WHY DO YOU WANT THIS JOB
Are you in love with Identity Access Management (IAM), but can't stand the way the security industry implements it? Do you think IAM can be more than simply churning access requests and saying no to users? Us too. Here at Plurilock, we think IAM should be about access enablement and an integral part of our incident response program. If you have a vision for what IAM can be, we want you to own our IAM and build the program you've always wanted with us.
WHAT IS THIS JOB
Plurilock is a start up with a one of kind behavioral biometrics solution that provides a continuous authentication signal indicating that the correct user is behind an identity without affecting the user experience. We're building a security team from the ground up and want an IAM program that utilizes our own technology on a foundational level. Specifically, we’re looking to enable entities (users and computers) to access whatever they need to get their jobs done, so long as we are 100% sure it's the right entity behind the identity.
As the founder of IAM at Plurilock you will be responsible for designing security policies that govern how we authenticate and authorize users and computers. Your policies should achieve both security and compliance by following these principles:
The Security team takes a customer service approach to providing security at Plurilock. Your customers are all internal users and system owners who are ultimately accountable for the security of their departments. As the sole provider of IAM services, you will offer customers either a Full Service or Do it Yourself model.
In the Full Service model, you will simply implement IAM for your customers to provide them with the access they need to perform their work and ensure they comply with your standards. In the Do it Yourself model, you will provide detailed guidance to customers on how to implement your policies in their systems followed by a thorough audit to ensure they are compliant. Regardless of the model your customer chooses, they must buy into implementation.
On a day-to-day basis you will be responsible for designing, implementing, and monitoring the processes that govern the following security objectives:
WHO ARE WE LOOKING FOR
The ideal candidate for this position has a customer first attitude. Your customers should view you as someone they come to for access solutions, not permission to perform their jobs. You should have worked in a large corporate environment with strict regulations around IAM, not so you can repeat their mistakes, but so you know what wrong looks like.
You should be the IAM engineer who asked,
With that being said, you should have a clear idea of how access should be granted to users and systems so that it does not expand our attack surface more than necessary.
On the technical side, you should have experience working with multiple identity providers such as AWS, Okta, and Active Directory and more importantly, linking them together to achieve SSO. You should also be able to govern access in a 100% remote work from home environment to SaaS and cloud infrastructure. The Security team as a whole will map the attack surface and help identify all the domains we need to secure, but you will be the primary architect for how we govern authentication and access.
NOTE: This position is only open to U.S. and Canadian citizens due to the highly sensitive nature of the work