Privileged Access Management (PAM) Engineer

University of California San Francisco•San Francisco, CA

About The Position

The Identity and Access Management (IAM) Privileged Access Management (PAM) Engineer will be responsible for the development, implementation, and maintenance of IAM solutions that align with the University's security policies and requirements. This includes evaluating hosting platforms, configuration technologies, and ensuring consistency between production and non-production environments. This role will partner closely with the IAM Director, IAM Managers, Senior Engineers, Administrators, Analysts, various departments across the University, and external vendors to ensure that access and identity data are granted to users in a secure, compliant, and efficient manner. The IAM PAM Engineer is an important part of the Privileged Access Management (PAM) team and participates in designing, implementing, and maintaining the technical infrastructure that manages privileged accounts and access within UCSF. This role involves ensuring that privileged access is secure, monitored, and compliant with UCSF policies and regulatory requirements. The IAM PAM Engineer works with various PAM tools and technologies to safeguard critical systems and data from unauthorized access and potential security breaches. The IAM PAM Engineer will positively impact the University of California, San Francisco’s (UCSF) operations and culture by protecting University stakeholders’ information and data in service of the institution’s academic, medical, and research mission. This team member will advance the University’s mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCSF’s vision while modeling UCSF’s culture and values. The final salary and offer components are subject to additional approvals based on UC policy. Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement. The salary range for this position is $101,300 - $216,700 (Annual Rate). To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html

Requirements

Bachelor’s Degree or equivalent combination of experience/training in one or more of the following fields: cybersecurity, information technology, computer science, public administration, business administration, communications.
3+ years of experience working in one or more of the following fields: cybersecurity, computer science, computer information systems, etc.
Experience with the implementation and integration of Identity and Access Management (IAM) systems and tools.
Demonstrated skills applying security controls to computer software and hardware.
Hands-on experience with directory services (e.g., Active Directory, Lightweight Directory Access Protocol (LDAP)), Privileged Access Management solutions (e.g., CyberArk, Beyond Trust, Delinea).
Basic understanding of Linux, Windows Server Administration, and Unix servers.
Knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.
Proficient in scripting and programming languages (e.g., PowerShell, Python, Java) for automation and integration purposes.
Experience in incident response and digital forensics including reporting.
Strong written and verbal communication skills and ability to communicate technical information and ideas to a diverse community of colleagues and stakeholders.
Ability to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.
Strong organizational skills and ability to balance competing priorities and support concurrent projects.
Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.
Demonstrated problem-solving skills; ability to scope solutions based on knowledge of available resources and timelines.
Ability to ask questions, gather information, evaluate options, and make decisions with integrity.

Nice To Haves

Experience with the Delinea solutions is highly desired.
One or more of the following certifications: CCNP Security, Cisco Certified Internetwork Expert (CCIE) Security, Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or equivalent Cisco Certified Internetwork Expert (CCIE) Security

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume