Geneva, Switzerland On-site Full-time

Vitol is hiring an IAM Engineer

Responsibilities

  • Manage and maintain the technical setup of the Entra ID environment, emphasizing the modernization of authentication as part of a broader identity and access strategy.
  • Play an active role in authentication and authorization initiatives, including securing application integrations and hardening system configurations such as conditional access and adaptive multi-factor authentication.
  • Develop, deploy, and support a scalable and resilient framework that enables a seamless experience for end users.
  • Establish, implement, and maintain Role-Based and Attribute-Based Access Control models across on-premises Active Directory, Entra ID, and AWS platforms.
  • Collaborate with Security, Infrastructure, Cloud, and Development teams to standardize access control practices across systems and applications.
  • Assist in designing and managing access models for applications, APIs, service accounts, cloud platforms, and workload identities.
  • Integrate internal and external applications with corporate identity providers for Single Sign-On using SAML, OAuth, and OIDC.
  • Lead workshops and coordination sessions with development teams to facilitate identity integrations.
  • Guide developers on secure implementation of authentication and authorization flows, covering tokens, claims, scopes, roles, secrets, certificates, and redirect URIs.
  • Work with development teams to integrate IAM best practices into shared libraries, frameworks, SDKs, templates, and reference architectures.
  • Help create reusable components for authentication and authorization to be used across company applications.
  • Ensure internal libraries follow security principles such as least privilege, secure token validation, session management, claims-based authorization, secretless authentication, and modern federation.
  • Serve as an expert in identity and access management, advising teams on appropriate protocols and architectural patterns.
  • Support secure user lifecycle management, including provisioning and de-provisioning within the joiner-mover-leaver process.
  • Implement, manage, and enforce identity security policies such as MFA, Conditional Access, and least privilege principles.
  • Ensure consistent enforcement of policies across users, applications, and platforms while maintaining usability for business operations.
  • Provide advanced (Tier 3) support for identity-related issues including authentication failures, authorization errors, SSO problems, federation issues, and access denials.
  • Collaborate with infrastructure, security, cloud, and application teams to identify root causes and implement solutions for identity issues.
  • Use scripting tools like PowerShell and Python, along with APIs and SCIM, to automate identity lifecycle and access management processes.
  • Enhance operational efficiency by minimizing manual work, standardizing procedures, and enabling scalable IAM operations.
  • Develop and maintain comprehensive documentation for IAM-as-a-service offerings.
  • Define onboarding procedures, integration patterns, and standard operating procedures for IAM services.
  • Deliver clear, actionable guidance to application teams on securely and efficiently using IAM services.
About company
Vitol
Vitol is a global leader in energy and commodities trading, with over $10 billion invested in long-term assets, serving customers worldwide from 40 offices and generating $400 billion in revenues in 2023.
All jobs at Vitol Visit website
Job Details
Category other
Posted 3 days ago