Senior Security Development Engineer

UNC-Chapel Hill•Chapel Hill, NC

11d•Remote

About The Position

This position is a 100% remote work arrangement, consistent with System Office policy. UNC Chapel Hill employees are generally required to reside in North Carolina, within a reasonable commuting distance of their assigned duty station. The Information Security Office coordinates the institution’s response to cyber risk, operates critical organization-wide security controls, and reports on the state of the security program to University leadership and the Board of Trustees. The UNC -CH security program ensures the institution meets relevant cybersecurity legal, statutory, regulatory, and compliance obligations across all aspects of the University mission. Identity and Access Management ( IAM ) is a part of the UNC -CH information security office. Identity is the primary ‘battleground’ of cybersecurity worldwide. Reporting to the IAM Manager, the Senior Software Development Engineer is a core member of the team responsible for delivering the University’s written five-year information security strategy. That strategy addresses a specific set of governance, policy, business process, technology, and change management failures that collectively define the University’s current identity risk exposure. The central initiative within that strategy is the Authentication Modernization Initiative ( AMI ): a top-down redesign of how the University manages credentials, enforces phishing-resistant authentication, and governs identity lifecycle across a highly distributed environment. This role carries two concurrent responsibilities: active participation in the design and implementation of AMI , and ownership and operation of the existing production identity environment throughout the transition. Both require a high level of independent judgment. This role collaborates directly with the IAM Architect and IAM Business Analyst to design, implement, and operationalize solutions, and with the Senior Operations Engineer to ensure the new environment is built on reliable, scalable operational practices. Success in this role requires more than technical depth. The person in this role must be driven first by the security mission: identifying what the institution needs and delivering it, even when objectives are ambiguous or obstacles intervene. They must exercise sound independent judgment on system design and process, with an orientation toward simplicity and scalability rather than complexity. They must earn and sustain trust across a wide range of partners — technical and non-technical, within ISO and across the University — through honest, reliable, and accountable behavior. And they must demonstrate a bias for action: the ability to distinguish decisions that warrant careful analysis from those that warrant speed, and to act accordingly. The University is not looking for a person who maintains what exists. It is looking for a person who sees where identity security must go and helps drive the program there.

Requirements

Substantial experience in identity and access management, including directory services, federation protocols, and authentication systems.
Familiarity with technologies such as Kerberos, LDAP , Active Directory, Entra ID, SAML , or equivalent is expected.
Experience with single sign-on platforms and multi-factor authentication is required.
Experience designing and implementing complex, production-grade systems in environments where failures have institution-wide consequences.
The candidate must demonstrate a track record of sound independent judgment on architecture and operational design, not just implementation of designs provided by others.
Experience with modern software development practices including configuration management, peer review, and CI/CD pipelines.
Proficiency in at least one structured programming language and experience with integration technologies such as REST , SOAP , SQL , or equivalent.
Demonstrated ownership orientation: a track record of identifying what an organization needs, taking responsibility for delivering it, and sustaining that delivery through obstacles and competing priorities without requiring close direction.
Demonstrated ability to earn and sustain trust across a wide range of partners, including non-technical stakeholders, by communicating with clarity and honesty about progress, risk, and problems — including when the news is unwelcome.
Demonstrated bias for action: the ability to distinguish decisions that require careful deliberation from those that require speed, and to act decisively in both cases.

Nice To Haves

Experience with Internet2 Trusted Access Platform solutions, including Shibboleth, COmanage, or equivalent federation and collaboration tools.
Experience contributing to or maintaining open-source projects relevant to identity and access management.
Experience operating in large, decentralized organizations where security standards must be enforced across distributed technology environments without centralized control of infrastructure.
Experience working in hybrid environments spanning Linux and Windows, including both native and containerized workloads (Docker, Kubernetes, or equivalent).
Experience in a regulated environment requiring compliance with federal security standards such as NIST 800-63, HIPAA , or CMMC .

Responsibilities

Active participation in the design and implementation of AMI
Ownership and operation of the existing production identity environment throughout the transition

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume