Information Security Support Engineer

Project description

We are seeking an Identity Remediation & Onboarding Analyst to join our Information Security team, supporting identity and access remediation initiatives across the firm. We are reviewing nested AD groups, stale groups, and empty groups, with a focus on reducing unnecessary nesting and improving overall AD hygiene. The contractor will engage with group owners to discuss remediation decisions and coordinate cleanup efforts with the provisioning team.

Responsibilities

• Execute identity remediation initiatives across critical systems, eliminating orphaned accounts, stale access, excessive privileges, and unmanaged service accounts.
• Perform hands-on cleanup and risk reduction across accounts, entitlements, and privileged access in alignment with firm standards.
• Drive service account security improvements, including remediation of clear-text passwords, credential vaulting and rotation, ownership validation, and enforcement of lifecycle controls.
• Support onboarding of applications and privileged accounts into the firm's Identity Governance & Administration (IGA) solution, and Privileged Access Management platforms in alignment to firm's access control requirements.
• Reduce administrative access across critical platforms by identifying excessive privileged access and implementing least-privilege controls.
• Strengthen group and entitlement governance by simplifying complex group structures and aligning them to standardized access models.
• Partner with application, infrastructure, and engineering teams to implement access changes and close control gaps.
• Track remediation efforts through completion, maintaining audit-ready documentation and measurable evidence of risk reduction.
• Monitor shared mailboxes and ticketing queues related to remediation and onboarding activities, ensuring timely response, prioritization, and escalation.
• Leverage AI tools and large language models to automate repeatable analysis, reconciliation, and documentation tasks.

SKILLS

Must have

• Minimum of 3 years of professional experience in Identity & Access Management (IAM), information security, identity operations, or a related technology role.
• Active Directory expertise
• Hands-on experience executing identity lifecycle management, account remediation, or access cleanup initiatives within an enterprise environment.
• Practical experience working with Identity Governance & Administration (IGA) solutions such as SailPoint, including onboarding applications or supporting entitlement management processes.
• Working knowledge of Active Directory, group-based access models, and service account management.
• Experience supporting privileged account onboarding or working with Privileged Access Management (PAM) solutions (e.g., CyberArk or similar).
• Demonstrated understanding of identity hygiene principles, least-privilege design, service account risk management, and access control best practices.
• Experience supporting remediation tracking and audit-related validation activities, including production of audit-ready evidence.
• Proven ability to analyze large access and entitlement datasets (e.g., access extracts, entitlement listings, reconciliation reports) to identify control gaps and prioritize corrective actions.
• Strong organizational skills with the ability to manage multiple remediation workstreams and drive issues through closure.
• Clear written and verbal communication skills, with the ability to coordinate remediation and onboarding efforts across global stakeholders.
• Hands-on experience leveraging AI tools or large language models to automate repeatable analysis, documentation, or reconciliation activities.
• Commitment to the highest ethical standards.

Nice to have

n/a