Senior Identity and Access Management Engineer
Cadre5 · Knoxville, TN · 1 mo ago
EngineeringFull-time
Job Responsibilities
- Lead the architecture, development and implementation of an Identity and Access Management platform using the Ping suite of products
- Contribute to workflow design, API development, and collaborate with application developers and owners to establish robust integrations
- Plan, execute and document application onboarding of a diverse and growing application set
- Collaborate with IAM personnel from other organizations to design, build and administer a federation hub, allowing users to access resources at any participating facility
- Build out and enable ABAC, RBAC, least privilege access and other common IAM standards
- Deploy, configure and support identity and access management services such as single sign on (SSO), OAuth, MFA, zero trust, etc….
- Lead incident response, providing advanced troubleshooting and building out of monitoring and alerting systems
- Define and implement KPIs, processes and drive continuous improvement
- Participate in on-call rotation providing 24-hour, 7-day support and off-hours maintenance windows
- Cook with vendors to resolve hardware and software problems
- Deliver AmSC’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service
Qualifications
- Bachelor’s Degree in computer science or closely related field and a minimum of 5 years of experience as an Identity and Access Management engineer
- An equivalent combination of education and experience may be considered
- The ability to obtain and maintain a Department of Energy "Q" clearance is required. This requires US Citizenship
Preferred Qualifications
- Extensive experience in Identity and Access Management supporting SSO, OAuth, MFA, and API development
- Excellent interpersonal/communication skills, and the ability to work as part of a team
- Proven track record leading and driving the delivery of large, complex IAM projects
- Strong experience with the Ping suite of IAM products, bonus points for Ping Government Identity Cloud experience
- Extensive experience with web authentication implementation such as SAML, OAuth, API-token, REST, etc.
- Experience in directory services and directory structure, specifically using LDAP and/or PingDirectory
- Experience implementing RBAC and ABAC in complex enterprise environments
- Experience with identity federation design and implementation using standards like OIDC and SAML to manage user identities across disparate systems
- Experience with Automation and scripting (Python, etc…) for IAM tasks
- Working knowledge of cloud application architecture patterns and a thorough grasp of common products and managed services for at least one Cloud Service Provider (e.g. AWS)
- Working knowledge of Unix system fundamentals and common network protocols
- Solid understanding of cloud computing networking concepts
- Able to proactively identify performance issues, problems, and areas for improvement
- Able to identify requirements and to define, plan, and implement requisite solutions
- An understanding of code review and familiarity with tools like GitHub and GitLab
- Experience using tools such as Nagios, Grafana and Prometheus to monitor systems, metrics, and create dashboards