Job Description

About you:

• 5+ years of experience in identity architecture, access management, cybersecurity, or technology audit with a focus on evaluating the effectiveness of consumer identity and access management (CIAM) governance and controls
• Deep understanding of authentication, authorization, and identity lifecycle management
• Knowledge of industry guidance related to digital authentication and lifecycle management (e.g. NIST SP 800-63B)
• Hands-on experience with assessing CIAM platforms and identity federation protocols (SAML, OIDC, OAuth)
• Familiarity with modern authentication technologies such as WebAuthn and Passkeys
• Knowledge of regulatory frameworks impacting consumer identity (e.g., GDPR, CCPA, HIPAA, PCI DSS)
• Experience in risk assessment, compliance audits, and governance reporting
• Strong collaboration and influencing skills across technical and business teams
• Excellent written and verbal communication skills tailored to diverse audiences
• Strong analytical and problem-solving abilities and adaptability in dynamic environments.
• Ability to manage multiple priorities in a fast-paced environment
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Assurance, or a related field
• Preferred: Professional certifications such as CISSP, CISA, CIAM, or equivalent

Professional experience in one or more of the following areas:

• Adept at aligning security best practices with continuous integration and delivery frameworks
• Cloud-native application architecture and security design
• Mobile application architecture and security design
• Cloud computing architecture and security design
• Experience conducting cyber threat modeling using frameworks such as STRIDE or PASTA.
• Strong grasp of information security principles and defense-in-depth strategies.
• Ability to balance business risk and cybersecurity risk.
• Familiarity with medical device cybersecurity frameworks is preferred.

Core responsibilities of this job are:

• Conduct threat modeling during the development of client products.
• Advise on cybersecurity risks associated with mobile and cloud-based product development.
• Ensure development teams align with industry cybersecurity standards and requirements.
• Analyze cybersecurity testing results to assess product security posture.
• Guide teams in prioritizing and remediating identified security vulnerabilities.
• Communicate significant product security concerns to leadership as needed.

Key Responsibilities

• Assess technical and process controls of the Auth0 consumer identity platform.
• Ensure secure configuration and compliance with governance frameworks.
• Review roles, responsibilities, regulatory compliance, consent and preference management.
• Evaluate data governance principles including minimization, retention, classification, and disposition.
• Validate change management processes, metrics, dashboards, and reporting.
• Collaborate with product owners, engineers, and architects.
• Conduct interviews, review system evidence, and assess policy adherence

Required Skills and Experience

• Experience in auditing or assessing consumer identity platforms
• Deep understanding of Auth0 configuration and governance
• Background in identity and access management
• Cybersecurity certifications preferred; identity-specific certifications ideal
• Strong communication and collaboration skills
• Ability to lead assessments independently

Technology Stack

• Primary Platform: Auth0
• Federation Protocols: SAML, OAuth
• Other platforms may be assessed in future engagements

Candidate Considerations

• Candidates from any industry with consumer identity experience are acceptable
• Overqualification is not a concern; technical depth is valued

Role Overview:

• Conduct an 8-week cybersecurity assessment of the Auth0 consumer identity and access management platform at Client.
• Evaluate configuration, governance, and security posture.
• High-profile project with senior-level visibility.
• Potential for extension to other platforms.

Responsibilities:

• Review Auth0 configuration including password policies, API authentication, MFA, roles,
• and federation.
• Assess governance processes: access requests, data retention, regulatory compliance.
• Review documentation: architecture diagrams, SOPs, audit logs.
• Conduct stakeholder interviews and gather evidence.
• Deliver a gap assessment report with recommendations.

Required Skills:

• Strong technical knowledge of consumer identity and access management (CIAM).
• Experience with Auth0 preferred.
• Familiarity with identity federation (e.g., SAML, OpenID Connect).
• Understanding of MFA and authorization models.
• Knowledge of NIST SP 800-63 series for identity governance.

Preferred Experience:

• 3+ years of experience with Auth0 preferred.
• Experience with other CIAM platforms acceptable if transferable.
• Strong documentation and communication skills.
• Self-starter, collaborative, able to work with senior architects.

Job Tags

Similar Jobs