Identity and Access Engineer

College Park, Maryland
Jan 20, 2022
Feb 24, 2022
Engineer, IT
Full Time

Identity and Access Engineer
Position #: 106575

Identity and Access Management (IAM) systems are critical to getting people access to network and application resources, and to protecting valuable campus resources.  The IAM team designs, develops, and integrates systems to ensure that account provisioning, authentication, and authorization meet the high-standards necessary to protect business, academic, and user data.  The IAM team also works closely with other Big 10 universities, InCommon, and Internet2 to ensure UMD is following global standards.  

As a senior member of the IAM team, the Identity and Access Engineer is responsible for installation, upgrades, integration, optimization, and project/operational support of the central IAM systems supporting the University of Maryland campus. 

Working collaboratively with other IAM staff, Platform Engineering, and other operational units, this role functions as a forward-thinking engineer and administrator who can also solve complex day-to-day IT problems. This person will need an experienced background configuring Single sign-on (SSO) integrations with an IdP such as Shibboleth or ADFS. This person will need a strong understanding of managing user identities and user access to system resources based on IAM best practices, as well as design and deploy unique solutions based on application needs. The engineer is responsible for the ongoing development, deployment, and support of the campus IAM systems, ensuring established standards are followed, verifies that the proper versions of the software infrastructure are being used, as well as ensures that applications take advantage of emerging functionality that increases technical productivity or provides value-added new services.

Minimum qualifications


Bachelor degree or an equivalent combination of education, training and experience relevant to the position.


Bachelor’s degree with minimum 3+ years of work experience in enterprise IAM platform systems management

Must have experience in at least 2 of the 5 following technologies:
-Shibboleth and SAML
-Group management systems (Active Directory/LDAP/Grouper)
-Commercial Identity management platforms such as SailPoint or Okta
-Designing or maintaining permissions and roles for large enterprise applications such as an ERP or CRM
-Experience with a high-level programming language and understanding of object-oriented programming 

General Knowledge, Skills and Abilities:

  • Excellent written and verbal communication skills, paired with the ability to express complex technical concepts effectively
  •  Must be able to work concurrently on multiple projects, adjust to changes in priorities, and respond efficiently and effectively to emergency situations
  • Excellent problem solving, attention to detail, multitasking, communication, and complex troubleshooting skills
  • Ability to gather project requirements, develop detailed project plans, schedule and execute the project tasks
  • Ability to create and deliver a clear and effective presentation to small groups (5-20 people) 
  • Comfortable working in Windows and Linux/Unix environments


  • Bachelor’s Degree in Computer Science or a related technical discipline 
  • Proven knowledge of all aspects of service implementation, configuration, management, and upgrades for the following services:

Active Directory/LDAP

-Account provisioning, self-service, and other identity management systems

-Multi-factor authentication

-Authentication and account management aspects of cloud services (e.g., Google Apps)

-Federation technologies (e.g., Shibboleth) 

  • Experience working with Git, Bitbucket, or similar code repositories. 
  • Knowledge of identity best practices: RBAC, Zero Trust Identity Security, Least Privilege, Provisioning/Deprovisioning, Orphaned Account Detection and Removal, MFA. 
  • Understanding of engineering standards and methodologies including some or all of the following: creation and use of Use Cases, UML modeling, naming conventions, source control facilities, documentation, and unit testing.

Additional information: this position does not provide sponsorship for Visas.

Physical demands: Sedentary work. Employee will need to be able to sit for long periods of time to work on a computer, as well as travel occasionally to meet with clients and customers on and off campus.

Best consideration date: 02/08/2022 or open until filled

Please apply at: []

Vaccine protocol: the University of Maryland has made the safety of our students, faculty and staff, and our surrounding communities a top priority. As part of that commitment, the University System of Maryland (USM) recently announced that students, faculty, and staff on USM campuses this fall, including UMD, are required to be vaccinated against COVID. As a prospective and/or a new employee at UMD, you will be required to comply with the University’s vaccination protocol. Proof of full vaccination will be required before the start of employment in order to work at any University of Maryland location. Prospective or new employees may seek a medical or religious exemption to the vaccination requirement at [] and must have an approved exemption prior to the start of their employment. Failure to provide proof of vaccination or to obtain approval for a medical or religious exemption will result in the offer of employment being rescinded.


Similar jobs