Job Description

Job Title: IT Security Identity and Access Management.

Duration: 12 Months

Work Location: 2 Broadway - MTA Headquarters

Type: Hybrid.

Years of Experience: Tier-3, 7 ~ 9 yrs.

GENERAL INFORMATION:

PLEASE NOTE THIS POSITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE.

UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME**



Overview: The IGA Analyst will play a critical role in strengthening the organization's identity security posture across corporate, frontline, and operational technology (OT) environments. This role will focus on onboarding applications into the enterprise IGA platform, modernizing authentication through FIDO2 and password less technologies, and reducing technical debt through effective governance and lifecycle management controls.


The ideal candidate has hands-on experience with major IGA, PAM, and MFA platforms, possesses a strong understanding of Active Directory and Entra ID, and can collaborate with cross-functional teams to implement scalable identity controls that align with Zero Trust principles.

KEY RESPONSIBILITIES

**Application Onboarding & Integration**

• Partner with application owners to onboard and certify applications within the IGA platform (e.g., SailPoint, Saviynt, or Oracle).
• Define and enforce access models, entitlements, and approval workflows for new and existing applications.
• Establish least-privilege and segregation-of-duties (SoD) controls within IGA.

**Identity Security Posture & Technical Debt Reduction**

• Identify and remediate identity risks such as orphaned accounts, excessive entitlements, and privileged access sprawl.
• Contribute to ongoing cleanup initiatives for AD, Entra ID, and connected systems to align with modern identity hygiene standards.
• Support implementation of risk-based access policies and automated lifecycle management processes.

**Authentication Modernization**

• Support the adoption of phishing-resistant authentication methods, including FIDO2 security keys and password less sign-ins.
• Collaborate with MFA and SSO platform teams to migrate legacy authentication flows to modern protocols (e.g., WebAuthn, OIDC, SAML).
• Evaluate user experience, security impact, and deployment readiness across diverse user populations (corporate, frontline, OT).

**Federation & Access Management**

• Configure and manage federated SSO integrations via Entra ID and other IdPs.
• Apply conditional access and adaptive authentication policies based on user risk, device health, and context.
• Coordinate with PAM teams to align privileged session management with federated access controls.

**Cross-Domain Collaboration**

• Partner with security architecture, IAM engineering, and compliance teams to ensure IGA controls meet enterprise and regulatory standards.
• Document and report on metrics related to access certifications, compliance posture, and identity lifecycle performance.
• Provide operational support for IGA platform maintenance, upgrades, and new integrations.

QUALIFICATIONS

• Bachelor's degree in information security, Computer Science, or related field (or equivalent experience).
• 3 5 years of hands-on experience in Identity Governance & Administration (IGA).
• Strong knowledge of Active Directory, Entra ID, and federated authentication protocols (SAML, OIDC, OAuth2).

Familiarity with one or more of the following platforms:

• IGA: SailPoint, Saviynt, Oracle IDCS
• PAM: Beyond Trust, CyberArk, ManageEngine PAM360
• MFA/SSO: Microsoft Entra ID, Duo, Okta, Ping Identity
• Working knowledge of Zero Trust, FIDO2, password less, and phishing-resistant MFA concepts.
• Experience applying IGA controls for diverse user types (corporate, frontline, OT).
• Strong analytical, documentation, and communication skills; ability to collaborate across technical and business teams

ADDITIONAL SKILLS AND INFORMATION:

• Experience with identity lifecycle automation and role-based access control (RBAC) modeling.
• Understanding of privilege escalation risks, identity threat detection, and compliance frameworks (NIST 800-63B, CIS, TSA, etc.).
• Scripting knowledge (PowerShell, Python, or SQL) for data analysis or automation.
• Familiarity with cloud identity models (Azure, AWS, GCP).

Job Tags

Similar Jobs