We are seeking a highly accomplished Identity Access Management (IAM) Consultant to take technical ownership of the administration, operational lifecycle, and multi-tier evergreening of the GO-PKI ecosystem. In this role, you will execute critical security stack upgrades—including migrating obsolete Certificate Authority (CA) clusters to modern
...
managed cloud services and transitioning enterprise directories to achieve high-value licensing optimization. Operating across multi-platform operating systems and high-user-density topologies, you will ensure total platform resiliency through disaster recovery (DR) engineering, serverless utility scripting, and 24x7 production tier-3 triage support.
Location: Toronto, ON (Fully Onsite - 5 days/week required)
Duration: 6-month contract.
Advantages
Massive Scale Infrastructure Footprint: Command an authoritative deployment sandbox supporting security profiles, cryptographic validations, and access controls for over 10,000 registered active identities.
High-Visibility Modernization Catalyst: Spearhead high-impact infrastructure evergreening initiatives that directly de-risk security baselines and secure substantial cost savings.
Deep Cryptographic Engineering Exposure: Maximize your security profile by configuring foundational identity layers, from physical HSM nodes and directory schemas to cloud-hosted managed PKI providers.
Collaborative Central Workspace: Gain direct exposure to large enterprise IT environments, interacting closely with specialized network, infrastructure hosting, and vendor engineering pods.
Responsibilities
PKI Stack Evergreening & Cloud Migration: Drive the technical upgrade of Entrust CA systems from legacy v8.2.40 to Entrust CA v10, laying the architectural foundation for subsequent migration into Entrust Managed Cloud Services.
Directory Infrastructure Refactoring: Transition enterprise directories by replacing Atos DirX environments with Oracle Unified Directory (OUD) to capture substantial structural licensing efficiencies.
Disaster Recovery (DR) Engineering: Define, build, and document automated hot-standby and fail-over disaster recovery topologies for core Certificate Authority engines, encompassing both Entrust and ADCS CA networks.
Hardware Security Module (HSM) Configuration: Perform low-level technical provisioning and policy adjustments on Hardware Security Modules (HSM) to enforce hardened cryptographic keys.
Tier-2/3 Production Support & On-Call Triage: Provide mission-critical 24x7 production support coordination, isolating deep-seated performance anomalies across interconnected proxies, firewalls, network load balancers, and entry gateways.
Client System Integration & Pattern Design: Analyze external business application technical requirements across ministries, providing repeatable integration design blueprints, scripts, and automated utilities to hook systems into the shared authentication grid.
Telemetry Monitoring & System Management: Establish granular event thresholds, metrics alerts, and performance monitoring baselines across web servers (IIS, Apache HTTPD, NGINX, WebLogic) and Oracle Databases.
ITIL Process Alignment: Conduct configuration, release, and emergency patch installations in strict compliance with formalized corporate Change Management, Incident Management, and Capacity planning lanes.
Structured Knowledge Transfer: Author technical runbooks, maintenance procedures, and training roadmaps to transition platform sustainment successfully over to permanent cluster IT staff.
Qualifications
Core IAM & System Sustainment Seniority: 10+ years of progressive professional experience administering, operating, and patching COTS-based Identity and Access Management systems, with at least 4 years explicitly supporting deployment matrices protecting 10,000+ active users (Strictly Required).
PKI & Core Product Domain Depth: 10+ years of hands-on expertise designing, deploying, and sustaining large-scale system integrations utilizing the Entrust PKI Suite (Security Manager, Proxy, Automated Enrollment Services) alongside Oracle Identity Manager (OIM) (Strictly Required).
Directory Access & LDAP Prowess: Expert command of LDAP management utilities, directory structures, and CLI commands using toolsets like Atos Dir.X, Oracle Unified Directory (OUD), and Apache Directory Studio.
Web Server & Application Middleware Fluency: Strong background configuring, starting/stopping, and fine-tuning multi-tier web platforms, explicitly Windows IIS, Apache HTTPD, IBM Web Server, NGINX, and Oracle WebLogic.
Cross-Platform OS & Database Command: Advanced system administration literacy across multi-generation operating systems (Solaris, Linux, AIX, Windows Server) paired with robust SQL scripting and Oracle 11g (and later) database management skills.
Network Infrastructure Competency: Solid functional understanding of core networking technologies, including load balancers, reverse proxies, and hardware gateway configurations.
ITIL Service Management Literacy: Demonstrated experience executing standard operational procedures under structured ITIL frameworks (Change, Problem, Incident, and Asset Release Management).
Soft Skills: Outstanding critical thinking, data-driven troubleshooting, and technical documentation capabilities, with a proven ability to independently resolve multi-component system crashes under time-sensitive constraints.
Nice to Have:
Prior professional experience delivering security architecture, identity migrations, or infrastructure support within a Canadian public sector framework or corporate agency cluster.
Summary
If you're interested in the "Junior Identity Access Management Consultant" role based in Toronto, we encourage you to apply online at www.randstad.ca. Only qualified candidates will be contacted for the next steps. We look forward to hearing from you!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
We are seeking a highly accomplished Identity Access Management (IAM) Consultant to take technical ownership of the administration, operational lifecycle, and multi-tier evergreening of the GO-PKI ecosystem. In this role, you will execute critical security stack upgrades—including migrating obsolete Certificate Authority (CA) clusters to modern managed cloud services and transitioning enterprise directories to achieve high-value licensing optimization. Operating across multi-platform operating systems and high-user-density topologies, you will ensure total platform resiliency through disaster recovery (DR) engineering, serverless utility scripting, and 24x7 production tier-3 triage support.
Location: Toronto, ON (Fully Onsite - 5 days/week required)
Duration: 6-month contract.
Advantages
Massive Scale Infrastructure Footprint: Command an authoritative deployment sandbox supporting security profiles, cryptographic validations, and access controls for over 10,000 registered active identities.
High-Visibility Modernization Catalyst: Spearhead high-impact infrastructure evergreening initiatives that directly de-risk security baselines and secure substantial cost savings.
...
Deep Cryptographic Engineering Exposure: Maximize your security profile by configuring foundational identity layers, from physical HSM nodes and directory schemas to cloud-hosted managed PKI providers.
Collaborative Central Workspace: Gain direct exposure to large enterprise IT environments, interacting closely with specialized network, infrastructure hosting, and vendor engineering pods.
Responsibilities
PKI Stack Evergreening & Cloud Migration: Drive the technical upgrade of Entrust CA systems from legacy v8.2.40 to Entrust CA v10, laying the architectural foundation for subsequent migration into Entrust Managed Cloud Services.
Directory Infrastructure Refactoring: Transition enterprise directories by replacing Atos DirX environments with Oracle Unified Directory (OUD) to capture substantial structural licensing efficiencies.
Disaster Recovery (DR) Engineering: Define, build, and document automated hot-standby and fail-over disaster recovery topologies for core Certificate Authority engines, encompassing both Entrust and ADCS CA networks.
Hardware Security Module (HSM) Configuration: Perform low-level technical provisioning and policy adjustments on Hardware Security Modules (HSM) to enforce hardened cryptographic keys.
Tier-2/3 Production Support & On-Call Triage: Provide mission-critical 24x7 production support coordination, isolating deep-seated performance anomalies across interconnected proxies, firewalls, network load balancers, and entry gateways.
Client System Integration & Pattern Design: Analyze external business application technical requirements across ministries, providing repeatable integration design blueprints, scripts, and automated utilities to hook systems into the shared authentication grid.
Telemetry Monitoring & System Management: Establish granular event thresholds, metrics alerts, and performance monitoring baselines across web servers (IIS, Apache HTTPD, NGINX, WebLogic) and Oracle Databases.
ITIL Process Alignment: Conduct configuration, release, and emergency patch installations in strict compliance with formalized corporate Change Management, Incident Management, and Capacity planning lanes.
Structured Knowledge Transfer: Author technical runbooks, maintenance procedures, and training roadmaps to transition platform sustainment successfully over to permanent cluster IT staff.
Qualifications
Core IAM & System Sustainment Seniority: 10+ years of progressive professional experience administering, operating, and patching COTS-based Identity and Access Management systems, with at least 4 years explicitly supporting deployment matrices protecting 10,000+ active users (Strictly Required).
PKI & Core Product Domain Depth: 10+ years of hands-on expertise designing, deploying, and sustaining large-scale system integrations utilizing the Entrust PKI Suite (Security Manager, Proxy, Automated Enrollment Services) alongside Oracle Identity Manager (OIM) (Strictly Required).
Directory Access & LDAP Prowess: Expert command of LDAP management utilities, directory structures, and CLI commands using toolsets like Atos Dir.X, Oracle Unified Directory (OUD), and Apache Directory Studio.
Web Server & Application Middleware Fluency: Strong background configuring, starting/stopping, and fine-tuning multi-tier web platforms, explicitly Windows IIS, Apache HTTPD, IBM Web Server, NGINX, and Oracle WebLogic.
Cross-Platform OS & Database Command: Advanced system administration literacy across multi-generation operating systems (Solaris, Linux, AIX, Windows Server) paired with robust SQL scripting and Oracle 11g (and later) database management skills.
Network Infrastructure Competency: Solid functional understanding of core networking technologies, including load balancers, reverse proxies, and hardware gateway configurations.
ITIL Service Management Literacy: Demonstrated experience executing standard operational procedures under structured ITIL frameworks (Change, Problem, Incident, and Asset Release Management).
Soft Skills: Outstanding critical thinking, data-driven troubleshooting, and technical documentation capabilities, with a proven ability to independently resolve multi-component system crashes under time-sensitive constraints.
Nice to Have:
Prior professional experience delivering security architecture, identity migrations, or infrastructure support within a Canadian public sector framework or corporate agency cluster.
Summary
If you're interested in the "Junior Identity Access Management Consultant" role based in Toronto, we encourage you to apply online at www.randstad.ca. Only qualified candidates will be contacted for the next steps. We look forward to hearing from you!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more