OverviewThe
Identity Infrastructure Engineer combines analytical ability, technical skills, security orientation, and creative thinking to contribute to IAM projects, engineering, and operations. They collect requirements, evaluate technologies, and recommend solutions for identity and access management services. They apply sound security orientation and customer focus to deliver high quality services. They are responsible for or oversee specific areas in the planning, design, installation, testing, and maintenance of various security and data protection technologies that support the teaching, research, and business functions of the university.
The Engineer collaborates with members of both IAM and other teams on the design, development, and operation of application interfaces, data flows, and authentication services both on premise and in cloud services. They leverage emerging and established technologies such as continuous integration pipelines, infrastructure-as-code, and container orchestration to deploy, configure, and maintain applications. They evaluate, deploy, and operate vended services and internal tools. They plan transition of legacy systems to modern replacements, evaluate new and emerging access management solutions, and stay current with industry developments. They participate in on-call and after-hours duties as required.
The person in this position works both on teams and independently, requiring only limited supervision.
This is a hybrid position, based in Princeton, NJ.
ResponsibilitiesIdentity and Access Management Engineering and Development:- Collect requirements, recommend solutions, configure software, and create scripts to manage and maintain the enterprise account lifecycle management infrastructure and software
- Develop, configure, maintain, and administrate enterprise identity and security systems including directory services (Active Directory), cloud IAM solutions (EntraID), single sign-on services, multi-factor authentication systems, attribute-based access controls, password management solutions, and others.
- Develop and deploy continuous integration/deployment pipelines, container orchestration, script-based automation, and software solutions to support IAM services and applications as required.
- Provide advice, consultation, training, and tooling to campus partners wishing to take advantage of the IAM services enumerated above.
Operations Engineering:- Serve as a primary subject expert for one or more of the following technologies:
- Public Key Infrastructure and certificates
- Microsoft Active Directory
- Microsoft Identity Manager
- Single Sign-On services including saml2 and Open ID Connect
- Microsoft EntraID
- Attribute-Base Access Control using groups
- Scripting and automation
- Apache/Tomcat/IIS operations
- Serve as a secondary subject matter expert for one or more of the above.
- Utilize continuous integration/deployment pipelines to manage software configurations, deploy and update applications, and deliver security patches to IAM applications both on-premises and in cloud services
Operational Support:- Troubleshoot and resolve authentication and authorization application problems, access control issues, and other IAM support needs as required
- Document code and configurations.
- Respond to requests and incidents raised in the IT Service Management system.
- Participate in after-hours on-call rotation.
- Ensure services and systems are reliably monitored for security and performance.
- Ensure compliance with change management and other administrative policies.
Professional Development:- Build technical expertise in security operations, security engineering, identity and access management, software development security, cloud migrations and operations, and others as required
- Learn the functions of new software products to facilitate the use of emerging technology.
QualificationsEssential Qualifications:- Five (5) years of systems development experience, including analysis, design, implementation, and operations, including three (3) years of experience with IAM technologies such as user provisioning, authentication, authorization, and access management.
- Experience with Microsoft Active Directory, Single Sign-On (saml2, OIDC), Attribute-Based Access Management (directory groups, roles, and similar), and/or Microsoft EntraID.
- Strong collaboration and teamwork in the pursuit of operational excellence.
- The ability to develop ideas and strategies to communicate with a diverse user base having various levels of technical proficiency.
- Ability to prioritize tasks, self-direct, operate remotely, and achieve goals with only general supervision.
- A dedication to career and professional development both for oneself and one's peers and colleagues
- Education: A bachelor's degree or equivalent work-related experience
Preferred Qualifications:- Experience with technologies including storage, Infrastructure-as-Code, Continuous Integration/Continuous Deployment pipelines, container orchestration, web server configuration, Software-, Platform-, and Infrastructure-as-a-Service concepts.
- Experience with Multi-Factor Authentication solutions, particularly Duo
- Strong oral and written communication skills
- Demonstrated success working in a collaborative environment as well as independently
- Programming, scripting, and/or web development experience using JavaScript, Java, C#, ASP.Net, PowerShell, Python or a combination
- Understanding of IT Service Management (ITIL certification preferred)
- Understanding of common information security concepts such as the CIA triad, defense-in-depth, least privilege, etc.
- Experience applying the NIST cyber security framework. CompTIA or ISC2 certifications given preference.
Princeton University is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law.
The University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's qualifications, work experience, education/training, key skills, market, collective bargaining agreements as applicable, and organizational considerations when extending an offer. The posted salary range represents the University's good faith and reasonable estimate for a full-time position; salaries for part-time positions are pro-rated accordingly.
If the salary range on the posted position shows an hourly rate, this is the baseline; the actual hourly rate may be higher, depending on the position and factors listed above.
The University also offers a comprehensive benefit program to eligible employees. Please see this link for more information.
Standard Weekly Hours36.25
Eligible for OvertimeNo
Benefits EligibleYes
Probationary Period180 days
Essential Services Personnel (see policy for detail)No
Physical Capacity Exam RequiredNo
Valid Driver's License RequiredNo
Experience LevelMid-Senior Level
#Ll-DP1
Salary Range$141,000 to $157,000
Never miss an opportunity! Create an alert based on the job you applied for.
