Identity Infrastructure Engineer

Overview

The Identity Infrastructure Engineer combines analytical ability, technical skills, security orientation, and creative thinking to contribute to IAM projects, engineering, and operations. They collect requirements, evaluate technologies, and recommend solutions for identity and access management services. They apply sound security orientation and customer focus to deliver high quality services. They are responsible for or oversee specific areas in the planning, design, installation, testing, and maintenance of various security and data protection technologies that support the teaching, research, and business functions of the university.

The Engineer collaborates with members of both IAM and other teams on the design, development, and operation of application interfaces, data flows, and authentication services both on premise and in cloud services. They leverage emerging and established technologies such as continuous integration pipelines, infrastructure-as-code, and container orchestration to deploy, configure, and maintain applications. They evaluate, deploy, and operate vended services and internal tools. They plan transition of legacy systems to modern replacements, evaluate new and emerging access management solutions, and stay current with industry developments. They participate in on-call and after-hours duties as required.

The person in this position works both on teams and independently, requiring only limited supervision.

This is a hybrid position, based in Princeton, NJ.

Responsibilities

Identity and Access Management Engineering and Development:

• Collect requirements, recommend solutions, configure software, and create scripts to manage and maintain the enterprise account lifecycle management infrastructure and software
• Develop, configure, maintain, and administrate enterprise identity and security systems including directory services (Active Directory), cloud IAM solutions (EntraID), single sign-on services, multi-factor authentication systems, attribute-based access controls, password management solutions, and others.
• Develop and deploy continuous integration/deployment pipelines, container orchestration, script-based automation, and software solutions to support IAM services and applications as required.
• Provide advice, consultation, training, and tooling to campus partners wishing to take advantage of the IAM services enumerated above.

Operations Engineering:

• Serve as a primary subject expert for one or more of the following technologies:
  • Public Key Infrastructure and certificates
  • Microsoft Active Directory
  • Microsoft Identity Manager
  • Single Sign-On services including saml2 and Open ID Connect
  • Microsoft EntraID
  • Attribute-Base Access Control using groups
  • Scripting and automation
  • Apache/Tomcat/IIS operations
• Serve as a secondary subject matter expert for one or more of the above.
• Utilize continuous integration/deployment pipelines to manage software configurations, deploy and update applications, and deliver security patches to IAM applications both on-premises and in cloud services

Operational Support:

• Troubleshoot and resolve authentication and authorization application problems, access control issues, and other IAM support needs as required
• Document code and configurations.
• Respond to requests and incidents raised in the IT Service Management system.
• Participate in after-hours on-call rotation.
• Ensure services and systems are reliably monitored for security and performance.
• Ensure compliance with change management and other administrative policies.

Professional Development:

• Build technical expertise in security operations, security engineering, identity and access management, software development security, cloud migrations and operations, and others as required
• Learn the functions of new software products to facilitate the use of emerging technology.

Qualifications

Essential Qualifications:

• Five (5) years of systems development experience, including analysis, design, implementation, and operations, including three (3) years of experience with IAM technologies such as user provisioning, authentication, authorization, and access management.
• Experience with Microsoft Active Directory, Single Sign-On (saml2, OIDC), Attribute-Based Access Management (directory groups, roles, and similar), and/or Microsoft EntraID.
• Strong collaboration and teamwork in the pursuit of operational excellence.
• The ability to develop ideas and strategies to communicate with a diverse user base having various levels of technical proficiency.
• Ability to prioritize tasks, self-direct, operate remotely, and achieve goals with only general supervision.
• A dedication to career and professional development both for oneself and one's peers and colleagues
• Education: A bachelor's degree or equivalent work-related experience

Preferred Qualifications:

• Experience with technologies including storage, Infrastructure-as-Code, Continuous Integration/Continuous Deployment pipelines, container orchestration, web server configuration, Software-, Platform-, and Infrastructure-as-a-Service concepts.
• Experience with Multi-Factor Authentication solutions, particularly Duo
• Strong oral and written communication skills
• Demonstrated success working in a collaborative environment as well as independently
• Programming, scripting, and/or web development experience using JavaScript, Java, C#, ASP.Net, PowerShell, Python or a combination
• Understanding of IT Service Management (ITIL certification preferred)
• Understanding of common information security concepts such as the CIA triad, defense-in-depth, least privilege, etc.
• Experience applying the NIST cyber security framework. CompTIA or ISC2 certifications given preference.

Additional Details

• Department: Enterprise Infrastr Services
• Category: Information Technology
• Job Type: Full-Time
• Standard Weekly Hours: 36.25
• Eligible for Overtime: No
• Benefits Eligible: Yes
• Probationary Period: 180 days
• Salary Range: $141,000 to $157,000