Senior Information Security Analyst (Okta Admin)

Senior Information Security Analyst (Okta)- Pune, India

Are you a passionate security professionalAre you excited to learn and grow your skills in a strong global cybersecurity teamAre you interested in joining a globally diverse financial services organizationThen it s time to join Western Union as an Information Security Engineer in Pune.

Western Union powers your pursuit

The Information Security Engineer position will be responsible for the support, administration and integration of our Cloud Identity and Access Management system to include roles configuration, updating the access and creating the policies.

Role Responsibilities

• With these projects, your day-to-day activities primarily focuses on integrating applications using SAML2.0, OAuth 2.0, OIDC.
• Troubleshooting the issues using AAA rule Authentication, Authorization and Accountability. Providing Authentication to the applications, Managing Authorization to the resources in the organization based on the roles and Attributes. And monitoring the user activities with okta logs or Splunk logs.
• Work on ticketing tool Service Now . Where tickets are created by the users and used to resolve and close the tickets based on the priority and the order we receive.
  Experience in Adaptive MFA policies for the application based on the organization rules and application requirements which seek permission from security team for approval to update the org MFA policy.
• Work on High-Risk applications like PCI, and SOC applications to enable Authentication policies.
• Use okta verify, okta fast pass to login without the requirement of entering password for the users.
• Provide 24/7 on call support for solving Tickets on a rotating basis with other team members.
• Prepare documentation about procedures and KB articles to follow in okta about trouble shooting based on the scenarios we faced and Password rest procedures, MFA reset procedures and used to share on knowledge base.
• Experience in integrating OIDC applications using different grant flows.
• Configure SPA, Native applications in OIDC and used to create custom auth server for each OIDC apps based on the requirements.
• Manage Admin access for the applications and groups.
  

Provisioning:

• Provision the users by SCIM to automate the users for real time access to the application directly without creating the user from application side.
• JIT provisioning to create the user account instantly in the Azure or Okta portal when the user signs into the application.
• With Okta provisioning, we can help automate some of these processes. Okta provisioning can cover the entire user lifecycle, from creating the new user account to updating the user attributes within the account and, when the person leaves the organization or no longer requires access to the account, can even deprovision the account.
• It is up to the service provider to determine via their application programming interface or API as to whether or not provisioning capabilities will be available. When adding an application from the Okta Integration Network or OIN, should you want to focus your search to only those applications which do support provisioning, you can use the Supports Provisioning filter located on the left to view only applications which support provisioning features.
• So, I have used expression language in okta while creating the groups, Custom attributes, SAML Assertions and also writing the claims for the OIDC applications as per the requirement.

Interaction with other Teams:

• Need to collaborate with other IAM teams like AD team, which is our primary user database.
• Interact with PKI team for certificate management to the applications. (Venafi, DigiCert)and with PAM team where we use CyberArk for managing Privileged accounts.
• Also, with the GRC team to check on the application risk assessment to check whether it is good to move forward with the SSO configuration with the app.

Role Requirements

• 5-7 years of hands-on experience with Okta development and administration
• Strong working experience in SSO protocols (SAML, OIDC, OAuth2)
• Experience with MFA implementation and adaptive authentication policies
• Proficiency in Java and scripting languages (JavaScript, Python, Bash, or PowerShell)
• Experience with Okta Workflows , Okta APIs , and custom Hooks
• Solid understanding of IAM concepts , including RBAC, JIT provisioning, and identity federation
• Familiarity with directory services (e.g., Active Directory, LDAP, Azure AD)
• Experience integrating SaaS and custom applications with Okta
• Strong problem-solving and communication skills.
• Okta Certified Professional or Okta Certified Developer
• Experience with DevOps tools and CI/CD pipelines
• Knowledge of security frameworks (e.g., NIST, ISO 27001)
• Familiarity with cloud platforms like AWS, Azure, or GCP