TC-CS-IAM-RSA Implementation-Senior

Location: Bengaluru

Other locations: Anywhere in Country

Salary: Competitive

Date: Jun 8, 2026

• *Job description**
• ------------------

Requisition ID: 1698414

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

• *RSA Implementation:**

As a Senior Developer, you will lead **connector development, workflow orchestration,** and **application onboarding** within RSA Identity Governance \& Lifecycle (IGL / RSA Via). You’ll build scalable integrations to enterprise and cloud systems, design approval and provisioning workflows, optimize collections and certifications, and enforce governance policies (RBAC/SoD) across complex environments.

• *Key Responsibilities**

• **Connector Development (AFX \& Custom Integrations)**

+ Design, develop, and maintain **provisioning and deprovisioning connectors using AFX (Aveksa Fulfillment Express)**, including:

• **Out\-of\-the\-box (OOTB) connectors:** AD/LDAP, Databases (JDBC), SAP, ServiceNow, Azure AD, AWS, G Suite, O365\.
• **Web Service connectors:** REST/SOAP with OAuth2/JWT/API keys.
• **Scripting\-based connectors: PowerShell, SSH, Unix shell, Python** for on\-prem targets.

+ Build **Collectors** for data aggregation (accounts, groups, entitlements) from applications using:

• **JDBC** (Oracle, SQL Server, MySQL), **LDAP, Flat files/SFTP, REST APIs**.

+ Implement **attribute mappings**, transformation rules, and correlation logic (user\-to\-account, multi\-attribute matching, fuzzy logic as needed).

+ Handle **delta/ incremental collections, error handling,** retries, and **idempotency.**

+ Secure credentials and secrets via **vaulting** or platform key stores; apply **least\-privilege** for connector service accounts.

+ Performance tune connectors: paging, throttling, parallelism, connection pooling, and API rate\-limit strategies.

+ Document **runbooks**, deployment steps, and **rollback** procedures.

• **Workflow Design \& Orchestration**

+ Build **business workflows** for**:**

• **Joiner–Mover–Leaver (JML)** lifecycle automation.
• **Access requests / approvals** (multi\-level, manager/owner/risk\-based).
• **Provisioning workflows** with branching (success, failure, rollback, re\-try).
• **Emergency access (firefighter) requests** with time\-bound access and post\-use review.

+ Configure **Change Request (CR) rules, rule sets**, and **task handlers**.

+ Implement **dynamic approval routing** (manager DAC, entitlement owner, application owner, SoD compensating control approvers).

+ Integrate with **ticketing/ITSM** (ServiceNow/Jira) for fulfillment tasks and status sync.

+ Add **notifications/SLAs** (reminders, escalations, auto\-approvals/auto\-revokes with justification capture).

+ Ensure **auditable trails**: request provenance, approver comments, task logs, and evidence.

• **Application Onboarding \& Governance**

+ Drive end\-to\-end onboarding: **authoritative sources**, applications, accounts, entitlements, ownership, and risk scoring.

+ Establish **role models** (enterprise roles, IT roles), **entitlement catalogs, and birthright access.**

+ Define and maintain **SoD policies** (conflict matrices, rule libraries), exception workflows, and **compensating controls.**

+ Configure and run **Access Certification Campaigns** (manager, app owner, role owner, SoD remediation).

+ Implement data quality checks: orphan accounts, toxic combinations, excessive privilege detection.

• **Operations, Hardening \& Performance**

+ Schedule collections, provisions, certifications; monitor job queues and **AFX** tasks.

+ Patch and upgrade RSA IGL components; validate customizations post\-upgrade.

+ Implement **backup/restore, DR,** and **high availability** patterns.

+ Deliver **KPIs:** request SLA adherence, provisioning success rate, collection freshness, certification completion %, SoD violations trend.

• *Day to Day Deliverables**

• Connector specification (interfaces, auth, payloads, mappings, error taxonomy).
• Workflow definitions (BPM diagrams, approver logic, SLAs, escalation paths).

Data model mapping (source person account* entitlement).

• Test assets: unit tests for scripts, **UAT** scenarios, negative tests, performance tests.
• Deployment artifacts: packages, encryption keys, environment configs.
• Operational documentation and handover runbooks.

• *Technical Stack \& Environment**

• **RSA IGL Core:** Lifecycle, Governance, Access Requests, Certifications, Policies, AFX, Collectors.
• **Programming/Scripting: Java, Groovy** (where applicable), **PowerShell, Python, Bash.**
• **Integrations**: REST/JSON, SOAP/XML, **JDBC, LDAP**, SFTP, OAuth2/OIDC/SAML.
• **Databases:** Oracle / SQL Server (schema tuning, indexes, partitioning guidance).
• **Infra/App Server**: Linux\-based deployment; JBoss/WildFly/WebLogic (as per customer stack).
• **Directories/Clouds:** AD/LDAP, Entra ID (Azure AD), Okta (as target/peer), AWS IAM, GCP, SAP.

• *EY \| Building a better working world**

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi\-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.