Identity and Access Engineer, IT Engineer

College Park, Maryland
Apr 29, 2021
Jun 03, 2021
IT, QA Engineer
Full Time

Identity and Access Engineer, IT Engineer
Position #: 126152

As a senior member of the Identity and Access Management (IAM) team, the Identity and Access Engineer is responsible for installation, upgrades, integration, optimization, and project/operational support of the central IAM systems supporting the University of Maryland campus.
Working collaboratively with other IAM staff, Platform Engineering, and other operational units, this role functions as a forward-thinking engineer and administrator who can also solve complex day-to-day IT problems. This person will need an experienced background configuring SSO integrations with an IdP such as Shibboleth or ADFS. This person will need a strong understanding of managing user identities and user access to system resources based on IAM best practices, as well as design and deploy unique solutions based on application needs. The engineer is responsible for the ongoing development, deployment, and support of the campus IAM systems, ensuring established standards are followed, verifies that the proper versions of the software infrastructure are being used, as well as ensures that applications take advantage of emerging functionality that increases technical productivity or provides value-added new services.

Minimum qualifications

Bachelor’s degree with minimum 3+ years of work experience in enterprise IAM platform systems management.
Must have experience in at least 2 of the 5 following technologies:
- Shibboleth and SAML
- Group management systems (Active Directory/LDAP/Grouper)
- Commercial Identity management platforms such as SailPoint or Okta
- Designing or maintaining permissions and roles for large enterprise applications such as an ERP or CRM
- Experience with a high-level programming language and understanding of object-oriented programming
Excellent written and verbal communication skills, paired with the ability to express complex technical concepts effectively.
Must be able to work concurrently on multiple projects, adjust to changes in priorities, and respond efficiently and effectively to emergency situations.
Excellent problem solving, attention to detail, multitasking, communication, and complex troubleshooting skills.
Ability to gather project requirements, develop detailed project plans, schedule and execute the project tasks.
Ability to create and deliver a clear and effective presentation to small groups (5-20 people).
Comfortable working in Windows and Linux/Unix environments.


Bachelor’s Degree in Computer Science or a related technical discipline.
Proven knowledge of all aspects of service implementation, configuration, management, and upgrades for the following services:
-  Active Directory/LDAP
-  Account provisioning, self-service, and other identity management systems
-  Multi-factor authentication
-  Authentication and account management aspects of cloud services (e.g., Google Apps)
-  Federation technologies (e.g., Shibboleth)
Experience working with Git, Bitbucket, or similar code repositories.
Knowledge of identity best practices: RBAC, Zero Trust Identity Security, Least Privilege, Provisioning/Deprovisioning, Orphaned Account Detection and Removal, MFA.
Understanding of engineering standards and methodologies including some or all of the following: creation and use of Use Cases, UML modeling, naming conventions, source control facilities, documentation, and unit testing.
Additional information: this position does not provide sponsorship for visas.

Physical demands: sedentary work. Employee will need to be able to sit for long periods of time to work on a computer, as well as travel occasionally to meet with clients and customers on and off campus.

Best consideration date: 05/14/2021 or open until filled

Please apply at: []