IAM Engineer

The IAM Engineer provides support for a complex environment(s). They provide knowledge, skillsets and subject matter expertise (SME) for provisioning/deprovisioning, federation, authentication and access management, and directory services. Linux based Architecture, infrastructure and identity integrations with various technologies and services.

In this role, you will apply your knowledge and skillsets to provide support, consultation, design services, testing, documentation and implementation for Sailpoint, Forgerock SSO, Forgerock DS(LDAP), Shibboleth/SAML and Linux based systems. That will include configuration/implementation of new functionality, versioning, modify existing set ups, and provide Tier 3 support for trouble shooting various issues or incidents. You will also provide an array of consultative information, guidance and/or assistance to various groups within NUIT as well as NU schools and units.

As an IAM engineer you will need to have acquired 3 years hands on experience with Sailpoint, SSO, Shibboleth/SAML Fed, Directory, and other Identity products. You will work to ensure that IAM systems/solutions are both resilient and adaptive to an evolving Identity landscape. The IAM Engineer works on IAM projects within the AM team and provides guidance to other staff, as well as ensures compliance with all security associated with NU, state, and federal rules and regulations. Works closely

with stakeholders throughout Northwestern to implement IAM best practices and controls.

Specific Responsibilities:

Strategic Planning

• Contribute to Risk Assessment and IAM Evaluations
• Provide Guidance and Support in evaluating vendors, open source products and internally developed systems
• Contribute to yearly planning of IAM portfolio.
• Support processes and systems around vulnerability assessments, risk analysis, and risk mitigation procedures.
• Represent the Identity & Access Management Office in collaborative initiatives, applying expertise and functioning as an integral, complementary part of the information security department.

Administration

• Act as IAM point-of-contact for assigned AM team product(s).
• Serve as Tier 3 support and an escalation point for domain technology issues that cannot be solved by Tier 1 and Tier 2 support. Perform/Own root cause analysis, problem management, documentation and communication for Identity Environment(s).
• Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, system and key processes, reviewing system logs and verifying completion of scheduled tasks/jobs.
• Create and maintain system documentation for domain technologies, including installation, configuration, and appropriate trouble shooting steps.
• Identify opportunities to innovate, extend and enhance service delivery where possible.

Engineer

• Ability to develop/code, test, integrate and deploy IAM AM team frameworks, systems and protocols.
• Assist with design and implement solutions for AM Team infrastructure -Sailpoint, Shibboleth/SAML, Forgerock SSO, Forgerock DS/LDAP, NU Directory, Web Services, etc) for efficiency and continuous improvement opportunities.
• Ability to create scripting, read code, utilize Git for versioning and use an orchestration tool like (Cloudbees, Rundeck or other) for automation.
• Participate in projects in the design, development, testing, and implementation of technical solutions which advance strategic initiatives in IAM including projects affecting the overall posture of Northwestern University.
• Review existing Identity & Access Management practices, developing and implementing systems and solutions for additional controls, capabilities, or compliance.
• Implement recommendations for assigned projects, in consultation with project team(s) and/or other NUIT staff.
• Provide recommendations for continual process improvements across Identity & Access Management workflows.
• Draft and review documentation such as analyses of technical, administrative, or procedural issues; procedural documentation/playbooks; and team documentation.

Performance

• Collaborate with other Identity staff or NUIT staff as needed for incident remediation or incident investigations.
• Provides troubleshooting and investigation assistance to users regarding potential or actual Identity incidents.
• Partners with users and internal/external staff to monitor and/or report school, unit, or departmental level IAM issues/incidents within applications or systems.
• Develop and maintain IAM AM team expertise through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in professional development programs/initiatives and approved by information security management.

Supervises

• Cultivate subject-matter expertise and skills in less experienced IAM staff, in coordination with their supervisors and IAM management

Miscellaneous

Performed other duties

Minimum Qualifications: (Education, experience, and any other certifications or clearances)

• Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in a major such as computer science, information technology, or related; OR appropriate combination of education and experience.
• 3+ years' experience with IAM technology such as provisioning/deprovisioning, SSO, SAML/Federation, LDAP/Directories, MFA, PAM, Group management or other relevant identity and access management technologies.
• Foundational knowledge of Identity Life Cycle Management, Runtime enforcement(API's), provisioning and de-provisioning, Identity Federation (SAML), and Conditional access policies.
• Experience with several of the following: IT Operations & Incident Response, IAM Engineering, IAM provisioning and deprovisioning, Authentication products and methodology and protocols.
• Support of IAM on premise systems, SAAS and Cloud based solutions.
• Support of Linux operating systems and server hardware, Git version control, Cloudbees or other orchestration tools.
• Knowledge of operations reports and usage of splunk.
• Demonstrate knowledge with problem resolution and experience with Tier 3 troubleshooting, on call and incident response.
• Monitoring and performance tuning for Linux operation systems including - connectivity, synchronization, replication, Iptables, certificate trusts, etc.
• Support of IAM on premise systems, SAAS, and Cloud based solutions.
• Amazon Web Services (AWS)
• Identity Management/Provisioning
• Information Security
• Ldap
• Linux Operating System
• Microsoft Office (Word, Excel, Powerpoint, Access, Outlook)
• Microsoft Sharepoint
• Openam (Identity Management)
• Oracle And Oracle Rac
• Puppet/Chef/Ansible
• Server Hardware
• Sql/Mysql/Postgres
• Storage Hardware
• Tomcat
• Java
• Javascript
• Jquery
• Shell Scripting
• Critical Thinking
• Debugging
• Enterprise Architecture
• Enterprise Directory Services
• Judgment
• Problem Solving
• Read & Interpret Architectural Drawings
• Troubleshooting
• Use-Case Analysis
• Code Documentation
• Collaboration And Teamwork
• Functional Documentation
• Iterative & Incremental Development
• Organizational Skills
• Planning
• Workflow Development & Documentation

Minimum Competencies: (Skills, knowledge, and abilities.)

• 3 years of practical experience within technology and security environment.
• Technical background, with understanding of concepts of confidentiality, integrity and availability, disaster recovery, business continuity, user authentication and authorization.
• 3 years basic understanding of Linux servers, Coding practices (Java/Perl/other)
• Basic understanding of firewall theory and network security.
• Strong oral and written communications skills.
• Ability to weigh business needs against security concerns and articulate issues to the user community.

Preferred Qualifications: (Education and experience)

• Bachelor's degree in computer science or related field
• Experience in a higher education environment
• Experience Identity lifecycle management, system administration and operations.
• Experience with cloud platforms (AWS, Azure, GCP)
• Experience implementing Identity projects
• 3 years knowledge/experience with Sailpoint, Forgerock products, and I2 products or services.
• Security or technology industry certification (e.g. Sailpoint Identity IQ Associate and Engineer, , Forgerock AM-100, or similar)
• Experience supporting access management solutions, products and tools.
• Experience with: IT operations as it relates to working with vendors to ask questions, open help desk tickets and troubleshooting issues.
• Desire to keep up industry skillsets and certifications.
• Analytical skills with ability to relate to technical and non-technical personnel.

Preferred Competencies: (Skills, knowledge, and abilities)

• 3+ years of IAM experience
• Knowledge of Cloud environments with relation to Identity
• Knowledge of vulnerability management practices and toolsets.
• Skills with Linux, Java, Splunk, Sailpoint, Forgerock SSO & Shibboleth, etc.

Target hiring range for this position will be between be $100,000-$105,000. Offered salary will be determined by the applicant's education, experience, knowledge, skills and abilities, as well as internal equity and alignment with market data., At Northwestern, we are proud to provide meaningful, competitive, high-quality health care plans, retirement benefits, tuition discounts and more! Visit us at https://www.northwestern.edu/hr/benefits/index.html to learn more.

Work-Life and Wellness: Northwestern offers comprehensive programs and services to help you and your family navigate life's challenges and opportunities, and adopt and maintain healthy lifestyles. We support flexible work arrangements where possible and programs to help you locate and pay for quality, affordable childcare and senior/adult care. Visit us at https://www.northwestern.edu/hr/benefits/work-life/index.html to learn more.

Northwestern supports employee career development in all circumstances whether your workspace is on campus or at home. If you're interested in developing your professional potential or continuing your formal education, we offer a variety of tools and resources. Visit us at https://www.northwestern.edu/hr/learning/index.html to learn more.