9 Federation Jobs

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about cybersecurity and looking for an exciting role where you can make a difference? If so, we have an opportunity for you! As a Security Specialist at Kyndryl, you will play a crucial role in enabling and securing our customer organizations, cultures, and ecosystems. Your responsibilities will be varied and dynamic, spanning asset classification models, risk assessment reports, information security policies, security solution scenarios, implementation plans, organization models, procedures, security services, security effectiveness evaluation reports, and security awareness workshops. You will be tasked with configuring, monitoring, and managing the performance of networks to maintain the quality of services, while also protecting organizational infrastructure from malicious cyber-attacks. As a key member of our team, you will assess, predict, prevent, and manage the risk of IT infrastructure and data, helping our customers stay ahead of the curve and ensure their systems are secure. You will develop and implement security policies and procedures, working closely with other departments to ensure that all security measures are in place and operating effectively. But that is not all – at Kyndryl you will have the opportunity to explore innovation in CyberSecurity data science – taking information that has been gathered and looking for areas to have that “Ah Ha” moment. Drawing conclusions and patterns from the data across single and multiple clients. Creating new ideas in the area of risk management and risk quantification. In addition to your technical responsibilities, you will also play a key role in raising awareness of potential security threats through technical security training on best practices. This is an exciting opportunity to help shape the culture of our clients' organizations and make a tangible impact on their security posture. If you have a passion for cybersecurity – governance, risk and compliance, are looking for a challenging and dynamic role, and want to work with a team of like-minded individuals, then we want to hear from you! Join us as a Security Specialist and help us secure the future of our clients' organizations. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Experience Experience: Minimum of 4-6 years of relevant experience in CyberArk administration and cybersecurity practices, with proven hands-on experience in Privileged Access Management (PAM) using PSM/PSMP. CyberArk Privilege Cloud Management : Proven experience managing CyberArk SaaS Privilege Cloud and its associated components infrastructure. Tenant Management and Cloud Connectors: Strong understanding of Tenant Management, Secure Tunnel, and Cloud Connectors within CyberArk. CyberArk Onboarding : Experience managing CyberArk onboarding activities, including onboarding accounts via RESTAPI, manual onboarding, and bulk onboarding processes. Platform and Safe Creation: Ability to create new safes, accounts, and platforms in CyberArk and link new platforms to the CyberArk environment. Privileged Account Management: Securely managing and monitoring privileged account access to target hosts using Privileged Session Manager (PSM) and Privileged Session Manager Proxy (PSMP). LDAP & AD Federation : Strong knowledge of LDAP and AD Federation. Familiarity with secure integrations with external services such as LDAP/S and RADIUS. CyberArk PAS Components Knowledge: Familiarity with various CyberArk PAS components, including: Privilege Access Suite (PAS) Secure Password Vault and Safes Password Vault Web Access (PVWA) Central Policy Manager (CPM) Privileged Session Manager (PSM & PSMP) Application Identity Manager (AIM), Central Policy (CP), and Central Credential Provider (CCP). Password Management & Compliance: Experience managing privileged account passwords, including verification, change, and reconciliation, ensuring compliance with organizational policies. Session Management: Understanding of user sessions directed through PSM and PSMP for monitoring and auditing. Policy and Reporting: Experience in creating/modifying master policies, and generating reports on safes and user activity. Health Checks & Monitoring: Performing health checks on CyberArk infrastructure and monitoring various components to ensure system integrity and uptime. Troubleshooting & Configuration: Ability to troubleshoot configuration and connectivity issues related to PAM services and components, including network connectivity issues and load balancing. Server Administration: Proficient in Linux Red Hat 7/8, Windows Server 2016/2019/2022 administration. Database and Directory Services: Knowledge of managing database targets, LDAP, AD, and IAM systems. PowerShell & Python Knowledge: Basic knowledge of PowerShell and Python scripting for automation and system integration is a strong advantage. Networking Concepts: Understanding of networking concepts, including firewalls, routing, and load balancing. Disaster Recovery & Failover: Solid knowledge of CyberArk disaster recovery, failover, and failback mechanisms to ensure availability and business continuity. Vault Data Backup: Experience in Vault Data Backup processes for ensuring critical data is securely backed up and protected. Change Management: Proven experience in managing change processes, including preparing and executing delivery plans during Change Advisory Board (CAB) reviews. Incident Handling: Responsible for managing complex and escalated incidents and requests with a focus on resolving issues efficiently. KPI Compliance: Ensuring adherence to KPI metrics for incident and service request resolution, including timely communication and escalation procedures. Stakeholder Communication: Providing input and updates to stakeholders involved in critical incidents, particularly during outages or system failures. Preferred Technical and Professional Experience CyberArk Certifications: Certification as CyberArk Defender, Sentry, or CPC-PAM would be a plus. Troubleshooting Expertise: Advanced troubleshooting skills for identifying and resolving configuration, connectivity, and system performance issues related to PAM services. Report Generation: Experience using CyberArk’s PAS Reporter and Telemetry tools to generate and analyze operational reports. Team Collaboration: Ability to work as a key team player, participating in regular team reviews and contributing to continuous improvement. Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Kindly share resume at jyoti.chawla@dotsquares.com Or you can connect at 9799074999 Senior PKI Consultant: * Mandatory skills: 1. Strong working knowledge of PKI management and concepts including CA deployment, template creation, and certificate lifecycle management. 2. Experience/exposure in implementing PKI-product such as Keyfactor, EJBCA, Autoenrolment, Orchestration services. 3. Azure exposure - solid understanding of federation, identity sync, ADFS, networking concepts. 4. Architecture design diagrams - working knowledge of creating high level architecture diagrams (having PKI focus is a plus) 5. Familiarity/Hands on experience working with NDES, Active Directory Certificate Services, Azure AD, Active Directory. 6. Familiarity with single sign on (SSO) and SAML, understanding of concepts such as claims aware applications. 7. Understanding of roles, permissions in Windows/Linux environments. 8. Understanding of PowerShell scripting, and ability to create custom workflows for API integrations. * Desired skills: 1. Knowledge/experience working with SCEP (simple certificate enrolment protocol). 2. Knowledge/experience working with ACME/CMP/EST protocols. 3. Knowledge/experience working EJBCA 4. IAM exposure - identify and access management with any products/technologies. 5. Familiarity in working with Linux/Unix operation systems. 6. Familiarity in working with ITSM solutions such as ServiceNow and BMC Remedy.

Role & responsibilities Role : Technical Lead Experience :- 5+ years Job Location :- Hyderabad Primary Secondary location - Bangalore and Pune Note: - Only Night Shifts. Shift Time :- 5.30 PM to 3.30 AM and 9.30 PM to 6.30 AM. Preferred candidate profile Job Description Standard for all Tracks The ideal candidate for the Support Engineer role should have over 9 years of experience in Windows Active Directory, including customer-facing or customer support roles. They should possess good communication skills and be flexible to work in shifts, following the US holiday calendar, with the majority of work time being in the EST time zone. Soft skills are essential, including leadership to handle technically challenging and politically sensitive customer situations. The candidate should have strong communication skills, with excellent spoken and written English, and the ability to gather information quickly, explain customer responsibilities, communicate next steps and status, and inspire confidence. The successful Support Engineer should have the drive and intellectual horsepower to resolve difficult customer issues, providing support through telephone, email, and chat services. Demonstrable troubleshooting skills and the ability to collaborate with cross-teams are also required. Team Handling Experience must Active Directory: Domain Controller promotion and restore. Group Policy , design, management and troubleshooting. AD Replication, Site, Sitelinks, and Bridgehead Servers Active Directory Authentication, Kerberos and NTLM Active Directory Domain Trust, Trust Types Account Lockout , event ID validation and troubleshooting. User Profile, Types of Profiles, and troubleshooting Windows Time, configuration, and troubleshooting Public key infrastructure (PKI), CA hierarchy, Configuration, design, and troubleshooting Active Directory Performance, DC high memory, CPU and crash troubleshooting DNS Server management including DNS zone migration, design, and configuration •DHCP Server management and IP address management FSMO Roles functionality of them. Difference between GPupdate gpupdate /force Sysvol folder how is it replicated. Group policy operational logs, gpsvc logs. AD replication, bridgehead server, intersite and intra site replication. Authentication in AD(Kerberos 3 phase ticketing, NTLM) delegation in Kerberos and types.

Detailed knowledge and experience in enabling and supporting integrated Entra ID applications, Single Sign-On, Multi-Factor Authentication, and Conditional Access Policies Subject matter expert in Entra ID (Azure AD), Active Directory, Kerberos, SSO, SAML, OAuth, OpenID Connect, MFA, Azure application integration, Identity Federation Detailed knowledge and experience in supporting cloud joined, hybrid joined, and multi-domain enterprise directory services platforms based on best practices Detailed knowledge and experience with automating processes by leveraging out of box capabilities, PowerShell/Python scripting, MS Graph, and REST APIs Strong problem solving, troubleshooting and root cause diagnosis skills Experience with Agile methodologies and corresponding Safe Agile based tools Ability to manage complex activities simultaneously to short timescales Minimum 5 years experience in supporting IAM technologies of a medium to large enterprise with expertise in Okta and Okta Access Gateway Detailed knowledge and experience with automating processes by leveraging out of box capabilities, Java/Python scripting and REST APIs Detailed knowledge and experience in enabling and supporting integrated Okta applications, Single Sign-On, Multi-Factor Authentication, and Access Policies Working knowledge of CICD pipeline and Terraform Open to learn and support other IAM technologies like Entra ID, Ping Federate etc Strong problem solving, troubleshooting and root cause diagnosis skills Experience with Agile methodologies and corresponding Safe Agile based tools Ability to manage complex activities simultaneously to short timescales Flexible to work in rotational shifts and provide on-call support during weekends Location: This position can be based in any of the following locations: Gurgaon For internal use only: R000106256

Responsibilities: Administer IBM Security Access Manager (ISAM), creating objects, policies, junctions, adding identity attributes. Support project engagements in the enablement of web security infrastructure into an application's design. Assist application teams with issue resolution. Install, upgrade, and configure ISAM infrastructure Configure SAML OIDC and OAuth Troubleshoot access issues in web applications Triage/resolve federation challenges Work closely with vendors, open problem tickets, and product enhancements Willingness and ability to participate in an on-call rotation, involving off-hours / weekend support Qualifications Required Skills: Proven ISAM product subject matter expert Hands-on experience managing large enterprise-wide ISAM deployments across multiple environments Experience and expert knowledge of Identity as a Service and Federation technologies Working experience implementing applications with modern authentication and authorization protocols (OAuth, OIDC, SAML). Knowledge of Single Sign On, various authentication mechanisms and authorization schemas. Working knowledge of WireShark, Fiddler, JavaScript, JAVA, JSON, PERL/CURL, XML, SOAP, WS-Security Working knowledge of LDAP or IBM Directory Server, WebSphere Application Server, IIS, IBM HTTP Server. Working knowledge of Unix/Linux Environments, AIX, Solaris, RedHat. Working knowledge of systems management tools and practices for application monitoring. Preferred experience in technologies including ISAM, OAuth, Federation, SAML 2.0, OIDC, XML, JavaScript, HTML, TAM, LDAP, Git, x50 Secondary technologies include Python3, NodeJS, JSON, Ansible, AWS, REST, Okta, Linux shell, Postman, CyberArk, basic networking knowledge to include ISAM interfaces, Splunk Experience with Splunk, ServiceNow, QRADAR, JIRA Strong customer service focus

Role & responsibilities Hands-on experience on end-to-end implementation o f Identity and Access Management using either of the products Ping suite of products (PingFederate, Ping Access, PingONE), Okta, Azure AD, ForgeRock suite of products (OpenAM, OpenIDM, OpenDJ, OpenDS). Completed at least 2-6 implementations leveraging either of the products listed above or combination of above. Strong understanding of access management fundamentals like Authentication, Authorization, MFA, SSO, Federation, and Directory Services concepts. Good hands-on experience on OAuth 2.0, OIDC, WS-Fed protocols. Involved in end-to-end design and implementation of SSO architecture and designed various authentication, authorization, MFA and SSO use cases Preferred candidate profile Ping Suite: Strong competency in PingFederate, PingAccess installation, upgrade Designing & implementing custom authentication and authorization flows using PingFederate authentication policies Implemented any migration projects from one IAM tool to other Strong knowledge of PingFederate administrative configuration with understanding of federation protocols - SAML, OAuth/OpenID with PKCE

Key Requirements / Responsibilities: Implement and manage the effectiveness of Incident, Service Request, Change and Problem management processes for the service area Assist stakeholder teams as required, coordinate with product engineering team Resolve technical issues through debugging, research, and investigation. Design, implement, and configure the Ping Directory LDAP infrastructure, including server installation, deployment, and integration with other systems. Develop and maintain LDAP schema, object classes, and attributes to meet business requirements and ensure optimal performance. Perform LDAP directory server configuration, optimization, and tuning to ensure high availability, scalability, and reliability. Administer and troubleshoot LDAP services, including monitoring LDAP servers, analysing logs, and resolving performance and connectivity issues. Collaborate with cross-functional teams to integrate LDAP services with other applications, such as single sign-on (SSO), identity and access management (IAM), and authentication systems. Ensure LDAP infrastructure adheres to security best practices and implement necessary security controls, including authentication, authorization, and encryption. Work closely with network and system administrators to coordinate LDAP server deployments and ensure seamless integration with the existing infrastructure. Stay up to date with industry trends and advancements in LDAP technologies and contribute to the evolution and improvement of LDAP services within the organization. Document LDAP infrastructure design, configurations, and troubleshooting procedures for reference and knowledge sharing. Strong communication skills, both verbal and written Must be able to thrive in a fast-paced, high-energy environment Ability to work independently, adapt quickly, and maintain a positive attitude Troubleshoot and maintain user onboarding workflows and role provisioning Ability to perform Root Cause Analysis and suggest solutions to avoid errors Support onboarding of application and platform users. Monitor IAM platform components and resource Provide IAM support to end users. Work involves day to day health check, incident support (as per defined scope and levels), e-mail support, tool upgrades and monitoring of systems, reporting the status and working with Development and QA teams to help them fix the issues. Should be a good team player to work on a competitive environment Qualifications: Education: Bachelor's Degree required Skills Expertise Good soft skills i.e., verbal & written communication and technical document writing Prior experience working in remote teams on global scale Customer orientation skills Scripting knowledge

Must have: -Experience using Ping Suite of products with expert level knowledge of Ping Directory administration -Advanced knowledge of in writing Ansible playbooks to support installation and configuration of Ping products. Hands on experience with Ping suite of products Ping Access, Ping Federate is preferred. Strong conceptual knowledge of CI/CD and Infrastructure as Code (IaC) ¢ Extensive knowledge of Linux operating systems. ¢ Demonstrated experience in designing and Implementing IAM solutions in a large scale complex environment. ¢ Strong conceptual knowledge of CI/CD and Infrastructure as Code (IaC) Good to have: ¢ Thorough knowledge of IAM concepts like SSO, Federation, Role Based Access Control(RBAC). ¢ Deep understanding of IAM protocols such as OAuth2, SAML, OIDC, SCIM and Kerberos ¢ Implementing Ping products in a cloud environment will be a plus. ¢ Prior experience in System Administration and / or Application Development is desirable.

Role & responsibilities -Experience using Ping Suite of products with expert level knowledge of Ping Directory administration -Advanced knowledge of in writing Ansible playbooks to support installation and configuration of Ping products. • Hands on experience with Ping suite of products Ping Access, Ping Federate is preferred. • Strong conceptual knowledge of CI/CD and Infrastructure as Code (IaC) • Extensive knowledge of Linux operating systems. • Demonstrated experience in designing and Implementing IAM solutions in a large scale complex environment. • Strong conceptual knowledge of CI/CD and Infrastructure as Code (IaC) Good to have: Thorough knowledge of IAM concepts like SSO, Federation, Role Based Access Control(RBAC). • Deep understanding of IAM protocols such as OAuth2, SAML, OIDC, SCIM and Kerberos • Implementing Ping products in a cloud environment will be a plus. • Prior experience in System Administration and / or Application Development is desirable.