The Identity Access Management Engineer for Active Directory, Windows OS, and Federation has shared responsibility for the design, implementation and optimization of critical system infrastructure within Constellation’s Information Technology Operations department. This includes directory services, federation of authentication and authorization services, Windows Server OS, Identity and Access Management (IAM), security methodologies, capacity planning, environment failover and disaster recovery. As a member of the Active Directory & Identity Management team, you will be involved in IT infrastructure projects that optimize current services and deploy and integrate new technologies for Constellation including Identity and Access Management, Privileged Account Management, Active Directory and core reporting. The Identity Management Engineer will contribute to the overall success of the Identity Access Management team by providing recommendations and key insight into the technological path of IT. The position requires an in-depth expertise with MS Active Directory Services, Group Policy/Advanced Group Policy, DNS/WINS, DHCP, Microsoft's ADFS, Identity and Access Management technologies.
Create and manage monthly management reports for Active Directory & Identity Management systems and Active Directory domains.
Develop and maintain Active Directory & Identity Management System standards
Develop and maintain service levels agreements in consultation with end users to establish problem resolution expectations and timeframes.
Participate in project and strategy meetings
Work with 3rd-party and internal developers and consultants, external and internal application providers, to implement Single Sign-On (SSO) solutions
Provide coverage for Active Directory & Identity Management staff along with assistance when necessary for our Platform Engineering team while they are on leave
Document processes, installation procedures, and issue / resolution procedures
Proactively Monitor/Maintain Identity Management servers and Active Directory domains and software
Assess need for any system reconfigurations (minor or significant) based on request trends and make recommendations.
Assist management with research on emerging products, services, protocols, and standards in support of technology and development efforts.
Research technology to broaden knowledge of current and future issues and technologies.
Liaise other departmental teams to research new systems technologies, oversee installation, and resolve adaptation issues.
Assist with development, implementation, and training procedures and policies for team.
Handles additional duties as assigned.
Maintain, monitor and practice departmental standards, policies, and procedures.
Provide technical expertise for technical partners both inside and outside of Constellation Brands
Provide guidance and support for assigned consultants
3 - 5 years of experience working with Microsoft Active Directory
3 - 5 years of experience of working with various diagnostic utilities, physical servers, virtual servers and Microsoft OS versions 2008, 2012, 2016, Win 7 & 10.
Exceptional verbal and written communication skills
Understanding of the organization’s goals and objectives.
Initiatives driven and results oriented
Professional and emotional maturity
Building productive working relationships with customers and technical staff
Proven analytical and problem-solving abilities.
Demonstrate working knowledge in authentication standards like SAML, Active Directory, OAuth, Open Connect, and/or LDAP.
Experience with common web access management domain related skills e.g. understanding the concepts of cookies, session, HTTP traffic flow/analysis, etc is desirable.
3+ years of experience desired using the following applications:
Microsoft Active Directory administrative utilities, ADUC, DHCP, DNS, GPO management, WINS, etc
Quest Recovery Manager for Active Directory
Quest Change Auditor and Directory Analyzer
Oracle Identity Management suite of apps (OAM, OIM, OIF, OVD, OID)
SCCM – At an engineering level
Microsoft SQL – Create and maintain databases
BS in computer science or equivalent
Microsoft certification (MCP, MCSA, MCSE, etc) preferred.
Must be willing to work overtime, on-call and weekends as needed.
Some commercial travel required
Ability to work in a dynamic team environment where change is the norm
Must be able to learn new computing technologies quickly.
Must work effectively with a team and be self-directed
Physical Requirements/Work Environment
Must be at least 21 years of age. Must be able to sit and/or stand for long periods of time and work on a computer for extended periods. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Canandaigua, New York
Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).