Web Access Management Engineer - RDT Identity & Access Management

Roche
Municipality of Madrid, Spain
yesterday

Role details

Contract type
Internship / Graduate position
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Junior

Job location

Municipality of Madrid, Spain

Tech stack

Microsoft Access
JavaScript
Microsoft Active Directory
Agile Methodologies
Business Analytics Applications
Bash
Basic Access Authentication
Configuration Management
CompTIA Security+
Computer Security
Web Development
Multi-Factor Authentication
Web Servers
Identity and Access Management
Python
Lightweight Directory Access Protocols (LDAP)
Node.js
OAuth
OpenID
Ping (Networking Utility)
Powershell
Openid Connect
Azure
Zero Trust Network Access
Security Assertion Markup Language (SAML)
Web Application Security
Session Management
Single Sign-On
Software Engineering
TypeScript
User Provisioning Software
Web Applications
Scripting (Bash/Python/Go/Ruby)
Okta
React
Software Security
GIT
Angular
Information Technology
Web Technologies
Front End Software Development
Api Gateway
REST
Software Version Control

Job description

At the heart of our digital security is the trust we build through seamless, secure, and authenticated access. As a Junior Web Access Management Engineer, you will join our Identity and Access Management (IAM) team to help manage and secure our web application access controls and identity federation systems. You'll be instrumental in ensuring that our Single Sign-On (SSO) integrations, Multi-Factor Authentication (MFA) policies, and API gateway access run without a hitch. This is a growth-oriented role where you will learn to navigate complex application security infrastructures while contributing to the automation and optimization of secure access workflows.

Job Responsibilities

Scope

  • Support the day-to-day administration of enterprise IAM and Web Access Control (WAC) platforms (such as Okta, Microsoft Entra ID, Ping Identity, or Auth0), including basic policy management and standard troubleshooting.
  • Assist in integrating applications with central Identity Providers (IdPs) using standard authentication and authorization protocols, including SAML, OAuth 2.0, and OpenID Connect (OIDC).
  • Support the deployment, monitoring, and validation of Multi-Factor Authentication (MFA) mechanisms, including TOTP, security keys (FIDO2/WebAuthn), and passwordless authentication methods.
  • Participate in the automation of routine access management tasks, user provisioning policies (such as JIT or basic SCIM setups), and configuration management using Version Control systems and scripting (PowerShell, Bash, or Python).
  • Collaborate with senior engineers to troubleshoot session management anomalies, token validation (JWT) issues, and secure communications across web server and API gateway environments.

Impact/Strategy

  • Collaborate in the automation of routine application access configuration and user lifecycle tasks using basic scripting (PowerShell, Python, or Bash) and maintain scripts using version control systems.
  • Assist in maintaining team internal wikis, standard operating procedures (SOPs), and runbooks for application integrations and access management lifecycles.
  • Collaborate with senior engineers to route, distribute, and validate authentication tokens, access policies, and application gateways across diverse staging and production environments.

Complexity

  • Focuses primarily on executing defined procedures, troubleshooting authentication and access issues, and engage to senior team members for complex IAM anomalies .
  • Contributes to team agility by identifying operational inefficiencies (such as manual provisioning friction) and proposing minor process improvements within immediate daily tasks.
  • Demonstrates growing autonomy within the specific domain by translating daily integration requirements into structured tasks under direct supervision.

Business/Technical Ability

  • Possesses a working knowledge of the Identity and Access Management (IAM) domain and supporting web access technologies.
  • Understands sources of influence, comprehending internal and external factors (such as compliance, user friction, and security threats) affecting the secure web access space, and is capable of identifying and analyzing basic access management problems or opportunities holistically.

Requirements

  • Experience: 1-2 years of experience in an IT Helpdesk, Systems Administration, junior Web Development, or junior Security Operations (SOC) role. An internship focused on web development, infrastructure, or Identity and Access Management (IAM) is highly valued.
  • Education: Bachelor's Degree in Computer Science, Software Engineering, Cyber Security, or equivalent practical experience.
  • Working knowledge of relevant business domains and supporting cybersecurity/web technologies.
  • Demonstrated ability to independently handle defined tasks and contribute to various stages of the security and application analysis lifecycle.

Technical Skills

  • Understanding of Zero Trust principles, authentication factors, and modern identity workflows.
  • A solid understanding of web authentication and authorization protocols (SAML, OAuth 2.0, OIDC) and secure communication basics (HTTP/HTTPS, RESTful APIs, session tokens, and JWTs).
  • Exposure to modern web development languages and frameworks (e.g., JavaScript/TypeScript, React, Angular, Node.js, Python, or Go) to assist with frontend authentication integrations.
  • Working knowledge of user directory services (Active Directory, LDAP) and standard provisioning methods (SCIM, Just-In-Time provisioning).
  • Familiarity with Git for version control and basic exposure to scripting (PowerShell, Bash, or Python) for automating repetitive administration tasks.
  • Communication skills to collaborate effectively within Agile/cross-functional teams, with a structured approach to problem-solving.
  • Eagerness to learn and a desire to work toward foundational certifications like CompTIA Security+, Microsoft SC-300 (Identity and Access Administrator), or PingID Certified Professional.

Additional Qualifications

  • A mindset of continuous improvement with a proactive approach to identifying solution-level issues, gaps, or inefficiencies in access workflows.
  • Strong analytical and logical reasoning skills to identify authentication discrepancies, challenge assumptions, and confidently present solutions.

About the company

Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat - heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.

Apply for this position