Who We Are

We're pioneers who every day deliver new choices that shape the foodscape. We discover what's next. Bold ideas and new possibilities that drive the industry. Better food. Better future. Our teams are a highly innovative group of talented professionals; laser-focused on making a difference and having fun while we do it.

At UNFI, we're inspired by the unexpected. We look at things like our unmatched distribution network and full-store assortment through a new lens. From gourmet and ethnic to fresh, prepared foods to specialty cheese - we cover everything in the store and your kitchen. Energizing tomorrow, guiding a healthier road ahead.

We believe that:

• Freedom of food choice matters
• Discovering what’s next keeps us vital
• We’re not afraid to get our hands dirty
• We’re here to connect food, people and the planet
• New routes can take us anywhere
• Scale drives our ability to positively impact lives
• There is no limit to fresh ideas
• Sustainability is our responsibility

A Bit About You…

• You thrive in a fast-paced, dynamic environment
• You wake up in the morning with a passion to inspire others to be great
• You possess the ability to lead leaders to develop strong teams and deliver on your strategies
• You are a natural at connecting with others and building strong relationship networks
• You have a proven ability to leverage consumer insights to develop brand positioning
• You understand the importance of collaboration and partnership to enable business outcomes
• You strive to build and deliver the “big picture” strategy
• You possess a positive mindset and often spotlight opportunities that others may overlook

PURPOSE:

The Sr. IAM Engineer is responsible for the architecture, design, and implementation of the UNFI Identity and Access Management (IAM) solutions in accordance with industry and UNFI architecture and security best practices and standards. The Senior IAM Engineer stays up to date on the latest technologies, security best practices and deployment strategies both in the cloud and on premise. Core functions include assessing existing deployments for remediation efforts regarding availability, recoverability, security and cost as well as designing new solutions based on requirements gathered working cross functionally with the key stakeholders. The Senior IAM Engineer will develop and maintain reference architectures, standards and procedures, complete high level and detailed designs and implement greenfield IAM solutions.

JOB RESPONSIBILITIES:

IAM Engineering

• Leads UNFI IAM architecture and design efforts to meet the platform and product team requirements while aligning to UNFI IAM and security standards, controls, and governance structure

• Leads design of IAM solutions such that they are resilient, highly available, fault tolerant and recoverable from disaster or ransomware

• Responsible for identifying, designing, and implementing IAM requirements for on-premises, SaaS, IaaS, and PaaS solutions

• Responsible for designing solutions adhering to zero trust principles to prevent unauthorized access to the on-premises and cloud systems

• Leads design and management of identity federation, Single Sign On and Multi-Factor Authentication, including external users

• Leads design and implementation of solutions and systems for Automated Identity Lifecycle Management, Identity and Access Governance and Automated Provisioning

• Leads design and rollout of tools and processes to manage privileged access for humans and non-humans meeting security standards

• Research and recommend new IAM solutions, execute POC’s and feasibility studies to validate next-gen product concepts and technologies leveraging results to guide business and technology decisions.

• Leads complex IAM architecture requirements analysis to convert platform, security, and business requirements into technical solutions

• Apply extensive technical expertise in decision making and in the resolution of problems which are highly complex and technical in nature.

• Provide technical direction to less experienced members of the team

• A technical subject matter expert that recommends and advises the Operations team in the resolution of outages or high priority incidents

• Analyze log events and performance of IAM solutions and correct deficiencies, including recommendations to the Operations teams on alerting and monitoring

• Identify security gaps in the identity platforms and create remediation plans

• Act as Subject Matter Expert in the discovery and investigation of critical security vulnerabilities or incidents

• Create and maintain functional / technical design specifications and solutions to satisfy project requirements

• Create simple, repetitive deployment processes that increase both velocity and quality.

People Leadership

• Mentor less experienced members of the IAM team

• Serve as IAM SME for the extended Infrastructure team and help develop internal knowledge

JOB REQUIREMENTS:

Education/Certification:

• Bachelor’s Degree in Computer Science or a related discipline desired, or relevant IAM Engineering work experience

• Industry Cybersecurity or IAM certifications such as CISSP, ISC2, GSEC, GISF, GCIA and GISP or equivalent

• Relevant product certifications such as CyberArk, SailPoint, Microsoft, AWS Certified Cloud Practitioner

Experience:

• 6- 10 years’ professional experience working in large scale identity environments (10,000 users minimum).

• 6-10 years’ experience in as an IAM Engineer/Architect in a large complex on-premises/cloud hybrid identity environment

• 6-10 years’ experience with directory services, authentication/authorization, privileged access management, identity lifecycle management and/or cloud identity services: Active Directory, Azure AD/SSO/MFA, Azure Identity Framework, AWS cloud native, CyberArk, SailPoint IIQ, Oracle OUD, LDAP, etc.

• 6-10 years’ experience with Azure AD leveraging Graph API, Identity Experience Framework, CSS, REST, HTML

• 2+ years’ experience with cloud providers AWS or Azure

• 2+ years with experience with source code management software using Git for branching, merging and merge conflicts

• Cloud

o Hands-on experience in designing Azure Conditional Access policies, Azure SSO, Azure MFA and Identity federation using AD Connect and/or ADFS

o Experience supporting AWS identity federation and AWS governance

o Experience securing applications with cloud access security broker (CASB)

o Experience managing an Azure B2C tenant for external users, including design and creation of Azure B2C policies, Azure forms and workflows using the Azure Identity Framework

• Directory Services

o Experience designing Active Directory Group Policies, fine-grain password policies, AD Sites, Time Service (NTP), DNS and AD replication topology, with Active Directory 2016 functional forest level

o Demonstrated experience with PowerShell scripting to automate Active Directory tasks

o Experience with AD delegated administration tools such as Quest ARS, RMAD, GPO Admin, Enterprise Reporter

o Experience applying security standards using automated processes to prevent misuse of stale accounts, compromise of passwords or escalation of permissions, such as identifying and disabling stale accounts

• Identity Lifecycle Management

o Experience with SailPoint Identity IQ

o Extensive understanding and experience in Java application development

o Demonstrated experience with Beanshell, Linux/Unix, Windows, scripting (Bash, PowerShell, Perl), SQL, LDAP, and web services

o Experience developing custom workflows for joiners, leavers and movers

o Experience connecting applications to SailPoint for automated provisioning/deprovisioning and access reviews

o Experience with designing and implementing Role Based Access Control using technical and business roles

o Experience with the design and deployment of secure RESTful Web Services

o Experience with the following web technologies (XML, SPML/SOAP, Web Services, etc.)

o Experience with web application servers (Tomcat, WebSphere, WebLogic, JBOSS, etc.)

• Privileged Access Management

o Extensive experience architecting, designing and implementing CyberArk products for a complex enterprise environment with multiple domains and platforms

o Experience integrating CyberArk with various applications using out of the box and custom connectors

o Experience rolling out privileged access to administrative users to maximize security and operational efficiency

o Experience using CyberArk to secure remote access for vendors

• Demonstrated experience with CI/CD pipelines for delivery of new software/configurations

• Experience with architecting and designing for Security Constraints, Resiliency, Fault-Tolerance, and Scalability in context of hybrid network architectures

• Demonstrated experience leading troubleshooting and solving issues related to identities, systems, access, accounts, authentication, authorization, entitlements, and permissions

• Some proficiency with core network services like DNS, DHCP, IPAM, and NTP in a global, distributed environment.

• Experience with traffic and network analysis using tools such as Wireshark, Netflow, Solarwinds and TCPDump

• Experience working with highly effective engineering teams through major technology transitions

• Experience working in complex network environments with legacy systems

Knowledge:

• Proficient with industry security frameworks such as NIST, ISO 17799, CIS, etc.

• Familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions, Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA.

• Knowledge of zero trust principles

• Knowledge of ITIL and able to follow established processes for ITSM

• Knowledge of agile or Kanban principles and practices

• Some familiarity of iOS and Android ecosystems to support the credentialing of mobile devices

• Knowledge of Microsoft Exchange

• Knowledge of relational databases (Oracle, MSSQL, MySQL, etc)

• Knowledge of enterprise systems (SAP, PeopleSoft, Cherwell)

• Able to develop solutions based on secure design and/or coding practices

• Ability to be flexible, decision oriented, and motivated to support management initiatives

• Ability to demonstrate a consultative approach to strategic decisions with a particular emphasis on design and delivery

• Strong documentation and communication skills

• Strong attention to details

• Problem investigation and diagnostic skills

• Able to write and maintaining clear documentation about system architecture, release, and implementation plans, and develop and maintain internal documentation.

• Able to automate configuration and develop repeatable enterprise processes, including CI/CD

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all.

• M/F/Veteran/Disability. VEVRAA Federal Contractor.

Additional Information

• Schedule: Full-time

#LI-Remote