Job Description

IDENTITY & ACCESS MANAGEMENT ENGINEER I/II/III

Position Number: S-3852

Position Summary:

The Identity and Access Management (IAM) Engineer is a member of the Information Security Office within the Office of Information Technology (OIT) assisting in the management of identities, authorization, and authentication services for Central Michigan University. This position will develop, implement, enhance, integrate, and maintain IAM tools, technologies and services, and work with campus departments on integrating new software and/or services into our authentication and authorization platforms. Secondary responsibilities may include other information security and information technology administrative activities including leading incident response, vulnerability management, risk assessment, investigations and legal discovery, penetration testing, firewall and IDS/IPS systems tuning, programming, scripting, and automating, data loss prevention, standards development, security awareness, end-point security consultation, web and application security, compliance activities, etc.

Required Qualifications:

IDENTITY & ACCESS MANAGEMENT ENGINEER I:

• Bachelor degree in Computer Science, Management Information Systems, Information Assurance or related field or a combination of comparable work experience in a related field.
• Two years of full-time experience working in enterprise information technology support with above degree or six years of full-time experience without degree.
• Demonstrated experience with standard authentication protocols and frameworks, such as SAML and OAuth.
• Basic knowledge of security processes and procedures relating to the confidentiality, integrity, and availability of information and information systems.
• Basic knowledge of information security risk assessment and management processes and standards.
• Basic knowledge and understanding of security concepts including malware, intrusion detection, risk analysis, and threat/vulnerability management.
• Basic knowledge of intrusion detection/prevention systems, SIEMs, and vulnerability scanners.
• Experience working with relational database management systems (RDBMS), including Microsoft SQL Server, with the ability to query, troubleshoot, and support custom databases integrated with IAM solutions.
• Demonstrated ability to communicate clearly and effectively and project a positive and professional image, and to work in cross-functional teams.
• Demonstrated ability to manage timelines and deliverables, to create and manage task lists, and to meet work and project schedules as determined by others.
• Ability to communicate effectively, both orally and in writing.
• Ability to perform the essential functions of the job.

IDENTITY & ACCESS MANAGEMENT ENGINEER II:

All the requirements of Identity & Access Management Engineer I plus:

• General knowledge of Active Directory and Azure AD.
• Demonstrated ability to research and resolve complex technical issues.
• Demonstrated experience working with identity management applications and concepts.

IDENTITY & ACCESS MANAGEMENT ENGINEER III:

All the requirements of Identity & Access Management Engineer II plus:

• Advanced knowledge of Active Directory and Azure AD.
• Demonstrated understanding of IAM concepts (including federation, authentication, authorization, access controls, access control attacks, identity and access management provisioning life cycle), Radius and MFA.
• Demonstrated experience with identity and access governance (including role-based access control, access request and certification, user life cycle management processes and change management).

SR IDENTITY & ACCESS MANAGEMENT ENGINEER:

All the requirements of Identity & Access Management Engineer III plus:

• Demonstrated experience with complex ERP environments, especially related to human resources or enrollment management.
• Demonstrated technical architecture experience (i.e., integrating identity management, access management and access governance software into infrastructure and applications).
• Demonstrated experience managing projects.

Preferred Qualifications:

• Information security certifications, such as CISSP, CISM, Security+, etc.
• Experience working in a higher education environment.
• Knowledge of Security Information and Event Management (SIEM) concepts, applications and systems.
• Knowledge of ADFS, Azure and Shibboleth
• Experience with programming, scripting, and task automation.
• Working knowledge of requirements for organizational compliance with multiple laws, regulations, and standards such as PCI-DSS, HIPAA, FERPA, and GLBA.

Duties & Responsibilities:

IDENTITY & ACCESS MANAGEMENT ENGINEER I:

• Account provisioning and lifecycle management.
• Troubleshoots authentication and authorization issues.
• Researches and monitors the latest identity and access management trends.
• Maintains documentation for IAM and other ISO systems as needed.
• Identifies, investigates, analyzes, responds to, and reports on security events that occur within the university environment as needed.
• Works with OIT personnel to mitigate discovered vulnerabilities in IAM and other systems.
• Participates in the design, implementation, and continuous improvement of security service offerings for the ISO.
• This position may require occasional weekend and evening assignments as well as availability during off-hours for participation in both scheduled and unscheduled activities.
• Investigatory responsibilities that may require discretion and/or interaction with executive, legal, and/or law enforcement staff.
• Perform other duties as assigned.

IDENTITY & ACCESS MANAGEMENT ENGINEER II:

All the duties of the Identity & Access Management Engineer I plus:

• Works with departments on configuring Single Sign-On (SSO) for new and existing applications as necessary.
• Assists IAM Engineers in troubleshooting issues with IAM tools and processes.
• Assists with the development, implementation, and support of RBAC.
• For systems and software applications in scope for IAM Team, reconcile discrepancies between access rights assigned and access rights required for users to perform job duties.
• Participates in projects and production support operations focused on implementing Identity and Access Management (IAM) integrations and Roles Based Access Control (RBAC) strategies and integrations.

IDENTITY & ACCESS MANAGEMENT ENGINEER III:

All the duties of the Identity & Access Management Engineer II plus:

• Develops, implements, enhances, integrates, and maintains IAM tools, technologies and services, including Active Directory, ADFS, F5 APM, Azure and Shibboleth.
• Collaborates in the design, implementation, and support of the IAM technologies.
• Assists in efficiency improvements by recommending process changes as well as developing solutions to automate and orchestrate repeatable tasks for IAM.
• Develops system access and security implementation plans derived from operational customer needs and requests.

SR IDENTITY & ACCESS MANAGEMENT ENGINEER:

All the duties of the Identity & Access Management Engineer III plus:

• Participates as a subject matter expert in the analysis and design of identity and access management solutions and services.
• Identifies the broader impact of current decisions related to user access, data access and information security.
• Aligns IAM processes across the University and develop and document standards for university use.

Supervision Exercised:

None.

Employee Group:

Professional & Administrative -Salary

Staff Pay Level:

Pay Range:

$70,000 - $90,000

Division:

President

Department:

Information Security - OIT

Position Status:

Regular

Position End Date:

Employment Status:

Full-Time

FTE:

1.0

Position Type:

12 month

Weekly Work Schedule:

8am-5pm, M-F, occasional weekends and evenings

Location:

Mount Pleasant, MI

Posting Ends:

Open Until Filled:

Yes

You must submit an on-line application in order to be considered as an applicant for this position.

Cover letters may be addressed to the Hiring Committee.

This position will remain open until filled. The university reserves the right to close the recruitment process once a sufficient applicant pool has been identified. For best consideration, please submit application materials on or before April, 27th 2026.

To apply, visit https://www.jobs.cmich.edu/postings/44664