Career Opportunities: IAM Engineer (117449)

IT@JH Enterprise Directory and Messaging is seeking an IAM Engineer who is responsible for designing, developing, testing, implementing, and integrating identity and access management frameworks, systems, and protocols. This role involves developing and implementing IAM systems, including Single Sign-On (SSO), authentication, Privilege Identity Management, Privilege Access Management, Certificate Services, PKI, Conditional Access, Data Loss Prevention, and access controls, to ensure the confidentiality, integrity, and availability of IAM systems and data. The IAM Engineer works closely with security teams and other stakeholders to create secure and scalable IAM solutions that meet the organization’s needs.

IAM Engineers ensure that IAM systems are effectively integrated with existing infrastructure, providing seamless and secure access for users. They conduct regular assessments to identify and mitigate risks, ensuring compliance with security policies and regulatory requirements. IAM Engineers are responsible for ensuring the application of Zero Trust principles for identity and access solutions. The IAM Engineer also stays abreast of emerging IAM technologies and trends, recommending and implementing improvements to enhance the organization’s security posture.

The position will be responsible for the development of and maintenance of M365 solutions and utilizing the capabilities of the M365 suite. This responsibility includes all aspects of the software development life cycle including requirements gathering, design, development, testing, deployment, security and support of custom solutions. The position will serve as a subject matter expert and provide technical guidance and support when necessary while maintaining a high level of responsiveness to customers.

Specific Duties & Responsibilities

• Develop and Implement IAM Solutions: Design, develop, implement, and maintain identity and access management solutions and systems, including Single Sign-On (SSO), authentication, Privilege Identity Management, Privilege Access Management, Certificate Services, PKI, Conditional Access, Data Loss Prevention, and access controls.
• Technical Troubleshooting: Troubleshoot, identify, and resolve technical IAM-related issues.
• System Improvement: Enhance IAM solutions and systems to protect against evolving threats and improve efficiency.
• Best Practices Coaching: Coach organization members on IAM best practices.
• Stay Informed: Stay up-to-date on current IAM threats and industry solutions.
• Technology Stack Support: Support the IAM technology stack, including monitoring, hygiene, enhancements development, and ensuring operational security systems.
• Active Directory Integration: Assist project teams with Active Directory integration patterns using AD and Azure AD, Azure MFA, ADFS & Azure Federation, and SSO patterns.
• Proactive Problem Solving: Identify gaps and develop solutions to routine problems proactively.
• System Updates: Plan and implement updates to maintain, monitor, and support enterprise IAM tools.
• In-Depth Understanding: Obtain an in-depth understanding of IAM enterprise technologies and key business and security drivers.
• Technology Evaluations: Participate in ongoing technology evaluations and stay current with technology trends and industry standards.
• Customer Communication: Communicate with customers to clarify requests, report status, or provide information as needed.
• Continual Improvement: Drive continual improvement processes to enhance the end-user experience, increase technology value, and improve security posture.
• Stakeholder Collaboration: Work closely with key stakeholders to understand requirements and drive the design, development, and implementation of IAM system improvements.
• Artifact Collection and Testing: Collect and qualify required artifacts, develop test plans, and lead application implementation efforts to ensure success.
• Risk Mitigation: Conduct regular assessments to identify and mitigate risks, ensuring compliance with security policies and regulatory requirements.
• Seamless Integration: Ensure IAM systems are effectively integrated with existing infrastructure, providing seamless and secure access for users.
• Security Posture Enhancement: Recommend and implement improvements to enhance the organization’s security posture, staying abreast of emerging IAM technologies and trends.
• Zero Trust Principles: Apply Zero Trust principles to identity and access solutions, ensuring robust security frameworks are in place.

Technical Qualifications and Specialized Certifications

• Extensive IAM Experience: Deep understanding of Identity and Access Management (IAM) principles and technologies.
• IAM Tools: Skilled in designing, implementing, and managing IAM tools and platforms, such as Microsoft Entra, Privileged Access Management (PAM), and Privileged Identity Management (PIM).
• Microsoft 365 Administration: Strong knowledge of Microsoft 365 and related IAM solutions.
• Digital Certificates and PKI: Expertise in managing digital certificates and designing, implementing, and managing Public Key Infrastructures (PKI).
• SSO and MFA Solutions: Familiarity with designing, implementing, and maintaining Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions.
• Zero Trust Principles: In-depth understanding of Zero Trust principles and their application in IAM.
• Programming/Scripting Skills: Proficiency in programming or scripting languages such as PowerShell, Python, and SQL.
• Technical Troubleshooting: Strong skills in troubleshooting and resolving IAM-related technical issues.
• System Improvement: Experience in enhancing IAM solutions to counter evolving threats and improve efficiency.
• Active Directory Integration: Knowledge of Active Directory and Azure AD integration patterns, including Azure MFA, ADFS, and SSO patterns.
• Risk Assessment and Mitigation: Ability to conduct regular assessments to identify and mitigate risks, ensuring compliance with security policies and regulatory requirements.
• Technology Stack Support: Experience in supporting the IAM technology stack, including monitoring, hygiene, and enhancements development.
• Stakeholder Collaboration: Proven ability to work closely with key stakeholders to understand requirements and drive the design, development, and implementation of IAM system improvements.
• Continual Improvement: Commitment to driving continual improvement processes to enhance the end-user experience, increase technology value, and improve security posture.
• Customer Communication: Strong communication skills to clarify requests, report status, and provide information as needed.
• Technology Evaluations: Participation in ongoing technology evaluations and staying current with technology trends and industry standards.

On Call Requirements

• Yes

• Bachelor’s Degree required.
• Five years of related experience in identity and access management (IAM), cybersecurity, computer science, computer information systems, or related fields.
• Additional education may substitute for required experience, and additional experience may substitute for required education to the extent permitted by the JHU equivalency formula.

• Strong knowledge of SharePoint Online, Teams, OneDrive, Security, Compliance, Power Platform and M365 Admin Portal.
• Understanding of Power Automate, Microsoft Cloud App Security (MCAS)/Microsoft Purview, Dynamics 365.
• Understanding and applying security to Microsoft 365 using best practices.
• Must have experience leading enterprise-wide projects and a solid understanding of Microsoft 365.
• Excellent verbal and written communication skills.

Classified Title: IAM Engineer 
Job Posting Title (Working Title): IAM Engineer   
Role/Level/Range: ATP/04/PF  
Starting Salary Range: $85,500 - $149,800 Annually (Commensurate w/exp.) 
Employee group: Full Time 
Schedule: Mon-Fri 8:30-5:00 
FLSA Status: Exempt 
Location: Remote 
Department name: IT@JH Enterprise Directory and Messaging  
Personnel area: University Administration