SSO Senior Developer

Abaco is looking for a Single Sign-on (SSO) Senior Developer to work for a major financial banking institution located in the Washington, DC Metro Region. The ideal candidate for this opportunity will have solid industry experience in the following area(s):

• Ability to develop for SSO project using products such as Oracle Access Manager.  Ability to design, develop and implement tasks for SSO in support of J2EE applications.
• Ability to work closely with cross-functional IT teams, business analysts, DBAs, security managers and developers to ensure effective execution of SSO services.  Solve problems related to installation, implementation, maintenance, and operations of SSO and related components.
• Coordinates with intersecting organizations to ensure that supporting infrastructure systems are designed and implemented to meet customer’s internal and external standards and service level requirements to 99.99% Production availability.
• Knowledge of security policies within the SSO environment helpful between external applications, Oracle WebLogic Server, OWSM and other technologies in Fusion middleware stack.

Primary Job Responsibilities:

• Knowledge of features like:
  • Security Infrastructure
  • Web Application Security
  • Identity & Access Management
  • Directory Services
  • Microsoft Active Directory (AD), AD Application Mode (ADAM)
  • Oracle Identity Products: Oracle Identity Manager (OIM), Oracle Access Manager (OAM)
  • Web Adaptive Authentication
  • Single Sign-On (SSO)
  • Identity Federation
  • Real time Risk Analysis
  • Multi factor Authentication
  • J2EE

Requirements

MUST BE A US CITIZEN

MUST BE ABLE TO PASS BACKGROUND CHECK AND CREDIT CHECK

• 5 or more years of experience in software industry
• Experience with Access Management solutions

Desired Requirements:

• Experience augmenting development team, providing a strong knowledge base.
• Developers create code to protect against many risks, such as operator error, system errors, etc. In the FDIC environment, the code must also be able to withstand attacks from intelligent adversaries and their automated programs. They identify available security controls are available, when to use them, and how to use them.  They ensure current security best practices are applied and security tests are integrated into the SDLC.
• Deep understanding of secure coding best practice, including, but not limited to:
  • Modeling data instead of string usage,
  • Using string wrappers and narrowing what they can contain,
  • Ensuring modern DLLs, APIs, and other common code sources are used,
  • Using white list input validation,
  • Preventing “bad practices/environments” (e.g. in-line JavaScript),
  • Ensuring patching to include frameworks and libraries.
• Potential to perform as development team lead facilitating code review, and SDLC support.
• Provide advice and consultancy to team members on risk assessment.
• Design, implement and support SSO-focused tools and services.
• A SANS GIAC Secure Software Programmer (GSSP), or SANS GIAC Web Application Security (GWEB) certification.