Security Engineer – CIAM (Customer Identity Access Management)

Responsibilities:

• Leverage Microsoft Entra identity and access management suite (IAM/CIAM), Dynamics 365 Dynamic Fraud Protection, Graph APIs and other 3rd party threat intelligence products to build solutions for preventing identity, account, payment, API, and Bot based threats and fraud.
• Research, investigate, and disrupt fraud on customer’s online, ecommerce, and omni-channel web applications.
• Drive research into technical fraud problems, automation of manual processes, and tooling that improves team capabilities, and enables the threat protection program to scale.
• Produce actionable threat intelligence to support investigations by product, security, or legal teams.
• Build capabilities to collect and analyze intelligence to do detect behaviors, anomalies, and patterns. Enable proactive hunting and detection across online channels.
• Identify, connect, and analyze new internal, external, or 3rd party data sources and adapt them for use by the team. Optimize data processing and analysis pipelines to work at scale.
• Contribute to overall engineering efforts, including supporting design and development for capturing, storing, processing, analyzing, and disseminating threat intelligence for detection, automating, and action.

Requirements:

• Bachelor’s Degree in computer science, computer security, networking, information systems, computer engineering, systems engineering (or similar field) is preferred.
• 8 – 10 years of total experience
• Minimum 3+ years of experience with identity and access management (IAM) and customer identity access management (CIAM) technologies, preferably with Microsoft Entra & Entra External ID (formerly Azure AD, Azure AD B2C).
• Deep understanding of identity and access management concepts and standards mutual TLS, OAuth, LDAP, JWT, and authorization models such ABAC, RBAC, Risk-based Access Control etc.
• Deep understanding of Microsoft Graph, Graph APIs & Connectors, and data ingestion from APIs. Any experience with Dynamics 365 Dynamic Fraud Protection is highly desirable.
• 3+ years of advanced expertise in in at least three of the following areas:

Single Sign-on

Multi Factor Authentication

Domain & Directory Services

Identity Lifecycle Management

API Access Management

Device & App Access

Privileged Access

Access Gateway

Identity Governance

Customer Identity & Access

• 3+ years' advanced expertise in at least three of the following areas:

Threat Intelligence / Analytics

D365 , CIAM , AIM, Azure AD , B2C , CRM

Behavioral Intelligence / Analytics

Fraud Detection / Fraud Protection / Fraud Defense

Account Protection / Account Takeover Prevention

Bot Detection / Bot Protection / Fraud Defense

API Protection

Payment / Checkout Protection

Device Fingerprinting

Anomaly Detection

Cyber-crime or financial crime investigations or intelligence

Active Threat Hunting

• Proficiency using programming languages: PowerShell and Python required. Other languages are a plus (Go, Ruby, Shell/Bash scripting, Java, JavaScript/TypeScript, Rust, etc.).
• Proficiency using SQL or any other query languages.
• Ability to conduct technical research across several layers of the tech stack, platforms, and automating tools.

Any experience with Online Retail, eCommerce, Fintech, Online Banking, Digital Marketplaces, or Payments will be a huge plus.