What are the responsibilities and job description for the Identity and Access Management Solutions Engineer position at SLAC National Accelerator Laboratory?
Identity and Access Management Solutions Engineer
Job ID
6320
Location
SLAC - Menlo Park, CA
Full-Time
Regular
SLAC Job Postings
Position overview
SLAC National Accelerator Laboratory¿s Computing Division seeks an experienced Identity and Access Management (IAM) Solutions Engineer with a background in enterprise IT infrastructure and information security.
The Identity and Access Management (IAM) Solutions Engineer is a senior technical member of the Identity Services team in SLAC IT. This team provides identity, authentication, authorization, directory and related integration solutions for the entire SLAC National Laboratory complex. This team is also responsible for identity management of visiting facilities users who will often be using federated authentication in order to access SLAC services.
The position reports to the Manager of Identity Services within SLAC IT.
Your specific responsibilities include :
Apply unique skill combinations to create IT solutions for complex problems. Work may involve information theory, computing theory, or scientific computing.
Identify applicable new technologies through research, collaboration with peers, and participation in standards organizations, industry groups, panels, etc.
Develop, maintain and support SLAC Identity Management systems, including integrations from source systems of identity data, processes to normalize person information, and attribute interfaces to provide that information to consumers across the SLAC enterprise via standard protocols and data structures used in the IAM domain including : , LDAP, Active Directory, RESTful web services, JSON, as well as using scheduled bulk feeds.
Develop and support enterprise SSO authentication solutions via SAML2 and OAuth / OIDC. Working knowledge of underlying authentication technologies Kerberos and X.509.
Extend enterprise authorization management and develop functions to support self-service and automation on services pertaining to authentication, authorization, and account management.
Team members (including this position) share an on-call rotation to provide Tier 2 support and periodic system maintenance oversight, including off hours. Strong candidates will share an interest in automating solutions to recurring issues requiring IT support at any tier.
Act as the conceptual source for assignments involving more than one area of specialization and / or innovative system design.
Plan and coordinate IT efforts with a high degree of dependence upon their individual unique technical contributions.
Conceive, design, develop, optimize, integrate, and maintain information technology at a complex level.
Troubleshoot highly complex problems for which the analysis and resolution require extensive knowledge of many diverse system components.
Develop long range technology plans.
Provide project management, coordination and programming for IT projects having significant impact.
Provide leadership and IT solutions for complex problems.
May work on enterprise-wide task forces and committees related to strategic planning efforts for information technologies.
To be successful in this position you will bring :
Bachelor's degree and ten years of increasingly technical work experience or a combination of education and relevant experience.
Deep understanding of information technology approaches, applications (which may include scientific applications), tools, and methodologies, as well as a broad background in a variety of technology platforms.
Knowledge of architecture and interrelationships (technical and functional).
Strong programming skills, ideally in Java, .NET or Ruby
Experience with contributing to team development projects, including tracking code changes in Git, submitting merge requests for code review, and following project workflows
Comfort with deploying and debugging applications onto Linux systems running Apache
Ability to interact with relational databases via SQL
Familiarity with containerization technologies including Docker
Interest in authentication and authorization, including an ability to quickly cross-train on federated authentication infrastructure and support
Ability to identify, scope, and execute on opportunities for automation or improvement in system architecture
Experience with an LDAP platform e.g. Active Directory, OpenLDAP, 389 Directory Server
Cloud deployment experience is a plus.
Ability to combine information technologies to create solutions for complex problems.
Ability to work effectively in a team environment and lead cross-functional teams.
SLAC employee competencies :
Effective Decisions : Uses job knowledge and solid judgment to make quality decisions in a timely manner.
Self-Development : Pursues a variety of venues and opportunities to continue learning and developing.
Dependability : Can be counted on to deliver results with a sense of personal responsibility for expected outcomes.
Initiative : Pursues work and interactions proactively with optimism, positive energy, and motivation to move things forward.
Adaptability : Flexes as needed when change occurs, maintains an open outlook while adjusting and accommodating changes.
Communication : Ensures effective information flow to various audiences and creates and delivers clear, appropriate written, spoken, presented messages
Relationships : Builds relationships to foster trust, collaboration, and a positive climate to achieve.
Physical requirements and Working conditions :
- Consistent with its obligations under the law, the University will provide reasonable accommodation to any employee with a disability who requires accommodation to perform the essential functions of his or her job.
Work standards :
Interpersonal Skills : Demonstrates the ability to work well with Stanford colleagues and clients and with external organizations.
Promote Culture of Safety : Demonstrates commitment to personal responsibility and value for environment, safety and security; communicates related concerns; uses and promotes safe behaviors based on training and lessons learned. Meets the applicable roles and responsibilities as described in the ESH Manual, Chapter 1¿General Policy and Responsibilities :
Subject to and expected to comply with all applicable University policies and procedures, including but not limited to the personnel policies and other policies found in the University's Administrative Guide,
Working Title : Identity and Access Management Solutions Engineer
Job Classification : Information Systems Specialist
Job Code : 4770, Grade : M
Duration : Regular continuing
The expected pay range for this position is $203,499 - $231,391 per annum. SLAC National Accelerator Laboratory / Stanford University provides pay ranges representing its good faith estimate of what the university reasonably expects to pay for a position. The pay offered to a selected candidate will be determined based on factors such as (but not limited to) the scope and responsibilities of the position, the qualifications of the selected candidate, departmental budget availability, internal equity, geographic location and external market pay for comparable jobs.
SLAC National Accelerator Laboratory is an Affirmative Action / Equal Opportunity Employer and supports diversity in the workplace. All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information. All staff at SLAC National Accelerator Laboratory must be able to demonstrate the legal right to work in the United States. SLAC is an E-Verify employer.
Salary : $203,499 - $231,391
