As a Senior Identity & Access Management (IAM) engineer, you will report directly to the Manager of Identity and Access Management for the University. Your senior technical and engineering expertise will be critical for contributing to an IAM team for implementing and supporting the University's modern Identity & Access Management program architecture, infrastructure, capabilities, components and standards. Specifically, you will be responsible for contributing to and in cases leading engineering activities for IAM component designs, IAM service development, service integration, implementation and operations of University-wide IAM services for all faculty, staff, students, parents, alumni, vendors, and University technology partners. This position collaborates closely with IAM management, architects, engineers, and service providers to implement the IAM Program modernization efforts for the University. Our ideal candidate will possess technical leadership skills and senior level knowledge with a demonstrable history with the following:
Modern approaches to IT service-oriented architectures and applications. Specifically, substantial experience with implementing services using either SOA or Microservices architectures, DevOps, and continuous delivery of IAM services and applications in a hybrid computing environment.
- Services based Integration (i.e. REST) of role-based access control, Active Directory, LDAP, Single Sign-On, End-User provisioning, identity and access governance, and identity data synchronization services with existing applications and systems.
- API Gateways, Enterprise Directories, Enterprise Databases, SSO and Access Management systems, identity federation protocols (SAML), and LDAP.
- SQL scripting in a large data base environment.
- Programming languages such as C, C++, Go, and Java.
- Leading mentorship exercises for junior level IAM engineers.
To ensure that essential services are provided to the university community, the employee will be required to work outside their regular working hours as needed.
Overall Identity and Access Management Qualifications
- Significant experience in understanding, leading, and implementing engineering efforts against technical IAM architecture designs across six major capability areas:
Identity Lifecycle Management
Identity Data Models
Access Lifecycle Management
- Extensive history of leading engineering contributions to enterprise IAM deployments in a senior or equivalent engineering role. Significant deployment experience must include a minimum of four or above of the following IAM solutions:
Identity Governance and Administration (IGA) for aggregating application and system data for access certification.
Identity Lifecycle Management and user provisioning/de-provisioning.
Single Sign On (SSO) integration and session management for multiple web and cloud applications.
Identity Federation (SAML) configuration and integration across multiple trusted third parties, applications, and systems.
Directory (LDAP) service implementation and integration for identity data consumption by applications and systems.
Multi Factor Authentication (MFA) such as Duo security integration into the authentication, authorization, and single sing on process for applications and systems.
API security and API integration with IAM systems for sharing identity contexts.
- Extensive and deep knowledge in identity and access data correlation, normalization and building of cohesive identity and access data models for large enterprises.
- Significant and demonstrable history with complex Identity and Access Management integration and service delivery use cases and requirements.
- Has significant experience in working with software development disciplines (i.e. DevOps) including previous hands on development experience with a programming language such as C, C++, Java, or Go (www.golang.org).
- Excellent and demonstrable experience with relational database management systems (i.e. Oracle, SQL Server) including significant experience with writing SQL extracts, development of custom views and stored procedures.
- Advanced understanding of Microservice architectures and implementation approaches.
- Advanced understanding of Docker and DevOps CI/CD tooling.
- Expert knowledge in IT, service-oriented architectures, software development life cycles, or information security platforms and applications.
- Ability to work and help lead and mentor a dynamic IAM team for supporting multiple competing priorities at the same time including project work, production support and daily incident and problem resolution activity.
- Ability to contribute, lead, and collaborate with the IAM manager in establishing a growth and training program applicable for the Junior IAM engineering role.
- Very comfortable with working closely with IAM stakeholders, architects, and mentoring Junior engineers for project and program delivery milestones.
- Possesses advanced listening skills and advanced team dynamic problem solving, root cause analysis, and resolution.
- Has worked and lead efficient and effective IAM engineering teams of 3+ individuals in a highly demanding environment.
- Proven and demonstrable performance in critical thinking and usage of innovative thinking for enhancing engineering team capabilities and providing solutions for new challenges, issues, and requirements.
Education and Technical Experience
- Bachelor or Master of Science in computer science. - 9+ years’ experience in integrating security and IAM products in mid to large enterprises. - 5+ years working knowledge of DevOps, CI/CD pipelines, and application containerization (i.e. Docker). - 10+ years of experience across a variety of technologies such databases, directory services, application servers, network infrastructures, Linux operating systems, and an understanding of fundamental security and data flows within these components. - 10+ years of experience with identity management products such as One Identity, SailPoint, IBM, CA and/or Oracle Identity Manager (OIM). - 7+ years of experience with Access Management and Federation products such as ForgeRock OpenAM, IBM Security Access Manager, or Oracle Access Manager. - 7+ years of experience with requirements, design, implementation, integration, and testing for IAM component integration into on-premise and cloud-based applications. - 10+ years of experience with managing and operating Unix or Linux based operating systems. - 8+ years of experience with scripting languages with the majority of the following: JSP, Perl, Python, Groovy, LUA or Ruby. - 8+ years of experience with object-oriented program languages (C++, Java, C#). - 8+ years of web services development and implementation experience. - 8+ years’ experience with XML, REST, and JSON. - Excellent verbal and written communication skills.
Desired Certifications - CISSP highly preferred.
Additional Information: A criminal background check is required for this opening.
To be considered for this position please visit our web site and apply on line at the following link: Careers@Northeastern
Northeastern University is an Equal Opportunity, Affirmative Action Educational Institution and Employer, Title IX University. Northeastern University particularly welcomes applications from minorities, women and persons with disabilities. Northeastern University is an E-Verify Employer.