Tech Analyst IAM AD (BHJOB22048_621)

ITmPowered    Denver, CO
Job Description
Technical Analyst – IAM Active Directory The Technical Analyst will work with Identity and Access Management (IAM), Information Security, IT Compliance infrastructure, and Business Application stakeholders. Implement appropriate changes to Network, File share permissions, Active directory groups, NTFS permissions and file shares in alignment with “Least Privilege approach to reduce IT Risk. Liaise with IT […]

Technical Analyst – IAM Active Directory

The Technical Analyst will work with Identity and Access Management (IAM), Information Security, IT Compliance infrastructure, and Business Application stakeholders. Implement appropriate changes to Network, File share permissions, Active directory groups, NTFS permissions and file shares in alignment with “Least Privilege approach to reduce IT Risk. Liaise with IT Risk and Compliance, IT Security, IAM, Infrastructure, and Business Stakeholders to validate roles, permissions across NTFS, file shares, and asset access.

Responsibilities:

  • IT Analysis and support of Information Security, Identity and Access Management, IT Risk / Compliance.
  • Review Information Security logs, IAM roles/permissions, network and file share access privileges.
  • Review CyberArk Privileged Access Management,
  • Navigate in Active Directory, GPO, Organizational Units (OU), Hyena, network and file access permissions.
  • Leverage PowerShell to export NTFS Permissions for validation.
  • Review access reports from cyber security and compliance organization to validate file server permissions policy that clearly defines permissions management processes.
  • Engage with Business Stakeholders to validate who needs access to which assets (file servers, network shares, and data stores), Validate roles, assign roles to permissions. Align to least privilege approach.
  • Leverage AD, Powershell, and Hyena to manage users, groups (both local and global), shares, domains, services, devices, events, files, open files, user rights.
  • Use Active Directory groups and eliminate one off NTFS permissions to individuals.
  • Configure NTFS permissions for the assets, assign roles to those permissions and assign people to roles.
  • Leverage the NTFS utility to control access to files and folders, containers and objects on the network as part of system security.
  • Leverage Active Directory to tie assets to permissions and permissions to roles with a local AD / global AD approach. Create local Active Directory domain groups with appropriate access and naming conventions (read only, read and modify, full control). Create global AD groups for departments and add to domain local groups.
  • Follow a least privilege approach and assign the most restrictive permissions that still allows users to perform their jobs. Eliminate or minimize full control permissions. Remove the Everyone permission from every resource except the global folder for file exchanges. Avoid breaking permission inheritance as often as possible. Isolate and eliminate nested shares. Create a Global Deny group for when employees leave the company you can quickly remove all their file server access by moving them into that group.
  • Log all permission changes, prepare change management documentation and provide to IT Risk and Compliance, IAM, IT Security for review approval, and sign-off. Track all changes in the ServiceNow.

Job Qualifications

  • 3+ years in IT Systems Administration – Active Directory, AD, GPO, PowerShell, NTFS, Hyena, File Shares.
  • 1+ year experience as Technical Analyst in Role-based Access Control as part of an IAM environment.
  • Experience participating in an IAM cross-functional role-modeling exercise with both business and technical users to create roles that accurately reflect the organization’s business and corresponding IT access authorizations to fulfill those Business needs.
  • Familiar with PowerShell scripting to export and assess permissions, folder, user permissions.
  • Experience with access models such as RBAC and ABAC
  • Familiarity with IAM provisioning (e.g. joiner, mover, leaver (JML), access request, recertification).
  • Experience with enterprise IAM systems (e.g. SailPoint IdentityIQ, Identity Governance, RSA Aveksa).
  • Experience with MS Office, Visio, Excel, SharePoint for documenting and logging Access Control Changes.
  • Excellent communication skills and experience working with business and technology stakeholders.

Tue, 30 Jul 2019 05:35:48 GMT

Recent from Blog

The Jobrino blog is written with jobseeker and employers in mind to enable them to realize their full potential. Jobrino blog is your one-stop destination to find new research about the workplace and the latest insights into the employment market.

What things to bring to a Job Interview– Job Interview Tips

It is very important to be prepared for everything with physically to mental need, well organized and ready to go when you attend a job interview. You should start preparing for your interview as soon as a company gets in touch with you about your candidacy. Below ...

Read more

Art of Writing Job Description

In today’s closely constrained market posting jobs does not guarantee applicants. Companies hunting for best and most qualified talents have lot more to do than simply advertising their job opening and waiting for resumes flooding in. Your prospect talents are ...

Read more

Top Medical Careers in Demand | Jobs in the medical field that pay well

Regardless of the economic woes, the healthcare industry with highest paying jobs is one of those very few industries which always hires at an alarming rate and continue to thrive. Therefore, it wouldn’t be unfair to say that healthcare is one of the fastest growing careers in the US. ...

Read more

7 Tips on How to Ace a Video Job Interview

In today’s age, a video job interview is almost as common as an in-person interview. Most of these remote-friendly companies may not in your local area. Therefore, the interview process is done ...

Read more