Knowledge of Okta, PingFederate, and entitlement management solutions.
• Strong knowledge of identity management on Azure AD with OAuth, OIDC, SAML, SSO, MFA, Conditional access policies, Kerberos, LDAP, and Identity Federations.
• Experience in providing security solutions for Java-based Microservices, React-based frontends, and Android/iOS-based mobile applications on Azure.
• Hands-on experience with JWT, session handling, code signing, certificate authentication, TLS/SSL, API Security, and application integration scenarios.
• Awareness of API Management, Firewalls, DLP, VPNs, DNS, Azure Defender, MCAS, Sentinel, WAFs, Application Gateways, NSGs, App Proxy, Radius clusters, and CDN.
• Good understanding of Cloud Infrastructure Entitlement Management (CIEM) solutions to ensure smooth remediation of toxic combinations and high-risk entitlements.
• Understanding and application of threat modeling concepts and methodologies.
• Understanding of application security, OWASP standards, security best practices, and browser compatibilities/storages/cookies.
• Acts as a Workforce cybersecurity expert in solutions spanning end-user computing, proxy solutions, MFA, SSO, conditional accesses, passwordless solutions, YubiKey, biometric solutions, identity and governance scenarios, secrets management, automation, role-based access control, privileged identity management, and just-in-time accesses.
• Participates in solutions to support token handling, OIDC/OAuth flows, authorization patterns, identity federation, cloud architectures, cryptography, cloud-native services, and cloud security.
• Deeper understanding of Cloud Security areas such as policies, RBAC, activities, identities, and privileged access management.
• Ability to support operations in troubleshooting complex identity scenarios with hands-on experience on Sentinel/KQL/Audit logs.
• Good understanding of concepts related to Docker Security and container orchestration/Kubernetes.

Qualifications:

• Bachelor's degree in computer science or a related discipline and experience in information security, or an equivalent combination of education and work experience.
• Deep knowledge of application or infrastructure systems architecture, usually having experience with multiple system technologies.
• Excellent consultative and communication skills, and the ability to work effectively with clients, partners, and IT management and staff.
• Ten years of experience in the Information Security role, with five years of experience as a Tech Lead.
• CISSP, CSSP, or Cloud security certification preferred.
• Strong collaboration skills and analytical ability.
• Certifications in Azure and AWS security will be preferred.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve. Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable Accommodation:

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at .

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.