Description

  • The Senior Cybersecurity Specialist Consumer Identity, will play a pivotal role in validating controls and governance supporting Customer Identity and Access Management (CIAM) platforms.
  • This individual will partner with cross-functional teams to evaluate identity configurations, uphold governance standards, and enable the secure delivery of digital identity services for consumer access across a diverse product portfolio.
  • This individual will serve as a trusted advisor on identity architecture, authentication, and authorization controls and governance.
  • Product Owners, Engineers, and Architects will rely on this Indvidual's expertise and clear communication to guide decisions and maintain a secure, scalable, and compliant consumer identity ecosystem.
  • The role is for a Senior Cyber Specialist focused on Consumer Identity, specifically assessing the Auth0 platform used at Client.
  • The specialist will evaluate the configuration and governance of the Auth0 environment to ensure it aligns with security best practices.

The primary duties associated with this assignment include:

CIAM Controls Assessment:

  • Validate the implementation and governance of controls related to identity provider (IdP) configuration and federation protocols (e.g., SAML, OIDC).
  • Evaluate the design and implementation of authorization models, including role-based (RBAC), attribute-based (ABAC), and policy-based access controls (PBAC).
  • Determine the strength and efficiency of security controls governing password requirements, multi-factor authentication (MFA), and adaptive authentication for both consumer-facing access and internal platform operations.
  • Assess API security, token management, and secure system integrations used for CIAM, including third-party integrations.
  • Review user lifecycle automation processes, including provisioning, deprovisioning, and account synchronization.
  • Assess controls surrounding user profile information.
  • Analyze self-service and account recovery features for both security and usability.
  • Validate logging, monitoring, and SIEM integration for identity-related events.

CIAM Governance Assessment:

  • Assess and validate adherence to CIAM governance frameworks, including defined roles, responsibilities, and accountability structures.
  • Validate the effectiveness of processes designed to ensure compliance with GDPR, CCPA, HIPAA, PCI DSS, and other applicable consumer data protection standards.
  • Evaluate the effectiveness and compliance of consent and preference management mechanisms in supporting user autonomy and regulatory requirements.
  • Verify data governance practices to ensure proper data minimization, retention, and classification aligned with regulatory and organizational requirements.
  • Analyze identity-related risk management processes.
  • Review change management and configuration control procedures.
  • Verify that recurring access reviews and related documentation are in place and effectively maintained.
  • Analyze the effectiveness of metrics, dashboards, and reporting tools in providing actionable insights and ensuring robust CIAM governance oversight.
  • Assess vendor oversight and review of third-party security certifications (e.g., SOC 2, ISO 27001).

About you:

  • 5+ years of experience in identity architecture, access management, cybersecurity, or technology audit with a focus on evaluating the effectiveness of consumer identity and access management (CIAM) governance and controls
  • Deep understanding of authentication, authorization, and identity lifecycle management
  • Knowledge of industry guidance related to digital authentication and lifecycle management (e.g. NIST SP 800-63B)
  • Hands-on experience with assessing CIAM platforms and identity federation protocols (SAML, OIDC, OAuth)
  • Familiarity with modern authentication technologies such as WebAuthn and Passkeys
  • Knowledge of regulatory frameworks impacting consumer identity (e.g., GDPR, CCPA, HIPAA, PCI DSS)
  • Experience in risk assessment, compliance audits, and governance reporting
  • Strong collaboration and influencing skills across technical and business teams
  • Excellent written and verbal communication skills tailored to diverse audiences
  • Strong analytical and problem-solving abilities
  • Ability to manage multiple priorities in a fast-paced environment
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Assurance, or a related field
  • Preferred: Professional certifications such as CISSP, CISA, CIAM, or equivalent

Key Responsibilities

  • Assess technical and process controls of the Auth0 consumer identity platform.
  • Ensure secure configuration and compliance with governance frameworks.
  • Review roles, responsibilities, regulatory compliance, consent and preference management.
  • Evaluate data governance principles including minimization, retention, classification, and disposition.
  • Validate change management processes, metrics, dashboards, and reporting.
  • Collaborate with product owners, engineers, and architects.
  • Conduct interviews, review system evidence, and assess policy adherence

Required Skills and Experience

  • Experience in auditing or assessing consumer identity platforms
  • Deep understanding of Auth0 configuration and governance
  • Background in identity and access management
  • Cybersecurity certifications preferred; identity-specific certifications ideal
  • Strong communication and collaboration skills
  • Ability to lead assessments independently

Technology Stack

  • Primary Platform: Auth0
  • Federation Protocols: SAML, OAuth
  • Other platforms may be assessed in future engagements

Candidate Considerations

  • Candidates from any industry with consumer identity experience are acceptable
  • Overqualification is not a concern; technical depth is valued

Key Skills
Education

Bachelor's degree

Back To Jobs