Job Description
About you:
- 5+ years of experience in identity architecture, access management, cybersecurity, or technology audit with a focus on evaluating the effectiveness of consumer identity and access management (CIAM) governance and controls
- Deep understanding of authentication, authorization, and identity lifecycle management
- Knowledge of industry guidance related to digital authentication and lifecycle management (e.g. NIST SP 800-63B)
- Hands-on experience with assessing CIAM platforms and identity federation protocols (SAML, OIDC, OAuth)
- Familiarity with modern authentication technologies such as WebAuthn and Passkeys
- Knowledge of regulatory frameworks impacting consumer identity (e.g., GDPR, CCPA, HIPAA, PCI DSS)
- Experience in risk assessment, compliance audits, and governance reporting
- Strong collaboration and influencing skills across technical and business teams
- Excellent written and verbal communication skills tailored to diverse audiences
- Strong analytical and problem-solving abilities and adaptability in dynamic environments.
- Ability to manage multiple priorities in a fast-paced environment
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Assurance, or a related field
- Preferred: Professional certifications such as CISSP, CISA, CIAM, or equivalent
Professional experience in one or more of the following areas:
- Adept at aligning security best practices with continuous integration and delivery frameworks
- Cloud-native application architecture and security design
- Mobile application architecture and security design
- Cloud computing architecture and security design
- Experience conducting cyber threat modeling using frameworks such as STRIDE or PASTA.
- Strong grasp of information security principles and defense-in-depth strategies.
- Ability to balance business risk and cybersecurity risk.
- Familiarity with medical device cybersecurity frameworks is preferred.
Core responsibilities of this job are:
- Conduct threat modeling during the development of client products.
- Advise on cybersecurity risks associated with mobile and cloud-based product development.
- Ensure development teams align with industry cybersecurity standards and requirements.
- Analyze cybersecurity testing results to assess product security posture.
- Guide teams in prioritizing and remediating identified security vulnerabilities.
- Communicate significant product security concerns to leadership as needed.
Key Responsibilities
- Assess technical and process controls of the Auth0 consumer identity platform.
- Ensure secure configuration and compliance with governance frameworks.
- Review roles, responsibilities, regulatory compliance, consent and preference management.
- Evaluate data governance principles including minimization, retention, classification, and disposition.
- Validate change management processes, metrics, dashboards, and reporting.
- Collaborate with product owners, engineers, and architects.
- Conduct interviews, review system evidence, and assess policy adherence
Required Skills and Experience
- Experience in auditing or assessing consumer identity platforms
- Deep understanding of Auth0 configuration and governance
- Background in identity and access management
- Cybersecurity certifications preferred; identity-specific certifications ideal
- Strong communication and collaboration skills
- Ability to lead assessments independently
Technology Stack
- Primary Platform: Auth0
- Federation Protocols: SAML, OAuth
- Other platforms may be assessed in future engagements
Candidate Considerations
- Candidates from any industry with consumer identity experience are acceptable
- Overqualification is not a concern; technical depth is valued
Role Overview:
- Conduct an 8-week cybersecurity assessment of the Auth0 consumer identity and access management platform at Client.
- Evaluate configuration, governance, and security posture.
- High-profile project with senior-level visibility.
- Potential for extension to other platforms.
Responsibilities:
- Review Auth0 configuration including password policies, API authentication, MFA, roles,
- and federation.
- Assess governance processes: access requests, data retention, regulatory compliance.
- Review documentation: architecture diagrams, SOPs, audit logs.
- Conduct stakeholder interviews and gather evidence.
- Deliver a gap assessment report with recommendations.
Required Skills:
- Strong technical knowledge of consumer identity and access management (CIAM).
- Experience with Auth0 preferred.
- Familiarity with identity federation (e.g., SAML, OpenID Connect).
- Understanding of MFA and authorization models.
- Knowledge of NIST SP 800-63 series for identity governance.
Preferred Experience:
- 3+ years of experience with Auth0 preferred.
- Experience with other CIAM platforms acceptable if transferable.
- Strong documentation and communication skills.
- Self-starter, collaborative, able to work with senior architects.
Job Tags