Identity and Access Management Engineer
Indexed description
AmSC is a first-of-its-kind, federally funded cloud infrastructure and API platform designed to accelerate AI model development, data sharing, and large-scale computational science across the U.S. Department of Energy (DOE). ORNL is a premier research institution delivering breakthroughs in energy, national security, and advanced computing.
ORNL delivers scientific discoveries and technical breakthroughs needed to realize solutions in energy and national security and provides economic benefit to the nation. This premier research institution located near Knoxville in Oak Ridge, TN, addresses national needs through impactful research and world-leading research centers.
- Please note: The first step in the interview process requires candidates to join a Microsoft Teams meeting with the video turned on.**
- Working with highly talented team members
- 3 weeks’ vacation
- Excellent medical insurance, including employer-paid benefits
The project is a multi-Lab and Public-Private Partnership endeavor, working in tandem with the Models Consortium (ModCon) who will deploy transformative AI models and services to the platform. Key DOE capabilities, such as the Frontier (ORNL), Aurora (ANL), Perlmutter (NERSC, at LBL), Energy Services Network (ESnet, at LBL), and the High Performance Data Facility (HPDF, at JLab) will be directly integrated, allowing multi-site workflows.
The Team:
As an Identity and Access Management Engineer you will work within the L2 Infrastructure Services group of AmSC to support identity management solution architecture, deployment and administration on our multi-cloud central hub infrastructure. The AmSC identity infrastructure supports teams from many different DOE labs and locations deploying a variety of AI and HPC services both on-prem and in cloud environments.
Your primary responsibilities will be to design and build an Identity Management platform and federation hub that promote collaboration within the AmSC, enabling researches to seamlessly leverage AmSC infrastructure and services for their projects. You will be one of the first full-time AmSC staff members, and this presents a unique opportunity to build something new and exciting.
Job Responsibilities:
- Contribute to the architecture, development and implementation of an Identity and Access Management platform
- Collaborate with application developers and owners to establish robust integrations
- Plan, execute and document application onboarding of a diverse and growing application set
- Collaborate with IAM personnel from other organizations to design, build and administer a federation hub, allowing users to access resources at any participating facility
- Build out and enable ABAC, RBAC, least privilege access and other common IAM standards
- Deploy, configure and support identity and access management services such as single sign on (SSO), OAuth, MFA, zero trust, etc….
- Lead incident response, providing advanced troubleshooting and building out of monitoring and alerting systems
- Define and implement define KPIs, processes and drive continuous improvement.
- Participate in on-call rotation providing 24-hour, 7-day support and off-hours maintenance windows.
- Coordinate with vendors to resolve hardware and software problems.
- Deliver AmSC’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace – in how we treat one another, work together, and measure success.
- Bachelor’s Degree in computer science or closely related field and a minimum of 5 years of experience as an Identity and Access Management engineer. An equivalent combination of education and experience may be considered.
- The ability to obtain and maintain a Department of Energy "Q" clearance is required. This requires US Citizenship.
- Extensive experience in Identity and Access Management supporting SSO, OAuth, MFA, and API development
- Excellent interpersonal/communication skills, and the ability to work as part of a team.
- Proven track record leading and driving the delivery of large, complex IAM projects
- Experience with the Ping suite of IAM products, bonus points for Ping Government Identity Cloud experience
- Extensive experience with web authentication implementation such as SAML, OAuth, API-token, REST, etc.
- Experience in directory services and directory structure, specifically using LDAP and/or PingDirectory
- Experience implementing RBAC and ABAC in complex enterprise environments
- Strong experience in identity federation design and implementation using standards like OIDC and SAML to manage user identities across disparate systems
- Experience with Automation and scripting (Python, etc…) for IAM tasks
- Working knowledge of cloud application architecture patterns and a thorough grasp of common products and managed services for at least one Cloud Service Provider (e.g. AWS)
- Working knowledge of Unix system fundamentals and common network protocols.
- Solid understanding of cloud computing networking concepts.
- Ability to proactively identify performance issues, problems, and areas for improvement.
- Ability to identify requirements and to define, plan, and implement requisite solutions.
- An understanding of code review and familiarity with tools like GitHub and GitLab
- Experience using tools such as Nagios, Grafana and Prometheus to monitor systems, metrics, and create dashboards.
Cadre5 is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. Cadre5 is an E-Verify Employer.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search