Marius-Alexandru A Voinescu, Developer in Bern, Switzerland
Marius-Alexandru is available for hire
Hire Marius-Alexandru

Marius-Alexandru A Voinescu

Bio

Marius-Alexandru is a security engineer specializing in IAM (Okta, Entra ID) and Terraform. He designs scalable access-control systems and hub-spoke architectures for SAML/OIDC onboarding. He's built security-focused platforms, including a Go data pipeline and a SIEM with automated incident workflows. Marius-Alexandru focuses on automation, least privilege, and secure-by-design systems.

Portfolio

NTT Data
Okta, Active Directory Federation, Security, System Administration...
Fanatics SPV, LLC - Collectibles
Okta, Security, Jira, Active Directory (AD), Terraform, Authentication, OpenID...
myVault LLC
Authentication, SAML, Single Sign-on (SSO), Security, Okta, OpenID...

Experience

  • SAML - 7 years
  • Multiple Factor Analysis (MFA) - 7 years
  • Single Sign-on (SSO) - 7 years
  • Okta - 7 years
  • Windows PowerShell - 5 years
  • Security - 5 years
  • Identity & Access Management (IAM) - 5 years
  • Active Directory Federation - 2 years

Preferred Environment

Okta, Identity & Access Management (IAM), Terraform, IT Security, Security Engineering, Cloud Security, Microsoft Entra ID, Microsoft Entra, SailPoint

The most amazing...

...thing: I've built Terraform modules for hub-spoke IAM, standardizing SAML/OIDC app onboarding and enabling secure, scalable access across tenants.

Work Experience

Identity & Access Management Systems Engineer

2021 - PRESENT
NTT Data
  • Led integration of multiple subsidiaries into Okta, onboarding applications, and automating JML processes via APIs and Okta Workflows, reducing manual effort and improving lifecycle consistency.
  • Delivered engineering support for IAM platforms, performing root cause analysis on incidents and improving system reliability across enterprise identity services.
  • Managed IAM requests and access provisioning, ensuring secure, timely delivery of identity services while maintaining compliance with access control policies.
  • Developed Terraform modules to standardize SAML/OIDC application onboarding, enabling scalable and consistent access management across multiple environments.
  • Implemented access control and identity governance practices aligned with least privilege, improving security posture across integrated applications.
  • Automated identity workflows and operational tasks, reducing manual intervention and increasing efficiency in user lifecycle and access management processes.
  • Contributed to IAM architecture design by supporting scalable identity solutions and integration patterns across enterprise environments.
Technologies: Okta, Active Directory Federation, Security, System Administration, Single Sign-on (SSO), Identity & Access Management (IAM), Azure, Active Directory (AD), Microsoft, Microsoft Identity Manager, Cybersecurity, IT Security, Communication, CrowdStrike, Privileged Access Management (PAM), Azure Active Directory, Terraform, Infrastructure as Code (IaC), Authentication, OpenID, Implementing Okta, Zero Trust, Identity Lifecycle Management, Reporting, Authorization, Auth, Microsoft Entra ID, Windows PowerShell, SAML, OpenID Connect (OIDC), Customer Identity and Access Management (CIAM), Python

Okta Implementation Expert Advisor

2025 - 2025
Fanatics SPV, LLC - Collectibles
  • Migrated enterprise applications to Okta, centralizing authentication and standardizing access management across multiple subsidiaries.
  • Collaborated with application owners and cross-functional teams to design and implement SSO integrations with minimal downtime.
  • Led a Terraform POC to automate Okta application onboarding and lifecycle management, improving consistency and reducing manual effort.
Technologies: Okta, Security, Jira, Active Directory (AD), Terraform, Authentication, OpenID, Implementing Okta, Identity Lifecycle Management, Reporting, Authorization, Auth, Identity & Access Management (IAM), Single Sign-on (SSO), SAML, OpenID Connect (OIDC)

Okta/SAML Developer

2024 - 2025
myVault LLC
  • Integrated applications into Okta using SAML and OIDC, enabling secure and scalable SSO across environments.
  • Designed and implemented MFA and authentication policies aligned with varying security requirements.
  • Advised stakeholders on Okta integration strategies, aligning IAM capabilities with business use cases.
Technologies: Authentication, SAML, Single Sign-on (SSO), Security, Okta, OpenID, Implementing Okta, Identity Lifecycle Management, Reporting, Authorization, Auth, Identity & Access Management (IAM), OpenID Connect (OIDC)

Okta/SSO/Security Consultant

2023 - 2024
HUB International - Transaction Lines
  • Developed automation workflows to handle reporting of failed user communications, improving visibility and operational response.
  • Integrated applications into Okta, supporting centralized authentication and access management.
  • Troubleshot application integration and lifecycle issues, improving reliability and reducing service disruptions.
Technologies: Okta, Single Sign-on (SSO), Identity & Access Management (IAM), Communication, Authentication, OpenID, Implementing Okta, Identity Lifecycle Management, Reporting, Authorization, Auth, SAML, OpenID Connect (OIDC)

Identity & Access Management Specialist

2021 - 2021
Garrett-Advancing Motion
  • Managed and enhanced Active Directory, CyberArk, and IAM technologies, improving identity and privileged access security.
  • Delivered IAM and security-related project streams across Active Directory, LDAP, and PAM, aligning with business priorities.
  • Implemented POCs for IAM and cybersecurity tools, including CrowdStrike Falcon Identity Threat Detection, improving evaluation and visibility.
Technologies: CyberArk, Security, System Administration, Single Sign-on (SSO), Identity & Access Management (IAM), Azure, Active Directory (AD), Microsoft, Cybersecurity, IT Security, Communication, Privileged Access Management (PAM), Azure Active Directory, Authentication, OpenID, Implementing Okta, Zero Trust, Identity Lifecycle Management, Reporting, Authorization, Auth, Microsoft Entra ID, SAML, OpenID Connect (OIDC)

Identity & Access Management Systems Engineer

2019 - 2021
NTT Data Services
  • Assisted with the migration of different company subsidiaries to Okta. Integrated their apps and day-to-day operations in the new tool, including building custom APIs and Okta Workflows to automate the JML process.
  • Provided engineering support for complex projects that leverage NTT DATA Services IAM platforms and performed root causes analysis on system incidents.
  • Ensured processing and responses to IAM requests to deliver premium security and Access Management services to the organization.
Technologies: Active Directory Federation, Okta, Identity & Access Management (IAM), System Administration, Single Sign-on (SSO), Azure, Active Directory (AD), Microsoft, Microsoft Identity Manager, Cybersecurity, IT Security, Communication, Privileged Access Management (PAM), Azure Active Directory, Authentication, OpenID, Implementing Okta, Zero Trust, Identity Lifecycle Management, Reporting, Authorization, Auth, Microsoft Entra ID, Windows PowerShell, SAML, OpenID Connect (OIDC), Customer Identity and Access Management (CIAM), Python

Okta Tier 2 Technical Support Engineer

2017 - 2019
Computer Generated Solutions
  • Supported implementation for cloud applications such as Office 365, ServiceNow, Cisco, G Suite, Salesforce, AWS, Zendesk, Box, DropBox, Concur, BlueJeans, Jive, Yammer, Slack/HipChat, and Workday.
  • Assisted with Multifactor Authentication (MFA) support for a broad set of cloud applications and on-premises systems, such as SMS and Voice, Okta Verify Push, U2F, YubiKey, RSA SecureID, Google Authenticator, Symantec VIP, Apple TouchID, and Duo Security.
  • Troubleshot RCA bugs for engineering with full end-to-end ownership.
Technologies: Okta, Active Directory Federation, LDAP, Jira, SAML, Multiple Factor Analysis (MFA), Security, System Administration, Single Sign-on (SSO), Azure, Microsoft, Communication, Authentication, Implementing Okta, Identity Lifecycle Management, Reporting, Authorization, Auth, Identity & Access Management (IAM), OpenID Connect (OIDC)

Experience

Terraform IAM Platform – Hub & Spoke Application Provisioning

I designed and implemented a scalable IAM platform using Terraform to standardize application onboarding and access control across a multi-tenant hub-and-spoke architecture in Okta. The solution automates the creation of SAML and OIDC integrations in a central hub tenant while dynamically provisioning access pathways (via bookmark applications) across 10+ spoke tenants.

I developed reusable, parameterized Terraform modules that abstract complexity and allow application definitions to be driven via structured inputs (e.g., JSON), supporting multiple authentication types, tenant scoping, and environment-specific configurations. This significantly reduced manual configuration effort and ensured consistent enforcement of security controls.

The platform integrates with Terraform Cloud to introduce approval gates, speculative plans, and drift detection, providing full auditability and controlled change management. This approach improved deployment consistency, reduced configuration drift, and strengthened access governance across distributed environments.

This project highlights my expertise in IAM architecture, infrastructure as code, and building secure, scalable identity platforms aligned with enterprise security standards.

Security & Observability Platform (Wazuh, Grafana, Docker, Terraform)

I designed and deployed a self-hosted security and observability platform across multiple nodes using Terraform-managed infrastructure. The environment includes Wazuh (SIEM), Grafana, and centralized logging to monitor system activity, detect anomalies, and provide security visibility across services.

The architecture leverages Docker for service orchestration and Tailscale for secure connectivity, ensuring no direct exposure of internal services. Infrastructure is fully managed as code, enabling reproducibility, version control, and controlled deployments.

In addition, I am implementing automated incident response workflows using N8n by integrating Wazuh alerting with a self-hosted project management system (Plane). High-severity alerts and specific security events trigger automated ticket creation, enabling structured incident tracking and response handling. This bridges detection with action and simulates real-world SOC workflows.

This project demonstrates hands-on experience with SIEM deployment, alerting pipelines, infrastructure as code, and building practical security operations processes in a controlled environment.

Chronicle – Data Ingestion & Book Intelligence Platform

https://github.com/anubis619/chronicle
Chronicle is a Go-based data ingestion and normalization platform designed to transform unstructured ISBN inputs into enriched, analytics-ready datasets. The system serves as the backbone for a book intelligence platform, integrating multiple external sources (Google Books, Open Library, and planned scraping pipelines) to standardize and enrich metadata.

I designed Chronicle with a modular, extensible architecture focused on performance and clean separation of concerns. Core capabilities include ISBN normalization (handling inconsistent formats and ISBN-10/13 conversion), database ingestion (PostgreSQL), and a planned enrichment layer leveraging LLMs to extract themes and contextual insights.

The platform integrates with a Grafana dashboard (provisioned via Terraform), enabling visualization of reading behavior, genre distribution, and trend analysis. This reduces manual data handling effort and enables near real-time analytics on structured reading data.

This project demonstrates end-to-end system design across back-end engineering, data pipelines, and observability, with a strong emphasis on scalability and maintainability.

Education

2015 - 2020

Bachelor's Degree in Law and Justice Administration

Transilvania University of Brașov - Brasov, Romania

Certifications

OCTOBER 2025 - OCTOBER 2027

HashiCorp Certified: Terraform Associate

HashiCorp

OCTOBER 2025 - PRESENT

Microsoft Applied Skills: Administer Active Directory Domain Services

Microsoft

JANUARY 2025 - JANUARY 2026

Okta Certified Consultant

Okta

AUGUST 2024 - AUGUST 2025

SC-300: Microsoft Certified: Identity and Access Administrator Associate

Microsoft

MAY 2024 - PRESENT

Microsoft Certified: Azure AI Fundamentals

Microsoft

APRIL 2024 - PRESENT

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Microsoft

APRIL 2024 - APRIL 2026

LFCA: Linux Foundation Certified IT Associate

The Linux Foundation

DECEMBER 2023 - DECEMBER 2026

CompTIA Security+ Certification

CompTIA

NOVEMBER 2023 - PRESENT

Google Cybersecurity Certificate

Coursera

MAY 2023 - PRESENT

eLearning Junior Penetration Tester

iNE Security

JULY 2020 - PRESENT

ICSI | CNSS Certified Network Security Specialist

ICSI (International CyberSecurity Institute), UK

JANUARY 2018 - JANUARY 2026

Okta Certified Administrator

Okta

DECEMBER 2017 - JANUARY 2026

Okta Certified Professional

Okta

Skills

Libraries/APIs

Auth, OpenID, REST APIs

Tools

Terraform, Jira, Nessus, Metasploit, NMap, Chronicle, Splunk, Microsoft Identity Manager, Grafana, SailPoint

Languages

SAML, Python 3, JavaScript, HTML, CSS, Python, Go

Storage

Azure Active Directory, Microsoft Entra ID, PostgreSQL

Frameworks

Windows PowerShell

Paradigms

Penetration Testing, Role-based Access Control (RBAC)

Platforms

Wazuh, Linux, Azure, Azure AI Studio, Microsoft, CrowdStrike, Docker

Industry Expertise

Cybersecurity

Other

Okta, System Administration, Single Sign-on (SSO), Identity & Access Management (IAM), Implementing Okta, Authentication, Multiple Factor Analysis (MFA), Security, IT Security, Active Directory (AD), Cloud Security, Communication, Reporting, Identity Lifecycle Management, Zero Trust, Privileged Access Management (PAM), OpenID Connect (OIDC), Law, Civil Law, Active Directory Federation, CyberArk, LDAP, Ethical Hacking, Vulnerability Management, SIEM, Vulnerability Identification, Threat Analytics, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), NIST, Risk Assessment, Access Control, Cryptography, Cyber Forensics, Data Security, Disaster Recovery Plans (DRP), Malware Analysis, Threat Detection and Response (TDR), Security Policies & Procedures, Network Security, Artificial Intelligence (AI), Linux Administration, Microsoft Entra, Authorization, Governance, Compliance, Monitoring, Risk Management, Infrastructure as Code (IaC), Infrastructure Automation, Customer Identity and Access Management (CIAM), APIs, Data Modeling, Development, SAML 2.0, SAML-auth, Prometheus, Networking, Tailscale, Security Engineering

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring