IAM Access Engineer

University of California San Francisco•San Francisco, CA

About The Position

The Identity and Access Management (IAM) Access Engineer will support the development, implementation, and maintenance of IAM solutions in alignment with the University's security policies and requirements. This role involves evaluating hosting platforms and configuration technologies to ensure consistency between production and non-production environments. The IAM Access Engineer will assist in designing, implementing, and managing systems that secure access to the University of California, San Francisco (UCSF) digital resources, ensuring only authorized users can access specific systems and data, thereby protecting UCSF from unauthorized access and potential security breaches. The IAM Access Engineer requires foundational experience in administering and supporting access and authentication solutions. This includes basic knowledge of advanced authentication infrastructures and troubleshooting skills. Practical experience with Shibboleth, Okta, and DUO multi-factor authentication (MFA) technologies is preferred. The IAM Access Engineer will positively impact UCSF’s operations and culture by ensuring UCSF’s IT infrastructure is operable, secure, efficient, and effective in service of the University’s mission. This team member will advance the University’s mission by delivering exceptional information technology services comprehensively and consistently across customers and stakeholders. This role will execute UCSF’s vision while modeling UCSF’s culture and values. The final salary and offer components are subject to additional approvals based on UC policy. Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement. The salary range for this position is $101,300 - $216,700 (Annual Rate). To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html

Requirements

Bachelor’s Degree or equivalent combination of experience/training in one or more of the following fields: cybersecurity, information technology, computer science, public administration, business administration, communications
3 to 5+ years of experience working in one or more of the following fields: cybersecurity, computer science, computer information systems, etc.
Experience with Implementation and integration systems and tools for Identity and Access Management (IAM).
Demonstrated skills applying security controls to computer software and hardware.
Hands-on experience with directory services (e.g., Active Directory, Lightweight Directory Access Protocol (LDAP)), single sign-on (SSO) technologies, and multi-factor authentication (MFA) solutions.
Understanding of role-based access control (RBAC), attribute-based access control (ABAC), and other access control methods.
Knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.
Understanding of authentication protocols such as SAML, ODIC/OAuth.
Understanding of authentication solutions such as Okta, Entra ID, Ping, etc.
Proficient in scripting and programming languages (e.g., PowerShell, Python, Java) for automation and integration purposes.
Experience in incident response and digital forensics, including reporting.
Strong written and verbal communication skills and ability to communicate technical information and ideas to a diverse community of colleagues and stakeholders.
Ability to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.
Strong organizational skills and ability to balance competing priorities and support concurrent projects.
Experience working in a project-based environment using leading project management practices, including schedule management, status reporting, and communication of project risks and issues.
Strong demonstrated problem-solving skills; scopes solutions based on knowledge of available resources and timelines.
Ability to ask questions, gather information, evaluate options, and make decisions with integrity.
Ability to think creatively and propose innovative ideas, including the incorporation of new technologies or processes.
Ability to work with agility in a fast-paced environment.

Nice To Haves

Experience in complex higher education environments, serving academic, medical, and research, medical, and research and administrative functions of a large public university.
One or more of the following certifications: CCNP Security, Cisco Certified Internetwork Expert (CCIE) Security, Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or equivalent Cisco Certified Internetwork Expert (CCIE) Security
Practical experience with Shibboleth, Okta, and DUO multi-factor authentication (MFA) technologies is preferred.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume