IDENTITY & ACCESS MANAGEMENT ENGINEER I/II/III
Position Number: S-3852
Position Summary:
The Identity and Access Management (IAM ) Engineer is a member of the Information Security Office within the Office of Information Technology (OIT ) assisting in the management of identities, authorization, and authentication services for Central Michigan University. This position will develop, implement, enhance, integrate, and maintain IAM tools, technologies and services, and work with campus departments on integrating new software and/or services into our authentication and authorization platforms. Secondary responsibilities may include other information security and information technology administrative activities including leading incident response, vulnerability management, risk assessment, investigations and legal discovery, penetration testing, firewall and IDS /IPS systems tuning, programming, scripting, and automating, data loss prevention, standards development, security awareness, end-point security consultation, web and application security, compliance activities, etc.
Required Qualifications:
IDENTITY & ACCESS MANAGEMENT ENGINEER I:
Bachelor degree in Computer Science, Management Information Systems, Information Assurance or related field or a combination of comparable work experience in a related field.
Two years of full-time experience working in enterprise information technology support with above degree or six years of full-time experience without degree.
Demonstrated experience with standard authentication protocols and frameworks, such as SAML and OAuth.
Basic knowledge of security processes and procedures relating to the confidentiality, integrity, and availability of information and information systems.
Basic knowledge of information security risk assessment and management processes and standards.
Basic knowledge and understanding of security concepts including malware, intrusion detection, risk analysis, and threat/vulnerability management.
Basic knowledge of intrusion detection/prevention systems, SIEMs, and vulnerability scanners.
Experience working with relational database management systems (RDBMS), including Microsoft SQL Server, with the ability to query, troubleshoot, and support custom databases integrated with IAM solutions.
Demonstrated ability to communicate clearly and effectively and project a positive and professional image, and to work in cross-functional teams.
Demonstrated ability to manage timelines and deliverables, to create and manage task lists, and to meet work and project schedules as determined by others.
Ability to communicate effectively, both orally and in writing.
Ability to perform the essential functions of the job.
IDENTITY & ACCESS MANAGEMENT ENGINEER II:
All the requirements of Identity & Access Management Engineer I plus:
General knowledge of Active Directory and Azure AD.
Demonstrated ability to research and resolve complex technical issues.
Demonstrated experience working with identity management applications and concepts.
IDENTITY & ACCESS MANAGEMENT ENGINEER III:
All the requirements of Identity & Access Management Engineer II plus:
Advanced knowledge of Active Directory and Azure AD.
Demonstrated understanding of IAM concepts (including federation, authentication, authorization, access controls, access control attacks, identity and access management provisioning life cycle), Radius and MFA.
Demonstrated experience with identity and access governance (including role-based access control, access request and certification, user life cycle management processes and change management).
SR IDENTITY & ACCESS MANAGEMENT ENGINEER:
All the requirements of Identity & Access Management Engineer III plus:
Demonstrated experience with complex ERP environments, especially related to human resources or enrollment management.
Demonstrated technical architecture experience (i.e., integrating identity management, access management and access governance software into infrastructure and applications).
Demonstrated experience managing projects.
Preferred Qualifications:
Information security certifications, such as CISSP, CISM, Security+, etc.
Experience working in a higher education environment.
Knowledge of Security Information and Event Management (SIEM ) concepts, applications and systems.
Knowledge of ADFS , Azure and Shibboleth
Experience with programming, scripting, and task automation.
Working knowledge of requirements for organizational compliance with multiple laws, regulations, and standards such as PCI -DSS, HIPAA, FERPA, and GLBA.
Duties & Responsibilities:
IDENTITY & ACCESS MANAGEMENT ENGINEER I:
Account provisioning and lifecycle management.
Troubleshoots authentication and authorization issues.
Researches and monitors the latest identity and access management trends.
Maintains documentation for IAM and other ISO systems as needed.
Identifies, investigates, analyzes, responds to, and reports on security events that occur within the university environment as needed.
Works with OIT personnel to mitigate discovered vulnerabilities in IAM and other systems.
Participates in the design, implementation, and continuous improvement of security service offerings for the ISO.
This position may require occasional weekend and evening assignments as well as availability during off-hours for participation in both scheduled and unscheduled activities.
Investigatory responsibilities that may require discretion and/or interaction with executive, legal, and/or law enforcement staff.
Perform other duties as assigned.
IDENTITY & ACCESS MANAGEMENT ENGINEER II:
All the duties of the Identity & Access Management Engineer I plus:
Works with departments on configuring Single Sign-On (SSO) for new and existing applications as necessary.
Assists IAM Engineers in troubleshooting issues with IAM tools and processes.
Assists with the development, implementation, and support of RBAC.
For systems and software applications in scope for IAM Team, reconcile discrepancies between access rights assigned and access rights required for users to perform job duties.
Participates in projects and production support operations focused on implementing Identity and Access Management (IAM) integrations and Roles Based Access Control (RBAC) strategies and integrations.
IDENTITY & ACCESS MANAGEMENT ENGINEER III:
All the duties of the Identity & Access Management Engineer II plus:
Develops, implements, enhances, integrates, and maintains IAM tools, technologies and services, including Active Directory, ADFS, F5 APM, Azure and Shibboleth.
Collaborates in the design, implementation, and support of the IAM technologies.
Assists in efficiency improvements by recommending process changes as well as developing solutions to automate and orchestrate repeatable tasks for IAM.
Develops system access and security implementation plans derived from operational customer needs and requests.
SR IDENTITY & ACCESS MANAGEMENT ENGINEER:
All the duties of the Identity & Access Management Engineer III plus:
Participates as a subject matter expert in the analysis and design of identity and access management solutions and services.
Identifies the broader impact of current decisions related to user access, data access and information security.
Aligns IAM processes across the University and develop and document standards for university use.
Supervision Exercised:
None.
Employee Group: Professional & Administrative - Salary
Staff Pay Level:
Pay Range: $70,000 - $90,000
Division: President
Department: Information Security - OIT
Position Status: Regular
Position End Date:
Employment Status: Full-Time
FTE: 1.0
Position Type: 12 month
Weekly Work Schedule: 8am-5pm, M-F, occasional weekends and evenings
Location: Mount Pleasant, MI
Posting Ends:
Open Until Filled: Yes
About the Department:
About CMU:
Central Michigan University has a more than 125-year legacy of preparing students to become leaders and changemakers in their communities and in their personal and professional lives.
We serve nearly 15,500 students on our Mount Pleasant campus, in satellite locations around the state and throughout the country, and through flexible online programs. Many of our approximately 300 undergraduate, master s, specialist and doctoral programs in the arts, media, business, education, human services, health professions, liberal arts, social sciences, medicine, science and engineering are nationally ranked for excellence.
CMU leads the nation in leadership development programming through our Sarah R. Opperman Leadership Institute, and we are proud to be among only 5% of U.S. universities in the top two Carnegie research classifications. Our faculty work with graduate and undergraduate students in areas such as Great Lakes research, medical innovation, engineering technology and more.
Central is home to 17 men's and women's Division 1 sports including football, basketball, gymnastics, baseball, wrestling and more. Our student-athletes achieve great success in competition and in the classroom, capturing Mid-American Conference championships and maintaining an average cumulative GPA of 3.17.
CMU is located in Mount Pleasant, a community that blends the best of small-town living with big-city amenities. It s part of the culturally varied and vibrant Great Lakes Bay Region that also includes Saginaw, Bay City, Midland and the state's largest Native American community, centered on the Saginaw Chippewa Isabella Reservation in Mount Pleasant.
Area residents enjoy the mix of outdoor activities, cultural events, shopping and dining options, and family attractions. Other major Michigan destinations and attractions - Lansing, Grand Rapids, Detroit, Traverse City, wineries, beaches, golf and ski resorts, and many more - are within easy reach of the city's central location in Michigan's Lower Peninsula.
CMU employees enjoy access to a nationally recognized wellness program along with health care and benefits that exceed regional, state and national norms.
CMU Leadership Standards:
Central Michigan University is a place where we value students and work for their success, where we act as family, and where employees are engaged, appreciated and have extraordinary opportunities to make a difference.
We intentionally maintain and strengthen the hallmark CMU culture that sets us apart from our peers by expecting CMU leaders and employees to model the following Leadership Standards and develop them within their teams.
Please review the before applying for this position.
Message to Applicants:
Central Michigan University is dedicated to fostering an environment that is reflective of the communities we serve. We are especially interested in highly qualified candidates who will advance and promote CMU's mission, vision, and leadership standards.
You must submit an on-line application in order to be considered as an applicant for this position.
Cover letters may be addressed to the Hiring Committee.
This position will remain open until filled. The university reserves the right to close the recruitment process once a sufficient applicant pool has been identified. For best consideration, please submit application materials on or before April, 27th 2026.
To apply, visit
CMU is an Equal Opportunity Employer and institution. CMU does not discriminate against persons based on age, color, disability, ethnicity, familial status, gender, gender expression, gender identity, genetic information, height, marital status, national origin, political persuasion, pregnancy, childbirth or related medical conditions, race, religion, sex, sex-based stereotypes, sexual orientation, transgender status, veteran status, or weight.
If you wish to see "Know Your Rights" posters, please .
CMU does not discriminate on the basis of sex in the education program or activity that it operates, including admission and employment, and is required by Title IX of the Education Amendments of 1972 not to discriminate in such a matter.
Inquiries about the application of Title IX can be made to CMU's Title IX Coordinator, the US Department of Education's Assistant Secretary, or both.
CMU's Title IX Coordinator can be reached at:
Phone:
Office: 103 E. Preston St.
Bovee University Center, suite 306
Mount Pleasant, MI 48858
Email:
Never miss an opportunity! Create an alert based on the job you applied for.
