IDENTITY AND ACCESS MANAGEMENT ENGINEER
Job posting number: #7116304
Posted: November 17, 2022
Application Deadline: Open Until Filled
Job DescriptionThe Opportunity
The Identity and Access Management (IAM) Engineer is responsible for the design, implementation, and maintenance of enterprise identity systems within Information and Technology Solutions (ITS). The IAM Engineer replaces aging legacy systems and implements IAM operational plans with an automation-first strategy. This position works closely with stakeholders to understand business needs surrounding identity at an enterprise scale and works with ITS team members to address those needs. The IAM Engineer will maintain an awareness of, and implement industry best practices and procedures, ensure maximum availability and security of the university’s enterprise identity infrastructure, and ensure campus compliance.
Identity System Administration
Design, develop, test, implement, and integrate Identity and Access Management (IAM) systems and solutions. Ensure that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss.
Configure and maintain IAM software and hardware systems, including preparation and maintenance of proper documentation.
Work closely with ITS Leadership to establish, communicate, and review IAM governance including policies, service level agreements, and standard procedures.
Perform investigation/troubleshooting, improvements, and bug fixes to respond to ongoing system issues identified by both internal and external users.
Ensure systems meet service level agreement targets and limit technical debt accumulation.
Develop user guides and other types of knowledge base documentation for ITS staff and end users.
Transfer knowledge and train IAM operations staff, system administrators, and support personnel on the maintenance and operation of built systems.
Support enterprise Directory Services including Active Directory, Open LDAP, and MIT Kerberos.
Coordinate with vendors to enable single sign-on (SSO) integrations.
Engage with other groups within ITS to ensure identity systems meet their requirements, e.g., security requirements and infrastructure requirements.
Design, develop, test, and implement enterprise IAM solutions.
Take existing SSO applications and migrate them to new systems, as necessary.
Build out workflows and best practices related to IAM.
Set up role management using best practices within the IAM platform.
Create and manage IAM governance around access controls.
Outreach and Communications
Train front-line user support staff, to provide tier 1 support for users.
Provide escalated support for diagnosing and resolving client-side issues.
Create and deploy communication plans for outages, maintenance, and other impacts.
Notify all IT user support staff when issues might impact end-users.
Engage with community partners and maintain relationships with those that provide service to regional initiatives.
Attend university events and engage with the Mines community as a representative of the department.
Engage with other groups both around Mines and within ITS to understand and support their identity needs.
Participate in working groups and communities of practice pertaining to IAM as well as foundational technologies such as cloud operations and DevOps.
Audit and review Mines’ enterprise identity lifecycle management to identify and resolve inconsistencies.
Education and Experience:
Bachelor's degree required, preferably in computer science or a field closely related to computer science. Individuals without a degree may be considered if they demonstrate possession of substantially the same knowledge level as found in a degree but have attained advanced knowledge through a combination of work experience and intellectual instruction.
Minimum of five years of relevant professional experience working within the field of Information Technology in one or more areas of IAM engineering, IAM software development, Computer Systems Engineering, Systems Administration, managing technical systems, and/or enterprise software development.
Minimum of four years' experience implementing and managing at least one enterprise identity management solution (Okta, Ping, Sailpoint, etc.).
Knowledge, Skills, and Abilities:
Understanding of SSO architecture.
Basic knowledge of PowerShell, Java, or other scripting languages.
Extensive hands-on knowledge of identity and access management best practices, procedures, and software solutions such as Sailpoint, ForgeRock, Okta, Ping Identity, etc.
Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, etc.
Ability to lead the development of technically complex functionalities and work with other team members & business partners to deliver value through automation.
Knowledge of security best practices.