Identity and Access Management Engineer

Position Title Identity and Access Management Engineer The Opportunity

The Identity and Access Management (IAM) Engineer is responsible for the design, implementation, and maintenance of enterprise identity systems within Information and Technology Solutions (ITS). The IAM Engineer replaces aging legacy systems and implements IAM operational plans with an automation-first strategy. This position works closely with stakeholders to understand business needs surrounding identity at an enterprise scale and works with ITS team members to address those needs. The IAM Engineer will maintain an awareness of, and implement industry best practices and procedures, ensure maximum availability and security of the university’s enterprise identity infrastructure, and ensure campus compliance.

Responsibilities

Identity System Administration

• Design, develop, test, implement, and integrate Identity and Access Management (IAM) systems and solutions. Ensure that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss.
• Configure and maintain IAM software and hardware systems, including preparation and maintenance of proper documentation.
• Work closely with ITS Leadership to establish, communicate, and review IAM governance including policies, service level agreements, and standard procedures.
• Perform investigation/troubleshooting, improvements, and bug fixes to respond to ongoing system issues identified by both internal and external users.
• Ensure systems meet service level agreement targets and limit technical debt accumulation.
• Develop user guides and other types of knowledge base documentation for ITS staff and end users.
• Transfer knowledge and train IAM operations staff, system administrators, and support personnel on the maintenance and operation of built systems.
• Support enterprise Directory Services including Active Directory, Open LDAP, and MIT Kerberos.
• Coordinate with vendors to enable single sign-on (SSO) integrations.
• Engage with other groups within ITS to ensure identity systems meet their requirements, e.g., security requirements and infrastructure requirements.

Strategy Development

• Design, develop, test, and implement enterprise IAM solutions.
• Take existing SSO applications and migrate them to new systems, as necessary.
• Build out workflows and best practices related to IAM.
• Set up role management using best practices within the IAM platform.
• Create and manage IAM governance around access controls.

Outreach and Communications

• Train front-line user support staff, to provide tier 1 support for users.
• Provide escalated support for diagnosing and resolving client-side issues.
• Create and deploy communication plans for outages, maintenance, and other impacts.
• Notify all IT user support staff when issues might impact end-users.
• Engage with community partners and maintain relationships with those that provide service to regional initiatives.
• Attend university events and engage with the Mines community as a representative of the department.
• Engage with other groups both around Mines and within ITS to understand and support their identity needs.
• Participate in working groups and communities of practice pertaining to IAM as well as foundational technologies such as cloud operations and DevOps.
• Audit and review Mines’ enterprise identity lifecycle management to identify and resolve inconsistencies.

Minimum Qualifications

Education and Experience:

• Bachelor's degree required, preferably in computer science or a field closely related to computer science. Individuals without a degree may be considered if they demonstrate possession of substantially the same knowledge level as found in a degree but have attained advanced knowledge through a combination of work experience and intellectual instruction.
• Minimum of five years of relevant professional experience working within the field of Information Technology in one or more areas of IAM engineering, IAM software development, Computer Systems Engineering, Systems Administration, managing technical systems, and/or enterprise software development.
• Minimum of four years' experience implementing and managing at least one enterprise identity management solution (Okta, Ping, Sailpoint, etc.).

Knowledge, Skills, and Abilities:

• Understanding of SSO architecture.
• Basic knowledge of PowerShell, Java, or other scripting languages.
• Extensive hands-on knowledge of identity and access management best practices, procedures, and software solutions such as Sailpoint, ForgeRock, Okta, Ping Identity, etc.
• Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, etc.
• Ability to lead the development of technically complex functionalities and work with other team members & business partners to deliver value through automation.
• Knowledge of security best practices.

Preferred Qualifications

Education and Experience:

• Master's degree, preferably in computer science or a field closely related to computer science. Experience in developing workflow automations.
• Experience with implementing new IAM platforms.
• Experience managing access and permissions where necessary and implementing automated solutions.

Certifications and Licenses:

• CISSP
• CIMP

About Mines & Golden, CO
Mines is consistently ranked among the top engineering colleges in the United States and ranks number one as the best public school in the state for best value colleges. Mines is located in the heart of Golden, Colorado, a western suburb of Denver. The campus location offers a small-town ambiance with close proximity to all that the Denver metropolitan area has to offer with an abundance of cultural events, museums, theaters and sporting venues. A sunny, high-altitude climate with outstanding outdoor recreation opportunities make the Denver area an ideal place to live, work and play. We seek individuals who value a diverse and inclusive community – offering different perspectives, experiences, and cultures that enrich the educational and work experience. Equal Opportunity

Colorado School of Mines is committed to equal opportunity for all persons. Mines does not discriminate on the basis of age, sex, gender (including gender identity and gender expression), ancestry, creed, marital status, race, ethnicity, religion, national origin, disability, sexual orientation, genetic information, veteran status or current military service. Further, Mines does not retaliate against community members for filing complaints regarding or implicating any of these protected statuses.

Mines’ commitment to nondiscrimination, affirmative action, equal opportunity and equal access is reflected in the administration of its policies, procedures, programs and activities and in its efforts to achieve a diverse student body and workforce.

Through its policies, procedures and resources, Mines complies with federal law, Colorado state law, administrative regulations, executive orders and other legal requirements to prevent discrimination (including harassment or retaliation) within the Mines campus community and to address potential allegations of inequity or concerns for safety.

Pay Range

$97,300 - $107,600

Mines takes into consideration a combination of candidate’s education, training and experience as well as the position’s scope and complexity, the discretion and latitude required in the role, work location, and external market and internal value when determining a salary level for potential new employees.

Total Rewards Mines is proud to provide exceptional benefits that include pay, health & wellness and work/life balance offerings. Our portfolio of benefits includes medical, dental, vision, disability insurance, flexible spending accounts, life insurance, and retirement savings plans. Additionally, Mines employees are eligible for tuition benefits (for employees and dependents), generous paid holidays and leaves and discount programs. For more information, visit Mines benefits . How to Apply

Applicants will be asked to complete an online application (personal information, demographic information, references, veterans status) and upload a resume and cover letter (required). References will not be contacted until later in the selection process and you will be informed before that contact is made.

For questions about this position, please reach out to Kathy White at kwhite1@mines.edu.

Background Investigation Required Yes COVID-19 Vaccine Requirement This position will require documented proof of full COVID-19 vaccination or exemption because of a medical or religious exclusion. New employees will be required to provide attestation to their status with proof of vaccination upon hire. Religious and medical exemptions and reasonable accommodation shall be addressed as required by law pursuant to the Equal Employment Opportunity Commission’s vaccination guidance.


Advertised: Nov 17, 2022 Mountain Standard Time
Applications close: