Job SUMMARY AND MISSION Starbucks Global Cyber Security Group is responsible for engineering and designing Identity, Privileged Access, and Directory Service systems to meet business requirement, goals and objectives encompassing a wide range of technologies that are in accordance with Starbucks Strategy & Architecture standards and guidelines. This position contributes to Starbucks success by leading the Engineering team through design, development, and ownership of critical services. As a senior information security engineer, you will be responsible for guiding the team through deployments and project deliverables, proactively finding opportunities to improve identity services and mentor junior engineers in the areas of development, implementation, and optimization of innovative solutions and operational excellence for existing solutions. This role will serve as a technical subject matter expert in Identity technologies for a global enterprise. The individual must be a motivated team player with a positive attitude, solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on, work under minimal supervision and can work in a fast-paced global environment Models and acts in accordance with Starbucks guiding principles. Summary of Key Responsibilities
- Provides technical leadership to ensures solutions are stable, secure, and compliant with company standards and policies.
- Creates short- and long-range plans for lifecycle and capacity management for Azure Cloud services, PKI (ADCS), and centralized Identity Authorization technologies.
- Collaborates with technology vendors to deliver against business objectives.
- Advises on Operational IT Management areas of Change Management, Release Management, Incident Management, and Problem Management
- Communicates clearly and concisely, both orally and in writing
- Demonstrated ability to work successfully in a fast-paced and cross-functional team environment.
- Ability to establish cross-functional, collaborative relationships with business and technology partners.
Summary of Experience REQUIRED KNOWLEDGE
- BS degree in Information Technology, Computer Science, or equivalent experience
- 8+ years of experience in designing and developing identity solutions for large enterprise
- 8+ years of hands-on experience at large enterprise in 2 or more of the following areas:
o Privileged Access Management solutions o Directory Services (cloud and on-premise) o Certificate Management solutions (PKI)
- Working knowledge of software development and at least one of the programming/scripting languages (C#, Python, PowerShell, etc.)
- 5+ years of experience with cloud identity solutions
- Advanced understanding of Identity standards and protocols like LDAP, SAML, WS-*, OpenID Connect, PBAC, ABAC, RBAC, principles of least privilege, and ability to implement them in an enterprise environment
- Advanced problem-solving abilities
- Demonstrated ability to automate repetitive tasks using a devops approach
- Familiarity with various IT / Security technologies including DNS, DHCP, MS Exchange, Firewalls, VPN Gateways, IPS, Proxy, Endpoint Security, Vulnerability Management, SIEM, etc.
PREFERRED QUALIFICATIONS
- Certifications such as CISSP, CISM, CISA, or others focused on cybersecurity, data privacy or IAM
- Knowledge and understanding of relevant legal and regulatory requirements, such as SOX, PCI, HIPAA, etc.
- Experience with Privileged Access Maturity model concepts
- Working knowledge of software development principles and design patterns
- Hands-on experience creating and managing GitHub repositories
- CI/CD experience with Azure and related cloud application infrastructure is a plus
- DevOps related tools and technologies (JIRA, Confluence, Bitbucket, Jenkins, Ansible, Puppet, Coverity, etc.)
- Strong written and verbal communication skills
- Familiar with architecture design tools and creation/design of service-oriented architecture
- Expert engineering knowledge in the area of Identity and Access Management
- Experience with Privileged Access Management and Directory Services
- Experience implementing and managing cloud-based services
- Experience with diagnosing and troubleshooting system problems in a complex, heterogeneous systems environment
- Experience with software engineering and/or system administration
- Experience with “Devops”/Agile
- Experience with building and maintaining large enterprise Identity & Access Management deployments
- Experience with leading product evaluations, planning, gathering requirements, testing, recommending, and implementing solutions
From free coffee to competitive pay, Starbucks is proud to offer a comprehensive compensation and benefits package to our eligible part-time and full-time partners. Benefits include 100% tuition coverage through our Starbucks College Achievement Plan , health coverage with a variety of plans to choose from, and stock & savings programs like our equity reward program, Bean Stock . What’s more, Starbucks offers flexible scheduling and opportunities for paid time off. Visit starbucksbenefits.com for details. If you live in the greater Seattle area, we offer a flexible workplace that allows for hybrid work. Partners can work remotely up to two days per week. Join us and inspire with every cup. Apply today! All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. We are committed to creating a diverse and welcoming workplace that includes partners with diverse backgrounds and experiences. We believe that enables us to better meet our mission and values while serving customers throughout our global communities. People of color, women, LGBTQIA+, veterans and persons with disabilities are encouraged to apply. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal state and local ordinances. Starbucks Corporation is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at or via email at .
Agile Vulnerability management puppet Intrusion Prevention System (IPS) RBAC Azure HIPAA Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) DNS Certificate management pci scripting ldap abac saml Architectural design Software Developer DHCP CI/CD Problem-solving SIEM coverity design-patterns Confluence proxies DevOps Jira System administration Identity Management pbac GitHub Firewalls Jenkins Ansible sox Bitbucket