ISVA/ISAM Consultant

Overview

Main Priorities

• Design ISAM/ISVA solution architecture (reverse proxy, policy server/runtime, AAC and federation) aligned to security and availability requirements.
• Install, configure and administer ISAM/ISVA components including WebSEAL reverse proxy, policy server/runtime and management interfaces across DEV/UAT/PROD.
• Implement SSO and federated identity integrations using SAML 2.0, OAuth 2.0 and OpenID Connect (OIDC) for internal and external applications.
• Configure Advanced Access Control (AAC) for MFA and step-up/adaptive authentication journeys, including policy rules and authentication mechanisms.
• Configure and manage WebSEAL reverse proxy, junctions (standard/virtual), ACLs, POPs, authorization policies and header-based identity propagation.
• Integrate ISAM/ISVA with LDAP/Active Directory and identity providers; manage SSL/TLS, certificates, keystores/truststores and secure connectivity.
• Enable API protection and token services (OAuth/OIDC) where applicable; configure policies for client onboarding, token issuance and validation.
• Perform upgrades/patching, high availability configuration, performance tuning and L3 troubleshooting for authentication, federation and access issues.

Key Outputs

• ISAM/ISVA solution design documents (HLD/LLD), architecture diagrams and implementation plan for SSO/MFA/federation.
• Configured WebSEAL reverse proxy instances, junctions, access control policies (ACL/POPs) and session management settings.
• Federation configurations delivered (SAML/OIDC/OAuth) including metadata exchange, mapping rules/attribute mapping and application onboarding.
• MFA and step-up authentication journeys implemented using AAC (policies, mechanisms, risk/adaptive rules) with testing evidence.
• Directory and IdP integrations completed (AD/LDAP/IdP) with secure SSL/TLS configuration, certificate lifecycle and connectivity validation.
• Operational runbooks, SOPs and KT artifacts for WebSEAL, AAC and federation administration, including backup/restore and DR procedures.
• Monitoring and logging integrations (as applicable) plus troubleshooting guides for auth/SSO failures, certificate issues and performance bottlenecks.
• Change/Release artifacts for upgrades and patching, including rollback plans and post-implementation validation checklists.
• L3 support deliverables: incident analysis, root cause reports and corrective actions for authentication, federation and access control issues.

/ Knowledge

• Strong hands-on experience with IBM Security Access Manager / IBM Security Verify Access (ISAM/ISVA) implementing SSO, federation and access control.
• Expertise in WebSEAL reverse proxy configuration (instances, junctions, ACLs, POPs, authorization policies) and troubleshooting.
• Strong understanding and hands-on implementation of federation standards: SAML 2.0, OAuth 2.0 and OpenID Connect (OIDC).
• Hands-on experience with Advanced Access Control (AAC) for MFA, step-up/adaptive authentication and access policy rules.
• Good knowledge of authentication mechanisms (LDAP, certificates, OTP/push, RADIUS where applicable) and strong IAM concepts (authn/authz, least privilege).
• Experience integrating with enterprise directories (IBM LDAP/Active Directory), managing SSL/TLS, certificates, keystores/truststores and mutual trust.
• Understanding of ISAM/ISVA architecture and components (WebSEAL, runtime, AAC, federation, policy concepts) including HA/DR patterns.
• Scripting/automation exposure (Shell/Python/JavaScript as applicable), REST APIs and strong log analysis skills for troubleshooting.
• Good understanding of networking fundamentals (DNS, load balancers, proxies, firewalls) and HTTP/S concepts relevant to reverse proxy deployments.
• Proven experience creating HLDs/LLDs, onboarding guides, test plans, and operational/runbook documentation for SSO/MFA solutions.
• Working knowledge of security best practices and compliance requirements (e.g., ISO 27001, PCI-DSS) and how they apply to access management.
• Excellent communication, documentation, and stakeholder management skills; strong analytical and problem-solving abilities.
• Ability to work independently and lead small to mid-sized project teams.

Experience

• (add relevant Exp also)
• Total Experience: 5-9 years in IT, with at least 4+ years of core IAM/Web Access Management experience on ISAM/ISVA.

Relevant Tools

• IBM ISAM / IBM Security Verify Access (ISVA), WebSEAL, AAC, Federation module.