IAM Engineer

IT@JH Enterprise Messaging and Directory is seeking an IAM Engineer is responsible for designing, developing, testing, implementing, and integrating identity and access management frameworks, systems, and protocols. This role involves developing and implementing IAM systems, including Single Sign-On (SSO), authentication, Privilege Identity Management, Privilege Access Management, Certificate Services, PKI, Conditional Access, Data Loss Prevention, and access controls, to ensure the confidentiality, integrity, and availability of IAM systems and data. The IAM Engineer works closely with security teams and other stakeholders to create secure and scalable IAM solutions that meet the organization’s needs.

IAM Engineers ensure that IAM systems are effectively integrated with existing infrastructure, providing seamless and secure access for users. They conduct regular assessments to identify and mitigate risks, ensuring compliance with security policies and regulatory requirements. IAM Engineers are responsible for ensuring the application of Zero Trust principles for identity and access solutions. The IAM Engineer also stays abreast of emerging IAM technologies and trends, recommending and implementing improvements to enhance the organization’s security posture.

Specific Duties & Responsibilities

• Develop and Implement IAM Solutions: Design, develop, implement, and maintain identity and access management solutions and systems, including Single Sign-On (SSO), authentication, Privilege Identity Management, Privilege Access Management, Certificate Services, PKI, Conditional Access, Data Loss Prevention, and access controls.
• Technical Troubleshooting: Troubleshoot, identify, and resolve technical IAM-related issues.
• System Improvement: Enhance IAM solutions and systems to protect against evolving threats and improve efficiency.
• Best Practices Coaching: Coach organization members on IAM best practices.
• Stay Informed: Stay up-to-date on current IAM threats and industry solutions.
• Technology Stack Support: Support the IAM technology stack, including monitoring, hygiene, enhancements development, and ensuring operational security systems.
• Active Directory Integration: Assist project teams with Active Directory integration patterns using AD and Azure AD, Azure MFA, ADFS & Azure Federation, and SSO patterns.
• Proactive Problem Solving: Identify gaps and develop solutions to routine problems proactively.
• System Updates: Plan and implement updates to maintain, monitor, and support enterprise IAM tools.
• In-Depth Understanding: Obtain an in-depth understanding of IAM enterprise technologies and key business and security drivers.
• Technology Evaluations: Participate in ongoing technology evaluations and stay current with technology trends and industry standards.
• Customer Communication: Communicate with customers to clarify requests, report status, or provide information as needed.
• Continual Improvement: Drive continual improvement processes to enhance the end-user experience, increase technology value, and improve security posture.
• Stakeholder Collaboration: Work closely with key stakeholders to understand requirements and drive the design, development, and implementation of IAM system improvements.
• Artifact Collection and Testing: Collect and qualify required artifacts, develop test plans, and lead application implementation efforts to ensure success.
• Risk Mitigation: Conduct regular assessments to identify and mitigate risks, ensuring compliance with security policies and regulatory requirements.
• Seamless Integration: Ensure IAM systems are effectively integrated with existing infrastructure, providing seamless and secure access for users.
• Security Posture Enhancement: Recommend and implement improvements to enhance the organization’s security posture, staying abreast of emerging IAM technologies and trends.
• Zero Trust Principles: Apply Zero Trust principles to identity and access solutions, ensuring robust security frameworks are in place.

Technical Qualifications and Specialized Certifications

• Extensive IAM Experience: Deep understanding of Identity and Access Management (IAM) principles and technologies.
• IAM Tools: Skilled in designing, implementing, and managing IAM tools and platforms, such as Microsoft Entra, Privileged Access Management (PAM), and Privileged Identity Management (PIM).
• Microsoft 365 Administration: Strong knowledge of Microsoft 365 and related IAM solutions.
• Digital Certificates and PKI: Expertise in managing digital certificates and designing, implementing, and managing Public Key Infrastructures (PKI).
• SSO and MFA Solutions: Familiarity with designing, implementing, and maintaining Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions.
• Zero Trust Principles: In-depth understanding of Zero Trust principles and their application in IAM.
• Programming/Scripting Skills: Proficiency in programming or scripting languages such as PowerShell, Python, and SQL.
• Technical Troubleshooting: Strong skills in troubleshooting and resolving IAM-related technical issues.
• System Improvement: Experience in enhancing IAM solutions to counter evolving threats and improve efficiency.
• Active Directory Integration: Knowledge of Active Directory and Azure AD integration patterns, including Azure MFA, ADFS, and SSO patterns.
• Risk Assessment and Mitigation: Ability to conduct regular assessments to identify and mitigate risks, ensuring compliance with security policies and regulatory requirements.
• Technology Stack Support: Experience in supporting the IAM technology stack, including monitoring, hygiene, and enhancements development.
• Stakeholder Collaboration: Proven ability to work closely with key stakeholders to understand requirements and drive the design, development, and implementation of IAM system improvements.
• Continual Improvement: Commitment to driving continual improvement processes to enhance the end-user experience, increase technology value, and improve security posture.
• Customer Communication: Strong communication skills to clarify requests, report status, and provide information as needed.
• Technology Evaluations: Participation in ongoing technology evaluations and staying current with technology trends and industry standards.

Special Knowledge, Skills, and Abilities

• Must possess strong technical skills and independently stay current with identity and access management technology and best practices.
• Ability to establish priorities, work independently, and proceed with objectives without supervision.
• Must demonstrate strong critical thinking and analytical reasoning skills.
• Ability to work on multiple priorities effectively.
• Ability to execute assigned project tasks within an established schedule.
• Ability to work collaboratively in a hybrid team environment.
• Ability to communicate effectively in the service of users and colleagues.
• Writes and communicates clearly and concisely.
• Possesses sound documentation skills.
• Ability to maintain confidentiality.
• Must demonstrate exemplary customer service skills.

Specific Devices, Software, Projects 

• Responsible for the entire identity lifecycle for all JH Identities
• Microsoft SQL
• Powershell
• Microsoft Identity Manager

• Azure AD Connect
• School Data Sync
• Azure Active Directory
• SQL Reporting Services
• PowerBI

Scale/size of area, project and/or System Supported

• IAM Team oversees the management of hundreds of thousands of accounts across multiple Azure tenants, ensuring secure and streamlined identity solutions on an enterprise scale.
• Responsible for numerous data integrations that support essential enterprise operations.

• Includes large-scale projects that drive the success of enterprise initiatives, leveraging identity and access management to support secure, efficient, and compliant data usage throughout the organization.

On Call Requirements

• Yes, this position requires participation in the on-call rotation, with each rotation lasting one week.

• Bachelor’s Degree required.
• Five years of related experience in identity and access management (IAM), cybersecurity, computer science, computer information systems, or related fields.
• Additional education may substitute for required experience, and additional experience may substitute for required education to the extent permitted by the JHU equivalency formula.

• Bachelor’s Degree in Computer Science, Information Technology, or a related field.

Classified Title: IAM Engineer 
Role/Level/Range: ATP/04/PF  
Starting Salary Range: $85,500 - $149,800 Annually (Commensurate w/exp.) 
Employee group: Full Time 
Schedule: Mon-Fri 8:30am-5:00pm 
FLSA Status: Exempt 
Location: Remote 
Department name: 10003718-IT@JH Enterprise Directory and Messaging 
Personnel area: University Administration