Job ID: 2023-17790 Type: Full-Time # of Openings: 1 Category: Information Technology
Are you looking for a job with a mission you can believe in? Does learning, applying, and sharing new information security skills excite you? Does a work culture based on collaboration and collegiality sound appealing? Princeton University is looking for you!
The Cloud Identity Engineer will develop, deploy, and operatecloud identity security services in support of the mission of Princeton University. Under the direction of the Associate Director for Identity and Access Management, the Engineer will help evaluate, implement, and configure cloud-based solutions for identity security services including account lifecycle management, authentication and authorization, conditional access, zero-trust enforcement, identity governance, and access management. The Engineer will collaborate with campus partners to develop and implement solutions intended to secure the data and intellectual property of the University and to protect the security and privacy of faculty, staff, students, and affiliates. The Engineer will work with IAM team members, application developers, system administrators, and cloud engineers to implement secure and cost-effective designs. The Engineer will help produce standard, repeatable, and auditable processes. The Engineer will investigate new technologies and standards and will make recommendations on their adoption. The Engineer will document processes, policies, and technical designs so that coworkers clearly understand how to operate and support cloud identity services. The Engineer will conduct troubleshooting, incident response, and customer service activities as required.
Cloud Identity Engineering:
Interpret requirements, recommend solutions, configure software, and write code to manage and maintain secure cloud identity services.
Develop, configure, maintain, and administrate enterprise cloud identity and security systems including Azure AD, single sign-on, multi-factor authentication, role- and attribute-based access controls, conditional access policies, secrets management, and others.
Develop and maintain continuous integration/deployment pipelines, container orchestration, script-based automation, and software solutions to support cloud identity services and applications as required.
Provide advice, consultation, training, and tooling to campus partners wishing to take advantage of the cloud identity services enumerated above.
Serve as a primary subject matter expert for one or more of the following technologies:
Microsoft Azure AD/Entra ID.
Single Sign-On/Identity Federation services including saml2, Open ID Connect, OAuth, social login, and others.
Conditional Access Policy configuration and management.
Attribute-Base Access Control using groups.
DevOps pipelines, Infrastructure-as-Code, secrets management,configuration management tools, container orchestration, and related technologies
Scripting and automation
Monitoring and alerting
Migrate identity and access management use cases from legacy, on-premises applications/services into cloud services.
Utilize continuous integration/deployment pipelines to manage software configurations, deploy and update applications, and deliver security patches to IAM applications in cloud services.
DevSecOps Strategy and Adoption:
Lead and sustain cultural change for agile DevSecOps practices including automated security testing, auditing, monitoring, attribute- and role-based access control, secrets management, and security by design.
Mentoring and Knowledge Sharing:
Mentor and coach team members to develop their knowledge and technical skills in cloud identity security, process automation, infrastructure as code, access management, and identity governance.
Maintain and share knowledge of new and developing technologies and industry standards related to cloud migrations and operations,identity security, security operations, security engineering, software development security and others as required.
Document code and configurations.
Respond to requests and incidents raised in the IT Service Management system.
Participate in after-hours on-call rotation.
Ensure services and systems are reliably monitored for security and performance.
Ensure compliance with asset, change, incident, and problemmanagementpolicies.
Acquire and maintain relevant certifications.
Maintain knowledge of modern application development best practices.
Keep pace with industry trends, new developments, and changing standards and requirements.
5 years of application, systems, or service development and operations experience, with at least 3 years of experience with cloudservices includingidentity management. Preference given to MS Azure AD/Entra ID experience.
Solid understanding of security best practices and related concepts such as the CIA triad, defense-in-depth, least privilege, etc.
Ability to successfully lead implementation effortsand projects.
Strong collaboration and teamwork in the pursuit of operational excellence.
Interest in learning new and developing technologies and industry standards and sharing that knowledge with peers and stakeholders.
Ability to interpret technical requirements and research, evaluate, and recommend technical solutions.
Education:Bachelorâ™s degree, or equivalent related work experience.
Experience designing and configuring infrastructure to meet application requirements.
Security and vendor certifications such as Security+, CCSP, Microsoft AZ-500 or similar.
Skill in leading training sessions, teaching new skills, and transferring knowledge to others.
Familiarity with IT service management(ITIL certification preferred)
In-depth scripting knowledge, preferably using PowerShell, Azure CLI, and/orBicep.
Experience with cloud development concepts such as container orchestration, Infrastructure as Code, source control, and/or integrated development environments.
Excellent written and oral communication skills, including experience writing and maintaining documentation.
Initiative and the ability to work with minimal supervision.
Ability to share responsibility for off-hours service outage support.
Experience with ITSM systems such as ServiceNow.
Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. KNOW YOUR RIGHTS
Princeton University is a vibrant community of scholarship and learning that stands in the nation's service and in the service of all nations. Chartered in 1746, Princeton is the fourth-oldest college in the United States. Princeton is an independent, coeducational, nondenominational institution that provides undergraduate and graduate instruction in the humanities, social sciences, natural sciences and engineering.As a world-renowned research university, Princeton seeks to achieve the highest levels of distinction in the discovery and transmission of knowledge and understanding. At the same time, Princeton is distinctive among research universities in its commitment to undergraduate teaching.Today, more than 1,100 faculty members instruct approximately 5,200 undergraduate students and 2,600 graduate students. The University's generous financial aid program ensures that talented students from all economic backgrounds can afford a Princeton education.