Cybersecurity Sr. Specialist

DivIHN Integration

  • Saint Paul, MN
  • Permanent
  • Full-time
  • 2 days ago
  • Apply easily
For further inquiries regarding the following opportunity, please contact one of our Talent Specialists.
Ragu Mohan at (630) 847-0953
Nithiya at (224) 507-1292Job Title: Cybersecurity Sr. Specialist
Location: St. Paul, MN
Duration: 6 MonthsTimings: 8 AM - 5 PM
Travel: Limited travel may be requiredDescription
  • This is a non-exempt role.
  • As a Senior Cybersecurity Specialist (Advisory) within client's Product Cybersecurity team, you will play a critical role in supporting cybersecurity throughout the product development and operational lifecycle also governance supporting Customer Identity and Access Management (CIAM) platforms.
  • This individual will partner with cross-functional teams to evaluate identity configurations, uphold governance standards, and enable the secure delivery of digital identity services for consumer access across a diverse product portfolio.
  • This individual will serve as a trusted advisor on identity architecture, authentication, and authorization controls and governance.
  • Product Owners, Engineers, and Architects will rely on this Indvidual's expertise and clear communication to guide decisions and maintain a secure, scalable, and compliant consumer identity ecosystem.
  • The role is for a Senior Cyber Specialist focused on Consumer Identity, specifically assessing the Auth0 platform used at Client.
  • The specialist will evaluate the configuration and governance of the Auth0 environment to ensure it aligns with security best practices.
The primary duties associated with this assignment include:CIAM Controls Assessment:
  • Validate the implementation and governance of controls related to identity provider (IdP) configuration and federation protocols (e.g., SAML, OIDC).
  • Evaluate the design and implementation of authorization models, including role-based (RBAC), attribute-based (ABAC), and policy-based access controls (PBAC).
  • Determine the strength and efficiency of security controls governing password requirements, multi-factor authentication (MFA), and adaptive authentication for both consumer-facing access and internal platform operations.
  • Assess API security, token management, and secure system integrations used for CIAM, including third-party integrations.
  • Review user lifecycle automation processes, including provisioning, deprovisioning, and account synchronization.
  • Assess controls surrounding user profile information.
  • Analyze self-service and account recovery features for both security and usability.
  • Validate logging, monitoring, and SIEM integration for identity-related events.
CIAM Governance Assessment:
  • Assess and validate adherence to CIAM governance frameworks, including defined roles, responsibilities, and accountability structures.
  • Validate the effectiveness of processes designed to ensure compliance with GDPR, CCPA, HIPAA, PCI DSS, and other applicable consumer data protection standards.
  • Evaluate the effectiveness and compliance of consent and preference management mechanisms in supporting user autonomy and regulatory requirements.
  • Verify data governance practices to ensure proper data minimization, retention, and classification aligned with regulatory and organizational requirements.
  • Analyze identity-related risk management processes.
  • Review change management and configuration control procedures.
  • Verify that recurring access reviews and related documentation are in place and effectively maintained.
  • Analyze the effectiveness of metrics, dashboards, and reporting tools in providing actionable insights and ensuring robust CIAM governance oversight.
  • Assess vendor oversight and review of third-party security certifications (e.g., SOC 2, ISO 27001).
About you:
  • 5+ years of experience in identity architecture, access management, cybersecurity, or technology audit with a focus on evaluating the effectiveness of consumer identity and access management (CIAM) governance and controls
  • Deep understanding of authentication, authorization, and identity lifecycle management
  • Knowledge of industry guidance related to digital authentication and lifecycle management (e.g. NIST SP 800-63B)
  • Hands-on experience with assessing CIAM platforms and identity federation protocols (SAML, OIDC, OAuth)
  • Familiarity with modern authentication technologies such as WebAuthn and Passkeys
  • Knowledge of regulatory frameworks impacting consumer identity (e.g., GDPR, CCPA, HIPAA, PCI DSS)
  • Experience in risk assessment, compliance audits, and governance reporting
  • Strong collaboration and influencing skills across technical and business teams
  • Excellent written and verbal communication skills tailored to diverse audiences
  • Strong analytical and problem-solving abilities and adaptability in dynamic environments.
  • Ability to manage multiple priorities in a fast-paced environment
  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Information Assurance, or a related field
  • Preferred: Professional certifications such as CISSP, CISA, CIAM, or equivalent
Professional experience in one or more of the following areas:
  • Adept at aligning security best practices with continuous integration and delivery frameworks
  • Cloud-native application architecture and security design
  • Mobile application architecture and security design
  • Cloud computing architecture and security design
  • Experience conducting cyber threat modeling using frameworks such as STRIDE or PASTA.
  • Strong grasp of information security principles and defense-in-depth strategies.
  • Ability to balance business risk and cybersecurity risk.
  • Familiarity with medical device cybersecurity frameworks is preferred.
Core responsibilities of this job are:
  • Conduct threat modeling during the development of client products.
  • Advise on cybersecurity risks associated with mobile and cloud-based product development.
  • Ensure development teams align with industry cybersecurity standards and requirements.
  • Analyze cybersecurity testing results to assess product security posture.
  • Guide teams in prioritizing and remediating identified security vulnerabilities.
  • Communicate significant product security concerns to leadership as needed.
Key Responsibilities
  • Assess technical and process controls of the Auth0 consumer identity platform.
  • Ensure secure configuration and compliance with governance frameworks.
  • Review roles, responsibilities, regulatory compliance, consent and preference management.
  • Evaluate data governance principles including minimization, retention, classification, and disposition.
  • Validate change management processes, metrics, dashboards, and reporting.
  • Collaborate with product owners, engineers, and architects.
  • Conduct interviews, review system evidence, and assess policy adherence
Required Skills and Experience
  • Experience in auditing or assessing consumer identity platforms
  • Deep understanding of Auth0 configuration and governance
  • Background in identity and access management
  • Cybersecurity certifications preferred; identity-specific certifications ideal
  • Strong communication and collaboration skills
  • Ability to lead assessments independently
Technology Stack
  • Primary Platform: Auth0
  • Federation Protocols: SAML, OAuth
  • Other platforms may be assessed in future engagements
Candidate Considerations
  • Candidates from any industry with consumer identity experience are acceptable
  • Overqualification is not a concern; technical depth is valued
Role Overview:
  • Conduct an 8-week cybersecurity assessment of the Auth0 consumer identity and access management platform at Client.
  • Evaluate configuration, governance, and security posture.
  • High-profile project with senior-level visibility.
  • Potential for extension to other platforms.
Responsibilities:
  • Review Auth0 configuration including password policies, API authentication, MFA, roles,
  • and federation.
  • Assess governance processes: access requests, data retention, regulatory compliance.
  • Review documentation: architecture diagrams, SOPs, audit logs.
  • Conduct stakeholder interviews and gather evidence.
  • Deliver a gap assessment report with recommendations.
Required Skills:
  • Strong technical knowledge of consumer identity and access management (CIAM).
  • Experience with Auth0 preferred.
  • Familiarity with identity federation (e.g., SAML, OpenID Connect).
  • Understanding of MFA and authorization models.
  • Knowledge of NIST SP 800-63 series for identity governance.
Preferred Experience:
  • 3+ years of experience with Auth0 preferred.
  • Experience with other CIAM platforms acceptable if transferable.
  • Strong documentation and communication skills.
  • Self-starter, collaborative, able to work with senior architects.
Work Location:
  • On-site work required at an client facility.
  • Preferred location: St. Paul, MN.
  • Flexibility for Abbott Park, IL location (not Willis Tower).
  • Standard 40-hour work week with some flexibility.
Duration:
  • Possible extension based on project needs.
Deliverables:
  • Gap assessment report covering configuration and governance.
  • Recommendations to address identified gaps.
  • Optional readout to stakeholders.
Interview Process:
  • Single virtual interview via Teams.
  • 30-minute session with hiring manager Jeremy Milburn.
About us:DivIHN, the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration.DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.

DivIHN Integration