Authentication Service Manager (IAM Engineer) (IT-PW-IAM-2025-51-LD)

Company Description

At CERN, the European Organization for Nuclear Research, physicists and engineers are probing the fundamental structure of the universe. Using the world's largest and most complex scientific instruments, they study the basic constituents of matter - fundamental particles that are made to collide together at close to the speed of light. The process gives physicists clues about how particles interact, and provides insights into the fundamental laws of nature. Find out more on http://home.cern.

Job Description

Introduction

Are you ready to be at the heart of the daily digital experience of thousands of researchers and engineers, as CERN’s Authentication Service Manager? Become a key contributor of the Identity and Access Management team.

You will join the Platforms & Workflows group in the IT department (https://information-technology.web.cern.ch/), where ~30 experienced engineers are responsible for providing a wide spectrum of centrally managed services, such as identity and access management, platforms for developers and researchers, as well as solutions for content authoring and websites hosting.

Functions

As CERN’s Authentication Service Manager - specifically for the Single Sign On (SSO) platform - you will interact with stakeholders across CERN and ensure the service meets the needs of a critical infrastructure component. SSO, based on Keycloak, was introduced in 2019. This is one of the most widely used IT building blocks at CERN and there is significant scope to continue enhancing its usability, security and reliability to improve the daily working environment for all collaborators. In addition, this role will include technical leadership of related services for computing grid workflows.

Specifically, you will:

• Lead the development and operations of the Single Sign On and related services
• Ensure that expectations are met as a critical service for CERN
• Enhance the service to meet the evolving needs of the organisation
• Provide support, documentation, training etc. to the user community
• Contribute to the service codebase and supervise such activities
• Create and maintain contacts with relevant partners (Keycloak developers, industry, research organisations)

Qualifications

• Master's degree or equivalent relevant experience in the field of Computer Science or a related field.

Experience:

We are looking for someone with the following demonstrated experience/skills:

• Operating and optimising large-scale, mission-critical production services
• Extensive experience with troubleshooting system integrations and technical user support
• Knowledge of authentication protocols: oIDC, SAML, Kerberos, X.509 certificates

Technical competencies:

• Administration of computing systems: upgrades, application of security patches, system and data migrations, backup and recovery
• Knowledge and application of software life-cycle tools and procedures: proficiency with Git, GitLab, CI/CD tools, Kubernetes, GitOps
• Knowledge of best practices for implementing ICT security standards and policies
• Knowledge of programming techniques and languages: python, Java, ReactJS
• Capturing and analysis of requirements for ICT systems

Behavioural competencies:

• Leading with Strength and Credibility: making timely decisions that balance systematic analysis with decisiveness; dealing with difficulties in a timely manner
• Achieving Results: delivering high quality work on time and fulfilling expectations
• Solving Problems: adopting a pragmatic approach; understanding the value of adopting generic rather than gold -plated' technical solutions
• Working in Teams: working well in groups and readily fitting into a team; participating fully and taking an active role in team activities
• Creating Vision and Strategic Partnerships: participating, encouraging and actively supporting cross-functional and cross-departmental work and projects Recognizing the benefits of collaboration with external partners, understanding their functioning and developing a strong network within the sector

Language skills:

Spoken and written English: ability to draw-up technical specifications and/or scientific reports and to make oral presentations in English.

Additional Information

Eligibility and closing date:

Diversity has been an integral part of CERN's mission since its foundation and is an established value of the Organization. Employing a diverse workforce is central to our success. We welcome applications from all Member States and Associate Member States.

This vacancy will be filled as soon as possible, and applications should normally reach us no later than 27.04.2025

Employment Conditions

Contract type: Limited duration contract (5 years). Subject to certain conditions, holders of limited-duration contracts may apply for an indefinite position.

Working Hours: 40 hours per week

This position involves:

• Stand-by duty, when required by the needs of the Organization.

Job grade: 6-7

Job reference: IT-PW-IAM-2025-51-LD

Benchmark Job Title: Computing Engineer

Please make sure you have all the documents needed to hand as you start your application, as once it is submitted, you will not be able to upload any documents or edit your application further