This job listing has expired and the position may no longer be open for hire.

Lead, Identity Access Management Engineer at Constellation Brands

Posted in Architecture 30+ days ago.

This job brought to you by eQuest

Type: Full-Time
Location: Canandaigua, New York

Job Description:

Job Description

Position Summary

The Identity Access Management Engineer for Active Directory, Windows OS, and Federation has shared responsibility for the design, implementation and optimization of critical system infrastructure within Constellation’s Information Technology Operations department. This includes directory services, federation of authentication and authorization services, Windows Server OS, Identity and Access Management (IAM), security methodologies, capacity planning, environment failover and disaster recovery. As a member of the Active Directory & Identity Management team, you will be involved in IT infrastructure projects that optimize current services and deploy and integrate new technologies for Constellation including Identity and Access Management, Privileged Account Management, Active Directory and core reporting. The Identity Management Engineer will contribute to the overall success of the Identity Access Management team by providing recommendations and key insight into the technological path of IT. The position requires an in-depth expertise with MS Active Directory Services, Group Policy/Advanced Group Policy, DNS/WINS, DHCP, Microsoft's ADFS, Identity and Access Management technologies.


  • Create and manage monthly management reports for Active Directory & Identity Management systems and Active Directory domains.

  • Develop and maintain Active Directory & Identity Management System standards

  • Develop and maintain service levels agreements in consultation with end users to establish problem resolution expectations and timeframes.

  • Participate in project and strategy meetings

  • Work with 3rd-party and internal developers and consultants, external and internal application providers, to implement Single Sign-On (SSO) solutions

  • Provide coverage for Active Directory & Identity Management staff along with assistance when necessary for our Platform Engineering team while they are on leave

  • Document processes, installation procedures, and issue / resolution procedures

  • Proactively Monitor/Maintain Identity Management servers and Active Directory domains and software

  • Assess need for any system reconfigurations (minor or significant) based on request trends and make recommendations.

  • Assist management with research on emerging products, services, protocols, and standards in support of technology and development efforts.

  • Research technology to broaden knowledge of current and future issues and technologies.

  • Liaise other departmental teams to research new systems technologies, oversee installation, and resolve adaptation issues.

  • Assist with development, implementation, and training procedures and policies for team.

  • Handles additional duties as assigned.

  • Maintain, monitor and practice departmental standards, policies, and procedures.

  • Provide technical expertise for technical partners both inside and outside of Constellation Brands

  • Provide guidance and support for assigned consultants

Minimum Qualifications

  • 3 - 5 years of experience working with Microsoft Active Directory

  • 3 - 5 years of experience of working with various diagnostic utilities, physical servers, virtual servers and Microsoft OS versions 2008, 2012, 2016, Win 7 & 10. 

  • Exceptional verbal and written communication skills

  • Understanding of the organization’s goals and objectives.

  • Initiatives driven and results oriented

  • Professional and emotional maturity

  • Building productive working relationships with customers and technical staff

  • Proven analytical and problem-solving abilities. 

  • Demonstrate working knowledge in authentication standards like SAML, Active Directory, OAuth, Open Connect, and/or LDAP. 

  • Experience with common web access management domain related skills e.g. understanding the concepts of cookies, session, HTTP traffic flow/analysis, etc is desirable.

  • 3+ years of experience desired using the following applications:

  • Microsoft Active Directory administrative utilities, ADUC, DHCP, DNS, GPO management, WINS, etc

  • Quest Recovery Manager for Active Directory

  • Quest Change Auditor and Directory Analyzer

  • Quest Reporter

  • Cyber Ark

  • Oracle Identity Management suite of apps (OAM, OIM, OIF, OVD, OID)

  • SCCM – At an engineering level

  • Microsoft ADFS

  • Microsoft SQL – Create and maintain databases

  • Varonis

  • Service Now

  • Experience programming in one or more:  HTML, Javascript, Python, VBA

Preferred Qualifications

  • BS in computer science or equivalent

  • Microsoft certification (MCP, MCSA, MCSE, etc) preferred.

  • Must be willing to work overtime, on-call and weekends as needed.

  • Some commercial travel required

  • Ability to work in a dynamic team environment where change is the norm

  • Must be able to learn new computing technologies quickly.

  • Must work effectively with a team and be self-directed

Physical Requirements/Work Environment

Must be at least 21 years of age. Must be able to sit and/or stand for long periods of time and work on a computer for extended periods. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


Canandaigua, New York

Additional Locations

Job Type

Full time

Job Area

Information Technology

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).