A Day in Your Life at MKS
We are seeking a hands‑on professional to own the strategy, engineering, and lifecycle of core identity and endpoint security tools—Evidian (IAM/IAG), Admin By Request (privileged access elevation), and 1Password (password management & secrets). As product owner and technical authority, you will ensure these platforms are securely designed, integrated, monitored, and continuously improved to meet business and regulatory needs, partnering with IAM, Endpoint, IT Ops, Enterprise Architecture, Security Operations, and Compliance to deliver reliable, audited, and user‑friendly security services globally
You Will Make an Impact By
- Platform Ownership & Strategy- Act as product owner for Evidian, Admin By Request, and 1Password—owning roadmaps, backlog, release planning, and stakeholder communication. Define architecture and configuration baselines aligned to zero trust, least privilege, and separation of duties, while maintaining platform governance across access models, workflows, policies, standards, and lifecycle management.
- Engineering & Integration- Design and implement integrations with enterprise directories (e.g., Azure AD/Entra ID, AD), HRIS (for joinermoverleaver), MDM/UEM (e.g., Intune), SIEM/SOAR, ticketing (ServiceNow/Jira), and secrets pipelines (CI/CD).
- Security & Compliance-Implement least‑privilege controls with Admin By Request (approval policies, just‑in‑time elevation, allow/deny lists, session auditing) and operate 1Password enterprise policies (domain capture, vault hygiene, phishing‑resistant MFA, secrets access controls, recovery processes).
- Operations & Service Management -Own SLAs/OLAs, incident/problem/change management, patching, upgrades, and vendor management. Provide L3 support and enable L1/L2 teams through documentation and training.
Skills you bring
- 5+ years in IAM/Security Engineering or Endpoint Security, with 2+ years administering at least two of the following: Evidian (or similar IGA/IAM), Admin By Request (or equivalent PAM/JIT elevation), 1Password (or enterprise password/secrets managers).
- Strong experience with Entra ID/Azure AD & Active Directory, SSO (SAML/OIDC), and SCIM provisioning.
- Scripting/automation proficiency: PowerShell
- Hands-on with SIEM (e.g., Sentinel, Splunk, Chronicle) for log forwarding, correlation, and alerting.
- Solid understanding of least privilege, JIT/JEA, secrets management, and credential hygiene with Familiarity on data protection principles.
Preferred Skills
- Prior ownership of Evidian (IGA/IAM modules), Admin By Request at enterprise scale, and 1Password Business/Enterprise, including policies, SSO, domain capture, recovery, and secrets automation.
- RBAC/ABAC design, SoD rulesets, entitlement modeling, and access recertifications.
- Knowledge of modern identity patterns (FIDO2/WebAuthn, conditional access, device trust).
- Certifications (nice to have): CISSP, CCSP, Azure Security Engineer (AZ500), GIAC (e.g., GCLD/GSEC), ITIL.
- Core SkillsTechnical: IAM/IGA, PAM/JIT, enterprise password/secrets management, SSO/SCIM, directory services, endpoint management, scripting/automation, log engineering.
