TC-CS-IAM-RSA Implementation-Senior

EY

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

RSA Implementation:

As a Senior Developer, you will lead connector development, workflow orchestration, and application onboarding within RSA Identity Governance & Lifecycle (IGL / RSA Via). You’ll build scalable integrations to enterprise and cloud systems, design approval and provisioning workflows, optimize collections and certifications, and enforce governance policies (RBAC/SoD) across complex environments.

Key Responsibilities

  • Connector Development (AFX & Custom Integrations)
    • Design, develop, and maintain provisioning and deprovisioning connectors using AFX (Aveksa Fulfillment Express), including:
      • Out-of-the-box (OOTB) connectors: AD/LDAP, Databases (JDBC), SAP, ServiceNow, Azure AD, AWS, G Suite, O365.
      • Web Service connectors: REST/SOAP with OAuth2/JWT/API keys.
      • Scripting-based connectors: PowerShell, SSH, Unix shell, Python for on-prem targets.
    • Build Collectors for data aggregation (accounts, groups, entitlements) from applications using:
      • JDBC (Oracle, SQL Server, MySQL), LDAP, Flat files/SFTP, REST APIs.
    • Implement attribute mappings, transformation rules, and correlation logic (user-to-account, multi-attribute matching, fuzzy logic as needed).
    • Handle delta/ incremental collections, error handling, retries, and idempotency.
    • Secure credentials and secrets via vaulting or platform key stores; apply least-privilege for connector service accounts.
    • Performance tune connectors: paging, throttling, parallelism, connection pooling, and API rate-limit strategies.
    • Document runbooks, deployment steps, and rollback procedures.
  • Workflow Design & Orchestration
    • Build business workflows for:
      • Joiner–Mover–Leaver (JML) lifecycle automation.
      • Access requests / approvals (multi-level, manager/owner/risk-based).
      • Provisioning workflows with branching (success, failure, rollback, re-try).
      • Emergency access (firefighter) requests with time-bound access and post-use review.
    • Configure Change Request (CR) rules, rule sets, and task handlers.
    • Implement dynamic approval routing (manager DAC, entitlement owner, application owner, SoD compensating control approvers).
    • Integrate with ticketing/ITSM (ServiceNow/Jira) for fulfillment tasks and status sync.
    • Add notifications/SLAs (reminders, escalations, auto-approvals/auto-revokes with justification capture).
    • Ensure auditable trails: request provenance, approver comments, task logs, and evidence.
  • Application Onboarding & Governance
    • Drive end-to-end onboarding: authoritative sources, applications, accounts, entitlements, ownership, and risk scoring.
    • Establish role models (enterprise roles, IT roles), entitlement catalogs, and birthright access.
    • Define and maintain SoD policies (conflict matrices, rule libraries), exception workflows, and compensating controls.
    • Configure and run Access Certification Campaigns (manager, app owner, role owner, SoD remediation).
    • Implement data quality checks: orphan accounts, toxic combinations, excessive privilege detection.

  • Operations, Hardening & Performance
    • Schedule collections, provisions, certifications; monitor job queues and AFX tasks.
    • Patch and upgrade RSA IGL components; validate customizations post-upgrade.
    • Implement backup/restore, DR, and high availability patterns.
    • Deliver KPIs: request SLA adherence, provisioning success rate, collection freshness, certification completion %, SoD violations trend.
Day to Day Deliverables

  • Connector specification (interfaces, auth, payloads, mappings, error taxonomy).
  • Workflow definitions (BPM diagrams, approver logic, SLAs, escalation paths).
  • Data model mapping (source → person → account → entitlement).
  • Test assets: unit tests for scripts, UAT scenarios, negative tests, performance tests.
  • Deployment artifacts: packages, encryption keys, environment configs.
  • Operational documentation and handover runbooks.

Technical Stack & Environment

  • RSA IGL Core: Lifecycle, Governance, Access Requests, Certifications, Policies, AFX, Collectors.
  • Programming/Scripting: Java, Groovy (where applicable), PowerShell, Python, Bash.
  • Integrations: REST/JSON, SOAP/XML, JDBC, LDAP, SFTP, OAuth2/OIDC/SAML.
  • Databases: Oracle / SQL Server (schema tuning, indexes, partitioning guidance).
  • Infra/App Server: Linux-based deployment; JBoss/WildFly/WebLogic (as per customer stack).
  • Directories/Clouds: AD/LDAP, Entra ID (Azure AD), Okta (as target/peer), AWS IAM, GCP, SAP.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

See more jobs in Kolkata, West Bengal, jobs in India