Department: Information Security Office Salary/Grade: ITS/82
The Senior IAM Engineer provides support for a complex environment(s). They provide advanced knowledge, skillsets and subject matter expertise (SME) for provisioning/deprovisioning, federation, authentication and access management, and directory services. Linux based Architecture, infrastructure and identity integrations with various technologies and services.
In this role, you will apply your knowledge and skillsets to provide support, consultation, design services, testing, documentation and implementation for Sailpoint, Forgerock SSO, LDAP, and Linux based systems. That will include configuration/implementation of new functionality, versioning, modify existing set ups, and provide Tier 3 support for trouble shooting various issues or incidents. You will also provide an array of consultative information, guidance and/or assistance to various groups within NUIT as well as NU schools and units.
As a senior IAM engineer you will need to have acquired extensive experience 6+ years hands on with Sailpoint, SSO, Shibboleth/SAML Federation, Directory, and other Identity products. You will assist with strategic planning and will work to ensure that IAM systems/solutions are both resilient and adaptive to an evolving Identity landscape. The IAM Senior Engineer leads and delivers on IAM projects within the AM team and provides guidance to other staff, as well as ensures compliance with all security associated NU, state, and federal rules and regulations. Works closely with stakeholders throughout Northwestern to implement IAM best practices and controls.
Please note: This position will be required to participate in an on-call schedule that may result in occasional evening or weekend work.
The incumbent will be required to carry a Northwestern cell phone, or receive a subsidey for a personal device that can be used for business purposes (such as participating in the on call schedule).
Contribute to Risk Assessment and IAM Evaluations
Provide Guidance and Support in evaluating vendors, open source products and internally developed systems
Communicate how IAM standards, frameworks, and compliance documentation measure compliance of systems and applications
C. Support processes and systems around vulnerability assessments, risk analysis, and risk mitigation procedures
Represent the Identity & Access Management Office in collaborative and strategic initiatives, applying expertise and functioning as an integral, complementary part of the information security department.
Act as IAM point-of-contact for assigned AM team products.
Serve as Tier 3 support and an escalation point for domain technology issues that cannot be solved by Tier 1 and Tier 2 support. Perform/own root cause analysis, problem management, documentation and communication for the Identity Environment(s).
Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, system and key processes, review system logs, and verifying completion of scheduled tasks/jobs.
Create and maintain system documentation for domain technologies, including installation, configuration, and appropriate trouble shooting steps.
Identify opportunities to innovate, extend and enhance service delivery where possible.
Monitor and evaluate systems and services for conformity to existing policies, standards and guidelines.
Ability to to develop, integrate and deploy Identity and Access Management frameworks, systems and protocols.
Architect, design and implement solutions for AM Team infrastructure (SailPoint, ForgeRock, Shibboleth) for efficiency and continuous improvement opportunities.
Ability to create scripting, read code, utilize Git for versioning and use an orchestration tool like (Cloudbees, Rundeck, or other) for automation.
Lead projects in design, development, testing and implementation of technical solutions which advance strategic initiatives in IAM including projects affecting the overall posture of Northwestern University.
Review existing Identity & Access Management practices, developing and implementing systems and solutions for additional controls, capabilities, or compliance
Implement recommendations for assigned projects, in consultation with project team(s) and/or other NUIT staff
Provide recommendations for continual process improvements across all Identity & Access Management workflows
Draft and review documentation such as analyses of technical, administrative, or procedural issues; procedural documentation/playbooks; and team documentation
Collaborate with other Identity staff or NUIT staff as needed for incident remediation or incident investigations
Provides troubleshooting and investigation assistance to users regarding potential or actual Identity incidents.
Partners with users and internal/external staff to monitor and/or report school, unit, or departmental level IAM issues/incidents within applications or systems.
Develop and maintain IAM expertise through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in professional development programs/initiatives and approved by information security management.
Cultivate subject-matter expertise and skills in less experienced IAM staff, in coordination with their supervisors and IAM management
Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in a major such as computer science, information technology, or related; OR appropriate combination of education and experience.
5+ years' experience with IAM technology such as provisioning/deprovisioning, SSO, SAML/Federation, LDAP/Directories, MFA, PAM, password vaulting or other relevant identity and access management technologies.
Foundational knowledge ofldentity Life Cycle Management, Runtime enforcement(API's), Privledge Account Management (PAM), Identity Federation (SAML), and Conditional access policies.
Technical understanding across IT systems, to include vendor product(s) MFA (DUO, OKTA, or Azure) and the integration, authentication, authorization and SSO process for applications and systems. (e.g. networks, LDAP, domains, etc)
Demonstrated experience with the following: IT Operations & Incident Response, IAM Engineering, IAM provisioning and deprovisioning, Authentication products, methodology, and protocols. Support of IAM on premise systems, SAAS and Cloud based solutions. Support of Linux operating systems and server hardware, Git version control, Cloudbees or other orchestration tools.
Minimum Competencies: (Skills, knowledge, and abilities.)
7+ years of practical experience within technology and security environment.
Technical background, with understanding of concepts of confidentiality, integrity and availability, disaster recovery, business continuity, user authentication and authorization.
Basic understanding of Identity and Access Management best practices, procedures and solutions.
Strong oral and written communications skills.
Excellent interpersonal skills to interact with customers, team members, and senior leaders (verbal and written)
Bachelor's degree in a related field
Experience in a higher education environment
Advanced knowledge and experience with standards based SSO protocols and technologies (OIDC, SAML, OAUTH, FIDO, and SCIM)
Advanced knowledge and experience in Authentication and SSO solutions (ForgeRock Openam, Ping, or Okta).
Advanced knowledge and experience with directory solutions (LDAP, AD, Radiant Logic, or Online directories)
Strong knowledge and experience with IAM solutions in cloud (AWS, Azure, GCP) leveraging automation.
Understanding of Restful API design and modem application design and deployment patterns.
Desire to keep up industry skillsets and certifications.
IAM industry certification (e.g. CIMP, CIAM, CIST, Forgerock-AMlO0, AM410, AM421, IDM 100, DS-100 or others, Sailpoint IdentityIQ Security Engineer, Architect, Professional or others)
Analytical skills with ability to relate to technical and non-technical personnel.
Preferred Competencies: (Skills, knowledge, and abilities)
Demonstrated experience with Cloud environments (AWS, Azure, GCP) with relation to Identity
Demonstrated ability with advanced vulnerability, management practices and toolsets.
Advanced skills with Linux, Java, Splunk, Sailpoint, Forgerock SSO, Shibboleth, LDAP or other identity tools, products or solutions.
Work-Life and Wellness: Northwestern offers comprehensive programs and services to help you and your family navigate life’s challenges and opportunities, and adopt and maintain healthy lifestyles. We support flexible work arrangements where possible and programs to help you locate and pay for quality, affordable childcare and senior/adult care. Visit us at https://www.northwestern.edu/hr/benefits/work-life/index.html to learn more.
Northwestern University is a major private research university with 12 academic divisions located on three campuses in Evanston, Chicago, and Education City in Doha, Qatar. We have approximately 2,500 full-time faculty members, 17,000 graduate and undergraduate students, and over 5,700 full and part-time staff. Northwestern University combines innovative teaching and pioneering research in a highly collaborative environment. It provides students and faculty exceptional opportunities for intellectual, personal and professional growth.