Senior Identity And Access Management Engineer - Cloud Environment
1 day ago
Madrid
ppAt Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. /p h3The Position /h3 pThe Security and Cybersecurity Analyst serves as a trusted advisor and independent leader who drives the analysis of moderately complex cybersecurity incidents and technical problems. By bridging deep business and technical understanding, you will manage end‑to‑end security analysis tasks across multiple products within a domain. You will shape stakeholder perspectives, champion accountability by taking on security incident lead or project owner roles, and foster continuous improvement in security operations and best practices. /p h3Description of the area /h3 pThe Identity Management Support Team manages and operates the solutions and components used to provide customers with Directory and Identity Management Services using SailPoint. We are part of a global Roche Digital Technology group (RDT). /p h3Job Responsibilities /h3 pIn this role, you are mainly responsible for the multi‑cloud Identity Management environment, focusing specifically on Azure and Google Cloud Platform (GCP), while maintaining consistency with AWS. This includes the design of new solutions, consultancy, maintenance, performance, tactical lifecycle management and continuous improvement of the underlying technologies. /p h3Scope /h3 ul liStrong background in IAM concepts at design level and evolution in Cloud environments, Azure and/or GCP /li liContributes to the design of new solutions based on SailPoint and PingFederate, AD, Privilege Access Management. /li liDesign and implement Centralized Role-Based Access Control (RBAC) based on Cloud Adoption Framework (CAF) principles /li liAccess Governance and Controls: Enforce strong security controls across cloud environments, including Multi-Factor Authentication (MFA) and Identity Protection. Implement Least Privilege policies, often involving custom roles and organizational-level controls. Implement IAM Deny Policies to strictly block high-risk actions, ensuring separation of duties /li liAutomation and Infrastructure-as-Code (IaC): Drive the core value of "Automate as much as possible". Design and implement IAM infrastructure using IaC, leveraging Terraform. For Azure, this mandates IaC using Terraform and Azure Verified Modules (AVM) with CI/CD pipelines in GitLab /li liPrivileged Access Management (PAM): Design and support Just-in-Time (JIT) Access mechanisms, ensuring no standing privileges for administrators, using tools like Cyberark for Just-in-Time access /li liOperational Excellence: Act as an expert in the release management activities, providing 2nd and 3rd level support for the Identity Management Infrastructure. Proactively monitor systems for performance, availability, and capacity management /li liActively focus on self‑development in creating actionable plans to improve /li /ul h3Stakeholder Management /h3 ul liConsultancy and Collaboration: Act as a mentor and reference, working closely with stakeholders to provide the right level of consultancy. Ensure regular interactions with the Managed Service Provider /li liActs as a strategic influencer, defining and driving stakeholder engagement strategies for complex initiatives, facilitating workshops, resolving conflicts, and proactively shaping stakeholder perspectives to align with project goals /li /ul h3Impact/Strategy /h3 ul liDemonstrates strong and consistent performance across diverse products, with an impact that typically extends to a specific product, initiative, or cluster /li liTranslates requirements into strategic implementation plans that align with overall business objectives, and takes a proactive role in shaping team processes, often contributing to Communities of Practice (CoPs) /li /ul h3Complexity /h3 ul liManages business analysis activities on more complex projects or across multiple products within a domain /li liCapable of handling ambiguous requirements, navigating intricate stakeholder environments, and evaluating solution impacts considering both immediate and longer‑term implications within the domain /li /ul h3Business/Technical ability /h3 ul liDemonstrates a strong understanding of the business domain, related technologies, and their interdependencies /li liCan independently apply tools, principles, concepts, and techniques related to requirements, data, usability, and process analysis, effectively managing interconnections to improve overall efficiency and effectiveness /li /ul h3Qualifications /h3 h3Education / Experience /h3 ul li5-7 years of experience working in a major global organization, preferably in a regulated industry and in providing solutions aligned with standards, security, validation, capacity and high availability /li liBachelor’s Degree in computer science, engineering or related discipline; or recognition of prior working experience which is equivalent. /li liIndustry accredited certification is desirable. Willingness to continually acquire and maintain the technical skills appropriate to the requirements of this position /li liDemonstrated ability to effectively manage relationships with a diverse range of cross-functional stakeholders on medium to large-sized engagements, acting as a trusted advisor /li liProven track record of championing accountability by example, such as successfully taking on security incident lead and/or security project owner roles /li /ul h3Technical Skills /h3 ul liStrong hands‑on technical skills with an IT operations background. Expert knowledge on infrastructure technologies, business processes and applications with a focus on Sailpoint IQ Identity Governance and Access Identity Management technologies and PingFederate. /li /ul h3Cloud Platform skills /h3 ul liExpertise in GCP Identity and Access Management (IAM), including Identity Synchronization, Service Account binding/federation, and organizational policy enforcement /li liExpertise in Azure IAM/RBAC, including implementing centralized RBAC designs, Azure Policy, and alignment with the Azure Cloud Adoption Framework (CAF) /li liExperience applying cloud governance principles (e.g., Azure Policy, IAM Deny Policies) to ensure consistent governance and security across multi‑cloud workloads /li /ul h3Automation and DevOps /h3 ul liExperience with Infrastructure-as-Code (IaC) tools, particularly Terraform, for platform building and management /li liExperience implementing governance as code and integrating automated workflows via CI/CD pipelines (e.g., GitLab) /li liStrong understanding of Computer Systems Validation and working experience in a validated environment /li liGood understanding of IT Security systems and landscape with in-depth knowledge of Directories, Identity Management and Privileged Access Management technologies /li liStrong proficiency in independently applying tools, principles, and concepts related to requirements, data, usability, and process analysis within the security domain /li liAdvanced analytical and logical reasoning skills to identify security patterns, threats, and discrepancies, driving comprehensive root cause analysis /li liAbility to analyze technology fit and propose effective, strategically aligned cybersecurity solutions and controls /li /ul h3Additional Qualifications /h3 ul liProactive, collaborative and supportive approach when interacting with colleagues. /li liCommitted to operational excellence, with willingness to cross‑train and to learn additional technical expertise /li liStrong customer focus and a highly responsive service delivery and support ethic /li liAdaptable to change in a large organization /li liExcellent communication, negotiation and documentation skills. /li liProven interpersonal skills to interact effectively with individuals in multiple countries and in varying cultures /li liStrong verbal and written English /li liDemonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques /li liProactive contribution to organizational development, including identifying process improvements and actively participating in Communities of Practice (CoPs) /li liStrong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks /li /ul h3Who we are /h3 pA healthier future drives us to innovate. Together, more than 100,000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life‑changing healthcare solutions that make a global impact. /p pLet’s build a healthier future, together. /p bRoche is an Equal Opportunity Employer. /b /p #J-18808-Ljbffr