Identity Management Developer (CEMI)

Cornell UniversityIthaca, MI
$72,209 - $83,896Remote

About The Position

Reporting to the Assistant Director for Identity & Access Management, the Identity Management Developer (CEMI) provides cybersecurity-focused technical leadership and engineering expertise in support of Cornell University’s Identity & Access Management services within the university IT Security Office (ITSO). This position plays a key role in ensuring the secure, reliable, and effective delivery of enterprise authentication, authorization, and directory services that underpin the university’s academic, research, and administrative operations. The Identity Management environment at Cornell consists of a diverse ecosystem of homegrown, open-source, and vendor-provided applications and services. The Security Engineer operates primarily in an engineering-focused capacity, contributing deep technical expertise to the design, planning, implementation, and ongoing improvement of identity services. This role is instrumental in maintaining a strong security posture while enabling scalability, resiliency, and ease of use for a broad and varied campus community. In addition to technical leadership, this position serves as a key liaison between ITSO, campus business units, and external partners. The Security Engineer supports strong service relationships by helping stakeholders understand identity service capabilities, status, and access processes, and by translating complex technical concepts into clear, non-technical guidance when needed. The role also contributes to the evolution of next-generation Identity Management solutions by collaborating with vendors, peer institutions, and internal partners to stay current with emerging technologies and best practices in higher education cybersecurity. The Security Engineer is expected to work collaboratively within the Identity Management team and across ITSO to meet service levels, support operational objectives, and respond effectively to system outages or changes, including availability outside of standard university business hours when required. This is a two (2) year term appointment which may be ended or extended based on organizational needs, funding availability, and performance. While position responsibilities vary, every member of our community is expected to foster a culture of belonging and a healthy work environment by communicating across differences; being cooperative, collaborative, open, and welcoming; showing respect, compassion, and empathy; engaging and supporting others regardless of background or perspective; speaking up when others are being excluded or treated inappropriately; and supporting work/life integration of oneself and others.

Requirements

  • Bachelor’s degree with a minimum of three to five years of relevant experience, or an equivalent combination of education and experience.
  • Demonstrated success providing technical support and application or middleware development in a distributed, team-focused computing environment.
  • Demonstrated expertise with one or more scripting or programming languages, such as Java, Perl, Python, and/or VB (.NET), ReactJS, Ruby, and/or PHP
  • Approximately 1 year+ of professional experience developing ReactJS applications and/or Ruby on Rails.
  • System administration experience with Linux required; and Windows experience preferred.
  • Working to advanced knowledge of one or more identity and access management technologies, including directory services, virtual directories, SAML2, OAuth2, LDAP, and Active Directory authorization technologies.
  • Proven experience writing technical design documentation, conducting code reviews, and working with version control systems such as Git.
  • Ability to translate user and business needs into clear functional requirements and technical specifications, and to promote effective and efficient information sharing.
  • Demonstrated ability to communicate complex Identity Management concepts—including system functions, capabilities, and processes—into business terms that are clear, accessible, and meaningful to non-technical stakeholders.
  • Proven ability to work effectively in a dynamic, deadline-driven, and complex environment with multiple competing priorities.
  • Strong facilitation, problem-solving, analytical, reasoning, and judgment skills, with the ability to evaluate options and recommend sound technical solutions.
  • Experience supporting and managing mission-critical systems in a production environment, including troubleshooting and incident response.
  • Proven ability to identify, scope, and implement opportunities for automation or architectural improvements that enhance system reliability, security, or efficiency.
  • Ability to cultivate and develop inclusive working relationships with students, faculty, staff, and community members.

Nice To Haves

  • Experience working in higher education, research, or similarly complex enterprise environments, particularly those with diverse identity populations and federated access needs.
  • Familiarity with cloud-based identity platforms and services (e.g., Azure AD, AWS IAM, Google Identity, or similar).
  • Experience with identity lifecycle management, provisioning/de-provisioning workflows, and access governance.
  • Knowledge of zero trust, least-privilege, and modern identity security architectures.
  • Experience integrating identity services with enterprise applications, including SaaS platforms and custom applications.
  • Demonstrated experience participating in cross-functional technical initiatives, including collaboration with security, infrastructure, and application teams.
  • Experience supporting incident response, audits, or compliance efforts related to identity and access management.
  • Familiarity with DevOps or CI/CD practices, automated deployments, and infrastructure-as-code concepts.
  • Strong customer-service orientation with the ability to balance security requirements with usability and operational needs.

Responsibilities

  • Provides cybersecurity-focused technical leadership and engineering expertise in support of Cornell University’s Identity & Access Management services.
  • Ensures the secure, reliable, and effective delivery of enterprise authentication, authorization, and directory services.
  • Contributes deep technical expertise to the design, planning, implementation, and ongoing improvement of identity services.
  • Maintains a strong security posture while enabling scalability, resiliency, and ease of use.
  • Serves as a key liaison between ITSO, campus business units, and external partners.
  • Helps stakeholders understand identity service capabilities, status, and access processes.
  • Translates complex technical concepts into clear, non-technical guidance.
  • Collaborates with vendors, peer institutions, and internal partners to stay current with emerging technologies and best practices.
  • Works collaboratively within the Identity Management team and across ITSO to meet service levels and support operational objectives.
  • Responds effectively to system outages or changes, including availability outside of standard university business hours when required.
  • Fosters a culture of belonging and a healthy work environment.

Benefits

  • Comprehensive health care options
  • Generous retirement contributions
  • Access to wellness programs
  • Employee discounts with local and national retail brands
  • Health and personal leave
  • Three weeks of vacation
  • 13 holidays: Martin Luther King, Jr. Day, Memorial Day, Juneteenth, Independence Day, Labor Day, Thanksgiving and the day after, and an end of the year winter break from December 25-January 1.
  • Two additional floating holidays
  • Tuition-free Extramural Study and Employee Degree Program
  • Tuition aid for external education
  • Cornell Children's Tuition Assistance Program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service